Re: [Dance] CRLs/OCSP and DANE at RIPE84
Shumon Huque <shuque@gmail.com> Mon, 23 May 2022 14:34 UTC
Return-Path: <shuque@gmail.com>
X-Original-To: dance@ietfa.amsl.com
Delivered-To: dance@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5373AC16894D for <dance@ietfa.amsl.com>; Mon, 23 May 2022 07:34:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xymp41T67CTm for <dance@ietfa.amsl.com>; Mon, 23 May 2022 07:34:05 -0700 (PDT)
Received: from mail-io1-xd2a.google.com (mail-io1-xd2a.google.com [IPv6:2607:f8b0:4864:20::d2a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 800A5C16551C for <dance@ietf.org>; Mon, 23 May 2022 07:34:05 -0700 (PDT)
Received: by mail-io1-xd2a.google.com with SMTP id z20so6938971iof.1 for <dance@ietf.org>; Mon, 23 May 2022 07:34:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=EL0LykxxgpTU+X5xwA09cn4mtmjEBKAlimCaRRfCD4o=; b=Wt2lkFe0+lL/6PzvLcpPJqmw32k/c0jtIxPkf/PkZuCpimrtbZKRO0in7553wVASI1 IwnMGas+ZwCBY0QR5OnGTW8FMOo5aFMpuVULNWJVgcF6JflB/gR6R5f3pQWTOf05rHYi eFK9ddaCGeWGyX0RDraqQBegQC4bs/KFR5LAhw8SNR85sfi6Af7ho2ZuajGe4LWCBCJx /3u7HcT82pllAgbcizq7S9qyivpzvG+YE60QaD7Yg0bkGMfLpBRQgJWgpXGBG1rb9YWv jk950SdUEpmLHo694QcVZDSJLHFcEtogzLc2Wo90Afv3Spe7/kKNUbz0+tevLYSsLVfF 3lMQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=EL0LykxxgpTU+X5xwA09cn4mtmjEBKAlimCaRRfCD4o=; b=b5gU/EScRwB04rnSCY3eHlGQ3L/Fmiv7c67v1fdeMLNGctPTkPpP6Bn2gHlc4FC/GU hQyHYHeC1SX13rW+b/Xd+/yAxC8DD7Gy9a08htWf+zr6/nvsi7WnyAiq6WVtv6DfkzMP y9tQ/5fIYeIqov0inbOWhDvfYVl4VE6HEm97TSWv1xyNR2Cu5YpVJaoIenNHbj4y5ZvK xIxcMBn66cALlHJ2InrDG6Gy+POL44EzvxNzq2aEuXcluBe/qZSe5k1Lz+39TcN52sXh 0/OB9XiGfV3PTodNqihzaJsZBk1N8FGcgbCYy1pkdXvfz8utJcVnToSOEnnWd0GKMlip RyYQ==
X-Gm-Message-State: AOAM5303SPGwn98M4/cAFOs4rbyWUb9ObovrECH5mkntvnqcvw4YTRLF IFDYlQE6mq7BTmUqtLMr9muYNZKDS24E2kSeLYbOmV9c
X-Google-Smtp-Source: ABdhPJzB6akJxOu08mAFBBNcx8PQVpwb/ufvb4gwhHIO9g5sHvzLqKPpK0IuznAc2oAtN5hZO97SsqgIIRAtBCU+rNs=
X-Received: by 2002:a6b:b7d8:0:b0:661:55df:6f0a with SMTP id h207-20020a6bb7d8000000b0066155df6f0amr3935854iof.105.1653316444443; Mon, 23 May 2022 07:34:04 -0700 (PDT)
MIME-Version: 1.0
References: <887547.1653131902@dooku>
In-Reply-To: <887547.1653131902@dooku>
From: Shumon Huque <shuque@gmail.com>
Date: Mon, 23 May 2022 10:33:53 -0400
Message-ID: <CAHPuVdXED50HMmBzkPCRa6pTqUnD8FA_upyWSMZy9OBt=q1GfA@mail.gmail.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: dance <dance@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000005f596605dfaebb8a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dance/jy_9zNLsmcBmSMiELwp7rAcAwOU>
Subject: Re: [Dance] CRLs/OCSP and DANE at RIPE84
X-BeenThere: dance@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: DANE Authentication for Network Clients Everywhere <dance.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dance>, <mailto:dance-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dance/>
List-Post: <mailto:dance@ietf.org>
List-Help: <mailto:dance-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dance>, <mailto:dance-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 May 2022 14:34:09 -0000
On Sat, May 21, 2022 at 7:18 AM Michael Richardson <mcr+ietf@sandelman.ca> wrote: > > https://ripe84.ripe.net/archives/video/864/ > Geoff Houston looks at Revocation, and who it is just not working, and > suggests DNSSEC+DANE. > Very much Worth watching. > I'm kind of sympathetic to Geoff's views. But the prospects of DANE generally replacing (or constraining) PKIX and delivering a DNS based revocation capability seem pretty slim to me, especially in the web arena, which seemed to be the focus of Geoff's presentation. Note the failed attempt to standardize the TLS DNSSEC chain extension in the TLS working group (now published as an experimental RFC via the ISE). In other application areas, like DANCE, there will hopefully be better prospects. Shumon.
- [Dance] CRLs/OCSP and DANE at RIPE84 Michael Richardson
- Re: [Dance] CRLs/OCSP and DANE at RIPE84 Shumon Huque
- Re: [Dance] CRLs/OCSP and DANE at RIPE84 Michael Richardson
- Re: [Dance] CRLs/OCSP and DANE at RIPE84 Geoff Huston
- Re: [Dance] CRLs/OCSP and DANE at RIPE84 Geoff Huston
- Re: [Dance] CRLs/OCSP and DANE at RIPE84 Shumon Huque
- Re: [Dance] CRLs/OCSP and DANE at RIPE84 Jim Fenton
- Re: [Dance] CRLs/OCSP and DANE at RIPE84 Shumon Huque
- Re: [Dance] CRLs/OCSP and DANE at RIPE84 Michael Richardson
- Re: [Dance] CRLs/OCSP and DANE at RIPE84 Wes Hardaker
- Re: [Dance] CRLs/OCSP and DANE at RIPE84 Jim Fenton
- Re: [Dance] CRLs/OCSP and DANE at RIPE84 Geoff Huston
- Re: [Dance] CRLs/OCSP and DANE at RIPE84 Olle E. Johansson
- Re: [Dance] CRLs/OCSP and DANE at RIPE84 Michael Richardson
- Re: [Dance] CRLs/OCSP and DANE at RIPE84 Michael Richardson