Re: [dane] making ietf.org eat the DANE dogfood
Viktor Dukhovni <viktor1dane@dukhovni.org> Wed, 22 May 2013 12:49 UTC
Return-Path: <viktor1dane@dukhovni.org>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 498AC21F8693 for <dane@ietfa.amsl.com>; Wed, 22 May 2013 05:49:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.48
X-Spam-Level:
X-Spam-Status: No, score=-2.48 tagged_above=-999 required=5 tests=[AWL=0.119, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iRTFqrA382mP for <dane@ietfa.amsl.com>; Wed, 22 May 2013 05:49:40 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [208.77.212.107]) by ietfa.amsl.com (Postfix) with ESMTP id 3110F21F856D for <dane@ietf.org>; Wed, 22 May 2013 05:49:40 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id D473B2AB9C6; Wed, 22 May 2013 12:49:39 +0000 (UTC)
Date: Wed, 22 May 2013 12:49:39 +0000
From: Viktor Dukhovni <viktor1dane@dukhovni.org>
To: dane@ietf.org
Message-ID: <20130522124939.GE582@mournblade.imrryr.org>
References: <519BD393.7020302@ieca.com> <519BD433.6090609@stpeter.im> <519CA48B.4060903@cs.tcd.ie> <519CB527.4040108@ieca.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <519CB527.4040108@ieca.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Subject: Re: [dane] making ietf.org eat the DANE dogfood
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: dane@ietf.org
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 May 2013 12:49:44 -0000
On Wed, May 22, 2013 at 08:08:07AM -0400, Sean Turner wrote: > Yeah I was thinking website then smtp and then whatever comes next. Based on deployment risk, perceived security benefit or gut feel? For SMTP there is little to no risk, and few barriers to client deployment (the Exim folks are also implementing, more to follow I'm sure). Also far more likely to be universally usable than with browsers, where the existing PKI will still dominate for a long time. At the office I am behind an SSL MITM proxy appliance. It will be some time before the proxy does DANE, and the browser will not be able to help, the proxy's fake certificates will never match DANE records... -- Viktor.
- Re: [dane] making ietf.org eat the DANE dogfood Sean Turner
- [dane] making ietf.org eat the DANE dogfood Sean Turner
- Re: [dane] making ietf.org eat the DANE dogfood Peter Saint-Andre
- Re: [dane] making ietf.org eat the DANE dogfood Paul Hoffman
- Re: [dane] making ietf.org eat the DANE dogfood Peter Saint-Andre
- Re: [dane] making ietf.org eat the DANE dogfood Paul Hoffman
- Re: [dane] making ietf.org eat the DANE dogfood Viktor Dukhovni
- Re: [dane] making ietf.org eat the DANE dogfood Viktor Dukhovni
- Re: [dane] making ietf.org eat the DANE dogfood Sabahattin Gucukoglu
- Re: [dane] making ietf.org eat the DANE dogfood Stephen Farrell
- Re: [dane] making ietf.org eat the DANE dogfood Viktor Dukhovni
- Re: [dane] making ietf.org eat the DANE dogfood Viktor Dukhovni
- Re: [dane] making ietf.org eat the DANE dogfood Wes Hardaker
- Re: [dane] making ietf.org eat the DANE dogfood Paul Wouters
- Re: [dane] making ietf.org eat the DANE dogfood Viktor Dukhovni
- Re: [dane] making ietf.org eat the DANE dogfood Viktor Dukhovni
- Re: [dane] making ietf.org eat the DANE dogfood Warren Kumari