IETF Logo Mail Archive

Re: [homenet] I-D Action: draft-ietf-homenet-dot-10.txt

Ted Lemon <mellon@fugue.com> Tue, 01 August 2017 19:21 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8682D131C8B for <homenet@ietfa.amsl.com>; Tue, 1 Aug 2017 12:21:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9AxPKow0Fs70 for <homenet@ietfa.amsl.com>; Tue, 1 Aug 2017 12:21:49 -0700 (PDT)
Received: from mail-qk0-x22c.google.com (mail-qk0-x22c.google.com [IPv6:2607:f8b0:400d:c09::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C0A341317CC for <homenet@ietf.org>; Tue, 1 Aug 2017 12:21:49 -0700 (PDT)
Received: by mail-qk0-x22c.google.com with SMTP id z18so14944839qka.4 for <homenet@ietf.org>; Tue, 01 Aug 2017 12:21:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=w8+2VWsM3StgkkGHfeE30yLvpHBFZRl+RFAixpWNCVU=; b=iWUuLgMiltJ/33aVe6gJJz9ldEgcLpuuLNPy88FwLhzvh9qFCAe8DenzjdQyCdv0i0 OAFOvRYd6xcVHYWZfvT9l0dOmLIutCQe0NH0pZBg7PzMk5gdmkRTe/rS4inNuowqeCyi YZ38u9PrK1+wRHb1A5XT8dryRJC7dbUhbSVfI6NBA9rYc0A+3lR+L+CzIWdEdJD+7Il3 dDpSmuA3fOpyX/COovBFT760G6z1IfO3goJ7i9vnf0ONHLUZ1C/jHqdhfZMDnfgbN6WL UxWp6D1w8hcqV0Rqtns6uZ0ldw7dlX2wi1a6pmxU19hRQTUsWF9dFT5TIRUlc3Hx1Y+6 +R6Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=w8+2VWsM3StgkkGHfeE30yLvpHBFZRl+RFAixpWNCVU=; b=Mvy9t9kjK365qbuirq2fuZNSo1qMHAaGWdKcIvfRFmOYh9HUOooI+HHVbLdWkzQP9B nQTiGxRUNUg9lpT97VMm3dSPHTeoIh+MFpwPiX2ICCvp8teTVI4y9Ws7qVVp4ukaTUlM oXcqWRygzoGtyLCcof2+qsn0NJHf7gWVPUN2ARQ6RqdJFybZk4z9miqfr7QqHXBG27uA fp+52QRmb4kUybvEbw1JG15fmAcjg/jZgMEZGfqGVIFa5BnYBjSAvxQvzE0cp6GxzhVc m4trd+3sdnl0bFcWnI42v7AE38/m01udZA2JYBaw/NUACRXRnxkWL/BEtZtFU3wpU/L5 p9nQ==
X-Gm-Message-State: AIVw113+mkFSpuqihPgV/DFC6CYKwniu9dbUXkYQZWZ0Tmv3tOzhQj6e MFsyVCJO0tyjBmlU7fuqsA==
X-Received: by 10.55.115.132 with SMTP id o126mr25781437qkc.130.1501615308942; Tue, 01 Aug 2017 12:21:48 -0700 (PDT)
Received: from [10.0.30.153] (c-73-167-64-188.hsd1.ma.comcast.net. [73.167.64.188]) by smtp.gmail.com with ESMTPSA id t5sm1160769qtb.89.2017.08.01.12.21.47 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 01 Aug 2017 12:21:48 -0700 (PDT)
From: Ted Lemon <mellon@fugue.com>
Message-Id: <B03D7590-F79B-4017-B0D3-37AE286AB515@fugue.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_6ED14A29-6B27-412A-833B-BADD7BEE2BE5"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Date: Tue, 01 Aug 2017 15:21:46 -0400
In-Reply-To: <5980CE3E.1030709@mathemainzel.info>
Cc: "homenet@ietf.org" <homenet@ietf.org>, Juliusz Chroboczek <jch@irif.fr>
To: "Walter H." <Walter.H@mathemainzel.info>
References: <150127266271.25329.18484770769960144@ietfa.amsl.com> <597F7545.9000702@mathemainzel.info> <E51998F5-8EF9-4FC8-90BE-1D0BF1805339@fugue.com> <b562a9fd0ce2d8af63109aac47d1d47a.1501567308@squirrel.mail> <757C1755-AD78-43DE-93F0-E3D19BFE6C66@fugue.com> <2D09D61DDFA73D4C884805CC7865E6114DBE4251@GAALPA1MSGUSRBF.ITServices.sbc.com> <3A5D69EE-3F32-4773-90ED-D189E7523D9F@fugue.com> <7ilgn3xkfe.wl-jch@irif.fr> <5980C234.305@mathemainzel.info> <37733D96-1B94-47F4-BF74-E3E5C815823C@fugue.com> <5980CE3E.1030709@mathemainzel.info>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/homenet/ZS9Ok8Ml1rPrSmMvy10-TT7vEPI>
Subject: Re: [homenet] I-D Action: draft-ietf-homenet-dot-10.txt
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF Homenet WG mailing list <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Aug 2017 19:21:51 -0000

On Aug 1, 2017, at 2:53 PM, Walter H. <Walter.H@mathemainzel.info> wrote:
> is there a problem, to have the organization that has the delegation of ".home.arpa." also provide such SSL certificates 
> signed by an intermediate that got signed by any CA?

This is not how PKI works.   For a browser to trust a signing authority, the signing authority has to be vetted as trustworthy.   Honestly, PKI is a bit of a dumpster fire, but the point is that adding this requirement, even if we could, would not improve the situation.   Please understand that the goal of network security, including PKI, is not to make warnings go away: it is to protect users from attacks on the  security of their information and devices.

v2.23.0 | Report a Bug | By Email