Re: [dnsext] Historical root keys: The Large Router Vendor Speaks
Phillip Hallam-Baker <hallam@gmail.com> Tue, 01 February 2011 16:57 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: dnsext@core3.amsl.com
Delivered-To: dnsext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DC9CD3A6BFF for <dnsext@core3.amsl.com>; Tue, 1 Feb 2011 08:57:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.475
X-Spam-Level:
X-Spam-Status: No, score=-3.475 tagged_above=-999 required=5 tests=[AWL=0.123, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id chkyGpizyGJS for <dnsext@core3.amsl.com>; Tue, 1 Feb 2011 08:57:19 -0800 (PST)
Received: from mail-gx0-f172.google.com (mail-gx0-f172.google.com [209.85.161.172]) by core3.amsl.com (Postfix) with ESMTP id 95EDB3A6959 for <dnsext@ietf.org>; Tue, 1 Feb 2011 08:57:19 -0800 (PST)
Received: by gxk27 with SMTP id 27so2963838gxk.31 for <dnsext@ietf.org>; Tue, 01 Feb 2011 09:00:36 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=oSnIKJGwGYK2QMOE2JGXKVShkjjB+wbyn2aHkuK10Mk=; b=e7ekVqkvuUAP83YCwiqq1LwMVBuvqMb7vYlwKH6RYe/XWOHdTvO7UrPlFhfFMp8dFB 0MdhM7A/IUTVThnVQHIaiolFgaZyOaIvXyrjN4ezAaL2oHOiGfhIPjAoKa9ejrLLbGA9 Tab5090dAq+xQIUaDrMn89Znh2Tnv99RTkgkM=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=TU5iWINHTsT9qcCNNBApj02OiZgW6LvwJ+p5YAqdR3QBqyXDDove826BLZb+77qzTE ZtUnF1MJnGJdVfLf0h+Ynk+TQwf/wlWH9kJjCVO7DngDbbKRxnnjkKivIKbtoiE65Ukc 1MtfrMHlJLRaoOVNIndzLFomo3yK3XWHjNORg=
MIME-Version: 1.0
Received: by 10.100.195.12 with SMTP id s12mr5154224anf.18.1296579636335; Tue, 01 Feb 2011 09:00:36 -0800 (PST)
Received: by 10.100.109.16 with HTTP; Tue, 1 Feb 2011 09:00:36 -0800 (PST)
In-Reply-To: <Prayer.1.3.3.1102011649190.594@hermes-1.csi.cam.ac.uk>
References: <4D41D3E2.6060107@cisco.com> <82r5bxl8yo.fsf@mid.bfk.de> <1964C69C6E2043BAA45387ED557C72E2@local> <alpine.LSU.2.00.1102011624120.5244@hermes-1.csi.cam.ac.uk> <Prayer.1.3.3.1102011649190.594@hermes-1.csi.cam.ac.uk>
Date: Tue, 01 Feb 2011 12:00:36 -0500
Message-ID: <AANLkTi=_Z9RhTYJpkyFD-V1GY5ALL7WZKrPmgPMG-QHR@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: cet1@cam.ac.uk
Content-Type: multipart/alternative; boundary="0016e644c630a5955a049b3b784b"
Cc: dnsext@ietf.org
Subject: Re: [dnsext] Historical root keys: The Large Router Vendor Speaks
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Feb 2011 16:57:21 -0000
On Tue, Feb 1, 2011 at 11:49 AM, Chris Thompson <cet1@cam.ac.uk> wrote: > > Of course, the likelihood of any of this stuff being around in 136 years > time > is ... small. The likelihood of us being around is small. But the system itself will almost certainly still be around. About 60% of the light fixtures in my house in the US suffer from a fairly elementary design flaw that was corrected in the European standard fixture (the Swan bayonet) over a century ago. As a result they have a tendency to work loose under vibration. The design considerations of the QWERTY keyboard have been known as long. But I am typing on one right now. Make still has a peculiar syntax glitch that the designer thought they should have fixed the day after the first release but could not because there was an installed base that objected to the change. Once this infrastructure is deployed it is going to only be possible to add. Fortunately any given piece of equipment need only need install the most recent root. So unless we expect physical equipment to have to last more than 136 years we can work fine with a system where roots are valid for 25 years and a new one is published every five years. Given that RSA1024 is about to be deprecated, this is really only an issue for RSA2048. -- Website: http://hallambaker.com/
- Re: [dnsext] Historical root keys: The Large Rout… Phillip Hallam-Baker
- [dnsext] Historical root keys: The Large Router V… John Bashinski
- Re: [dnsext] Historical root keys: The Large Rout… Joe Abley
- Re: [dnsext] Historical root keys: The Large Rout… David Conrad
- Re: [dnsext] Historical root keys: The Large Rout… Brian Dickson
- Re: [dnsext] Historical root keys: The Large Rout… Jakob Schlyter
- Re: [dnsext] Historical root keys: The Large Rout… Florian Weimer
- Re: [dnsext] Historical root keys: The Large Rout… George Barwood
- Re: [dnsext] Historical root keys: The Large Rout… Alex Bligh
- Re: [dnsext] Historical root keys: The Large Rout… John Bashinski
- Re: [dnsext] Historical root keys: The Large Rout… Andrew Sullivan
- Re: [dnsext] Historical root keys: The Large Rout… Joe Abley
- Re: [dnsext] Historical root keys: The Large Rout… John Bashinski
- Re: [dnsext] Historical root keys: The Large Rout… Paul Hoffman
- Re: [dnsext] Historical root keys: The Large Rout… Nicholas Weaver
- Re: [dnsext] Historical root keys: The Large Rout… John Bashinski
- Re: [dnsext] Historical root keys: The Large Rout… Ted Lemon
- Re: [dnsext] Historical root keys: The Large Rout… Alex Bligh
- Re: [dnsext] Historical root keys: The Large Rout… John Bashinski
- Re: [dnsext] Historical root keys: The Large Rout… John Bashinski
- [dnsext] A question about the need for "historica… Edward Lewis
- Re: [dnsext] Historical root keys: The Large Rout… Paul Hoffman
- Re: [dnsext] Historical root keys: The Large Rout… Ted Lemon
- Re: [dnsext] A question about the need for "histo… John Bashinski
- Re: [dnsext] A question about the need for "histo… Ted Lemon
- Re: [dnsext] Historical root keys: The Large Rout… John Bashinski
- Re: [dnsext] A question about the need for "histo… Paul Wouters
- Re: [dnsext] Historical root keys: The Large Rout… Ted Lemon
- Re: [dnsext] Historical root keys: The Large Rout… John Bashinski
- Re: [dnsext] Historical root keys: The Large Rout… Paul Wouters
- Re: [dnsext] Historical root keys: The Large Rout… Thierry Moreau
- Re: [dnsext] Historical root keys: The Large Rout… John Bashinski
- Re: [dnsext] Historical root keys: The Large Rout… Phillip Hallam-Baker
- Re: [dnsext] Historical root keys: The Large Rout… Paul Wouters
- Re: [dnsext] Historical root keys: The Large Rout… Thierry Moreau
- Re: [dnsext] Historical root keys: The Large Rout… Paul Wouters
- Re: [dnsext] Historical root keys: The Large Rout… Phillip Hallam-Baker
- Re: [dnsext] Historical root keys: The Large Rout… Tony Finch
- Re: [dnsext] Historical root keys: The Large Rout… Chris Thompson
- Re: [dnsext] Historical root keys: The Large Rout… George Barwood
- Re: [dnsext] Historical root keys: The Large Rout… Tony Finch
- Re: [dnsext] Historical root keys: The Large Rout… Phillip Hallam-Baker
- Re: [dnsext] Historical root keys: The Large Rout… Olafur Gudmundsson