IETF Logo Mail Archive

Re: authentication without https (was Re: https at ietf.org)

Ted Lemon <Ted.Lemon@nominum.com> Wed, 06 November 2013 15:18 UTC

Return-Path: <Ted.Lemon@nominum.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E4E0A21E8120 for <ietf@ietfa.amsl.com>; Wed, 6 Nov 2013 07:18:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.589
X-Spam-Level:
X-Spam-Status: No, score=-106.589 tagged_above=-999 required=5 tests=[AWL=0.010, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h54Ed9ooIrMM for <ietf@ietfa.amsl.com>; Wed, 6 Nov 2013 07:18:52 -0800 (PST)
Received: from exprod7og105.obsmtp.com (exprod7og105.obsmtp.com [64.18.2.163]) by ietfa.amsl.com (Postfix) with ESMTP id 302D511E81AC for <ietf@ietf.org>; Wed, 6 Nov 2013 07:18:52 -0800 (PST)
Received: from shell-too.nominum.com ([64.89.228.229]) (using TLSv1) by exprod7ob105.postini.com ([64.18.6.12]) with SMTP ID DSNKUnpd3GgGD4h82DHJpQJnzglBmUrt6Er3@postini.com; Wed, 06 Nov 2013 07:18:52 PST
Received: from archivist.nominum.com (archivist.nominum.com [64.89.228.108]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.nominum.com", Issuer "Go Daddy Secure Certification Authority" (verified OK)) by shell-too.nominum.com (Postfix) with ESMTP id 8083D1B82E3 for <ietf@ietf.org>; Wed, 6 Nov 2013 07:18:51 -0800 (PST)
Received: from webmail.nominum.com (cas-01.win.nominum.com [64.89.228.131]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "mail.nominum.com", Issuer "Go Daddy Secure Certification Authority" (verified OK)) by archivist.nominum.com (Postfix) with ESMTPS id 5D957190043; Wed, 6 Nov 2013 07:18:51 -0800 (PST) (envelope-from Ted.Lemon@nominum.com)
Received: from MBX-01.WIN.NOMINUM.COM ([64.89.228.133]) by CAS-01.WIN.NOMINUM.COM ([64.89.228.131]) with mapi id 14.03.0158.001; Wed, 6 Nov 2013 07:18:51 -0800
From: Ted Lemon <Ted.Lemon@nominum.com>
To: Dave Crocker <dcrocker@bbiw.net>, Dave Crocker <dhc@dcrocker.net>
Subject: Re: authentication without https (was Re: https at ietf.org)
Thread-Topic: authentication without https (was Re: https at ietf.org)
Thread-Index: AQHO2wB6CVA0qCsbnEmyNg/29eHwQ5oY1xqA
Date: Wed, 06 Nov 2013 15:18:50 +0000
Message-ID: <B985DF08-B01A-45A3-8572-1001A12335A3@nominum.com>
References: <CAHBU6ivbrk=NXgd4_5Upik+8H0AbHRy3kJnN=8fcK+Bz3pOV9Q@mail.gmail.com> <alpine.LRH.2.01.1311051733570.4200@egate.xpasc.com> <01P0FR4HDQNG00004G@mauve.mrochek.com> <CAHBU6ivZS33r4HHbCC391Ug9fMtZkJ3nojEeeqH5L+0+o3ZqGQ@mail.gmail.com> <01P0FU0CS96Q00004G@mauve.mrochek.com> <26C6A672-A5D2-44C4-B343-9CCE5E388348@standardstrack.com> <CAKHUCzzzT-0p89uT62zrxGqF1XACG+Ok7hNLcuTaDad7R7eCTQ@mail.gmail.com> <EA2A8649-F8E6-4802-BDD7-AD593D387B9D@nominum.com> <527A58AA.5080301@dcrocker.net>
In-Reply-To: <527A58AA.5080301@dcrocker.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [192.168.1.10]
Content-Type: text/plain; charset="Windows-1252"
Content-ID: <B12B57409DB9B54F9B4D2BD97ECBCD8C@nominum.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: IETF-Discussion Discussion <ietf@ietf.org>, Eric Burger <eburger@standardstrack.com>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Nov 2013 15:18:58 -0000

Without taking a position on the particular technology being proposed (which I haven't looked at yet), I am happy to hear that I am not the only one thinking about this.   Of course we already have examples of mechanisms that do authenticated integrity checking of content—e.g., RPM, bittorrent and debian's apt—but these have not been generalized into a service that would solve the problem we are talking about here.   I'm curious to know whether anybody besides Dave and me thinks this is a problem worth solving.

v2.23.0 | Report a Bug | By Email