IETF Logo Mail Archive

Re: Question - Can DNSSEC be operated in a manner which meets Khaled mandates?

todd glassey <tglassey@earthlink.net> Thu, 22 July 2010 00:09 UTC

Return-Path: <tglassey@earthlink.net>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 57D713A6840 for <ietf@core3.amsl.com>; Wed, 21 Jul 2010 17:09:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.073
X-Spam-Level:
X-Spam-Status: No, score=-2.073 tagged_above=-999 required=5 tests=[AWL=0.526, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4QEVsGyWnjVD for <ietf@core3.amsl.com>; Wed, 21 Jul 2010 17:09:37 -0700 (PDT)
Received: from elasmtp-scoter.atl.sa.earthlink.net (elasmtp-scoter.atl.sa.earthlink.net [209.86.89.67]) by core3.amsl.com (Postfix) with ESMTP id 2A3D63A6809 for <ietf@ietf.org>; Wed, 21 Jul 2010 17:09:36 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=dk20050327; d=earthlink.net; b=QHGwZGYp1Q8HOSBdokgY3JlR/WpxpBBMFon23hT8y0CcLNNa0ryr86ZmyGz5E2UG; h=Received:Message-ID:Date:From:User-Agent:MIME-Version:To:CC:Subject:References:In-Reply-To:Content-Type:Content-Transfer-Encoding:X-ELNK-Trace:X-Originating-IP;
Received: from [67.180.133.66] (helo=[192.168.1.100]) by elasmtp-scoter.atl.sa.earthlink.net with esmtpa (Exim 4.67) (envelope-from <tglassey@earthlink.net>) id 1ObjMH-0007wH-2s; Wed, 21 Jul 2010 20:09:53 -0400
Message-ID: <4C478C55.6020608@earthlink.net>
Date: Wed, 21 Jul 2010 17:09:57 -0700
From: todd glassey <tglassey@earthlink.net>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.4) Gecko/20100608 Thunderbird/3.1
MIME-Version: 1.0
To: Peter DeVries <peter@devries.tv>
Subject: Re: Question - Can DNSSEC be operated in a manner which meets Khaled mandates?
References: <4C4750D0.6090706@earthlink.net> <AANLkTinGDMsjyGL9pPlNFIp0ba1SY882IuZWUz2DT1lX@mail.gmail.com>
In-Reply-To: <AANLkTinGDMsjyGL9pPlNFIp0ba1SY882IuZWUz2DT1lX@mail.gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-ELNK-Trace: 01b7a7e171bdf5911aa676d7e74259b7b3291a7d08dfec79b78f2ea69670e69120b900d40fb63ced350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 67.180.133.66
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Jul 2010 00:09:38 -0000

 On 7/21/2010 1:41 PM, Peter DeVries wrote:
> Todd, I just read the ruling on this and am confused as to why you
> would think this applies to DNSSEC rather than DNS (or other
> information systems).  
Because I read the opinion and looked at what the idea of trustworthy
meant to the court. Something that is really really different than what
technical people think trustworthy meets.
> The reason this case was unable to proceed and
> the evidence was rejected seems to be because of the police handling
> of the system and witness.  The ruling specifically states that
> video/evidence capture devices are still admissible (See section II
> "analysis") as long as timeline and/or "reasonable representation of
> what it is alleged to portray." is available.
So then the time-service and sequence of events would need to be
provable... I totally get that.
> The problem is that the officer made available to the court had no
> firsthand knowledge of the incident, no understanding of the system,
> no knowledge of the time of information handling, and no internal
> knowledge of the development / testing of the system
Yep...
> Either this applies everywhere and DNSSEC is not unique or it applies
> nowhere as the data path will be further confirmed by
> administrator/operator knowledge.
Bingo - it applies everywhere. But the idea of DNSSEC being a solution
to the issue of evidence capture regarding any and all processes
> Can you explain in more detail with specific references as to how this
> applies to DNSSEC or IS systems as a whole.  I fail to see your
> concern.  
It applies to everything that creates data which could come to be
reviewed by a court.
> Also, operations is separate from prosecution.  DNSSEC has
> other purposes than prosecution and can most certainly be operated
> within this ruling.  I don't personally see issues with prosecution as
> long as the witnesses understand and explain how the situation was
> handled.
The problem is the integrity of the data model and whether it produces
> BTW, the appeals case number I read is: 30-2009-00304893.  Please let
> me know if there is another case you are referencing.

No that's it.
> Peter
>
> On Wed, Jul 21, 2010 at 3:56 PM, todd glassey <tglassey@earthlink.net> wrote:
>>  Folks - there is a Court Ruling from the 4th Appellate District which
>> is turning off Red Light Camera's everywhere and there is a question as
>> to whether that ruling would also effect how Secure DNS Services are run
>> and if so what would it do.
>>
>> The ruling is called California v Khaled and is getting significant
>> traction here in the State of California in all courts.
>>
>> Todd
>>
>> _______________________________________________
>> Ietf mailing list
>> Ietf@ietf.org
>> https://www.ietf.org/mailman/listinfo/ietf
>>

v2.23.0 | Report a Bug | By Email