IETF Logo Mail Archive

Re: [homenet] I-D Action: draft-ietf-homenet-dot-10.txt

"Walter H." <Walter.H@mathemainzel.info> Tue, 01 August 2017 18:54 UTC

Return-Path: <Walter.H@mathemainzel.info>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 49BEE1322D3 for <homenet@ietfa.amsl.com>; Tue, 1 Aug 2017 11:54:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mathemainzel.info
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p2C5ePLfVdFo for <homenet@ietfa.amsl.com>; Tue, 1 Aug 2017 11:54:19 -0700 (PDT)
Received: from mx27lb.world4you.com (mx27lb.world4you.com [81.19.149.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A06361322CF for <homenet@ietf.org>; Tue, 1 Aug 2017 11:54:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mathemainzel.info; s=dkim11; h=Content-Type:In-Reply-To:References:Subject:CC:To:MIME-Version:From:Date:Message-ID; bh=qxu7AN1LUUJ4rHVr4FwaVIw2R3Xi3uh2lqJBqe8N3hg=; b=r3marrYEuXAxbsf68jz1w3pyNE2yY4ienKVHRCTyExR19B+LhuJZ7/bOMYsmVyayrvA8QH/mSPunH9Az4DP/rbAwz7lBjUT/hAOsRby5M0+ENKSHlCt9gFF53qtMoZXKlSjVx75L5OdH5JwFCglshT+nPO21HunbeWU2llkSd08=;
Received: from [90.146.55.206] (helo=home.mail) by mx27lb.world4you.com with esmtpsa (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.84_2) (envelope-from <Walter.H@mathemainzel.info>) id 1dccIy-0005x7-S4; Tue, 01 Aug 2017 20:54:08 +0200
Message-ID: <5980CE3E.1030709@mathemainzel.info>
Date: Tue, 01 Aug 2017 20:53:50 +0200
From: "Walter H." <Walter.H@mathemainzel.info>
Organization: Home
User-Agent: Mozilla/5.0 (UNIX; U; Cray X-MP/48; en-US; rv:2.70) Gecko/20110929 Communicator/7.20
MIME-Version: 1.0
To: Ted Lemon <mellon@fugue.com>
CC: "homenet@ietf.org" <homenet@ietf.org>, Juliusz Chroboczek <jch@irif.fr>
References: <150127266271.25329.18484770769960144@ietfa.amsl.com> <597F7545.9000702@mathemainzel.info> <E51998F5-8EF9-4FC8-90BE-1D0BF1805339@fugue.com> <b562a9fd0ce2d8af63109aac47d1d47a.1501567308@squirrel.mail> <757C1755-AD78-43DE-93F0-E3D19BFE6C66@fugue.com> <2D09D61DDFA73D4C884805CC7865E6114DBE4251@GAALPA1MSGUSRBF.ITServices.sbc.com> <3A5D69EE-3F32-4773-90ED-D189E7523D9F@fugue.com> <7ilgn3xkfe.wl-jch@irif.fr> <5980C234.305@mathemainzel.info> <37733D96-1B94-47F4-BF74-E3E5C815823C@fugue.com>
In-Reply-To: <37733D96-1B94-47F4-BF74-E3E5C815823C@fugue.com>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha1"; boundary="------------ms000301060704050704080102"
X-SA-Do-Not-Run: Yes
X-AV-Do-Run: Yes
X-SA-Exim-Connect-IP: 90.146.55.206
X-SA-Exim-Mail-From: Walter.H@mathemainzel.info
X-SA-Exim-Scanned: No (on mx27lb.world4you.com); SAEximRunCond expanded to false
Archived-At: <https://mailarchive.ietf.org/arch/msg/homenet/6-sQdfkOK3pY8-UT_YWpg_ajKBk>
Subject: Re: [homenet] I-D Action: draft-ietf-homenet-dot-10.txt
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF Homenet WG mailing list <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Aug 2017 18:54:22 -0000

On 01.08.2017 20:04, Ted Lemon wrote:
> On Aug 1, 2017, at 2:02 PM, Walter H. <Walter.H@mathemainzel.info 
> <mailto:Walter.H@mathemainzel.info>> wrote:
>> what is the real problem having stricht rules in this Draft/RFC to get an
>> SSL certificate that can be used  inside such an environment;
>> so that no own PKI is neccessary?
>
> The problem is that it's not up to us to set these rules—it's up to 
> CABF, and they have ruled on this, and (IMO) not capriciously.

is there a problem, to have the organization that has the delegation of 
".home.arpa." also provide such SSL certificates
signed by an intermediate that got signed by any CA?

and these should be a section in this Draft/RFC ...

so that there is neither need of errors/warning neither red nor cowblue 
or other color; and also no need of having an own PKI
when not wanted to or or not having the knowledge about at all;

it would be quite strange to think that anybody that use a browser for 
electronic banking has the knowledge about SSL ...
by the way knowledge about SSL is more common than knowledge about 
DNSSEC ...

in good old german we would say: "wo ein Wille da ein Weg" or in strange 
English: "a way is open when its wanted to be open"

v2.23.0 | Report a Bug | By Email