Re: DNSSEC architecture vs reality
Nico Williams <nico@cryptonector.com> Tue, 13 April 2021 01:41 UTC
Return-Path: <nico@cryptonector.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E4C263A098C for <ietf@ietfa.amsl.com>; Mon, 12 Apr 2021 18:41:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.118
X-Spam-Level:
X-Spam-Status: No, score=-2.118 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cryptonector.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 02Q-6YgUQsRI for <ietf@ietfa.amsl.com>; Mon, 12 Apr 2021 18:41:12 -0700 (PDT)
Received: from gainsboro.apple.relay.mailchannels.net (gainsboro.apple.relay.mailchannels.net [23.83.208.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 65ABB3A098B for <ietf@ietf.org>; Mon, 12 Apr 2021 18:41:12 -0700 (PDT)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 2D56E7E2C70; Tue, 13 Apr 2021 01:41:11 +0000 (UTC)
Received: from pdx1-sub0-mail-a84.g.dreamhost.com (100-96-27-157.trex.outbound.svc.cluster.local [100.96.27.157]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id BAE877E2E2B; Tue, 13 Apr 2021 01:41:10 +0000 (UTC)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from pdx1-sub0-mail-a84.g.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384) by 100.96.27.157 (trex/6.1.1); Tue, 13 Apr 2021 01:41:11 +0000
X-MC-Relay: Good
X-MailChannels-SenderId: dreamhost|x-authsender|nico@cryptonector.com
X-MailChannels-Auth-Id: dreamhost
X-Trade-Thoughtful: 0643590855a27b10_1618278071015_3252195826
X-MC-Loop-Signature: 1618278071015:1787856954
X-MC-Ingress-Time: 1618278071015
Received: from pdx1-sub0-mail-a84.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a84.g.dreamhost.com (Postfix) with ESMTP id 7796E85932; Mon, 12 Apr 2021 18:41:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=cryptonector.com; bh=c7jv0WRnjXJsLJ zkVhD4HSm0YN8=; b=Afl/wYp+M+eIiVX36YQmcHVmKq7j6aa54pzMVxg0Vdcskf DsG114PAM6l9okc6xvrjrPFUKRbzOLBseqybj6e7XMLacd5sEmXAjMOBfzEBa9LP 6SLDzU44/+hTY9QWn0ySW854mp0stfyb6PPXoo04dikEyBnMPw10/9K2nrAVo=
Received: from localhost (unknown [24.28.108.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by pdx1-sub0-mail-a84.g.dreamhost.com (Postfix) with ESMTPSA id 8C54F7E63F; Mon, 12 Apr 2021 18:41:05 -0700 (PDT)
Date: Mon, 12 Apr 2021 20:41:02 -0500
X-DH-BACKEND: pdx1-sub0-mail-a84
From: Nico Williams <nico@cryptonector.com>
To: Michael Thomas <mike@mtcc.com>
Cc: John C Klensin <john-ietf@jck.com>, ietf@ietf.org
Subject: Re: DNSSEC architecture vs reality
Message-ID: <20210413014101.GE9612@localhost>
References: <585D8590-472B-4CBC-8292-5BE85521DD76@gmail.com> <a6545baf-b15e-3690-d7b5-be33c4078e02@mtcc.com> <20210412221435.GV9612@localhost> <0755b70e-cc8e-3404-73cd-51950b3d7e53@mtcc.com> <20210412222748.GW9612@localhost> <b0a43f25-c4c2-9f3c-1a42-426a6ef6afa0@mtcc.com> <5F7F84363A52E9AB79CBF9B2@PSB> <06a8c3ef-3cd0-e287-b749-d874d9217ecf@mtcc.com> <D871236156E274EABD68A85D@PSB> <f435cc1c-0586-18e9-54d4-1d3a78d2829e@mtcc.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <f435cc1c-0586-18e9-54d4-1d3a78d2829e@mtcc.com>
User-Agent: Mutt/1.9.4 (2018-02-28)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/asB-tYYq7rk7DgMJZtqoIyI6O98>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Apr 2021 01:41:17 -0000
On Mon, Apr 12, 2021 at 06:28:23PM -0700, Michael Thomas wrote: > [...]. That's why I think it's a realistic opportunity for > quic+dane. [...] I think DANE has great reasons to exist and get deployed. Critical pieces could come into place this year of three years from now, though sooner is better (and, really, before we have a crisis of some sort with WebPKI). > [...]. But finding out that Google doesn't sign their zones is > disappointing. Again, that has to do with issues that may have passed now, and it may be possible to nudge them to sign their zones now.
- Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Ben Laurie
- Re: Quic: the elephant in the room Stephane Bortzmeyer
- Re: Quic: the elephant in the room Ben Laurie
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Nico Williams
- Re: Quic: the elephant in the room Viktor Dukhovni
- Re: Quic: the elephant in the room Michael Thomas
- Re: DNS vs PKI, was Quic: the elephant in the room John Levine
- Re: DNS vs PKI, was Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Nico Williams
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Nico Williams
- Re: Quic: the elephant in the room Viktor Dukhovni
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: Quic: the elephant in the room Viktor Dukhovni
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: Quic: the elephant in the room Ben Laurie
- Re: Quic: the elephant in the room Ben Laurie
- Re: Quic: the elephant in the room Ben Laurie
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Viktor Dukhovni
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Nico Williams
- Re: Quic: the elephant in the room Nico Williams
- Re: Quic: the elephant in the room Salz, Rich
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: Quic: the elephant in the room Nico Williams
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: Quic: the elephant in the room Salz, Rich
- Re: Quic: the elephant in the room Ben Laurie
- Re: Quic: the elephant in the room Ben Laurie
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Viktor Dukhovni
- Re: Quic: the elephant in the room Ben Laurie
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: Quic: the elephant in the room David Conrad
- Re: Quic: the elephant in the room David Conrad
- Re: Quic: the elephant in the room Viktor Dukhovni
- DNSSEC architecture vs reality (was: Re: Quic: th… Keith Moore
- Re: DNSSEC architecture vs reality (was: Re: Quic… Michael Thomas
- Re: Quic: the elephant in the room Nico Williams
- Re: Quic: the elephant in the room Salz, Rich
- Re: Quic: the elephant in the room Nico Williams
- Re: Quic: the elephant in the room Viktor Dukhovni
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: DNSSEC architecture vs reality (was: Re: Quic… Viktor Dukhovni
- Re: Quic: the elephant in the room Andrew McConachie
- Re: DNSSEC architecture vs reality Keith Moore
- Re: DNSSEC architecture vs reality Petite Abeille
- Re: Quic: the elephant in the room Salz, Rich
- Re: Quic: the elephant in the room Salz, Rich
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: DNSSEC architecture vs reality Marco Davids
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Salz, Rich
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Nico Williams
- Re: Quic: the elephant in the room Viktor Dukhovni
- Re: Quic: the elephant in the room Nico Williams
- Re: Quic: the elephant in the room Viktor Dukhovni
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Nico Williams
- Re: Quic: the elephant in the room Nico Williams
- Re: Quic: the elephant in the room Viktor Dukhovni
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Salz, Rich
- Re: Quic: the elephant in the room Viktor Dukhovni
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: Quic: the elephant in the room Nico Williams
- Re: Quic: the elephant in the room Salz, Rich
- Re: Quic: the elephant in the room Viktor Dukhovni
- Re: Quic: the elephant in the room Salz, Rich
- Re: DNSSEC architecture vs reality Michael Thomas
- Re: DNSSEC architecture vs reality Nico Williams
- Re: DNSSEC architecture vs reality Michael Thomas
- Re: DNSSEC architecture vs reality Nico Williams
- Re: DNSSEC architecture vs reality Michael Thomas
- Re: DNSSEC architecture vs reality Nico Williams
- Re: DNSSEC architecture vs reality Michael Thomas
- Re: DNSSEC architecture vs reality John C Klensin
- Re: DNSSEC architecture vs reality Keith Moore
- Re: DNSSEC architecture vs reality Michael Thomas
- Re: DNSSEC architecture vs reality Michael Thomas
- Re: DNSSEC architecture vs reality Keith Moore
- Re: DNSSEC architecture vs reality Nico Williams
- Re: DNSSEC architecture vs reality Michael Thomas
- Re: DNSSEC architecture vs reality John C Klensin
- Re: DNSSEC architecture vs reality Keith Moore
- Re: DNSSEC architecture vs reality Michael Thomas
- Re: DNSSEC architecture vs reality Nico Williams
- Re: new RRTYPEs, was DNSSEC architecture vs reali… John Levine
- Re: new RRTYPEs, was DNSSEC architecture vs reali… Mark Andrews
- Re: DNSSEC architecture vs reality Petite Abeille
- Re: DNSSEC architecture vs reality Petite Abeille
- Re: DNSSEC architecture vs reality Andrew McConachie
- Re: DNSSEC architecture vs reality Patrik Fältström
- Re: DNSSEC architecture vs reality Eliot Lear
- Re: DNSSEC architecture vs reality Patrik Fältström
- Re: DNSSEC architecture vs reality Patrik Fältström
- Re: new RRTYPEs, was DNSSEC architecture vs reali… John R Levine
- Re: DNSSEC architecture vs reality Nico Williams
- Re: DNSSEC architecture vs reality Nico Williams
- Re: DNSSEC architecture vs reality Jim Fenton
- Re: DNSSEC architecture vs reality Masataka Ohta
- Re: DNSSEC architecture vs reality Petite Abeille
- Re: new RRTYPEs, was DNSSEC architecture vs reali… Phillip Hallam-Baker
- Re: new RRTYPEs, was DNSSEC architecture vs reali… Nico Williams
- Re: new RRTYPEs, was DNSSEC architecture vs reali… Donald Eastlake
- Re: new RRTYPEs, was DNSSEC architecture vs reali… Phillip Hallam-Baker
- Re: new RRTYPEs, was DNSSEC architecture vs reali… Viktor Dukhovni
- Re: new RRTYPEs, was DNSSEC architecture vs reali… Phillip Hallam-Baker
- Re: new RRTYPEs, was DNSSEC architecture vs reali… Vittorio Bertola
- Re: new RRTYPEs, was DNSSEC architecture vs reali… Phillip Hallam-Baker
- Re: Fwd: Quic: the Elephant in the Room Michael Thomas
- Fwd: Quic: the Elephant in the Room Lars Eggert
- RE: Fwd: Quic: the Elephant in the Room Vasilenko Eduard
- Re: Quic: the elephant in the room Ben Laurie
- Re: Quic: the elephant in the room Phillip Hallam-Baker