Re: [keyassure] publishing the public key
Henry Story <henry.story@bblfish.net> Mon, 14 February 2011 14:54 UTC
Return-Path: <henry.story@bblfish.net>
X-Original-To: keyassure@core3.amsl.com
Delivered-To: keyassure@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1ACB03A6A97 for <keyassure@core3.amsl.com>; Mon, 14 Feb 2011 06:54:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.656
X-Spam-Level:
X-Spam-Status: No, score=-3.656 tagged_above=-999 required=5 tests=[AWL=-0.057, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GRTju6yM8zkn for <keyassure@core3.amsl.com>; Mon, 14 Feb 2011 06:54:40 -0800 (PST)
Received: from mail-bw0-f44.google.com (mail-bw0-f44.google.com [209.85.214.44]) by core3.amsl.com (Postfix) with ESMTP id 8FAB43A6D50 for <keyassure@ietf.org>; Mon, 14 Feb 2011 06:54:40 -0800 (PST)
Received: by bwz12 with SMTP id 12so6079547bwz.31 for <keyassure@ietf.org>; Mon, 14 Feb 2011 06:55:02 -0800 (PST)
Received: by 10.204.52.138 with SMTP id i10mr3503785bkg.23.1297695301706; Mon, 14 Feb 2011 06:55:01 -0800 (PST)
Received: from bblfish.home (ALagny-751-1-9-11.w83-112.abo.wanadoo.fr [83.112.80.11]) by mx.google.com with ESMTPS id rc9sm1832745bkb.14.2011.02.14.06.54.59 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 14 Feb 2011 06:55:00 -0800 (PST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Apple Message framework v1082)
From: Henry Story <henry.story@bblfish.net>
In-Reply-To: <alpine.LFD.1.10.1102140915530.3131@newtla.xelerance.com>
Date: Mon, 14 Feb 2011 15:54:57 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <9A1C69DD-0AA3-470A-AA7A-A1629E94440C@bblfish.net>
References: <928BE494-C59D-4FFF-9390-C459A4BC2107@bblfish.net> <alpine.LFD.1.10.1102140915530.3131@newtla.xelerance.com>
To: keyassure@ietf.org
X-Mailer: Apple Mail (2.1082)
Subject: Re: [keyassure] publishing the public key
X-BeenThere: keyassure@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Key Assurance With DNSSEC <keyassure.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/keyassure>
List-Post: <mailto:keyassure@ietf.org>
List-Help: <mailto:keyassure-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Feb 2011 14:54:42 -0000
On 14 Feb 2011, at 15:19, Paul Wouters wrote: > On Mon, 14 Feb 2011, Henry Story wrote: > >> In draft-dane-04 [1] one can currently only publish either a signature or a certificate in the DNS. That is the only allowed formats of the resource record are as specified in section 2.2 >> >> 1 -- Hash of an end-entity certificate >> 2 -- Full end-entity certificate in DER encoding >> 3 -- Hash of an certification authority's certificate >> 4 -- Full certification authority's certificate in DER encoding >> >> Why not publish the only piece of the certificate that is important in public key cryptography: the public key. ( This is what WebID does currently ) This should be shorter than the certificate, and though it will be longer than the signature, it will be a lot more useful, tying the publisher much less to a particular serialisation format. So you reduce the PGP/X509 disagreements. > > Yes. This was asked by others including me as well. People thought it would be no > problem to add this to dane once a bare public key TLS method exists. > >> An important question is of course: how much bandwidth does one save? > > Bandwidth does not really matter. What matters is latency (less round trips) and a riddance of ASN.1 > parsing. > > If you want to help writing a bare public key TLS variant, please contact me. What do you mean by a bare public key TLS variant? You mean start an IETF group to spec out how the client and the server should communicate in a TLS variant that would not require the server to send a certificate? Or is this something that one needs to do to explain how a User Agent can prove authenticity of the server from a public key alone? (That's so simple it's a bit difficult to even see how to write it) Or is it just that one needs to specify text for dane? Or is dane a subproject of keyassure, and this is referring to some other project here? Or is do we just need to specify some text that is going to go into dane? Sorry. I don't have a good picture of the web of specs that dane is tied into. If its longer project I probably won't have time to do this myself as I am already quite tied up with WebID. But if I know what is needed we could write up a little note on the W3C WebID Incubator Group ( http://tinyurl.com/webidxg ) for our final report on what browser improvements would be helpful, and why. Hopefully this will be something that the browser vendors at the W3C could have a closer look at. But it really depends on how long the project is. Perhaps there are people on our list who have more time to participate. Perhaps this won't take so long to do... Henry > > Paul Social Web Architect http://bblfish.net/
- Re: [keyassure] publishing the public key Henry Story
- [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Ilari Liusvaara
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Paul Hoffman
- Re: [keyassure] publishing the public key Paul Hoffman
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Martin Rex
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Martin Rex
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Scott Schmit
- Re: [keyassure] Issue #14 - publishing the public… Warren Kumari
- Re: [keyassure] Issue #14 - publishing the public… Paul Hoffman
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Paul Hoffman
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Ilari Liusvaara
- Re: [keyassure] publishing the public key Paul Hoffman
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Yaron Sheffer
- Re: [keyassure] publishing the public key Ilari Liusvaara
- Re: [keyassure] publishing the public key Yaron Sheffer
- Re: [keyassure] publishing the public key John Gilmore
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Phillip Hallam-Baker
- Re: [keyassure] publishing the public key Peter Gutmann
- Re: [keyassure] publishing the public key Peter Gutmann
- Re: [keyassure] publishing the public key Peter Gutmann
- Re: [keyassure] publishing the public key Peter Gutmann
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Phillip Hallam-Baker
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Paul Hoffman
- Re: [keyassure] publishing the public key Peter Gutmann
- Re: [keyassure] publishing the public key Phillip Hallam-Baker
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Peter Gutmann
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Paul Hoffman
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Paul Hoffman
- Re: [keyassure] publishing the public key Phillip Hallam-Baker
- Re: [keyassure] publishing the public key Peter Gutmann
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Stephen Kent
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Stephen Kent
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Paul Hoffman
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Stephen Kent
- Re: [keyassure] publishing the public key Henry Story