Re: [dane] Deployment focus? Re: IETF 85 - meet or not to meet?

Warren Kumari <warren@kumari.net> Wed, 03 October 2012 17:50 UTC

Return-Path: <warren@kumari.net>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 25DC321F84EA for <dane@ietfa.amsl.com>; Wed, 3 Oct 2012 10:50:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.999
X-Spam-Level:
X-Spam-Status: No, score=-101.999 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, J_CHICKENPOX_57=0.6, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8AEHcAJjTcqf for <dane@ietfa.amsl.com>; Wed, 3 Oct 2012 10:50:46 -0700 (PDT)
Received: from vimes.kumari.net (smtp1.kumari.net [204.194.22.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2FC2521F84D9 for <dane@ietf.org>; Wed, 3 Oct 2012 10:50:46 -0700 (PDT)
Received: from [192.168.1.139] (unknown [66.84.81.102]) by vimes.kumari.net (Postfix) with ESMTPSA id 9351B1B401FA; Wed, 3 Oct 2012 13:50:45 -0400 (EDT)
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Mac OS X Mail 6.1 \(1498\))
From: Warren Kumari <warren@kumari.net>
In-Reply-To: <014301cda17f$f46460b0$dd2d2210$@piggott@switch2it.co.uk>
Date: Wed, 03 Oct 2012 13:50:44 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <4AAF64D0-9413-468E-BD8C-3382EEFF3C40@kumari.net>
References: <BD9F1901-911A-49EB-9390-B18D8A9D0B30@nic.cz> <FBCB9053-91C3-4EBC-874E-97067A922E49@nic.cz> <C73CE37F-C34D-4824-AF11-D03F14AE3015@kumari.net> <15ED757A-9B2F-45CD-A1B6-0A0C8DFC2397@danyork.org> <76960946-F768-422B-A76A-17D951D29C8C@vpnc.org> <F18CD53D-8F98-409F-881C-EC56824931C4@danyork.org> <2931E1FC-20D3-4045-9146-368D3AC9D989@vpnc.org> <E10582EC-9BFC-46D7-973F-15CDF45AC89B@danyork.org> <9AC8675C-22B6-4502-9E00-FB51B9D36F34@kumari.net> <014301cda17f$f46460b0$dd2d2210$@piggott@switch2it.co.uk>
To: daniel.piggott@switch2it.co.uk
X-Mailer: Apple Mail (2.1498)
Cc: dane@ietf.org
Subject: Re: [dane] Deployment focus? Re: IETF 85 - meet or not to meet?
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Oct 2012 17:50:47 -0000

On Oct 3, 2012, at 11:58 AM, "Daniel Piggott" <daniel.piggott@switch2it.co.uk> wrote:

> Is google not already using this in chrome?

Nope -- Chrome does do pinning (http://www.imperialviolet.org/2011/05/04/pinning.html) HSTS, etc.

Perhaps you were thinking of DNSSEC stapled certificates (http://www.imperialviolet.org/2011/06/16/dnssecchrome.html ) -- this is similar, bit different to DANE…

W

> 
> -----Original Message-----
> From: Warren Kumari [mailto:warren@kumari.net] 
> Sent: 02 October 2012 22:28
> To: Dan York
> Cc: Paul Hoffman; dane WG list
> Subject: Re: [dane] Deployment focus? Re: IETF 85 - meet or not to meet?
> 
> 
> On Oct 2, 2012, at 3:34 PM, Dan York <dan-ietf@danyork.org> wrote:
> 
>> Paul,
>> 
>> On Oct 1, 2012, at 11:52 AM, Paul Hoffman wrote:
>> 
>>> On Oct 1, 2012, at 8:07 AM, Dan York <dan-ietf@danyork.org> wrote:
>>> 
>>>> Certainly ISOC *could* hold a meeting to discuss how to get DANE more
> widely deployed ... and the people that would need to be at that meeting
> would be, well, probably pretty much many of the people who would be at the
> DANE working group meeting at IETF! 
>>> 
>>> We fully disagree there. Protocol developers are often not protocol
> deployers. For example, I do not contribute to DNS server or DNS admin
> projects; the same would be true for the large majority of the people who
> contributed ideas and comments to the DANE protocol.
>>> 
>>> ISOC could pull together a meeting of such protocol deployers, as well as
> enterprises who might find DANE useful, and I suspect the overlap between
> people at that meeting and the last DANE WG meeting would be very small.
>> 
>> Sigh... I will have to confess that you are probably on target here,
> particularly as no one else has chimed in on this general thread in the last
> 24 hours. 
>> 
>> And thus we continue with the challenge that we in the IETF typically
> define something as "done" when "the protocol is defined" and not when
> "people can actually use the protocol".  
>> 
>> Here we have this truly awesome piece of work, DANE, and here it will
> linger in limbo until eventually maybe someday someone somewhere can
> implement it in some fashion that some people can use in some way.
>> 
>> Certainly I can - and will - do everything I can both personally and
> within ISOC's various means to get people talking about DANE and moving
> toward deployment.  Within the Deploy360 Programme, we've been talking to a
> good number of people about how to advance the advocacy and promotion of
> DNSSEC... and we have been planning to incorporate DANE into that effort.
> But as much as we can do, we're still one organization - or even a group of
> organizations and companies.  We need many more people involved.
>> 
>> I know you may not think of yourself as a "protocol deployer", Paul, but I
> would argue that we do need everyone on this list thinking about how we can
> get DANE deployed.
>> 
>> DANE is far too awesome - and far too powerful - to let it linger in
> limbo.
> 
> Thanks, we are glad you like it :-)
> 
> More seriously though, this is yet another chicken-and-egg problem.
> 
> In this particular case I think that the easiest / fastest way to get better
> deployment is to convince the browser manufactures to include support for
> DANE -- this will incentivize[0] folk to deploy records.
> 
> W
> 
> [0]: Whoohoo, "incentivize" !
>> 
>> My 2 cents,
>> Dan
>> 
>> -- 
>> Dan York  dyork@lodestar2.com
>> http://www.danyork.me/   skype:danyork
>> Phone: +1-802-735-1624
>> Twitter - http://twitter.com/danyork
>> 
>> 
>> 
>> _______________________________________________
>> dane mailing list
>> dane@ietf.org
>> https://www.ietf.org/mailman/listinfo/dane
> 
> 
> 
> _______________________________________________
> dane mailing list
> dane@ietf.org
> https://www.ietf.org/mailman/listinfo/dane
>