Re: Using DNS system as a Global Root Certificate Authority - possible ?
Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp> Mon, 28 December 2015 01:26 UTC
Return-Path: <mohta@necom830.hpcl.titech.ac.jp>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D443A1A8737 for <ietf@ietfa.amsl.com>; Sun, 27 Dec 2015 17:26:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 2.498
X-Spam-Level: **
X-Spam-Status: No, score=2.498 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, HELO_EQ_JP=1.244, HOST_EQ_JP=1.265, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TkD4Croc11Ta for <ietf@ietfa.amsl.com>; Sun, 27 Dec 2015 17:26:19 -0800 (PST)
Received: from necom830.hpcl.titech.ac.jp (necom830.hpcl.titech.ac.jp [131.112.32.132]) by ietfa.amsl.com (Postfix) with SMTP id 799401A8735 for <ietf@ietf.org>; Sun, 27 Dec 2015 17:26:19 -0800 (PST)
Received: (qmail 81898 invoked from network); 28 Dec 2015 01:07:44 -0000
Received: from necom830.hpcl.titech.ac.jp (HELO ?127.0.0.1?) (131.112.32.132) by necom830.hpcl.titech.ac.jp with SMTP; 28 Dec 2015 01:07:44 -0000
Subject: Re: Using DNS system as a Global Root Certificate Authority - possible ?
To: ietf@ietf.org
References: <CAOJ6w=EdXPzK7f=zS0epuYXkkEcwtop11Ttt6QUR1-FtN1rGWg@mail.gmail.com>
From: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
Message-ID: <56808FB2.5060807@necom830.hpcl.titech.ac.jp>
Date: Mon, 28 Dec 2015 10:26:10 +0900
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.4.0
MIME-Version: 1.0
In-Reply-To: <CAOJ6w=EdXPzK7f=zS0epuYXkkEcwtop11Ttt6QUR1-FtN1rGWg@mail.gmail.com>
Content-Type: text/plain; charset="iso-2022-jp"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/EhlQOwBxcOgUoJSF8D1Ow_jwRUA>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Dec 2015 01:26:21 -0000
Alexey Eromenko wrote: > Is there a way to *securely* retrieve such information from, for > example, authoritative > DNS server, without any middlebox (such as DNS proxy) mangling it ? You must avoid default port number 53 of DNS. Masataka Ohta
- Using DNS system as a Global Root Certificate Aut… Alexey Eromenko
- Re: Using DNS system as a Global Root Certificate… Warren Kumari
- Re: Using DNS system as a Global Root Certificate… Alexey Eromenko
- Re: Registrant identity, was Using DNS system as … John Levine
- Re: Using DNS system as a Global Root Certificate… Phillip Hallam-Baker
- Re: Using DNS system as a Global Root Certificate… John C Klensin
- Re: Using DNS system as a Global Root Certificate… Phillip Hallam-Baker
- Re: Using DNS system as a Global Root Certificate… Phillip Hallam-Baker
- Re: Using DNS system as a Global Root Certificate… Viktor Dukhovni
- Re: Using DNS system as a Global Root Certificate… Patrik Fältström
- Re: Using DNS system as a Global Root Certificate… Eliot Lear
- Re: Using DNS system as a Global Root Certificate… Patrik Fältström
- Re: Using DNS system as a Global Root Certificate… John C Klensin
- Re: Using DNS system as a Global Root Certificate… Masataka Ohta
- Re: Using DNS system as a Global Root Certificate… Masataka Ohta