Re: https at ietf.org

David Conrad <drc@virtualized.org> Sun, 08 December 2013 23:24 UTC

Return-Path: <drc@virtualized.org>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2BA651AE170 for <ietf@ietfa.amsl.com>; Sun, 8 Dec 2013 15:24:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZMQtLriU_1Rd for <ietf@ietfa.amsl.com>; Sun, 8 Dec 2013 15:24:27 -0800 (PST)
Received: from alpha.virtualized.org (alpha.virtualized.org [199.233.229.186]) by ietfa.amsl.com (Postfix) with ESMTP id 253681AE11A for <ietf@ietf.org>; Sun, 8 Dec 2013 15:24:26 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by alpha.virtualized.org (Postfix) with ESMTP id 32853848F1; Sun, 8 Dec 2013 18:24:21 -0500 (EST)
Received: from alpha.virtualized.org ([127.0.0.1]) by localhost (alpha.virtualized.org [127.0.0.1]) (maiad, port 10024) with ESMTP id 56961-03; Sun, 8 Dec 2013 18:24:20 -0500 (EST)
Received: from [10.0.1.2] (unknown [206.205.89.138]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: drc@virtualized.org) by alpha.virtualized.org (Postfix) with ESMTPSA id 904D78445C; Sun, 8 Dec 2013 18:24:20 -0500 (EST)
Content-Type: multipart/signed; boundary="Apple-Mail=_AEBA59B5-2943-4328-ADBA-B4313CCC6365"; protocol="application/pgp-signature"; micalg="pgp-sha1"
Mime-Version: 1.0 (Mac OS X Mail 7.0 \(1822\))
Subject: Re: https at ietf.org
From: David Conrad <drc@virtualized.org>
In-Reply-To: <CAMm+LwiH=1446tXZLKxUyz+jpMHy573aAd5zg1_+Z4kEbVc33A@mail.gmail.com>
Date: Sun, 08 Dec 2013 18:24:12 -0500
Message-Id: <EC66A3B1-9DDD-4C3A-9635-417ED0317056@virtualized.org>
References: <20131125180608.55454.qmail@joyce.lan> <E5836934-317D-4E73-80CC-B8847047852A@virtualized.org> <CAMm+LwhXb6uYJLie1FmJE34aC0EO39_t7331X1O0iD=-gmSEvw@mail.gmail.com> <38B94CB1-C62A-4BAC-85D4-B08FB7315CE9@virtualized.org> <CAMm+LwhF5-nEdM0Rjh1XtK1X=_xo6GkqPnZgfGaCEJ19g8ULrg@mail.gmail.com> <52A176E0.1050708@dougbarton.us> <CAMm+LwiH=1446tXZLKxUyz+jpMHy573aAd5zg1_+Z4kEbVc33A@mail.gmail.com>
To: Phillip Hallam-Baker <hallam@gmail.com>
X-Mailer: Apple Mail (2.1822)
Cc: IETF Discussion Mailing List <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 08 Dec 2013 23:24:29 -0000

Phillip,

> Yes, ICANN took advantage of a large existing knowledge base to create a method of securing the root KSK. It would have been foolish to do otherwise.
> David asserted that the processes used by ICANN provided greater security than those for PKIX PKI, I was pointing out that the claim made is false.

This is the second time you have falsely claimed I have made assertions that I have not.

Please stop.

I have said precisely nothing about the processes of the PKIX PKI other than I understood the operation of the DNSSEC root KSK to be more public and open than "the operation of (many? most? all?) commercial CAs". 

If you disagree with that statement, please provide evidence that shows commercial CAs operating at least as openly and transparently as ICANN's handling of the DNSSEC root KSK.

Whether this increased level of openness/transparency provides greater security may be an interesting topic to explore, but I have not made any assertions to that effect in this thread.

> When someone repeats FUD after having the issue explained to them repeatedly I tend to start speaking plainly.

Again, you appear to having conversations outside of the context of this thread and misattributing those conversations.  

Please stop.

If you have evidence I have repeated FUD, please provide it.

> So I don't have to fix DNSSEC, all I need to fix here is to have David and others stop making claims for the protocol that are not supported by evidence.

I am unaware of any claim I might have made regarding DNSSEC that is not supported by evidence.  Can you please provide a reference to such a statement.  Thanks.

Regards,
-drc