IETF Logo Mail Archive

Re: [DNSOP] Expiration impending: <draft-jabley-dnssec-trust-anchor-11.txt>

"Joe Abley" <jabley@hopcount.ca> Mon, 05 October 2015 14:55 UTC

Return-Path: <jabley@hopcount.ca>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5CE6A1ACEBC for <dnsop@ietfa.amsl.com>; Mon, 5 Oct 2015 07:55:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rFRZxy2RK_7P for <dnsop@ietfa.amsl.com>; Mon, 5 Oct 2015 07:55:06 -0700 (PDT)
Received: from mail-io0-x235.google.com (mail-io0-x235.google.com [IPv6:2607:f8b0:4001:c06::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E983D1ACEBB for <dnsop@ietf.org>; Mon, 5 Oct 2015 07:55:05 -0700 (PDT)
Received: by ioiz6 with SMTP id z6so187807993ioi.2 for <dnsop@ietf.org>; Mon, 05 Oct 2015 07:55:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hopcount.ca; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-type; bh=1hWdbf3dpbkhkAR4f/WBwR5kVnaAqSW8JyjHrFG775I=; b=eqscT/dCT49In64xX1H/U0O/MQlH/sIedP4xecEBX3u9o2/lo7aX4deXfigBlPNSt5 PVwqnXCZwOG/h0ip/oFjmQr9pamSOl/dPYM9/gcIixF/xo4OfiDeDr8uTYWbAjUZhODf tIHes9+rf+hl7LWCjYXSKZ2ER/hPQP7cGVgXE=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-type; bh=1hWdbf3dpbkhkAR4f/WBwR5kVnaAqSW8JyjHrFG775I=; b=OKhKVe6YYBdDc02wbLs+tUpcO4hAhW+e+VFDVqsAWJsKaVWgiKrj7AGB8NpB2wn4qN /wo2wWOlysZifgOm8cSO4wwDaVEPbGwhRKpAPv7VGu5dAtcCprEQ0B8yqvPXaKf52F0C PT24ZeG8CqZcQLE/mzoIyQvoRQyTQ9g0G4rF0NlJdHTipcvzlp5J373kCV1X7pgCIWTV ffGV0xpSuZOtG68Jnuk+orSRa6mUi+hCCdBk8vRiLtGHxFF+GEpJqrTwr5Jbt1AUf4Md TWbBis5KLYgjfq+HkvZ3tNVWZQe543kj5XghNEqNGj68w9K7/L1GK0C9hgGI3Fhd+X6T oA3A==
X-Gm-Message-State: ALoCoQnlU84lgs5qJ/+nhGvRHjN5nuAD5DS6rZh7I1lorzM7/AlADiDNhG+euvNcpYMIuCnAmHIh
X-Received: by 10.107.128.41 with SMTP id b41mr28171891iod.74.1444056905069; Mon, 05 Oct 2015 07:55:05 -0700 (PDT)
Received: from [199.212.92.18] (135-23-68-43.cpe.pppoe.ca. [135.23.68.43]) by smtp.gmail.com with ESMTPSA id qd2sm4924043igb.19.2015.10.05.07.55.03 (version=TLSv1 cipher=RC4-SHA bits=128/128); Mon, 05 Oct 2015 07:55:04 -0700 (PDT)
From: Joe Abley <jabley@hopcount.ca>
To: George Michaelson <ggm@algebras.org>
Date: Mon, 05 Oct 2015 10:55:03 -0400
Message-ID: <93B4F751-C7EA-4081-A1B6-1AB9FCED4340@hopcount.ca>
In-Reply-To: <CAKr6gn2HG9apg9Kz9wAk-mhyCFFXKk_ZthfwdMaU+daULarhsg@mail.gmail.com>
References: <20150928114202.823.19868.idtracker@ietfa.amsl.com> <0E4AA958-7740-4602-A3CF-D2E481DBC15E@hopcount.ca> <20150928155325.GA63874@gaon.net> <20150929095301.32c3e6a3@casual> <13F1D87F-1C07-40EB-86B0-564C4109C9B0@virtualized.org> <1973252D-924F-4EF1-A38F-5EC01AD331F6@gmail.com> <FDD04DCC-59C5-41F5-8CAF-1EF31CD65A34@virtualized.org> <63E1E01E-C172-4A0F-B434-F796546BB657@gmail.com> <C4FA9FA6-76E3-4FF3-862B-C5C0DF75C761@kirei.se> <D1C15986-603E-4932-B551-0497638D9849@vpnc.org> <02869F43-87A4-4797-8FD3-276C02DF665D@kirei.se> <EEA946B1-8BF3-4AB7-99D2-4C8CDCCF0EC0@vpnc.org> <F412CE02-C0BA-425E-BBF9-3A40B2B5FEA7@vpnc.org> <9F52E6FC-E503-4E3A-9998-363BF514CC1A@hopcount.ca> <CAKr6gn2HG9apg9Kz9wAk-mhyCFFXKk_ZthfwdMaU+daULarhsg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=_MailMate_86BD252F-95F7-4C88-BAFF-CB0B18F53269_="; micalg="pgp-sha1"; protocol="application/pgp-signature"
X-Mailer: MailMate (1.9.2r5141)
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/bTHQKLG6uV5ceKPnFagFufOh5Yk>
Cc: dnsop WG <dnsop@ietf.org>, Paul Hoffman <paul.hoffman@vpnc.org>
Subject: Re: [DNSOP] Expiration impending: <draft-jabley-dnssec-trust-anchor-11.txt>
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Oct 2015 14:55:07 -0000


On 5 Oct 2015, at 10:42, George Michaelson wrote:

> Something very left field for me, but I believe important, is that we need
> to also publish the out-of-band publication point of the trust material.

This draft is exclusively concerned with publishing trust anchors out-of-band of the protocol.

> I mentioned this to Joe some time ago and was very correctly told "out of
> scope" but I believe its nonsensical to exclude physical publication, eg in
> newspapers of record for at least 3 economies worldwide, of the hash of the
> public key as a standing event.

This draft aims to document current practice. To my knowledge, nobody has ever published a trust anchor (or even a pointer to it) in print media.

> In-band only has some issues for me, if we are talking about trust.

Me too, hence the decision by ICANN to publish trust anchors using out-of-band mechanisms in 2009/2010, as this draft aims to document.


Joe

v2.23.0 | Report a Bug | By Email