Re: [keyassure] publishing the public key
Phillip Hallam-Baker <hallam@gmail.com> Sun, 20 February 2011 23:58 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: keyassure@core3.amsl.com
Delivered-To: keyassure@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 79E1A3A6E5B for <keyassure@core3.amsl.com>; Sun, 20 Feb 2011 15:58:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.544
X-Spam-Level:
X-Spam-Status: No, score=-3.544 tagged_above=-999 required=5 tests=[AWL=0.054, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OGLvoxtKQGqy for <keyassure@core3.amsl.com>; Sun, 20 Feb 2011 15:58:55 -0800 (PST)
Received: from mail-iy0-f172.google.com (mail-iy0-f172.google.com [209.85.210.172]) by core3.amsl.com (Postfix) with ESMTP id EB8B43A6E02 for <keyassure@ietf.org>; Sun, 20 Feb 2011 15:58:54 -0800 (PST)
Received: by iyj8 with SMTP id 8so42050iyj.31 for <keyassure@ietf.org>; Sun, 20 Feb 2011 15:59:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=uQFeiwIFIDRNaD+VsquKwlZIXmohy8zYu8DmogL8V5c=; b=EZL+NW7oKTTMQClGAnuVOSk8Cm3r5tuBkXNQ9aP8lN5YHhpncRHoWkTWNzKv9pcgq5 TrHpbFoE0EW97vzY0VBOLT7qj4iQsLiMFVhXcJdBOpFN2f0DzO8aEg7BB3P8w+uQ/14F EEiw+yYiC2P4oWoTJV1JwFGMnWlICO9ZWh8pI=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=vzfSFyN+pvd4pirQwBJ8Pj0qGekqy+7ZR0UyUAwKyTjlDQquXk8v7CEf057D5caOBB uCNBp0+J6IQhR9CUyVeM/ykLbGq6xg+YlRL70FxGlwjgg2Pbmtgy8PCHxYZzvRBiYYtt JSpSNmFHboFeWkzELkynOa9ySVu5cCdQ8JyCU=
MIME-Version: 1.0
Received: by 10.42.227.2 with SMTP id iy2mr1078057icb.405.1298246375064; Sun, 20 Feb 2011 15:59:35 -0800 (PST)
Received: by 10.42.211.138 with HTTP; Sun, 20 Feb 2011 15:59:35 -0800 (PST)
In-Reply-To: <alpine.LFD.1.10.1102201754130.26752@newtla.xelerance.com>
References: <E1PqbYp-0008EI-Dx@login01.fos.auckland.ac.nz> <A2CF8378-6577-4AF2-9CD5-4992EE9B13B8@bblfish.net> <AANLkTinVzkSa=ELhzWka7FH3=ErswbfjDgVKvk7Qu1mi@mail.gmail.com> <alpine.LFD.1.10.1102201754130.26752@newtla.xelerance.com>
Date: Sun, 20 Feb 2011 15:59:35 -0800
Message-ID: <AANLkTinnRJjf0p8c8zJO_hNKvrKeYOLjR6_5XaziJM+L@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Paul Wouters <paul@xelerance.com>
Content-Type: multipart/alternative; boundary="20cf30549e930445f5049cbf8a4c"
Cc: keyassure@ietf.org
Subject: Re: [keyassure] publishing the public key
X-BeenThere: keyassure@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Key Assurance With DNSSEC <keyassure.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/keyassure>
List-Post: <mailto:keyassure@ietf.org>
List-Help: <mailto:keyassure-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Feb 2011 23:58:56 -0000
On Sun, Feb 20, 2011 at 2:57 PM, Paul Wouters <paul@xelerance.com> wrote: > On Sat, 19 Feb 2011, Phillip Hallam-Baker wrote: > > The problem with this approach is that it means that we are going to at >> best be exercising new code paths in existing >> code. At worst we are going to force people to write new code. >> >> It is impossible to run TLS without X.509 code in the stack. Everything >> else is superfluous. >> >> This is really bikeshedding. It is not going to simplify implementation by >> an iota and it is going to create yet another >> special case to support. >> >> I don't think the crypto community wants to support yet another key >> format. Even if that format is 'merely' a subset of >> an existing format. >> > > The alternative is shipping a bunch of nonsense fields for eternity. If > you assume that the self signed certs will migrate to DNSSEC validation, > then that would be the vast majority of certificates out there. The > crypto community should not want that either, though I don't claim to > represent them. Just like the useless Edison light bulb screw fitting that has been the standard here for over a century despite better options, the existing standards will continue until there is a paradigm shift that cannot be accommodated in a backwards compatible manner (e.g. halogen bulbs). What is being discussed here is not such a paradigm shift. There are many things in the world that are bad and worth changing. ASN.1 is bad, but it is not one of them. You do not make code simpler by introducing additional code paths. You only make code simpler if you remove them. The way to make this code base simpler is to remove the code path that you are proposing. -- Website: http://hallambaker.com/
- Re: [keyassure] publishing the public key Henry Story
- [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Ilari Liusvaara
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Paul Hoffman
- Re: [keyassure] publishing the public key Paul Hoffman
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Martin Rex
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Martin Rex
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Scott Schmit
- Re: [keyassure] Issue #14 - publishing the public… Warren Kumari
- Re: [keyassure] Issue #14 - publishing the public… Paul Hoffman
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Paul Hoffman
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Ilari Liusvaara
- Re: [keyassure] publishing the public key Paul Hoffman
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Yaron Sheffer
- Re: [keyassure] publishing the public key Ilari Liusvaara
- Re: [keyassure] publishing the public key Yaron Sheffer
- Re: [keyassure] publishing the public key John Gilmore
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Phillip Hallam-Baker
- Re: [keyassure] publishing the public key Peter Gutmann
- Re: [keyassure] publishing the public key Peter Gutmann
- Re: [keyassure] publishing the public key Peter Gutmann
- Re: [keyassure] publishing the public key Peter Gutmann
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Phillip Hallam-Baker
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Paul Hoffman
- Re: [keyassure] publishing the public key Peter Gutmann
- Re: [keyassure] publishing the public key Phillip Hallam-Baker
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Peter Gutmann
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Paul Hoffman
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Paul Hoffman
- Re: [keyassure] publishing the public key Phillip Hallam-Baker
- Re: [keyassure] publishing the public key Peter Gutmann
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Stephen Kent
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Stephen Kent
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Paul Hoffman
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Stephen Kent
- Re: [keyassure] publishing the public key Henry Story