Re: Question - Can DNSSEC be operated in a manner which meets Khaled mandates?
todd glassey <tglassey@earthlink.net> Thu, 22 July 2010 00:09 UTC
Return-Path: <tglassey@earthlink.net>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 57D713A6840 for <ietf@core3.amsl.com>; Wed, 21 Jul 2010 17:09:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.073
X-Spam-Level:
X-Spam-Status: No, score=-2.073 tagged_above=-999 required=5 tests=[AWL=0.526, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4QEVsGyWnjVD for <ietf@core3.amsl.com>; Wed, 21 Jul 2010 17:09:37 -0700 (PDT)
Received: from elasmtp-scoter.atl.sa.earthlink.net (elasmtp-scoter.atl.sa.earthlink.net [209.86.89.67]) by core3.amsl.com (Postfix) with ESMTP id 2A3D63A6809 for <ietf@ietf.org>; Wed, 21 Jul 2010 17:09:36 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=dk20050327; d=earthlink.net; b=QHGwZGYp1Q8HOSBdokgY3JlR/WpxpBBMFon23hT8y0CcLNNa0ryr86ZmyGz5E2UG; h=Received:Message-ID:Date:From:User-Agent:MIME-Version:To:CC:Subject:References:In-Reply-To:Content-Type:Content-Transfer-Encoding:X-ELNK-Trace:X-Originating-IP;
Received: from [67.180.133.66] (helo=[192.168.1.100]) by elasmtp-scoter.atl.sa.earthlink.net with esmtpa (Exim 4.67) (envelope-from <tglassey@earthlink.net>) id 1ObjMH-0007wH-2s; Wed, 21 Jul 2010 20:09:53 -0400
Message-ID: <4C478C55.6020608@earthlink.net>
Date: Wed, 21 Jul 2010 17:09:57 -0700
From: todd glassey <tglassey@earthlink.net>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.4) Gecko/20100608 Thunderbird/3.1
MIME-Version: 1.0
To: Peter DeVries <peter@devries.tv>
Subject: Re: Question - Can DNSSEC be operated in a manner which meets Khaled mandates?
References: <4C4750D0.6090706@earthlink.net> <AANLkTinGDMsjyGL9pPlNFIp0ba1SY882IuZWUz2DT1lX@mail.gmail.com>
In-Reply-To: <AANLkTinGDMsjyGL9pPlNFIp0ba1SY882IuZWUz2DT1lX@mail.gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-ELNK-Trace: 01b7a7e171bdf5911aa676d7e74259b7b3291a7d08dfec79b78f2ea69670e69120b900d40fb63ced350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 67.180.133.66
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Jul 2010 00:09:38 -0000
On 7/21/2010 1:41 PM, Peter DeVries wrote: > Todd, I just read the ruling on this and am confused as to why you > would think this applies to DNSSEC rather than DNS (or other > information systems). Because I read the opinion and looked at what the idea of trustworthy meant to the court. Something that is really really different than what technical people think trustworthy meets. > The reason this case was unable to proceed and > the evidence was rejected seems to be because of the police handling > of the system and witness. The ruling specifically states that > video/evidence capture devices are still admissible (See section II > "analysis") as long as timeline and/or "reasonable representation of > what it is alleged to portray." is available. So then the time-service and sequence of events would need to be provable... I totally get that. > The problem is that the officer made available to the court had no > firsthand knowledge of the incident, no understanding of the system, > no knowledge of the time of information handling, and no internal > knowledge of the development / testing of the system Yep... > Either this applies everywhere and DNSSEC is not unique or it applies > nowhere as the data path will be further confirmed by > administrator/operator knowledge. Bingo - it applies everywhere. But the idea of DNSSEC being a solution to the issue of evidence capture regarding any and all processes > Can you explain in more detail with specific references as to how this > applies to DNSSEC or IS systems as a whole. I fail to see your > concern. It applies to everything that creates data which could come to be reviewed by a court. > Also, operations is separate from prosecution. DNSSEC has > other purposes than prosecution and can most certainly be operated > within this ruling. I don't personally see issues with prosecution as > long as the witnesses understand and explain how the situation was > handled. The problem is the integrity of the data model and whether it produces > BTW, the appeals case number I read is: 30-2009-00304893. Please let > me know if there is another case you are referencing. No that's it. > Peter > > On Wed, Jul 21, 2010 at 3:56 PM, todd glassey <tglassey@earthlink.net> wrote: >> Folks - there is a Court Ruling from the 4th Appellate District which >> is turning off Red Light Camera's everywhere and there is a question as >> to whether that ruling would also effect how Secure DNS Services are run >> and if so what would it do. >> >> The ruling is called California v Khaled and is getting significant >> traction here in the State of California in all courts. >> >> Todd >> >> _______________________________________________ >> Ietf mailing list >> Ietf@ietf.org >> https://www.ietf.org/mailman/listinfo/ietf >>
- Question - Can DNSSEC be operated in a manner whi… todd glassey
- Re: Question - Can DNSSEC be operated in a manner… Peter DeVries
- Re: Question - Can DNSSEC be operated in a manner… todd glassey
- Re: Question - Can DNSSEC be operated in a manner… Ted Ts'o
- Re: Question - Can DNSSEC be operated in a manner… todd glassey
- Re: Question - Can DNSSEC be operated in a manner… todd glassey
- Re: Question - Can DNSSEC be operated in a manner… Phillip Hallam-Baker
- Re: Question - Can DNSSEC be operated in a manner… Masataka Ohta