[Dance] Benjamin Kaduk's Yes on charter-ietf-dance-00-01: (with COMMENT)
Benjamin Kaduk via Datatracker <noreply@ietf.org> Wed, 08 September 2021 17:25 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: dance@ietf.org
Delivered-To: dance@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1])
by ietfa.amsl.com (Postfix) with ESMTP id 9D70B3A2FE4;
Wed, 8 Sep 2021 10:25:45 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Benjamin Kaduk via Datatracker <noreply@ietf.org>
To: "The IESG" <iesg@ietf.org>
Cc: dance-chairs@ietf.org, dance@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 7.37.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Benjamin Kaduk <kaduk@mit.edu>
Message-ID: <163112194505.829.5232324669652141364@ietfa.amsl.com>
Date: Wed, 08 Sep 2021 10:25:45 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/dance/ZHyT2qH7uzQWh_etJMIvJzDdmAA>
Subject: [Dance] Benjamin Kaduk's Yes on charter-ietf-dance-00-01: (with
COMMENT)
X-BeenThere: dance@ietf.org
X-Mailman-Version: 2.1.29
List-Id: DANE Authentication for Network Clients Everywhere <dance.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dance>,
<mailto:dance-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dance/>
List-Post: <mailto:dance@ietf.org>
List-Help: <mailto:dance-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dance>,
<mailto:dance-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Sep 2021 17:25:46 -0000
Benjamin Kaduk has entered the following ballot position for charter-ietf-dance-00-01: Yes When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/charter-ietf-dance/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- The DNS namespace, together with DNSSEC, forms the most widely-recognized namespace and authenticated lookup mechanism on the Internet. DANE builds on this authenticated lookup mechanism to enable public key-based TLS authentication which is resilient to impersonation, but only for TLS server identities. We might reference RFC 6698 for DANE. OVERLY PEDANTIC NITS The process of establishing trust in public-key-authenticated identity typically involves the use of a Public Key Infrastructure (PKI), and a shared PKI root of trust between the parties exchanging public keys. "shared PKI root of trust" seems to imply that both parties have credentials that chain up to the same root of trust (or at least that the level of trust in the root is shared between parties), which need not be the case. In principle the parties can use credentials anchored at different roots of trust, so long as the verifier is willing to use the corresponding root of trust for this purpose. So we might say instead "and a root of trust deemed valid by the entity validating the authenticated identity". Or we could ignore it, and try to not be overly pedantic.
- [Dance] Benjamin Kaduk's Yes on charter-ietf-danc… Benjamin Kaduk via Datatracker
- Re: [Dance] Benjamin Kaduk's Yes on charter-ietf-… Wes Hardaker
- Re: [Dance] Benjamin Kaduk's Yes on charter-ietf-… Benjamin Kaduk