Re: [Acme] kinds of proof

Tony Arcieri <bascule@gmail.com> Sun, 30 November 2014 03:37 UTC

Return-Path: <bascule@gmail.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D684C1A0151 for <acme@ietfa.amsl.com>; Sat, 29 Nov 2014 19:37:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P8Xw-pupGdyJ for <acme@ietfa.amsl.com>; Sat, 29 Nov 2014 19:37:14 -0800 (PST)
Received: from mail-oi0-x22c.google.com (mail-oi0-x22c.google.com [IPv6:2607:f8b0:4003:c06::22c]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 37A841A014C for <acme@ietf.org>; Sat, 29 Nov 2014 19:37:14 -0800 (PST)
Received: by mail-oi0-f44.google.com with SMTP id e131so6079083oig.3 for <acme@ietf.org>; Sat, 29 Nov 2014 19:37:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=PBEiZjl90ayI6UNsgQP40AscfZOUyohnP/qG5rmEpBk=; b=v+2saDRySf+gvJFQtcvYH4xP/+Q4sgjFrU4zosYCGdIknd2MeQsKs4gl5bpA68M8iE bL2pL7xa8u7KBb1LJBzV+15X1Bk32TrDDaivlWbV8o/yPQhwWOz+YZzpKLzSbd+tVj4H gu5YKt92is0tErblmBxJQESvSwIpfyYI18A1e5MItMvnqelPZ0y1kutEHjovL0bH42mq QxgEagUzdWA09rhWTs0vScUobPQmkHksfnTwxzHirB4WLmOFgN+wqaNY9cAZ6ZCOx2Ja 0igS4G1NWAGsJARCGR/TSk3wFxcut7aF4lYujlH18EjlahfISK+VL872qBxfjtLZcEzf TcVg==
X-Received: by 10.60.155.194 with SMTP id vy2mr5740495oeb.62.1417318633367; Sat, 29 Nov 2014 19:37:13 -0800 (PST)
MIME-Version: 1.0
Received: by 10.60.81.233 with HTTP; Sat, 29 Nov 2014 19:36:53 -0800 (PST)
In-Reply-To: <2B947AA7-1F40-4935-B003-F86A4FF4BB3A@vpnc.org>
References: <m27fyg4yzg.wl%randy@psg.com> <547754C0.9050306@cs.tcd.ie> <20141127211348.GE25114@mournblade.imrryr.org> <54784C61.2080508@cs.tcd.ie> <20141128170917.GC285@mournblade.imrryr.org> <88B49E1D-1601-4B86-8D93-14CF71501DFC@vpnc.org> <20141128213724.GG285@mournblade.imrryr.org> <7261AA75-5912-4514-A393-94F602C941C2@vpnc.org> <20141129170537.GK285@mournblade.imrryr.org> <046F438F-6230-4A3A-8A5C-708BA91E002B@vpnc.org> <20141129221139.GL285@mournblade.imrryr.org> <2B947AA7-1F40-4935-B003-F86A4FF4BB3A@vpnc.org>
From: Tony Arcieri <bascule@gmail.com>
Date: Sat, 29 Nov 2014 19:36:53 -0800
Message-ID: <CAHOTMVKHXFdiuvQP6WYSM27WsL0GXgUkxOtQMCWpU9HTiTQ=AA@mail.gmail.com>
To: Paul Hoffman <paul.hoffman@vpnc.org>
Content-Type: multipart/alternative; boundary=089e0102dd06acef4b05090b3589
Archived-At: http://mailarchive.ietf.org/arch/msg/acme/0iGH5uJ5VS02AYtTl04fLwZaDmY
Cc: acme@ietf.org
Subject: Re: [Acme] kinds of proof
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 30 Nov 2014 03:37:16 -0000

On Sat, Nov 29, 2014 at 7:29 PM, Paul Hoffman <paul.hoffman@vpnc.org> wrote:

> I think this will have to be an "agree to disagree" situation. The Let's
> Encrypt promotional material indicates that they want to get more HTTPS out
> in the world, so they need to deal with the huge number of folks who use
> hosting companies and thus have no DNS control. I believe that is a great
> goal.


I haven't fully been keeping up on the conversation, but if you're not
using DNS, what proof can be given over plaintext HTTP alone that isn't
susceptible to MitM attacks?

DNS seems like a better foundation to build on.