Re: [keyassure] publishing the public key
Peter Gutmann <pgut001@cs.auckland.ac.nz> Sat, 19 February 2011 01:15 UTC
Return-Path: <pgut001@login01.cs.auckland.ac.nz>
X-Original-To: keyassure@core3.amsl.com
Delivered-To: keyassure@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 437783A6ECB for <keyassure@core3.amsl.com>; Fri, 18 Feb 2011 17:15:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.599
X-Spam-Level:
X-Spam-Status: No, score=-103.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q-tBdrv5JLHg for <keyassure@core3.amsl.com>; Fri, 18 Feb 2011 17:15:08 -0800 (PST)
Received: from mx2-int.auckland.ac.nz (mx2-int.auckland.ac.nz [130.216.12.41]) by core3.amsl.com (Postfix) with ESMTP id AA22F3A6D9C for <keyassure@ietf.org>; Fri, 18 Feb 2011 17:15:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=pgut001@cs.auckland.ac.nz; q=dns/txt; s=uoa; t=1298078144; x=1329614144; h=from:to:subject:message-id:date; z=From:=20Peter=20Gutmann=20<pgut001@cs.auckland.ac.nz> |To:=20henry.story@bblfish.net,,=20keyassure@ietf.org |Subject:=20Re:=20[keyassure]=20publishing=20the=20public =20key|Message-Id:=20<E1PqbQ7-0007aF-Cy@login01.fos.auckl and.ac.nz>|Date:=20Sat,=2019=20Feb=202011=2014:15:35=20+1 300; bh=NQlNBYBQqUeav2hn+2q9rN8JAkUHeVV2rivVICBEpDE=; b=NpAIy7WyR6tCrV5GpfArGJCv37RXvsgEbgGNPqmgwU5w0NFr/XS9Zv0E NPwa5JQiU0rvTBdvLWZAeIfcRH2i94vdlDZ7SFx7hEBlbVUciyyFYtuoL lByRGpFMAUZjZSc2ubzMQ32VgifFAIvpuaXiKALmKFd4978PYZBE06zU6 M=;
X-IronPort-AV: E=Sophos;i="4.62,190,1296990000"; d="scan'208";a="46881582"
X-Ironport-HAT: APP-SERVERS - $RELAYED
X-Ironport-Source: 130.216.33.150 - Outgoing - Outgoing
Received: from mf1.fos.auckland.ac.nz ([130.216.33.150]) by mx2-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 19 Feb 2011 14:15:36 +1300
Received: from login01.fos.auckland.ac.nz ([130.216.34.40]) by mf1.fos.auckland.ac.nz with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.69) (envelope-from <pgut001@login01.cs.auckland.ac.nz>) id 1PqbQ7-0003Wn-HZ; Sat, 19 Feb 2011 14:15:35 +1300
Received: from pgut001 by login01.fos.auckland.ac.nz with local (Exim 4.69) (envelope-from <pgut001@login01.cs.auckland.ac.nz>) id 1PqbQ7-0007aF-Cy; Sat, 19 Feb 2011 14:15:35 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: henry.story@bblfish.net, keyassure@ietf.org
Message-Id: <E1PqbQ7-0007aF-Cy@login01.fos.auckland.ac.nz>
Date: Sat, 19 Feb 2011 14:15:35 +1300
Subject: Re: [keyassure] publishing the public key
X-BeenThere: keyassure@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Key Assurance With DNSSEC <keyassure.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/keyassure>
List-Post: <mailto:keyassure@ietf.org>
List-Help: <mailto:keyassure-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 19 Feb 2011 01:15:10 -0000
[Several of my posts didn't make it to the list, these are re-posts of earlier messages] Henry Story <henry.story@bblfish.net> writes: >In draft-dane-04 [1] one can currently only publish either a signature or a >certificate in the DNS. That is the only allowed formats of the resource >record are as specified in section 2.2 > >[...] > >Why not publish the only piece of the certificate that is important in public >key cryptography: the public key. Whatever format gets used, could we restrict things to just a single form, or at most two forms? At the moment we've got two types of certs, two hashes of certs, and a raw public key (or, most likely, two of them). In practice there's going to be some de facto standard that everyone uses (e.g. SHA-1 hashes of certs for "fingerprints", which every browser seems to support even though there isn't even a standard specifying them), and adding a whole pile of formats is going to reduce interoperability or (more likely) lead to implementors ignoring all but whatever ends up as the de facto standard. I'd use the cert fingerprint (which is already the de facto universal identifier) as a MUST and leave the rest as options. TLS already requires that you send the full cert, TLS implementations already generate a cert fingerprint, so all that's left to implement besides (shudder) the res_query() lookup is a memcmp(). Peter.
- Re: [keyassure] publishing the public key Henry Story
- [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Ilari Liusvaara
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Paul Hoffman
- Re: [keyassure] publishing the public key Paul Hoffman
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Martin Rex
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Martin Rex
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Scott Schmit
- Re: [keyassure] Issue #14 - publishing the public… Warren Kumari
- Re: [keyassure] Issue #14 - publishing the public… Paul Hoffman
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Paul Hoffman
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Ilari Liusvaara
- Re: [keyassure] publishing the public key Paul Hoffman
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Yaron Sheffer
- Re: [keyassure] publishing the public key Ilari Liusvaara
- Re: [keyassure] publishing the public key Yaron Sheffer
- Re: [keyassure] publishing the public key John Gilmore
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Phillip Hallam-Baker
- Re: [keyassure] publishing the public key Peter Gutmann
- Re: [keyassure] publishing the public key Peter Gutmann
- Re: [keyassure] publishing the public key Peter Gutmann
- Re: [keyassure] publishing the public key Peter Gutmann
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Phillip Hallam-Baker
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Paul Hoffman
- Re: [keyassure] publishing the public key Peter Gutmann
- Re: [keyassure] publishing the public key Phillip Hallam-Baker
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Peter Gutmann
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Paul Hoffman
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Paul Hoffman
- Re: [keyassure] publishing the public key Phillip Hallam-Baker
- Re: [keyassure] publishing the public key Peter Gutmann
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Stephen Kent
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Stephen Kent
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Paul Hoffman
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Stephen Kent
- Re: [keyassure] publishing the public key Henry Story