IETF Logo Mail Archive

Re: [homenet] I-D Action: draft-ietf-homenet-dot-10.txt

"Walter H." <Walter.H@mathemainzel.info> Tue, 01 August 2017 18:02 UTC

Return-Path: <Walter.H@mathemainzel.info>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0D46812ECB4 for <homenet@ietfa.amsl.com>; Tue, 1 Aug 2017 11:02:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.721
X-Spam-Level:
X-Spam-Status: No, score=-2.721 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mathemainzel.info
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9oDSMrJotsan for <homenet@ietfa.amsl.com>; Tue, 1 Aug 2017 11:02:31 -0700 (PDT)
Received: from mx05lb.world4you.com (mx05lb.world4you.com [81.19.149.115]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5AAC41200C5 for <homenet@ietf.org>; Tue, 1 Aug 2017 11:02:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mathemainzel.info; s=dkim11; h=Content-Type:In-Reply-To:References:Subject:CC:To:MIME-Version:From:Date:Message-ID; bh=n7BJldlNQO4R4SlJd9l0R/8bNBnOh0IVxSAbJkWVmgI=; b=kS5/e1VY3tGHN7wRvN32CWILxHnEB603A9Gzp8iUQZcgR9hR0Cgt3EbKiMZJ4UF3vGjMoxIB8tVXoUMdhziVMuTqfvrvslE1QOlA8lshFOp+TrvuVUJOiJs3Ubcrt4oKvf4t7yJvgYuE3SepbLLJuixIqKsBzqA9d1NhY1Okhds=;
Received: from [90.146.55.206] (helo=home.mail) by mx05lb.world4you.com with esmtpsa (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.84_2) (envelope-from <Walter.H@mathemainzel.info>) id 1dcbUz-0003S9-4k; Tue, 01 Aug 2017 20:02:29 +0200
Message-ID: <5980C234.305@mathemainzel.info>
Date: Tue, 01 Aug 2017 20:02:28 +0200
From: "Walter H." <Walter.H@mathemainzel.info>
Organization: Home
User-Agent: Mozilla/5.0 (UNIX; U; Cray X-MP/48; en-US; rv:2.70) Gecko/20110929 Communicator/7.20
MIME-Version: 1.0
To: Juliusz Chroboczek <jch@irif.fr>
CC: Ted Lemon <mellon@fugue.com>, "homenet@ietf.org" <homenet@ietf.org>
References: <150127266271.25329.18484770769960144@ietfa.amsl.com> <597F7545.9000702@mathemainzel.info> <E51998F5-8EF9-4FC8-90BE-1D0BF1805339@fugue.com> <b562a9fd0ce2d8af63109aac47d1d47a.1501567308@squirrel.mail> <757C1755-AD78-43DE-93F0-E3D19BFE6C66@fugue.com> <2D09D61DDFA73D4C884805CC7865E6114DBE4251@GAALPA1MSGUSRBF.ITServices.sbc.com> <3A5D69EE-3F32-4773-90ED-D189E7523D9F@fugue.com> <7ilgn3xkfe.wl-jch@irif.fr>
In-Reply-To: <7ilgn3xkfe.wl-jch@irif.fr>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha1"; boundary="------------ms060804080908000807080502"
X-SA-Do-Not-Run: Yes
X-AV-Do-Run: Yes
X-SA-Exim-Connect-IP: 90.146.55.206
X-SA-Exim-Mail-From: Walter.H@mathemainzel.info
X-SA-Exim-Scanned: No (on mx05lb.world4you.com); SAEximRunCond expanded to false
Archived-At: <https://mailarchive.ietf.org/arch/msg/homenet/rSatLWoegHsc0kzm6S83p3Q9yEw>
Subject: Re: [homenet] I-D Action: draft-ietf-homenet-dot-10.txt
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF Homenet WG mailing list <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Aug 2017 18:02:34 -0000

On 01.08.2017 19:33, Juliusz Chroboczek wrote:
> I think that Barbara expressed very clearly why the CA model is simply not
> adapted to the Homenet.  I don't think we should be complicating the
> Homenet protocol stack in order to work around the limitations of the
> browser stack.
I'm not thinking about the homenet protocol I think of the fact that the
'.home.arpa' is the general purpose domain which can be used in home 
networks
just for simple DNS, there is nothing said about the homenet protocol at 
all;

what is the real problem having stricht rules in this Draft/RFC to get an
SSL certificate that can be used  inside such an environment;
so that no own PKI is neccessary?

by the way, when you look at the x509 certificate chain, that is used by 
intel.com
you find an intermediate, that this can only be used to sign requets for 
domains that Intel own ...
why not just having such a intermediate for '.home.arpa.' domains?
this intermediate can even be public including its private key ...

in a short time there will be no way to go over the warnings in browsers,
these will be errors, where any connection will be blocked.

v2.23.0 | Report a Bug | By Email