Re: [Acme] Considerations about ACME BoF

Leif Johansson <leifj@sunet.se> Mon, 30 March 2015 20:42 UTC

Return-Path: <leifj@sunet.se>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C56381A885A for <acme@ietfa.amsl.com>; Mon, 30 Mar 2015 13:42:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.238
X-Spam-Level:
X-Spam-Status: No, score=0.238 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_EQ_SE=0.35, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KAeBRKNun7YZ for <acme@ietfa.amsl.com>; Mon, 30 Mar 2015 13:42:04 -0700 (PDT)
Received: from e-mailfilter01.sunet.se (e-mailfilter01.sunet.se [IPv6:2001:6b0:8:2::201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 15B2D1A87F1 for <acme@ietf.org>; Mon, 30 Mar 2015 13:42:03 -0700 (PDT)
Received: from smtp1.sunet.se (smtp1.sunet.se [192.36.171.214]) by e-mailfilter01.sunet.se (8.14.4/8.14.4/Debian-4) with ESMTP id t2UKg2ln020336 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for <acme@ietf.org>; Mon, 30 Mar 2015 22:42:02 +0200
Received: from kerio.sunet.se (kerio.sunet.se [192.36.171.210]) by smtp1.sunet.se (8.14.9/8.14.7) with ESMTP id t2UKfxOf023210 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <acme@ietf.org>; Mon, 30 Mar 2015 22:42:01 +0200 (CEST)
VBR-Info: md=sunet.se; mc=all; mv=swamid.se
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=sunet.se; s=default; t=1427748121; bh=RWIOMfMKzFQ20rxjrtLzk4L2Sx9fmMPQTxjCr9JCKFc=; h=Date:From:To:Subject:References:In-Reply-To; b=IozJanLXrl6YpGnNke5vTOXY+eWxwLDUunNLBiuFu2EwKp7xFu6OtLelFchi7rbCo gLBwupdYuqBikfMf9Cn9kUT9M0Vj29pxXrDUuYb49iYn2LZoEru93MeauZPwISbv+0 +n291DqmQIsiZO5XAQRR2UWaJsGGjp42Nij3zcQs=
X-Footer: c3VuZXQuc2U=
Received: from [10.0.0.107] ([62.102.145.131]) (authenticated user leifj@sunet.se) by kerio.sunet.se (Kerio Connect 8.3.4 patch 1) (using TLSv1.2 with cipher DHE-RSA-AES256-SHA (256 bits)) for acme@ietf.org; Mon, 30 Mar 2015 22:41:57 +0200
Message-ID: <5519B514.3070504@sunet.se>
Date: Mon, 30 Mar 2015 22:41:56 +0200
From: Leif Johansson <leifj@sunet.se>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0
MIME-Version: 1.0
To: acme@ietf.org
References: <551569F6.8020507@openca.org> <5518F4EA.6020006@sunet.se> <5519AB4D.7070906@DigiCert.com>
In-Reply-To: <5519AB4D.7070906@DigiCert.com>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 8bit
X-Bayes-Prob: 0.0001 (Score 0, tokens from: outbound, outbound-sunet-se:default, sunet-se:default, base:default, @@RPTN)
X-CanIt-Geo: ip=192.36.171.210; country=SE; latitude=59.3294; longitude=18.0686; http://maps.google.com/maps?q=59.3294,18.0686&z=6
X-CanItPRO-Stream: outbound-sunet-se:outbound (inherits from outbound-sunet-se:default, sunet-se:default, base:default)
X-Canit-Stats-ID: 09O9UG29k - b698f67030e0 - 20150330
X-CanIt-Archive-Cluster: PfMRe/vJWMiXwM2YIH5BVExnUnw
Received-SPF: neutral (e-mailfilter01.sunet.se: 192.36.171.210 is neither permitted nor denied by domain leifj@sunet.se) receiver=e-mailfilter01.sunet.se; client-ip=192.36.171.210; envelope-from=<leifj@sunet.se>; helo=smtp1.sunet.se; identity=mailfrom
X-Scanned-By: CanIt (www . roaringpenguin . com) on 192.36.171.201
Archived-At: <http://mailarchive.ietf.org/arch/msg/acme/psv65SkCs-zGGjCP9KeOttrN8gY>
Subject: Re: [Acme] Considerations about ACME BoF
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Mar 2015 20:42:06 -0000

<...>

> There was no evidence presented that this is a common industry problem,
> but rather a single anecdote of a particular individual - that is
> certainly not the basis for creating a new standard. Quantifying this
> assertion for the industry may produce adequate justification for a new
> standard, but a single isolated experience does not IMHO meet the
> minimum bar of justification.

I think Stephen provided a credible argument earlier (the
only-30%-of-alexa-top-1M-use-tls argument).

<...>

> I actually think Max is making the opposite argument - that the proposal
> is "anti CA" (or maybe anti X.509) and "pro DANE" and asking for
> justification of why we want to move away from the current
> implementation base to an unproven trust model that extremely few have
> demonstrated a willingness to adopt at this point.

OK so that makes even less sense to me. How is creating another CA anti-CA?

	Cheers Leif