Re: [keyassure] Bare keys again

Paul Wouters <paul@xelerance.com> Wed, 23 March 2011 10:29 UTC

Date: Wed, 23 Mar 2011 06:30:35 -0400
From: Paul Wouters <paul@xelerance.com>
To: keyassure@ietf.org
In-Reply-To: <alpine.LFD.1.10.1103211727150.28224@newtla.xelerance.com>
Message-ID: <alpine.LFD.1.10.1103230625150.18330@newtla.xelerance.com>
References: <92D68A5E-5CB7-4C80-8D7B-0B8D55D93608@kumari.net> <alpine.LFD.1.10.1103201932370.20162@newtla.xelerance.com> <9D285351-8D73-4C15-BE2C-5DF731C08DCE@vpnc.org> <alpine.LFD.1.10.1103202028110.20162@newtla.xelerance.com> <1300669586.2117.12.camel@localhost> <alpine.LFD.1.10.1103202211390.20162@newtla.xelerance.com> <1300739370.2117.40.camel@localhost> <alpine.LFD.1.10.1103211631260.20162@newtla.xelerance.com> <AANLkTimyOXv66UeG2q2dmt1-e_Ek6WPPH-coueFc7fDS@mail.gmail.com> <AANLkTin1QjUbVFN8FqjL2SPRLSRRw4Ahs4zbhy4ZdZuX@mail.gmail.com> <alpine.LFD.1.10.1103211727150.28224@newtla.xelerance.com>
User-Agent: Alpine 1.10 (LFD 962 2008-03-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
Subject: Re: [keyassure] Bare keys again
Precedence: list

On Mon, 21 Mar 2011, Paul Wouters wrote:

>> Trying to use DANE as a means of eliminating X.509 from TLS is a 
>> non-starter as far as I am concerned.
>
> That has been loud and clear. However, it does not mean others should stop 
> trying to innovate and move forward.

Especially considering the latest CA compromise where a CA issued a rogue
certificate for addons.mozilla.org. And this is not some el cheapo CA,
but one that is respected and has people very active within the IETF, the
good guys....

http://blog.torproject.org/blog/detecting-certificate-authority-compromises-and-web-browser-collusion

This is another clear signal that DANE is needed, and the need for the
X509 storage format is unneccessary. So people can simply take control
of SSL for servers within their own DNS zones.

Paul

Re: [keyassure] Issues that no longer issues? Ondřej Surý
[keyassure] Issues that no longer issues? Warren Kumari
Re: [keyassure] Issues that no longer issues? Paul Wouters
[keyassure] Bare keys again Paul Hoffman
Re: [keyassure] Bare keys again Paul Wouters
Re: [keyassure] Bare keys again Matt McCutchen
Re: [keyassure] Bare keys again Paul Hoffman
Re: [keyassure] Bare keys again Paul Wouters
Re: [keyassure] Bare keys again Eric Rescorla
Re: [keyassure] Bare keys again Martin Rex
Re: [keyassure] Bare keys again Stephen Kent
Re: [keyassure] Bare keys again Paul Wouters
Re: [keyassure] Bare keys again Paul Wouters
Re: [keyassure] Bare keys again Eric Rescorla
Re: [keyassure] Bare keys again Matt McCutchen
Re: [keyassure] Bare keys again Matt McCutchen
Re: [keyassure] Bare keys again Paul Wouters
Re: [keyassure] Bare keys again Eric Rescorla
Re: [keyassure] Bare keys again Phillip Hallam-Baker
Re: [keyassure] Bare keys again Paul Wouters
Re: [keyassure] Bare keys again Paul Wouters
Re: [keyassure] Bare keys again Martin Rex
Re: [keyassure] Bare keys again Matt McCutchen
Re: [keyassure] Bare keys again Matt McCutchen
Re: [keyassure] Bare keys again Martin Rex
Re: [keyassure] Bare keys again Paul Wouters
Re: [keyassure] Bare keys again Jeff Schmidt
Re: [keyassure] Bare keys again Paul Hoffman
Re: [keyassure] Bare keys again Matt McCutchen
Re: [keyassure] Bare keys again Douglas Otis
Re: [keyassure] Bare keys again Douglas Otis
Re: [keyassure] Bare keys again Henry Story
Re: [keyassure] Bare keys again Paul Wouters
Re: [keyassure] Bare keys again Ben Laurie
Re: [keyassure] Bare keys again Paul Hoffman
Re: [keyassure] Bare keys again Matt McCutchen
Re: [keyassure] Bare keys again Paul Wouters
Re: [keyassure] Bare keys again Matt McCutchen