Re: [Acme] Proposed ACME Charter Language

Paul Winkeler <pwinkeler@pbnj-solutions.com> Fri, 15 May 2015 16:15 UTC

Return-Path: <pwinkeler@pbnj-solutions.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6F41A1A1B17 for <acme@ietfa.amsl.com>; Fri, 15 May 2015 09:15:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KmUYmepKrpIV for <acme@ietfa.amsl.com>; Fri, 15 May 2015 09:15:23 -0700 (PDT)
Received: from cdptpa-oedge-vip.email.rr.com (cdptpa-outbound-snat.email.rr.com [107.14.166.231]) by ietfa.amsl.com (Postfix) with ESMTP id 9BD0A1A1B13 for <acme@ietf.org>; Fri, 15 May 2015 09:15:23 -0700 (PDT)
Received: from [71.64.103.160] ([71.64.103.160:55118] helo=nunavut.pbnj-solutions.com) by cdptpa-oedge01 (envelope-from <pwinkeler@pbnj-solutions.com>) (ecelerity 3.5.0.35861 r(Momo-dev:tip)) with ESMTP id 51/35-07750-A9B16555; Fri, 15 May 2015 16:15:23 +0000
Received: from localhost (localhost [127.0.0.1]) by nunavut.pbnj-solutions.com (Postfix) with ESMTP id 1EDCE8084283; Fri, 15 May 2015 12:15:22 -0400 (EDT)
X-Virus-Scanned: amavisd-new at pbnj-solutions.com
Received: from nunavut.pbnj-solutions.com ([127.0.0.1]) by localhost (nunavut.pbnj-solutions.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tbG7vIn6Il5v; Fri, 15 May 2015 12:15:21 -0400 (EDT)
Received: from [172.26.20.209] (rrcs-70-62-245-194.central.biz.rr.com [70.62.245.194]) by nunavut.pbnj-solutions.com (Postfix) with ESMTPA id 5D88B8084266; Fri, 15 May 2015 12:15:21 -0400 (EDT)
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2098\))
Content-Type: multipart/signed; boundary="Apple-Mail=_03162E3C-37E5-4925-B95E-19377724B3EF"; protocol="application/pgp-signature"; micalg=pgp-sha1
X-Pgp-Agent: GPGMail 2.5b6
From: Paul Winkeler <pwinkeler@pbnj-solutions.com>
In-Reply-To: <87bnhl511t.fsf@alice.fifthhorseman.net>
Date: Fri, 15 May 2015 12:16:29 -0400
Message-Id: <0054C9EA-8CE5-49E4-8D4A-CBC29B19FDB2@pbnj-solutions.com>
References: <6A9C3116-8CC9-472C-8AA8-F555D060834C@vigilsec.com> <55351EAB.1060905@cs.tcd.ie> <E81896AA-245F-48B7-9B38-86AC30D2F82A@vigilsec.com> <553523E4.2090808@cs.tcd.ie> <84718B26-1DA3-4D46-8B6F-B615806229D7@vigilsec.com> <CABcZeBOy2yBEMGMxcDy=E3fvc+OF1sZfvOV7twJHAvKqtrxtLg@mail.gmail.com> <28919F11-9336-41F6-9922-4E3E2DC4E935@gmail.com> <BD7B96B1-CD50-408F-AA06-49C20AB102A6@vigilsec.com> <CA+9kkMAH+U25ZhLq1HhGFHKMAECu+Y1ZJH-h4bOrEXaUQ15LjQ@mail.gmail.com> <87d225qwbq.fsf@latte.josefsson.org> <B30EDBDF-0803-4AB0-9EBB-DD726F617C5B@vigilsec.com> <2dc5d20a27664efe994398ec508f0e7e@ustx2ex-dag1mb4.msg.corp.akamai.com> <1E6924DE-D59C-4323-9658-766937368B98@vigilsec.com> <7F45C649-4C78-441E-8649-45D0F74168C2@vigilsec.com> <m2617wyu1v.wl%randy@psg.com> <CA+9kkMA18=KBtSWnS3murcFT7tfxNAe1Oi2YFNSkhOXTPDAFTw@mail.gmail.com> <m24mngytae.wl%randy@psg.com> <CA+9kkMB4uYr1SVUEqFKOB7AmPe793Mb-zAVU0GCK5d=XH9rsCg@mail.gmail.com> <m23830ysez.wl%randy@psg.com> <CA+9kkMAJ-925hQ+wawkLvEjTaf5f1JRHdrGMtCR hGt9Q8Ntc1Q@mail.gmail.com> <87bnhl511t.fsf@alice.fifthhorseman.net>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
X-Mailer: Apple Mail (2.2098)
X-RR-Connecting-IP: 107.14.168.118:25
X-Cloudmark-Score: 0
Archived-At: <http://mailarchive.ietf.org/arch/msg/acme/tquRXkDEH1ZUd023pyWdwkyjBbA>
Cc: Randy Bush <randy@psg.com>, Ted Hardie <ted.ietf@gmail.com>, IETF ACME <acme@ietf.org>
Subject: Re: [Acme] Proposed ACME Charter Language
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 May 2015 16:15:26 -0000

Isn’t this a means to effect a denial of service attack?  End users maybe “smart” enough to click on the message that allows them to connect anyway, but there are many application stacks out there that fall apart once the certs that control their encrypted connections are revoked…

> On May 15, 2015, at 11:10, Daniel Kahn Gillmor <dkg@fifthhorseman.net> wrote:
> 
> If I compromise your secret key, the nicest possible thing i can do with
> it is get it revoked.  There is no reason to prevent this action from
> anyone who has access to the secret key.