Re: [openpgp] The DANE draft
Phillip Hallam-Baker <phill@hallambaker.com> Sat, 25 July 2015 16:23 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 05C281ACCD8; Sat, 25 Jul 2015 09:23:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.277
X-Spam-Level:
X-Spam-Status: No, score=-1.277 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TZ7MdrVp6FCe; Sat, 25 Jul 2015 09:23:14 -0700 (PDT)
Received: from mail-la0-x22f.google.com (mail-la0-x22f.google.com [IPv6:2a00:1450:4010:c03::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CA7401AC431; Sat, 25 Jul 2015 09:23:13 -0700 (PDT)
Received: by lafd3 with SMTP id d3so18550572laf.1; Sat, 25 Jul 2015 09:23:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=RuAs/0tN2VwIJjvOP4/AWH18fz3nvydFGO+mXTMgwKw=; b=s0+XYKRQjFV4p2qKEVDLdsBdLnFfAnJnEnUELZGzIASvEIlSeqCOtV4uIy+2gN20I7 SZuDSqftXasUc79A9o0UiJXYb/ftteGdPNbfrngJokonTI5b9322cV60Z/Ep8ydH5qhK ynvkEmZf+PI60/dYWfuwgOIdAcKpmK34RMWVCxppQb0wgYQxr5Xkuqg5Ckdz3wNjXMmZ qiG7v6SrDbqHCM5jb0dWO89g1qS+wCgsLK8A/An7AwioXKehK8buDCVUyGrN0OGVr4S/ wD8u+f0YB6vsx7xdSBmGOkTz2IqT5pKi/4vUGCVAjcI0GSXrFT2Aen7q9wHmkM9N3qdU KngA==
MIME-Version: 1.0
X-Received: by 10.112.170.167 with SMTP id an7mr19054709lbc.103.1437841392309; Sat, 25 Jul 2015 09:23:12 -0700 (PDT)
Sender: hallam@gmail.com
Received: by 10.112.203.163 with HTTP; Sat, 25 Jul 2015 09:23:12 -0700 (PDT)
In-Reply-To: <alpine.LFD.2.11.1507250656400.854@bofh.nohats.ca>
References: <CAMm+LwhYdBLXM8Td8q8SCnzgwywRgMx3wNKeS_Q0JSN4Lh7rZQ@mail.gmail.com> <87si8dagiz.fsf@vigenere.g10code.de> <alpine.LFD.2.11.1507250656400.854@bofh.nohats.ca>
Date: Sat, 25 Jul 2015 12:23:12 -0400
X-Google-Sender-Auth: MeydRE1-WGQDwcpn3_G2r3nhreM
Message-ID: <CAMm+LwiUahW0wKGa6Bo=275+LbmR2qTu6Yuwwc9irDLsc=563Q@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: Paul Wouters <paul@nohats.ca>
Content-Type: multipart/alternative; boundary="001a11c368cc6e9e4a051bb5892c"
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/wph7hIjPPrK80wqURG3otGbLyn0>
Cc: Werner Koch <wk@gnupg.org>, IETF OpenPGP <openpgp@ietf.org>, Olafur Gudmundsson <ogud@ogud.com>, dane WG list <dane@ietf.org>
Subject: Re: [openpgp] The DANE draft
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 25 Jul 2015 16:23:16 -0000
On Sat, Jul 25, 2015 at 8:19 AM, Paul Wouters <paul@nohats.ca> wrote: > On Fri, 24 Jul 2015, Werner Koch wrote: > > PHB wrote: > > 2) If people find it does not meet OpenPGP needs, they should say so and >>> have no qualms about objecting. It is much more important that there be a >>> spec people use than that the document progress quickly. >>> >> > This document has not progressed "quickly". The original draft was > published in July 2013. No one is trying to rush this through I am quite happy waiting till 2016 or 2018. If it isn't done right its better not to publish at all. > I was a bit disappointed by the process: I learned about the I-D too late >> and was surprised that it started out at the OpenPGP WG mailing list (2 >> years ago?) with just a few messages and then continued at the DANE list >> without having notified the OpenPGP list. >> > > This is now the fourth time I am having this discussion with you, so I > think your representation is not entirely fair. The previous discussions > ended with you saying we should not do this and stick to the CERT record > type and me stating why I disagree with that view. Ummm watch your attributions, that is Werner, not me. The DANE group has been rather ineffective in getting the constituencies they purport to be serving to buy into their proposal. Additionally, because the CERT record is a meta-container record, > support for CERT is not good because to properly parse it you need > all of openpgp and all of x509 and all of what other subtypes would > be added later on. So instead of implementing CERT records partially, > many DNS implementations just did not bother with it at all. All of X509 isn't a big barrier. Took me a week, four days of that was writing the Assinine One compiler. I am not aware of any major crypto package that doesn't have the ability to parse X.509 certs. Werner isn't the only person who has a PKIX package in his OpenPGP library. Back in 1990 the idea of using OpenPGP to avoid the need to mess with Assinine One made arguable sense. Today its a lost cause. I stopped fighting that battle in 1995. The CERT record is more flexible because it also allows the use of an >> indirect specification via fingerprint. >> > > Which is a problem not a feature. It makes the security model very > complex. No, the security model is complex because you are trying to use a vast, aging and vaguely understood infrastructure with a byzantine administrative model to provide security. Failing to accept that fact is one of the many reasons people are skeptical of this project and looking for ways to work round it.
- [openpgp] The DANE draft Phillip Hallam-Baker
- Re: [openpgp] The DANE draft Werner Koch
- Re: [openpgp] The DANE draft Stephen Farrell
- Re: [openpgp] The DANE draft Aaron Zauner
- Re: [openpgp] The DANE draft Aaron Zauner
- Re: [openpgp] The DANE draft Stephen Farrell
- Re: [openpgp] The DANE draft Daniel Kahn Gillmor
- Re: [openpgp] The DANE draft Paul Wouters
- Re: [openpgp] The DANE draft Paul Wouters
- Re: [openpgp] The DANE draft Paul Wouters
- Re: [openpgp] The DANE draft Phillip Hallam-Baker
- Re: [openpgp] The DANE draft Phillip Hallam-Baker
- Re: [openpgp] The DANE draft Phillip Hallam-Baker
- Re: [openpgp] The DANE draft Paul Wouters
- Re: [openpgp] [dane] The DANE draft Paul Wouters
- Re: [openpgp] The DANE draft Paul Wouters
- Re: [openpgp] The DANE draft Watson Ladd
- Re: [openpgp] The DANE draft Paul Wouters
- Re: [openpgp] [dane] The DANE draft Werner Koch
- Re: [openpgp] The DANE draft Werner Koch
- Re: [openpgp] The DANE draft Olafur Gudmundsson
- Re: [openpgp] The DANE draft Simon Josefsson
- Re: [openpgp] The DANE draft Daniel Kahn Gillmor
- Re: [openpgp] The DANE draft Paul Wouters
- Re: [openpgp] [dane] The DANE draft Stephen Farrell
- Re: [openpgp] [dane] The DANE draft Stephen Farrell
- Re: [openpgp] [dane] The DANE draft Paul Hoffman
- Re: [openpgp] [dane] The DANE draft Paul Hoffman
- Re: [openpgp] The DANE draft Daniel Kahn Gillmor
- Re: [openpgp] [dane] The DANE draft Daniel Kahn Gillmor
- Re: [openpgp] [dane] The DANE draft Paul Wouters
- Re: [openpgp] [dane] The DANE draft Hosnieh Rafiee
- Re: [openpgp] [dane] The DANE draft Paul Wouters
- Re: [openpgp] [dane] The DANE draft Hosnieh Rafiee
- Re: [openpgp] [dane] The DANE draft Hosnieh Rafiee
- Re: [openpgp] [dane] The DANE draft Vincent Breitmoser
- Re: [openpgp] [dane] The DANE draft Stephen Farrell
- Re: [openpgp] [dane] The DANE draft Paul Wouters
- Re: [openpgp] [dane] The DANE draft Jiankang Yao
- Re: [openpgp] [dane] The DANE draft Daniel Kahn Gillmor