Re: https at ietf.org
John R Levine <johnl@taugh.com> Mon, 25 November 2013 23:34 UTC
Return-Path: <prvs=00345d949d=johnl@taugh.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A1C61AE0D6 for <ietf@ietfa.amsl.com>; Mon, 25 Nov 2013 15:34:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.792
X-Spam-Level:
X-Spam-Status: No, score=-1.792 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BRQNWWgH7GSO for <ietf@ietfa.amsl.com>; Mon, 25 Nov 2013 15:34:51 -0800 (PST)
Received: from leila.iecc.com (leila6.iecc.com [IPv6:2001:470:1f07:1126:0:4c:6569:6c61]) by ietfa.amsl.com (Postfix) with ESMTP id 9E1A71ADFE1 for <ietf@ietf.org>; Mon, 25 Nov 2013 15:34:51 -0800 (PST)
Received: (qmail 45922 invoked from network); 25 Nov 2013 23:34:51 -0000
Received: from leila.iecc.com (64.57.183.34) by mail1.iecc.com with QMQP; 25 Nov 2013 23:34:51 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:from:to:cc:subject:in-reply-to:message-id:references:mime-version:content-type:user-agent:cleverness; s=5293de9b.xn--9vv.k1310; i=sendmail-bs@submit.iecc.com; bh=g9ZcTY3eqK3QEYT97ZG3CZFhHqlAKZGQGQOL81a0rVg=; b=NZPiTBF4WwAfd5CQOIfncmanlUkr2qt68Y7k6rtyBEbZuUWANtLhqoB2YENLJA6AdMl9BPL5Wwn/ijq6V1TPdEC5nMjOIJ9g2e0zKARqW8TerG/NTxFxgp1VOLTHR8bH8F3EIw49aao9hpaP/T4/kWow5ji1lktHvYJpFOrd9Od8ACHrO6wl58Mfu9qSmP3GJ9FGOCck9hVLMy96Fwd/BX/li14TY46vYgR34F7hbGk1mZnVhKeSjJNFjgaP/+sm
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:from:to:cc:subject:in-reply-to:message-id:references:mime-version:content-type:user-agent:cleverness; s=5293de9b.xn--9vv.k1310; olt=sendmail-bs@submit.iecc.com; bh=g9ZcTY3eqK3QEYT97ZG3CZFhHqlAKZGQGQOL81a0rVg=; b=nYLqFYi9AlEdnOAkyGDClBLIxMk2H2dNrHDaA941AaeRPtPipzGeltmMvuc/KuJINgHWY39uyXUnIfTUF3mUibKfHJmj3lMeUwN3FdmxyraYDd7UNLAbMSUxwkkN0MAvzG9Arz9PRct9xUA30S5msjTXvcqt1KvkSYiH30cf/AzPFy+Z6BW75Wic+9XleEBtko2veLUyWaM3Z6OtIGzxxL6wrPMTL/UQAyhNQ43jRtqHMmdN6CKrkIuJRigVfFjW
Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 25 Nov 2013 23:34:50 -0000
Date: Mon, 25 Nov 2013 18:34:50 -0500
From: John R Levine <johnl@taugh.com>
To: David Conrad <drc@virtualized.org>
Subject: Re: https at ietf.org
In-Reply-To: <E5836934-317D-4E73-80CC-B8847047852A@virtualized.org>
Message-ID: <alpine.BSF.2.00.1311251833400.57383@joyce.lan>
References: <20131125180608.55454.qmail@joyce.lan> <E5836934-317D-4E73-80CC-B8847047852A@virtualized.org>
User-Agent: Alpine 2.00 (BSF 1167 2008-08-23)
Cleverness: None detected
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Nov 2013 23:34:53 -0000
> As I'm sure you're aware, for this attack to work, not only would the US > government need to compromise the root KSK HSMs and a rather Byzantine > set of safeguards, they would also presumably need to do so in a way > that would reduce the likelihood that the compromised elements would be > noticed. Well, sure. If I were the NSA, I would arrange for a servers that mirrored the real data except for a few bits that I wanted to spear phish. I think it's reasonable to assume that for high-value targets the NSA can bring a lot of money and skilled people to the project. > ICANN went to significant lengths to make everything done with the KSK > extremely well documented and as public as humanly possible. "Give us the signing keys." "Sorry, we have all these complicated security procedures." "The guy standing next to me is a US Marshal. You can give us the keys by COB today, or he can haul your asses to jail. Your choice. If there are other people whose help you need to get the keys and they're in the US, they'll have the same choice. If they're outside the US, um, depends where they are." Regards, John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. http://jl.ly
- Re: https at ietf.org Eric Burger
- https at ietf.org Tim Bray
- Re: https at ietf.org Joe Abley
- Re: https at ietf.org David Morris
- Re: https at ietf.org Paul Wouters
- Re: https at ietf.org Joe Abley
- Re: https at ietf.org ned+ietf
- Re: https at ietf.org Dean Willis
- Re: https at ietf.org Tim Bray
- Re: https at ietf.org Joe Abley
- Re: https at ietf.org Hector Santos
- Re: https at ietf.org Marco Davids (Prive)
- Re: https at ietf.org Hector Santos
- Re: https at ietf.org ned+ietf
- Re: https at ietf.org Yoav Nir
- Re: https at ietf.org Måns Nilsson
- Re: https at ietf.org Eric Burger
- Re: https at ietf.org Dave Cridland
- Re: https at ietf.org Thiago Marinello
- Re: https at ietf.org Bjoern Hoehrmann
- Re: https at ietf.org John C Klensin
- Re: https at ietf.org John C Klensin
- Re: https at ietf.org Ted Lemon
- authentication without https (was Re: https at ie… Dave Crocker
- Re: https at ietf.org ned+ietf
- Re: https at ietf.org ned+ietf
- Re: authentication without https (was Re: https a… Ted Lemon
- Re: https at ietf.org MAISONNEUVE, JULIEN (JULIEN)
- Re: https at ietf.org Eric Burger
- Re: https at ietf.org Marco Davids (Prive)
- Re: https at ietf.org Yoav Nir
- Re: https at ietf.org Måns Nilsson
- Re: https at ietf.org ned+ietf
- Re: https at ietf.org Carsten Bormann
- Re: https at ietf.org Ted Lemon
- Re: https at ietf.org Carsten Bormann
- Re: https at ietf.org Måns Nilsson
- Re: https at ietf.org Måns Nilsson
- Re: https at ietf.org t.p.
- Re: https at ietf.org Dave Cridland
- Re: https at ietf.org David Conrad
- Re: https at ietf.org Arturo Servin
- Re: https at ietf.org ned+ietf
- Re: https at ietf.org ned+ietf
- Re: https at ietf.org Noel Chiappa
- Re: https at ietf.org Dave Cridland
- Re: https at ietf.org Chris Inacio
- Re: https at ietf.org Noel Chiappa
- Re: https at ietf.org Tim Bray
- Re: https at ietf.org Tim Bray
- Re: https at ietf.org Yoav Nir
- Re: https at ietf.org t.p.
- Re: https at ietf.org Noel Chiappa
- Re: https at ietf.org ned+ietf
- Re: https at ietf.org David Conrad
- Re: https at ietf.org Chris Inacio
- Re: https at ietf.org Martin Rex
- Re: https at ietf.org ned+ietf
- Re: https at ietf.org ned+ietf
- Re: https at ietf.org Martin Rex
- Re: https at ietf.org Ted Lemon
- Re: https at ietf.org Måns Nilsson
- Re: https at ietf.org Ted Lemon
- Re: https at ietf.org Douglas Otis
- Re: https at ietf.org Pranesh Prakash
- Re: https at ietf.org Pranesh Prakash
- Re: https at ietf.org Martin Rex
- Re: https at ietf.org Dave Cridland
- Re: https at ietf.org John R Levine
- Re: https at ietf.org Ted Lemon
- Re: https at ietf.org Eric Burger
- Re: https at ietf.org Joe Abley
- Re: https at ietf.org Ted Lemon
- Re: https at ietf.org Joe Abley
- Coercion S Moonesamy
- Re: https at ietf.org David Conrad
- Re: https at ietf.org Ted Lemon
- Re: https at ietf.org David Conrad
- Re: https at ietf.org Ted Lemon
- Re: https at ietf.org John Levine
- Re: https at ietf.org David Conrad
- Re: https at ietf.org Michael Richardson
- Reconstruct the key S Moonesamy
- Re: https at ietf.org Randy Bush
- Re: https at ietf.org Randy Bush
- Re: https at ietf.org Joe Abley
- Re: https at ietf.org David Conrad
- Re: https at ietf.org Sean Turner
- Re: https at ietf.org Phillip Hallam-Baker
- Re: https at ietf.org David Conrad
- Re: https at ietf.org Phillip Hallam-Baker
- Re: https at ietf.org David Conrad
- Re: https at ietf.org Doug Barton
- Re: https at ietf.org Doug Barton
- Re: [IETF] https at ietf.org Warren Kumari
- Re: [IETF] https at ietf.org Michael Richardson
- Re: https at ietf.org Phillip Hallam-Baker
- Re: https at ietf.org David Conrad
- Re: https at ietf.org Doug Barton
- Re: https at ietf.org Phillip Hallam-Baker
- Re: https at ietf.org Doug Barton
- Re: https at ietf.org Phillip Hallam-Baker
- Re: https at ietf.org Mark Andrews
- Re: https at ietf.org Phillip Hallam-Baker
- Re: https at ietf.org John C Klensin
- Re: https at ietf.org Doug Barton
- Re: https at ietf.org Phillip Hallam-Baker
- Re: https at ietf.org Douglas Otis