Re: Practical issues deploying DNSSEC into the home.
Tony Finch <dot@dotat.at> Tue, 10 September 2013 17:36 UTC
Return-Path: <fanf2@hermes.cam.ac.uk>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8CDCD21E8127 for <ietf@ietfa.amsl.com>; Tue, 10 Sep 2013 10:36:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VfLu+JOMHiiF for <ietf@ietfa.amsl.com>; Tue, 10 Sep 2013 10:36:37 -0700 (PDT)
Received: from ppsw-33.csi.cam.ac.uk (ppsw-33.csi.cam.ac.uk [IPv6:2001:630:212:8::e:f33]) by ietfa.amsl.com (Postfix) with ESMTP id 48FB721E8092 for <ietf@ietf.org>; Tue, 10 Sep 2013 10:36:36 -0700 (PDT)
X-Cam-AntiVirus: no malware found
X-Cam-ScannerInfo: http://www.cam.ac.uk/cs/email/scanner/
Received: from hermes-2.csi.cam.ac.uk ([131.111.8.54]:58107) by ppsw-33.csi.cam.ac.uk (smtp.hermes.cam.ac.uk [131.111.8.157]:25) with esmtpa (EXTERNAL:fanf2) id 1VJRrc-0000R0-g3 (Exim 4.80_167-5a66dd3) (return-path <fanf2@hermes.cam.ac.uk>); Tue, 10 Sep 2013 18:36:32 +0100
Received: from fanf2 by hermes-2.csi.cam.ac.uk (hermes.cam.ac.uk) with local id 1VJRrb-0007S2-W5 (Exim 4.72) (return-path <fanf2@hermes.cam.ac.uk>); Tue, 10 Sep 2013 18:36:32 +0100
Date: Tue, 10 Sep 2013 18:36:31 +0100
From: Tony Finch <dot@dotat.at>
X-X-Sender: fanf2@hermes-2.csi.cam.ac.uk
To: Paul Wouters <paul@cypherpunks.ca>
Subject: Re: Practical issues deploying DNSSEC into the home.
In-Reply-To: <alpine.LFD.2.10.1309101205120.4683@bofh.nohats.ca>
Message-ID: <alpine.LSU.2.00.1309101831460.25110@hermes-2.csi.cam.ac.uk>
References: <CAGhGL2APj-XfuMUHgLsELnZRbRNCLrjMBxFBtcg4zx+5SG7Bag@mail.gmail.com> <alpine.LFD.2.10.1309101205120.4683@bofh.nohats.ca>
User-Agent: Alpine 2.00 (LSU 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Sender: Tony Finch <fanf2@hermes.cam.ac.uk>
Cc: dns-security@lists.tislabs.com, ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Sep 2013 17:36:38 -0000
Paul Wouters <paul@cypherpunks.ca> wrote: > > One solution is "tlsdate" which uses the installed bundled CA (or comes > with its own) and runs TLS against a bunch of well known large sites > (using insecure DNS) and sets the time based on the TLS handshakes. I believe tlsdate currently only gets the time from one server. It would be nice if it could determine the time based on agreement of a quorum of diverse servers, so that no single source of time needs to be trusted. (I have talked about this with Jacob Appelbaum but I haven't had time to do anything about it.) Tony. -- f.anthony.n.finch <dot@dotat.at> http://dotat.at/ Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first. Rough, becoming slight or moderate. Showers, rain at first. Moderate or good, occasionally poor at first.
- Re: Practical issues deploying DNSSEC into the ho… Russ Housley
- Re: Practical issues deploying DNSSEC into the ho… Joe Abley
- Practical issues deploying DNSSEC into the home. Jim Gettys
- Re: Practical issues deploying DNSSEC into the ho… Paul Wouters
- Re: Practical issues deploying DNSSEC into the ho… Joe Abley
- Re: Practical issues deploying DNSSEC into the ho… Phillip Hallam-Baker
- Re: [DNSOP] Practical issues deploying DNSSEC int… Ted Lemon
- Re: Practical issues deploying DNSSEC into the ho… SM
- Re: Practical issues deploying DNSSEC into the ho… Michael Richardson
- Re: Practical issues deploying DNSSEC into the ho… Tony Finch
- Re: Practical issues deploying DNSSEC into the ho… Joe Abley
- Re: Practical issues deploying DNSSEC into the ho… Olafur Gudmundsson
- Re: Practical issues deploying DNSSEC into the ho… Brian E Carpenter
- Re: Practical issues deploying DNSSEC into the ho… David Morris
- Re: Practical issues deploying DNSSEC into the ho… Olafur Gudmundsson
- Re: [DNSOP] Practical issues deploying DNSSEC int… Olafur Gudmundsson
- Re: [DNSOP] Practical issues deploying DNSSEC int… Olafur Gudmundsson
- Re: [DNSOP] Practical issues deploying DNSSEC int… Evan Hunt
- Re: [DNSOP] Practical issues deploying DNSSEC int… Dickson, Brian
- Re: [DNSOP] Practical issues deploying DNSSEC int… Nicholas Weaver
- Re: [DNSOP] Practical issues deploying DNSSEC int… Paul Wouters
- Re: [DNSOP] Practical issues deploying DNSSEC int… Phillip Hallam-Baker
- Re: [DNSOP] Practical issues deploying DNSSEC int… Joe Abley
- Re: [DNSOP] Practical issues deploying DNSSEC int… Phillip Hallam-Baker
- Re: [DNSOP] Practical issues deploying DNSSEC int… Randy Presuhn
- Re: [DNSOP] Practical issues deploying DNSSEC int… Phillip Hallam-Baker
- Re: [DNSOP] Practical issues deploying DNSSEC int… Masataka Ohta
- Re: [DNSOP] Practical issues deploying DNSSEC int… Tony Finch
- Re: [DNSOP] Practical issues deploying DNSSEC int… Arturo Servin
- Re: [DNSOP] Practical issues deploying DNSSEC int… Masataka Ohta
- Re: [DNSOP] Practical issues deploying DNSSEC int… Theodore Ts'o
- Re: [DNSOP] Practical issues deploying DNSSEC int… Masataka Ohta
- Re: [DNSOP] Practical issues deploying DNSSEC int… Tony Finch
- Re: [DNSOP] Practical issues deploying DNSSEC int… Ted Lemon
- Re: [DNSOP] Practical issues deploying DNSSEC int… Theodore Ts'o
- Re: [DNSOP] Practical issues deploying DNSSEC int… Nicholas Weaver
- Re: [DNSOP] Practical issues deploying DNSSEC int… Nicholas Weaver
- Re: [DNSOP] Practical issues deploying DNSSEC int… Paul Wouters
- Re: [DNSOP] Practical issues deploying DNSSEC int… Paul Wouters
- Re: [DNSOP] Practical issues deploying DNSSEC int… Ted Lemon
- Re: [DNSOP] Practical issues deploying DNSSEC int… Paul Wouters
- Re: [DNSOP] Practical issues deploying DNSSEC int… Ted Lemon
- Re: [DNSOP] Practical issues deploying DNSSEC int… Theodore Ts'o
- Re: [DNSOP] Practical issues deploying DNSSEC int… Ted Lemon
- Re: [DNSOP] Practical issues deploying DNSSEC int… Ted Lemon
- Re: [DNSOP] Practical issues deploying DNSSEC int… Phillip Hallam-Baker
- Re: [DNSOP] Practical issues deploying DNSSEC int… Phillip Hallam-Baker
- Re: [DNSOP] Practical issues deploying DNSSEC int… Masataka Ohta
- Re: [DNSOP] Practical issues deploying DNSSEC int… Masataka Ohta
- Re: [DNSOP] Practical issues deploying DNSSEC int… David Morris
- Re: [DNSOP] Practical issues deploying DNSSEC int… Eliot Lear
- Re: [DNSOP] Practical issues deploying DNSSEC int… Dickson, Brian
- Re: [DNSOP] Practical issues deploying DNSSEC int… robert bownes
- Re: [DNSOP] Practical issues deploying DNSSEC int… Nicholas Weaver
- Re: [DNSOP] Practical issues deploying DNSSEC int… Glen Wiley
- Re: [DNSOP] Practical issues deploying DNSSEC int… Martin Rex
- Re: [DNSOP] Practical issues deploying DNSSEC int… Masataka Ohta
- Re: [DNSOP] Practical issues deploying DNSSEC int… Masataka Ohta
- Re: [DNSOP] Practical issues deploying DNSSEC int… Masataka Ohta
- Re: [DNSOP] Practical issues deploying DNSSEC int… Jim Gettys
- Re: [DNSOP] Practical issues deploying DNSSEC int… Masataka Ohta