IETF Logo Mail Archive

Re: [Doh] IP address certificates

"Martin Thomson" <mt@lowentropy.net> Sun, 17 March 2019 20:45 UTC

Return-Path: <mt@lowentropy.net>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DAFCA1311E1 for <doh@ietfa.amsl.com>; Sun, 17 Mar 2019 13:45:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=oZtcy3Rx; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=l/yoAJle
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bMed4Tm7YR0d for <doh@ietfa.amsl.com>; Sun, 17 Mar 2019 13:45:12 -0700 (PDT)
Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com [66.111.4.26]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 48EFE1311E0 for <doh@ietf.org>; Sun, 17 Mar 2019 13:45:12 -0700 (PDT)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id 61A1E21448 for <doh@ietf.org>; Sun, 17 Mar 2019 16:45:11 -0400 (EDT)
Received: from imap2 ([10.202.2.52]) by compute1.internal (MEProxy); Sun, 17 Mar 2019 16:45:11 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=fm1; bh=z3KNzcdRElk2lpedny7no0xsky0PxCM Sadt5lRpgYUM=; b=oZtcy3RxNAzlWdyXn6EGawfFITIHw5+Vo1j9Uc+2R3JpSTc VBwamFX/FdpsAwAr3XNPLIOdWvAzJbqxCs/gHC5xC06JKpCs8/c/hsZKUA62uR+Q t9dUA3MaykZLkY8EwNjCB64u6aU2mq2EdbB9VdADHkTmeZK8U1FTgL1ezEAlrxv9 HWrnp7cGUqN4p7e9dOaUBn0MF82t7sQ94iLXumjkmTfbBeCFSiIJ1egW+rju3fUO Kxtfvs9zq8dyVFHtJdjg/q5YbVigub2a2KWwlx6xCvqX8bdgfEilN5bO9uQtUPWe vLEzpYddArOX2onrsD22MngehEWs2BtVqbZ9z9Q==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=z3KNzc dRElk2lpedny7no0xsky0PxCMSadt5lRpgYUM=; b=l/yoAJlecbL/Q+MHGTl5ih EwmG98aSsiwUwHvjrBhgG3Bjom+9t9mJ90dx7eCncQnv1Xaxg3fYnVX/1INkOSe1 Hj2iS4x6Pr2gyA9vgSEInwSw/pPoBDy+fS6C5umBBpYtlMHaFKxUsEgc7eIyDW8e HUJ1k2fw0D5PWi36uGVDyVXIy88l4HoXnG97kuIRCSeMH/9s0butY9KXAO40jGST CiTgPcCb3lADMQ9L1sMNkqn0WQ91Ad/hoLghdWRJV4HOkrXCmQuvLfRTzGq4nzJG MFOLyObXb5ZRNy6NtaJDlOvELZnoq7s2EDEfuvkhgF5+RWXC2PB46jDXEJnRgPrw ==
X-ME-Sender: <xms:1rGOXER7kllWsd0n0vInmli5yQdbaVf0I9MrQ1t7Dn_siN2gDwmf3g>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedutddrheelgddugeefucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfgjfhffhffvufgtsehttd ertderredtnecuhfhrohhmpedfofgrrhhtihhnucfvhhhomhhsohhnfdcuoehmtheslhho figvnhhtrhhophihrdhnvghtqeenucfrrghrrghmpehmrghilhhfrhhomhepmhhtsehloh ifvghnthhrohhphidrnhgvthenucevlhhushhtvghrufhiiigvpedt
X-ME-Proxy: <xmx:1rGOXO6pQmOURGfhBb3XjjJnCUZv5AsLFzJH0vH3uvM3_dwEbQ29Dw> <xmx:1rGOXCQW59Es7IgPtbcSjh95dpGfB8Wb8pta6gO5IHFwi5_FhY-7TA> <xmx:1rGOXJBGUjoly1ByMCZr0XIoyrWnGGTf2STZ5gFz6c0_DwRYUmRy8A> <xmx:17GOXF_Mb3f4uMZz2jwZ1nYc7dDWZMj103YtkVBKTo-uCba92vKKIA>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id DF68B7C32E; Sun, 17 Mar 2019 16:45:10 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.5-976-g376b1f3-fmstable-20190314v3
Mime-Version: 1.0
X-Me-Personality: 92534000
Message-Id: <2cbff385-7e78-452d-b82d-08acf56ab4df@www.fastmail.com>
In-Reply-To: <F680895B-2BCA-48D9-8C28-C34E93BF73A3@icann.org>
References: <CAHbrMsCNyeabhk0sVexOHVedVkgG2dvV9T8wWL++om5juAUvEw@mail.gmail.com> <ED16E0D8-BBCB-4316-A116-BA8513F523A3@sky.uk> <F680895B-2BCA-48D9-8C28-C34E93BF73A3@icann.org>
Date: Sun, 17 Mar 2019 16:45:12 -0400
From: "Martin Thomson" <mt@lowentropy.net>
To: doh@ietf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/D-gYwav1n9Gvi1doLSFIYKQ-HR8>
Subject: Re: [Doh] IP address certificates
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 17 Mar 2019 20:45:14 -0000

On Sat, Mar 16, 2019, at 03:22, Paul Hoffman wrote:
> Can you say why they are bad? They are not common, but they are 
> certainly available and have proven useful in some environments for a 
> long time.

Didn't we already discuss this?  Sure they can be issued and relied upon, which makes them useful in some environments.  They also tend to be useless in more situations than not.

v2.8.7 | Report a Bug | By Email