Re: [keyassure] publishing the public key
Martin Rex <mrex@sap.com> Mon, 14 February 2011 17:32 UTC
Return-Path: <mrex@sap.com>
X-Original-To: keyassure@core3.amsl.com
Delivered-To: keyassure@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 62C7C3A6AC1 for <keyassure@core3.amsl.com>; Mon, 14 Feb 2011 09:32:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.192
X-Spam-Level:
X-Spam-Status: No, score=-10.192 tagged_above=-999 required=5 tests=[AWL=0.057, BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xPAD0kHTKizH for <keyassure@core3.amsl.com>; Mon, 14 Feb 2011 09:32:56 -0800 (PST)
Received: from smtpde02.sap-ag.de (smtpde02.sap-ag.de [155.56.68.140]) by core3.amsl.com (Postfix) with ESMTP id 5AA6F3A6D6D for <keyassure@ietf.org>; Mon, 14 Feb 2011 09:32:56 -0800 (PST)
Received: from mail.sap.corp by smtpde02.sap-ag.de (26) with ESMTP id p1EHXGpb027480 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Mon, 14 Feb 2011 18:33:16 +0100 (MET)
From: Martin Rex <mrex@sap.com>
Message-Id: <201102141733.p1EHXFfR005827@fs4113.wdf.sap.corp>
To: paul@xelerance.com
Date: Mon, 14 Feb 2011 18:33:15 +0100
In-Reply-To: <alpine.LFD.1.10.1102140915530.3131@newtla.xelerance.com> from "Paul Wouters" at Feb 14, 11 09:19:32 am
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-SAP: out
Cc: keyassure@ietf.org
Subject: Re: [keyassure] publishing the public key
X-BeenThere: keyassure@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: mrex@sap.com
List-Id: Key Assurance With DNSSEC <keyassure.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/keyassure>
List-Post: <mailto:keyassure@ietf.org>
List-Help: <mailto:keyassure-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Feb 2011 17:32:57 -0000
Paul Wouters wrote: > > On Mon, 14 Feb 2011, Henry Story wrote: > > > > Why not publish the only piece of the certificate that is important > > in public key cryptography: the public key. > > Yes. This was asked by others including me as well. People thought it would > be no problem to add this to dane once a bare public key TLS method exists. > > > An important question is of course: how much bandwidth does one save? > > Bandwidth does not really matter. What matters is latency > (less round trips) and a riddance of ASN.1 parsing. The current approach of admins to run a TLS server with a bare public key is to generate themselves a self-signed (X.509v1) Certificate. That is probably what many folks are doing when protecting Web access to their HomeNAS, Home DSL-router, Home DVB-s receiver, etc. This works with the installed base, in particular with the installed base of servers. Though it doesn't work that well with Web Browsers as clients. In particular, many recent browers are pretty badly broken when it comes to a sensible UI for servers using a self-signed cert. -Martin
- Re: [keyassure] publishing the public key Henry Story
- [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Ilari Liusvaara
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Paul Hoffman
- Re: [keyassure] publishing the public key Paul Hoffman
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Martin Rex
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Martin Rex
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Scott Schmit
- Re: [keyassure] Issue #14 - publishing the public… Warren Kumari
- Re: [keyassure] Issue #14 - publishing the public… Paul Hoffman
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Paul Hoffman
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Ilari Liusvaara
- Re: [keyassure] publishing the public key Paul Hoffman
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Yaron Sheffer
- Re: [keyassure] publishing the public key Ilari Liusvaara
- Re: [keyassure] publishing the public key Yaron Sheffer
- Re: [keyassure] publishing the public key John Gilmore
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Phillip Hallam-Baker
- Re: [keyassure] publishing the public key Peter Gutmann
- Re: [keyassure] publishing the public key Peter Gutmann
- Re: [keyassure] publishing the public key Peter Gutmann
- Re: [keyassure] publishing the public key Peter Gutmann
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Phillip Hallam-Baker
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Paul Hoffman
- Re: [keyassure] publishing the public key Peter Gutmann
- Re: [keyassure] publishing the public key Phillip Hallam-Baker
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Peter Gutmann
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Paul Hoffman
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Paul Hoffman
- Re: [keyassure] publishing the public key Phillip Hallam-Baker
- Re: [keyassure] publishing the public key Peter Gutmann
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Stephen Kent
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Stephen Kent
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Paul Hoffman
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Stephen Kent
- Re: [keyassure] publishing the public key Henry Story