Re: [dane] Bootstrapping IPSec from DNSSSEC/DANE
James Cloos <cloos@jhcloos.com> Sat, 21 September 2013 14:39 UTC
Return-Path: <cloos@jhcloos.com>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B1FA21F9EB8; Sat, 21 Sep 2013 07:39:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qljzF6T4SFJT; Sat, 21 Sep 2013 07:39:36 -0700 (PDT)
Received: from ore.jhcloos.com (ore.jhcloos.com [IPv6:2604:2880::b24d:a297]) by ietfa.amsl.com (Postfix) with ESMTP id 1C3B521F9EAF; Sat, 21 Sep 2013 07:39:35 -0700 (PDT)
Received: by ore.jhcloos.com (Postfix, from userid 10) id 8963A1DE6D; Sat, 21 Sep 2013 14:39:33 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jhcloos.com; s=ore13; t=1379774373; bh=x0eqD840frbzCOtcc9WTlr/tkBwrUloxl9383/JQ7fc=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=lcHqNq+xts2qfacIYjC5i856ExUOvBdLFe+fTNDBp4M3yIhr7ffMm///tisA7ba18 95arnerKREj2aLGygRjR0B1Eth1vp2hU+1Qny565VdwYri1k3+BMKDkCkO9vtxMeUp MRC/Y0Q7j9cjTg0TPCK09TYpsPbvFvG0UYg4pFkowSQ==
Received: by carbon.jhcloos.org (Postfix, from userid 500) id CB4A06001E; Sat, 21 Sep 2013 14:36:51 +0000 (UTC)
From: James Cloos <cloos@jhcloos.com>
To: david.lloyd@fsmail.net
In-Reply-To: <22017290.30831379763068147.JavaMail.www@wwinf3706> (david lloyd's message of "Sat, 21 Sep 2013 13:31:08 +0200")
References: <22017290.30831379763068147.JavaMail.www@wwinf3706>
User-Agent: Gnus/5.130008 (Ma Gnus v0.8) Emacs/24.3.50 (gnu/linux)
Face: iVBORw0KGgoAAAANSUhEUgAAABAAAAAQAgMAAABinRfyAAAACVBMVEX///8ZGXBQKKnCrDQ3 AAAAJElEQVQImWNgQAAXzwQg4SKASgAlXIEEiwsSIYBEcLaAtMEAADJnB+kKcKioAAAAAElFTkSu QmCC
Copyright: Copyright 2013 James Cloos
OpenPGP: ED7DAEA6; url=http://jhcloos.com/public_key/0xED7DAEA6.asc
OpenPGP-Fingerprint: E9E9 F828 61A4 6EA9 0F2B 63E7 997A 9F17 ED7D AEA6
Date: Sat, 21 Sep 2013 10:36:51 -0400
Message-ID: <m3txhemear.fsf@carbon.jhcloos.org>
Lines: 8
MIME-Version: 1.0
Content-Type: text/plain
X-Hashcash: 1:28:130921:david.lloyd@fsmail.net::ayx3ztgeF1P5uilV:00000000000000000000000000000000000000O5v2U
X-Hashcash: 1:28:130921:ipsec@ietf.org::0YzCxo1IZ7OC/nSW:004tjjP
X-Hashcash: 1:28:130921:dane@ietf.org::HqYYCod2wEN7g9nU:0003XIT5
Cc: ipsec@ietf.org, dane@ietf.org
Subject: Re: [dane] Bootstrapping IPSec from DNSSSEC/DANE
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 21 Sep 2013 14:39:36 -0000
> I am interested in using a variant of DANE to bootstrap my IPSec IKE > root certificate trust. Is anyone aware of any work been done in this Start with rfcs 4025 and 4322. -JimC -- James Cloos <cloos@jhcloos.com> OpenPGP: 1024D/ED7DAEA6
- [dane] Bootstrapping IPSec from DNSSSEC/DANE david.lloyd
- Re: [dane] Bootstrapping IPSec from DNSSSEC/DANE Yoav Nir
- Re: [dane] Bootstrapping IPSec from DNSSSEC/DANE James Cloos
- Re: [dane] [IPsec] Bootstrapping IPSec from DNSSS… Paul Wouters
- [dane] Bootstrapping IPSec from DNSSSEC/DANE david.lloyd
- Re: [dane] [IPsec] Bootstrapping IPSec from DNSSS… Paul Wouters
- Re: [dane] Bootstrapping IPSec from DNSSSEC/DANE Alex Maurin