Re: Quic: the elephant in the room
Phillip Hallam-Baker <phill@hallambaker.com> Sun, 11 April 2021 04:20 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C92533A28F2 for <ietf@ietfa.amsl.com>; Sat, 10 Apr 2021 21:20:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.399
X-Spam-Level:
X-Spam-Status: No, score=-1.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DbRqU5DPeTKE for <ietf@ietfa.amsl.com>; Sat, 10 Apr 2021 21:20:40 -0700 (PDT)
Received: from mail-yb1-f179.google.com (mail-yb1-f179.google.com [209.85.219.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A9FB13A28F0 for <ietf@ietf.org>; Sat, 10 Apr 2021 21:20:40 -0700 (PDT)
Received: by mail-yb1-f179.google.com with SMTP id c195so11156342ybf.9 for <ietf@ietf.org>; Sat, 10 Apr 2021 21:20:40 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=vWwOjabito0UnxBVfiXBvRfn3LdZgJ3Bz4XP1zb8ib4=; b=kjavz+W3ofC/CaWFF63neZh9CjsUOzwWl2A98dlaYQNfEiKrBXu1bA8N+trFrbsuF/ dG383aJDzapQGZ6Z3UjHKL+3ar73gGHr4jlT+RzfQfJU98lbv9yhiVyiynZ5BUq0WsT1 JXF43TALd3TUD8DJDaWrSgycDdWj1KapyCKUmMgqVBPXkXVt2qHatWqf/AFeV1EkcCfa 2CQCSYnc7FREpqd1Zudr/eNE3HY5RJdz98MXkC1htUd4L/0ZFBh2MWsNKxbBewH52S9P 03YX/FPG4+s/g8nA2hmM1XT9EV2PXQQBBMeax+m9oUhMdXXvT2fZ7UHOze0TEKBK2nct Y92w==
X-Gm-Message-State: AOAM531K+z1eFsYMl8Cim4++dFa4WhV9u0cqNf1STMqWnnDc4b2uG0k2 mKpUO1wDUgRZecczG9/4N5gIhyhqMnO5FAW5CAAG/2PHl1lZIg==
X-Google-Smtp-Source: ABdhPJxFvoyORrMvYNXCzN7mN3fWCUCbhVGnfWl390JxAROhN648iNf0GB6zttya0RBnFQWPeZ0jCP+2hGPE2d6dPD8=
X-Received: by 2002:a25:850b:: with SMTP id w11mr29740860ybk.518.1618114839030; Sat, 10 Apr 2021 21:20:39 -0700 (PDT)
MIME-Version: 1.0
References: <3b25c77d-e721-e86d-6c34-a90039aab0e2@mtcc.com> <CAMm+Lwhi8xwFgZJL7jod2g4urZt_f+dm0tNi+3y1osqOfch2mQ@mail.gmail.com> <3593a01f-73f4-7d03-a85b-dff64a8b070e@mtcc.com> <CABrd9STZXonBDvWB7Z36H2mD20Juubc01TUmEvpfWkvJggQVOQ@mail.gmail.com> <20210410175712.GF9612@localhost> <926C5F27-E011-4809-88DB-DBC9A8976D01@dukhovni.org> <20210410195048.GG9612@localhost> <bfdceabb-143b-a0ab-3041-05888e8f39f2@mtcc.com> <YHIPXIA8KUueSd+f@straasha.imrryr.org>
In-Reply-To: <YHIPXIA8KUueSd+f@straasha.imrryr.org>
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Sun, 11 Apr 2021 00:20:28 -0400
Message-ID: <CAMm+LwiLkkv0wgRQQ23dwrMFm7tqDyk9DLkiu8chN68QZb-hXw@mail.gmail.com>
Subject: Re: Quic: the elephant in the room
To: IETF Discussion Mailing List <ietf@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000002fb10c05bfaab8ae"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/CLB6HCPcwrQMdLtmcBH_EmjTBNc>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 11 Apr 2021 04:20:46 -0000
The number of people signing is utterly irrelevant. Nothing was ever secured by creating a digital signature, not once, not ever. Only VERIFYING digital signatures provides security. And nobody knows what to do when DNSSEC validation fails so nobody really does it and nobody is likely to if people keep trying to apply 1990s thinking to 2020s problems. What this means for NFTs is left as an exercise for the reader... On the trust root issue. Alice should be the root of trust for Alice, Bob should be the root of trust for Bob. That is what I have been building. And with an application that secures data at rest without rendering it unusable. What if Alice could register a lifelong callsign enrolled in an append only log which is ultimately notarized by every relying party? @alice -> [key: <alice's root key>, service: @provider] @provider -> [key: <provider root key>, DNS 10.10.10.10] What is this, well we have roots of trust for Alice and her Mesh service provider. And her service provider publishes the authoritative zone alice.mesh from an alt.root DNS service at 10.10.10.10 and this is DNSSEC signed under a root key countersigned under <alice's root key> providing security policy information and the TLS certs are signed under a chain cross certified by <alice's root key>. If six people here tell me they have read the drafts, I will add IPv6 to the testbed service when it goes live later this year. If successful, this will disrupt the business model of every CA that does not have the foresight to become a Mesh Service Provider in which case the threshold approach I make use of will provide them with significant and more substantial new business opportunities. The core concept of the callsign registry is that it is 'number portability for the Internet'. Alice owns @alice for life. The only time a callsign is ever reassigned without consent is when it is a trademark issue. I predicted the anti-trust storm and I have thought of a way out. Of course the callsign registry will have to be public goods administered through a not for profit. Callsigns have to be sufficiently cheap to create that we can give everyone on the planet at least one. DNS names cost $10/yr. I want to make names available for $0.10 for life. At that price banks and health care providers will likely find it cheaper to by them on behalf of customers who haven't got one yet. On Sat, Apr 10, 2021 at 4:50 PM Viktor Dukhovni <ietf-dane@dukhovni.org> wrote: > On Sat, Apr 10, 2021 at 12:59:34PM -0700, Michael Thomas wrote: > > > Yeah, I was trying to verify whether google, amazon and facebook sign > > but it appears not? my dig fu is admittedly bad so I might be full of it > > (hopefully). > > The largest US-based Internet companies have not yet signed their DNS > zones. The DNSSEC-signed domains among the top 500 Alexa-ranked sites > are: > > europa.eu 53 > nih.gov 62 > paypal.com 81 > cloudflare.com 91 > chaturbate.com 115 > cdc.gov 118 > canva.com 158 > stanford.edu 173 > nasa.gov 198 > force.com 201 > time.com 208 > salesforce.com 211 > doi.org 235 > foxnews.com 238 > padlet.com 254 > thestartmagazine.com 256 > themeforest.net 258 > debian.org 271 > berkeley.edu 279 > statcounter.com 285 > addtoany.com 290 > mediafire.com 309 > taboola.com 313 > ikea.com 321 > loc.gov 331 > pixabay.com 334 > ietf.org 336 > pki.goog 344 > irs.gov 349 > discord.com 354 > fda.gov 375 > avito.ru 385 > hubspot.com 387 > quizlet.com 392 > whitehouse.gov 412 > usda.gov 447 > state.gov 448 > epa.gov 489 > noaa.gov 490 > sciencedaily.com 491 > > -- > Viktor. > >
- Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Ben Laurie
- Re: Quic: the elephant in the room Stephane Bortzmeyer
- Re: Quic: the elephant in the room Ben Laurie
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Nico Williams
- Re: Quic: the elephant in the room Viktor Dukhovni
- Re: Quic: the elephant in the room Michael Thomas
- Re: DNS vs PKI, was Quic: the elephant in the room John Levine
- Re: DNS vs PKI, was Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Nico Williams
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Nico Williams
- Re: Quic: the elephant in the room Viktor Dukhovni
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: Quic: the elephant in the room Viktor Dukhovni
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: Quic: the elephant in the room Ben Laurie
- Re: Quic: the elephant in the room Ben Laurie
- Re: Quic: the elephant in the room Ben Laurie
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Viktor Dukhovni
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Nico Williams
- Re: Quic: the elephant in the room Nico Williams
- Re: Quic: the elephant in the room Salz, Rich
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: Quic: the elephant in the room Nico Williams
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: Quic: the elephant in the room Salz, Rich
- Re: Quic: the elephant in the room Ben Laurie
- Re: Quic: the elephant in the room Ben Laurie
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Viktor Dukhovni
- Re: Quic: the elephant in the room Ben Laurie
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: Quic: the elephant in the room David Conrad
- Re: Quic: the elephant in the room David Conrad
- Re: Quic: the elephant in the room Viktor Dukhovni
- DNSSEC architecture vs reality (was: Re: Quic: th… Keith Moore
- Re: DNSSEC architecture vs reality (was: Re: Quic… Michael Thomas
- Re: Quic: the elephant in the room Nico Williams
- Re: Quic: the elephant in the room Salz, Rich
- Re: Quic: the elephant in the room Nico Williams
- Re: Quic: the elephant in the room Viktor Dukhovni
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: DNSSEC architecture vs reality (was: Re: Quic… Viktor Dukhovni
- Re: Quic: the elephant in the room Andrew McConachie
- Re: DNSSEC architecture vs reality Keith Moore
- Re: DNSSEC architecture vs reality Petite Abeille
- Re: Quic: the elephant in the room Salz, Rich
- Re: Quic: the elephant in the room Salz, Rich
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: DNSSEC architecture vs reality Marco Davids
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Salz, Rich
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Nico Williams
- Re: Quic: the elephant in the room Viktor Dukhovni
- Re: Quic: the elephant in the room Nico Williams
- Re: Quic: the elephant in the room Viktor Dukhovni
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Nico Williams
- Re: Quic: the elephant in the room Nico Williams
- Re: Quic: the elephant in the room Viktor Dukhovni
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Salz, Rich
- Re: Quic: the elephant in the room Viktor Dukhovni
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: Quic: the elephant in the room Nico Williams
- Re: Quic: the elephant in the room Salz, Rich
- Re: Quic: the elephant in the room Viktor Dukhovni
- Re: Quic: the elephant in the room Salz, Rich
- Re: DNSSEC architecture vs reality Michael Thomas
- Re: DNSSEC architecture vs reality Nico Williams
- Re: DNSSEC architecture vs reality Michael Thomas
- Re: DNSSEC architecture vs reality Nico Williams
- Re: DNSSEC architecture vs reality Michael Thomas
- Re: DNSSEC architecture vs reality Nico Williams
- Re: DNSSEC architecture vs reality Michael Thomas
- Re: DNSSEC architecture vs reality John C Klensin
- Re: DNSSEC architecture vs reality Keith Moore
- Re: DNSSEC architecture vs reality Michael Thomas
- Re: DNSSEC architecture vs reality Michael Thomas
- Re: DNSSEC architecture vs reality Keith Moore
- Re: DNSSEC architecture vs reality Nico Williams
- Re: DNSSEC architecture vs reality Michael Thomas
- Re: DNSSEC architecture vs reality John C Klensin
- Re: DNSSEC architecture vs reality Keith Moore
- Re: DNSSEC architecture vs reality Michael Thomas
- Re: DNSSEC architecture vs reality Nico Williams
- Re: new RRTYPEs, was DNSSEC architecture vs reali… John Levine
- Re: new RRTYPEs, was DNSSEC architecture vs reali… Mark Andrews
- Re: DNSSEC architecture vs reality Petite Abeille
- Re: DNSSEC architecture vs reality Petite Abeille
- Re: DNSSEC architecture vs reality Andrew McConachie
- Re: DNSSEC architecture vs reality Patrik Fältström
- Re: DNSSEC architecture vs reality Eliot Lear
- Re: DNSSEC architecture vs reality Patrik Fältström
- Re: DNSSEC architecture vs reality Patrik Fältström
- Re: new RRTYPEs, was DNSSEC architecture vs reali… John R Levine
- Re: DNSSEC architecture vs reality Nico Williams
- Re: DNSSEC architecture vs reality Nico Williams
- Re: DNSSEC architecture vs reality Jim Fenton
- Re: DNSSEC architecture vs reality Masataka Ohta
- Re: DNSSEC architecture vs reality Petite Abeille
- Re: new RRTYPEs, was DNSSEC architecture vs reali… Phillip Hallam-Baker
- Re: new RRTYPEs, was DNSSEC architecture vs reali… Nico Williams
- Re: new RRTYPEs, was DNSSEC architecture vs reali… Donald Eastlake
- Re: new RRTYPEs, was DNSSEC architecture vs reali… Phillip Hallam-Baker
- Re: new RRTYPEs, was DNSSEC architecture vs reali… Viktor Dukhovni
- Re: new RRTYPEs, was DNSSEC architecture vs reali… Phillip Hallam-Baker
- Re: new RRTYPEs, was DNSSEC architecture vs reali… Vittorio Bertola
- Re: new RRTYPEs, was DNSSEC architecture vs reali… Phillip Hallam-Baker
- Re: Fwd: Quic: the Elephant in the Room Michael Thomas
- Fwd: Quic: the Elephant in the Room Lars Eggert
- RE: Fwd: Quic: the Elephant in the Room Vasilenko Eduard
- Re: Quic: the elephant in the room Ben Laurie
- Re: Quic: the elephant in the room Phillip Hallam-Baker