Re: Bruce Schneier's Proposal to dedicate November meeting to savingthe Internet from the NSA

Theodore Ts'o <tytso@mit.edu> Fri, 06 September 2013 14:29 UTC

Return-Path: <tytso@thunk.org>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DE8B611E819E for <ietf@ietfa.amsl.com>; Fri, 6 Sep 2013 07:29:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.8
X-Spam-Level:
X-Spam-Status: No, score=-2.8 tagged_above=-999 required=5 tests=[AWL=-0.800, BAYES_00=-2.599, J_CHICKENPOX_21=0.6, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0PLseThs6A0w for <ietf@ietfa.amsl.com>; Fri, 6 Sep 2013 07:29:15 -0700 (PDT)
Received: from imap.thunk.org (imap.thunk.org [IPv6:2600:3c02::f03c:91ff:fe96:be03]) by ietfa.amsl.com (Postfix) with ESMTP id E975911E819C for <ietf@ietf.org>; Fri, 6 Sep 2013 07:29:14 -0700 (PDT)
Received: from root (helo=closure.thunk.org) by imap.thunk.org with local-esmtp (Exim 4.80) (envelope-from <tytso@thunk.org>) id 1VHx29-000813-3M; Fri, 06 Sep 2013 14:29:13 +0000
Received: by closure.thunk.org (Postfix, from userid 15806) id C214A5807F9; Fri, 6 Sep 2013 10:29:11 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=thunk.org; s=mail; t=1378477751; bh=543QF27/rfB7pUfjIFpxfS8WUNHmucYl+B+5wtPK4JI=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=jNytaxrQpyRDXLovIvhA2lgzO3bYZb+dXr5CY7rn+4zHtK98UP3ioEyuriLA58MnR 5xqxSgAvESXxkklBAsabVPvLtmiDgGCKkSFNWSf6Qta6l3wpMb5/QXixVigrYp+oyd FO2mwe7IwVPQCCWYi1HkIEoVibu9lp7dVPVCYHas=
Date: Fri, 06 Sep 2013 10:29:11 -0400
From: Theodore Ts'o <tytso@mit.edu>
To: Tony Finch <dot@dotat.at>
Subject: Re: Bruce Schneier's Proposal to dedicate November meeting to savingthe Internet from the NSA
Message-ID: <20130906142911.GD1249@thunk.org>
References: <alpine.BSF.2.00.1309051743130.47262@hiroshima.bogus.com> <52293197.1060809@gmail.com> <CAMm+LwjdN478yyU=J7=GTpQxqtdgP8wtdEtna50X+WtA-bV3hg@mail.gmail.com> <52294BDC.4060707@gmail.com> <20130906033254.GH62204@mx1.yitter.info> <CAMm+Lwg9kJymBWaEXwZfQ=P5Uo-UmYoNvvzewnXjUu+mhg+QTQ@mail.gmail.com> <006001ceaad6$61f39640$4001a8c0@gateway.2wire.net> <5229D6B0.1040709@qti.qualcomm.com> <20130906141612.GC1249@thunk.org> <alpine.LSU.2.00.1309061522140.8632@hermes-2.csi.cam.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <alpine.LSU.2.00.1309061522140.8632@hermes-2.csi.cam.ac.uk>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-SA-Exim-Connect-IP: <locally generated>
X-SA-Exim-Mail-From: tytso@thunk.org
X-SA-Exim-Scanned: No (on imap.thunk.org); SAEximRunCond expanded to false
Cc: IETF Discussion Mailing List <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Sep 2013 14:29:30 -0000

On Fri, Sep 06, 2013 at 03:26:42PM +0100, Tony Finch wrote:
> Theodore Ts'o <tytso@mit.edu> wrote:
> 
> > Speaking of which, Jim Gettys was trying to tell me yesterday that
> > BIND refuses to do DNSSEC lookups until the endpoint client has
> > generated a certificate.
> 
> That is wrong. DNSSEC validation affects a whole view - i.e. it is
> effectively global.
> 
> Clients can request DNSSEC records or not, regardless of whether they do
> any transaction security. Clients can do DNSSEC validation without any
> private keys.

That's what I hoped, thanks.

						- Ted