Re: [dane] Deployment focus? Re: IETF 85 - meet or not to meet?
Warren Kumari <warren@kumari.net> Wed, 03 October 2012 17:50 UTC
Return-Path: <warren@kumari.net>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 25DC321F84EA for <dane@ietfa.amsl.com>; Wed, 3 Oct 2012 10:50:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.999
X-Spam-Level:
X-Spam-Status: No, score=-101.999 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, J_CHICKENPOX_57=0.6, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8AEHcAJjTcqf for <dane@ietfa.amsl.com>; Wed, 3 Oct 2012 10:50:46 -0700 (PDT)
Received: from vimes.kumari.net (smtp1.kumari.net [204.194.22.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2FC2521F84D9 for <dane@ietf.org>; Wed, 3 Oct 2012 10:50:46 -0700 (PDT)
Received: from [192.168.1.139] (unknown [66.84.81.102]) by vimes.kumari.net (Postfix) with ESMTPSA id 9351B1B401FA; Wed, 3 Oct 2012 13:50:45 -0400 (EDT)
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Mac OS X Mail 6.1 \(1498\))
From: Warren Kumari <warren@kumari.net>
In-Reply-To: <014301cda17f$f46460b0$dd2d2210$@piggott@switch2it.co.uk>
Date: Wed, 03 Oct 2012 13:50:44 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <4AAF64D0-9413-468E-BD8C-3382EEFF3C40@kumari.net>
References: <BD9F1901-911A-49EB-9390-B18D8A9D0B30@nic.cz> <FBCB9053-91C3-4EBC-874E-97067A922E49@nic.cz> <C73CE37F-C34D-4824-AF11-D03F14AE3015@kumari.net> <15ED757A-9B2F-45CD-A1B6-0A0C8DFC2397@danyork.org> <76960946-F768-422B-A76A-17D951D29C8C@vpnc.org> <F18CD53D-8F98-409F-881C-EC56824931C4@danyork.org> <2931E1FC-20D3-4045-9146-368D3AC9D989@vpnc.org> <E10582EC-9BFC-46D7-973F-15CDF45AC89B@danyork.org> <9AC8675C-22B6-4502-9E00-FB51B9D36F34@kumari.net> <014301cda17f$f46460b0$dd2d2210$@piggott@switch2it.co.uk>
To: daniel.piggott@switch2it.co.uk
X-Mailer: Apple Mail (2.1498)
Cc: dane@ietf.org
Subject: Re: [dane] Deployment focus? Re: IETF 85 - meet or not to meet?
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Oct 2012 17:50:47 -0000
On Oct 3, 2012, at 11:58 AM, "Daniel Piggott" <daniel.piggott@switch2it.co.uk> wrote: > Is google not already using this in chrome? Nope -- Chrome does do pinning (http://www.imperialviolet.org/2011/05/04/pinning.html) HSTS, etc. Perhaps you were thinking of DNSSEC stapled certificates (http://www.imperialviolet.org/2011/06/16/dnssecchrome.html ) -- this is similar, bit different to DANE… W > > -----Original Message----- > From: Warren Kumari [mailto:warren@kumari.net] > Sent: 02 October 2012 22:28 > To: Dan York > Cc: Paul Hoffman; dane WG list > Subject: Re: [dane] Deployment focus? Re: IETF 85 - meet or not to meet? > > > On Oct 2, 2012, at 3:34 PM, Dan York <dan-ietf@danyork.org> wrote: > >> Paul, >> >> On Oct 1, 2012, at 11:52 AM, Paul Hoffman wrote: >> >>> On Oct 1, 2012, at 8:07 AM, Dan York <dan-ietf@danyork.org> wrote: >>> >>>> Certainly ISOC *could* hold a meeting to discuss how to get DANE more > widely deployed ... and the people that would need to be at that meeting > would be, well, probably pretty much many of the people who would be at the > DANE working group meeting at IETF! >>> >>> We fully disagree there. Protocol developers are often not protocol > deployers. For example, I do not contribute to DNS server or DNS admin > projects; the same would be true for the large majority of the people who > contributed ideas and comments to the DANE protocol. >>> >>> ISOC could pull together a meeting of such protocol deployers, as well as > enterprises who might find DANE useful, and I suspect the overlap between > people at that meeting and the last DANE WG meeting would be very small. >> >> Sigh... I will have to confess that you are probably on target here, > particularly as no one else has chimed in on this general thread in the last > 24 hours. >> >> And thus we continue with the challenge that we in the IETF typically > define something as "done" when "the protocol is defined" and not when > "people can actually use the protocol". >> >> Here we have this truly awesome piece of work, DANE, and here it will > linger in limbo until eventually maybe someday someone somewhere can > implement it in some fashion that some people can use in some way. >> >> Certainly I can - and will - do everything I can both personally and > within ISOC's various means to get people talking about DANE and moving > toward deployment. Within the Deploy360 Programme, we've been talking to a > good number of people about how to advance the advocacy and promotion of > DNSSEC... and we have been planning to incorporate DANE into that effort. > But as much as we can do, we're still one organization - or even a group of > organizations and companies. We need many more people involved. >> >> I know you may not think of yourself as a "protocol deployer", Paul, but I > would argue that we do need everyone on this list thinking about how we can > get DANE deployed. >> >> DANE is far too awesome - and far too powerful - to let it linger in > limbo. > > Thanks, we are glad you like it :-) > > More seriously though, this is yet another chicken-and-egg problem. > > In this particular case I think that the easiest / fastest way to get better > deployment is to convince the browser manufactures to include support for > DANE -- this will incentivize[0] folk to deploy records. > > W > > [0]: Whoohoo, "incentivize" ! >> >> My 2 cents, >> Dan >> >> -- >> Dan York dyork@lodestar2.com >> http://www.danyork.me/ skype:danyork >> Phone: +1-802-735-1624 >> Twitter - http://twitter.com/danyork >> >> >> >> _______________________________________________ >> dane mailing list >> dane@ietf.org >> https://www.ietf.org/mailman/listinfo/dane > > > > _______________________________________________ > dane mailing list > dane@ietf.org > https://www.ietf.org/mailman/listinfo/dane >
- [dane] IETF 85 - meet or not to meet? Ondřej Surý
- Re: [dane] IETF 85 - meet or not to meet? Ondřej Surý
- Re: [dane] IETF 85 - meet or not to meet? Warren Kumari
- [dane] Deployment focus? Re: IETF 85 - meet or no… Dan York
- Re: [dane] Deployment focus? Re: IETF 85 - meet o… Paul Hoffman
- Re: [dane] Deployment focus? Re: IETF 85 - meet o… Dan York
- Re: [dane] Deployment focus? Re: IETF 85 - meet o… SM
- Re: [dane] Deployment focus? Re: IETF 85 - meet o… Paul Hoffman
- Re: [dane] Deployment focus? Re: IETF 85 - meet o… Dan York
- Re: [dane] Deployment focus? Re: IETF 85 - meet o… Warren Kumari
- Re: [dane] Deployment focus? Re: IETF 85 - meet o… Daniel Piggott
- Re: [dane] Deployment focus? Re: IETF 85 - meet o… Warren Kumari
- Re: [dane] IETF 85 - meet or not to meet? Warren Kumari
- Re: [dane] IETF 85 - meet or not to meet? Jim Schaad
- Re: [dane] IETF 85 - meet or not to meet? Warren Kumari
- Re: [dane] Deployment focus? Re: IETF 85 - meet o… Dan York