IETF Logo Mail Archive

Re: [keyassure] publishing the public key

Paul Wouters <paul@xelerance.com> Tue, 15 February 2011 05:11 UTC

Return-Path: <paul@xelerance.com>
X-Original-To: keyassure@core3.amsl.com
Delivered-To: keyassure@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1F68B3A6E36 for <keyassure@core3.amsl.com>; Mon, 14 Feb 2011 21:11:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QOGb1hoJXHKK for <keyassure@core3.amsl.com>; Mon, 14 Feb 2011 21:11:47 -0800 (PST)
Received: from newtla.xelerance.com (newtla.xelerance.com [193.110.157.143]) by core3.amsl.com (Postfix) with ESMTP id 1377D3A6D93 for <keyassure@ietf.org>; Mon, 14 Feb 2011 21:11:46 -0800 (PST)
Received: from tla.xelerance.com (tla.xelerance.com [193.110.157.130]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by newtla.xelerance.com (Postfix) with ESMTP id 77ABBC504; Tue, 15 Feb 2011 00:12:09 -0500 (EST)
Date: Tue, 15 Feb 2011 00:12:08 -0500
From: Paul Wouters <paul@xelerance.com>
To: Paul Hoffman <paul.hoffman@vpnc.org>
In-Reply-To: <4D59F233.7080708@vpnc.org>
Message-ID: <alpine.LFD.1.10.1102150009450.3131@newtla.xelerance.com>
References: <928BE494-C59D-4FFF-9390-C459A4BC2107@bblfish.net> <20110214124617.GA31136@LK-Perkele-VI.localdomain> <20110215022103.GA2874@odin.mars.sol> <alpine.LFD.1.10.1102142139560.3131@newtla.xelerance.com> <4D59F233.7080708@vpnc.org>
User-Agent: Alpine 1.10 (LFD 962 2008-03-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
Cc: keyassure@ietf.org
Subject: Re: [keyassure] publishing the public key
X-BeenThere: keyassure@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Key Assurance With DNSSEC <keyassure.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/keyassure>
List-Post: <mailto:keyassure@ietf.org>
List-Help: <mailto:keyassure-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Feb 2011 05:11:48 -0000

On Mon, 14 Feb 2011, Paul Hoffman wrote:

>> Why does TLS service have to send cert/cert chain?
>
> Because that is what is required by the TLS standard. We should not be trying 
> to modify the TLS spec in this WG.

I understand, but there IS a relationship here. With DANE, you have an
alternative to PKIX-TLS. So such a change would affect TLS, but would
require DANE. Similarly, the TLS group could say "we won't add bare
public key because there is no validation for it" and they'd send me
back to DANE.

So please don't call bare public key out of scope yet.

Paul

v2.23.0 | Report a Bug | By Email