Re: [keyassure] Asserting DANE exclusivity for an entire domain
Matt McCutchen <matt@mattmccutchen.net> Thu, 10 February 2011 22:37 UTC
Return-Path: <matt@mattmccutchen.net>
X-Original-To: keyassure@core3.amsl.com
Delivered-To: keyassure@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7A9EA3A6838 for <keyassure@core3.amsl.com>; Thu, 10 Feb 2011 14:37:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5F3NRjMFXVnq for <keyassure@core3.amsl.com>; Thu, 10 Feb 2011 14:37:09 -0800 (PST)
Received: from homiemail-a61.g.dreamhost.com (caiajhbdcbhh.dreamhost.com [208.97.132.177]) by core3.amsl.com (Postfix) with ESMTP id 987D23A67F6 for <keyassure@ietf.org>; Thu, 10 Feb 2011 14:37:09 -0800 (PST)
Received: from homiemail-a61.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a61.g.dreamhost.com (Postfix) with ESMTP id CFF2057807B for <keyassure@ietf.org>; Thu, 10 Feb 2011 14:37:22 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; c=nofws; d=mattmccutchen.net; h=subject:from :to:in-reply-to:references:content-type:date:message-id :mime-version:content-transfer-encoding; q=dns; s= mattmccutchen.net; b=MSFZdj/jPkcfJz2R6EJFFBjZOv/UreiBg9C164gmae+ Y4bczy4GuMs1eh9TBCohhB92+URV2rF6+jThmXwbmqHhmt+V3cVoCtJg+sXLMomm kP+vEJ4HJgioMGp3h+dufZo4d9StKmJcVGmpwhRu79RF1i561Xg8uQcawpxJWn1A =
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=mattmccutchen.net; h= subject:from:to:in-reply-to:references:content-type:date :message-id:mime-version:content-transfer-encoding; s= mattmccutchen.net; bh=0oQ1L6R8pL/cHDuW2+lYRuEcbpo=; b=ixUCgoSWsU OpgdN1sq3v/1Bf9eVXBDfZfYVbGGgv05x9L+iOzOV7hrUd9C0W4wtOegzz4rp451 0MilF92Sf8cAGeN+9NQrdxHlnu7cmabVkeoGEmh9HirUAkEKSuSkUTvlmO8VdVKw lQ+Y7hbRA+pKPQoSFjePEgPmw3BGFujHw=
Received: from [129.2.142.129] (unknown [129.2.142.129]) (Authenticated sender: matt@mattmccutchen.net) by homiemail-a61.g.dreamhost.com (Postfix) with ESMTPA id 984E0578077 for <keyassure@ietf.org>; Thu, 10 Feb 2011 14:37:22 -0800 (PST)
From: Matt McCutchen <matt@mattmccutchen.net>
To: keyassure <keyassure@ietf.org>
In-Reply-To: <AANLkTinC5fNEXP2C-=4EOJ7khTu0n+_TsXSjDOxiscu8@mail.gmail.com>
References: <201102091639.p19GdWLP029306@fs4113.wdf.sap.corp> <alpine.LFD.1.10.1102091229000.1794@newtla.xelerance.com> <AANLkTi=c9B7Am03JKF5ahHpM69U7u2=Qx8oG7O5YPVYx@mail.gmail.com> <alpine.LFD.1.10.1102092202290.1794@newtla.xelerance.com> <alpine.LFD.1.10.1102092211090.1794@newtla.xelerance.com> <AANLkTinoQ+7P03kkdHXRo9PVYmqK3OTDcyDgS7epRy3i@mail.gmail.com> <20110210174507.GA19969@LK-Perkele-VI.localdomain> <AANLkTinC5fNEXP2C-=4EOJ7khTu0n+_TsXSjDOxiscu8@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
Date: Thu, 10 Feb 2011 17:37:20 -0500
Message-ID: <1297377440.1820.89.camel@mattlaptop2.local>
Mime-Version: 1.0
X-Mailer: Evolution 2.32.2
Content-Transfer-Encoding: 7bit
Subject: Re: [keyassure] Asserting DANE exclusivity for an entire domain
X-BeenThere: keyassure@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Key Assurance With DNSSEC <keyassure.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/keyassure>
List-Post: <mailto:keyassure@ietf.org>
List-Help: <mailto:keyassure-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Feb 2011 22:37:13 -0000
On Thu, 2011-02-10 at 14:54 -0500, Phillip Hallam-Baker wrote: > > > On Thu, Feb 10, 2011 at 12:45 PM, Ilari Liusvaara > <ilari.liusvaara@elisanet.fi> wrote: > On Thu, Feb 10, 2011 at 10:46:49AM -0500, Phillip Hallam-Baker > wrote: > > > > I believe I can support the following criteria with no > compromise to any of > > them. > > > <snip long list> > > Based on this list, it looks like scheme that satisifes all of > these would > be godawfully complicated (interoperability problems) and > require loads > of code to implement (bugs, or in worst case, security bugs) > > > Let us judge the complexity of the actual proposals rather than the > presumed complexity of the requirements. > > > SAML is based on a design that supports the whole of PKIX in less than > 20 pages. > > > I have pretty good metrics for the relative complexity of my scheme vs > others based on the number of states and transitions. I will believe it when I see it. And if it means being exposed to Etisalat for an extra six months while we haggle over the design, I'm not interested. (Of course, the WG chairs make the decision, not me.) -- Matt
- [keyassure] Asserting DANE exclusivity for an ent… Matt McCutchen
- Re: [keyassure] Asserting DANE exclusivity for an… Phillip Hallam-Baker
- Re: [keyassure] Asserting DANE exclusivity for an… Zack Weinberg
- Re: [keyassure] Asserting DANE exclusivity for an… Nicholas Weaver
- Re: [keyassure] Asserting DANE exclusivity for an… Zack Weinberg
- Re: [keyassure] Asserting DANE exclusivity for an… Paul Wouters
- Re: [keyassure] Asserting DANE exclusivity for an… Zack Weinberg
- Re: [keyassure] Asserting DANE exclusivity for an… Martin Rex
- Re: [keyassure] Asserting DANE exclusivity for an… Zack Weinberg
- Re: [keyassure] Asserting DANE exclusivity for an… Jakob Schlyter
- Re: [keyassure] Asserting DANE exclusivity for an… Ondřej Surý
- Re: [keyassure] Asserting DANE exclusivity for an… Matt McCutchen
- Re: [keyassure] Asserting DANE exclusivity for an… James Cloos
- Re: [keyassure] Asserting DANE exclusivity for an… Matt McCutchen
- Re: [keyassure] Asserting DANE exclusivity for an… Matt McCutchen
- Re: [keyassure] Asserting DANE exclusivity for an… James Cloos
- Re: [keyassure] Asserting DANE exclusivity for an… Andrew Sullivan
- Re: [keyassure] Asserting DANE exclusivity for an… Andrew Sullivan
- Re: [keyassure] Asserting DANE exclusivity for an… Phillip Hallam-Baker
- Re: [keyassure] Asserting DANE exclusivity for an… Paul Wouters
- Re: [keyassure] Asserting DANE exclusivity for an… Nicholas Weaver
- Re: [keyassure] Asserting DANE exclusivity for an… Andrew Sullivan
- Re: [keyassure] Asserting DANE exclusivity for an… Phillip Hallam-Baker
- Re: [keyassure] Asserting DANE exclusivity for an… Andrew Sullivan
- Re: [keyassure] Asserting DANE exclusivity for an… Andrew Sullivan
- Re: [keyassure] Asserting DANE exclusivity for an… Phillip Hallam-Baker
- Re: [keyassure] Asserting DANE exclusivity for an… Paul Wouters
- Re: [keyassure] Asserting DANE exclusivity for an… Andrew Sullivan
- Re: [keyassure] Asserting DANE exclusivity for an… Matt McCutchen
- Re: [keyassure] Asserting DANE exclusivity for an… Matt McCutchen
- Re: [keyassure] Asserting DANE exclusivity for an… Matt McCutchen
- Re: [keyassure] Asserting DANE exclusivity for an… Matt McCutchen
- Re: [keyassure] Asserting DANE exclusivity for an… Zack Weinberg
- Re: [keyassure] Asserting DANE exclusivity for an… Andrew Sullivan
- Re: [keyassure] Asserting DANE exclusivity for an… Mark Andrews
- Re: [keyassure] Asserting DANE exclusivity for an… Andrew Sullivan
- Re: [keyassure] Asserting DANE exclusivity for an… Paul Wouters
- Re: [keyassure] Asserting DANE exclusivity for an… Martin Rex
- Re: [keyassure] Asserting DANE exclusivity for an… Paul Wouters
- Re: [keyassure] Asserting DANE exclusivity for an… Zack Weinberg
- Re: [keyassure] Asserting DANE exclusivity for an… Andrew Sullivan
- Re: [keyassure] Asserting DANE exclusivity for an… Zack Weinberg
- Re: [keyassure] Asserting DANE exclusivity for an… Andrew Sullivan
- Re: [keyassure] Asserting DANE exclusivity for an… Zack Weinberg
- Re: [keyassure] Asserting DANE exclusivity for an… Phillip Hallam-Baker
- Re: [keyassure] Asserting DANE exclusivity for an… Paul Wouters
- Re: [keyassure] Asserting DANE exclusivity for an… Paul Wouters
- Re: [keyassure] Asserting DANE exclusivity for an… Paul Wouters
- Re: [keyassure] Asserting DANE exclusivity for an… Phillip Hallam-Baker
- Re: [keyassure] Asserting DANE exclusivity for an… Ilari Liusvaara
- Re: [keyassure] Asserting DANE exclusivity for an… Phillip Hallam-Baker
- Re: [keyassure] Asserting DANE exclusivity for an… Matt McCutchen
- Re: [keyassure] Asserting DANE exclusivity for an… Matt McCutchen
- Re: [keyassure] Asserting DANE exclusivity for an… Matt McCutchen
- Re: [keyassure] Asserting DANE exclusivity for an… Ilari Liusvaara
- Re: [keyassure] Asserting DANE exclusivity for an… Matt McCutchen
- Re: [keyassure] Asserting DANE exclusivity for an… Olafur Gudmundsson