Re: https at ietf.org

David Conrad <drc@virtualized.org> Mon, 25 November 2013 17:33 UTC

Return-Path: <drc@virtualized.org>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AECD81ADFC0 for <ietf@ietfa.amsl.com>; Mon, 25 Nov 2013 09:33:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.903
X-Spam-Level:
X-Spam-Status: No, score=-1.903 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gnq4ecZhStC7 for <ietf@ietfa.amsl.com>; Mon, 25 Nov 2013 09:33:11 -0800 (PST)
Received: from alpha.virtualized.org (alpha.virtualized.org [199.233.229.186]) by ietfa.amsl.com (Postfix) with ESMTP id 3FB0A1ADF8C for <ietf@ietf.org>; Mon, 25 Nov 2013 09:33:11 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by alpha.virtualized.org (Postfix) with ESMTP id 3C0A285D7C; Mon, 25 Nov 2013 12:33:11 -0500 (EST)
Received: from alpha.virtualized.org ([127.0.0.1]) by localhost (alpha.virtualized.org [127.0.0.1]) (maiad, port 10024) with ESMTP id 53007-10; Mon, 25 Nov 2013 12:33:11 -0500 (EST)
Received: from [10.0.1.6] (c-24-4-109-25.hsd1.ca.comcast.net [24.4.109.25]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: drc@virtualized.org) by alpha.virtualized.org (Postfix) with ESMTPSA id 9CC6285B80; Mon, 25 Nov 2013 12:33:10 -0500 (EST)
Content-Type: multipart/signed; boundary="Apple-Mail=_A2DE8195-D935-44A7-B488-95EBA1130883"; protocol="application/pgp-signature"; micalg="pgp-sha1"
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
Subject: Re: https at ietf.org
From: David Conrad <drc@virtualized.org>
In-Reply-To: <35EADAA5-4368-4AC7-A1E8-5566BAD5294C@nominum.com>
Date: Mon, 25 Nov 2013 09:33:09 -0800
Message-Id: <C3889E2F-FE93-4B61-887B-47ECDD2707A1@virtualized.org>
References: <CAHBU6ivbrk=NXgd4_5Upik+8H0AbHRy3kJnN=8fcK+Bz3pOV9Q@mail.gmail.com> <alpine.LRH.2.01.1311051733570.4200@egate.xpasc.com> <01P0FR4HDQNG00004G@mauve.mrochek.com> <CAHBU6ivZS33r4HHbCC391Ug9fMtZkJ3nojEeeqH5L+0+o3ZqGQ@mail.gmail.com> <01P0FU0CS96Q00004G@mauve.mrochek.com> <26C6A672-A5D2-44C4-B343-9CCE5E388348@standardstrack.com> <CAKHUCzzzT-0p89uT62zrxGqF1XACG+Ok7hNLcuTaDad7R7eCTQ@mail.gmail.com> <527C2233.3030605@cis-india.org> <CAKHUCzzcNros1=O=D1zkEU1n+XdRcdYdgK2Hkik=AvxbuUJX3w@mail.gmail.com> <731D4B97-BC19-4AC8-BEF6-DA702073069A@standardstrack.com> <A1F7405B-CD8D-4DB8-9817-71F29AE14266@hopcount.ca> <E760A0D0-57E1-44F5-AF0C-32F87E4C55FF@nominum.com> <5F81A229-9121-478C-9D17-D65FB72FFABF@virtualized.org> <35EADAA5-4368-4AC7-A1E8-5566BAD5294C@nominum.com>
To: Ted Lemon <Ted.Lemon@nominum.com>
X-Mailer: Apple Mail (2.1510)
Cc: IETF-Discussion Discussion <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Nov 2013 17:33:12 -0000

On Nov 25, 2013, at 9:24 AM, Ted Lemon <Ted.Lemon@nominum.com> wrote:
> On Nov 25, 2013, at 12:11 PM, David Conrad <drc@virtualized.org> wrote:
>> What does that mean?  Exactly what threat are you imagining an NSL would be used to hide? 
> Hi, this is the FBI, we would like a copy of the DNSSEC root private key please, and don't tell anyone you gave it to us.

Ignoring the fact that the private key is stored in an HSM with multiple layers of protection that requires a number of people to even get into the room in which the cage that holds the safe which contains the HSMs are stored, what _exactly_ would the FBI _do_ with the private root key?

Regards,
-drc