Re: [perpass] tld strong authentication deployment draft
Karl Malbrain <malbrain@yahoo.com> Tue, 24 September 2013 20:39 UTC
Return-Path: <malbrain@yahoo.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C29BA21F8EA8 for <perpass@ietfa.amsl.com>; Tue, 24 Sep 2013 13:39:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v-5oW9HRM9Ls for <perpass@ietfa.amsl.com>; Tue, 24 Sep 2013 13:39:37 -0700 (PDT)
Received: from nm21.bullet.mail.bf1.yahoo.com (nm21.bullet.mail.bf1.yahoo.com [98.139.212.180]) by ietfa.amsl.com (Postfix) with ESMTP id B1D1421F9D96 for <perpass@ietf.org>; Tue, 24 Sep 2013 13:39:35 -0700 (PDT)
Received: from [98.139.212.148] by nm21.bullet.mail.bf1.yahoo.com with NNFMP; 24 Sep 2013 20:39:34 -0000
Received: from [98.139.212.216] by tm5.bullet.mail.bf1.yahoo.com with NNFMP; 24 Sep 2013 20:39:34 -0000
Received: from [127.0.0.1] by omp1025.mail.bf1.yahoo.com with NNFMP; 24 Sep 2013 20:39:34 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 767764.35971.bm@omp1025.mail.bf1.yahoo.com
Received: (qmail 35952 invoked by uid 60001); 24 Sep 2013 20:39:33 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1380055173; bh=USyF06c1JauAsKO8AOZahxYCJWzURRTgqy3MlyVDTVw=; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=w9EejLRkz/tLtSI9g5hPH2QnPSz91wFgqkCVvYn9ZF9RC9bT2tvCH1Q12taTF6cfN4/12vhj/pNUdpckfPJ2Cq4PuaOnoRHBok5j/xUV9wioZTnSJrmQx68rHsZzTA8EHi5lrjxqePBYy39KS0pkqAiQ4ioyGJGyNlLFoDtOl1M=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=owbUc4dmaOLaDsyE6lL/KEdfaczhZOsLZw9bFHNLX7rrNZfxg9EMIRSKy2ZRMyodPlIW2IxX/F9AnXFy1KSKgHj+4LOFK41Z7ElxK0fgP3o7n66yRlG0VF/RQ2ATDsus4uVKvrBbAlW+l3Wh5y7Il4n08/P3zenwzXDgCFYG1xY=;
X-YMail-OSG: 4gw7c84VM1lP_7sn75scYNr6zIC2hrPY8UQuFH0pyLwptoQ OfZGCcPF1O..NeisoJkDRHbcNxmXbPVpjwU_.NNDJ8V2Gm9EXC5_P0pzKOkd OEtWG_HnHumhAwFNDwM7y3U6KhjTOVRUoCnkNgACf2xQFETdRH9vyMViyEMt myWCdmMdtRFoptbnWomr5uWGVgmIFkANgBeNvKbofR1RtIrx9WDnhj70hOvl RGPlNxe_oAQLxB9YIp0shLQnixXpV4bP5V7dPu0BeEUXWlgDCm7PLsygbHTV 5Vfx5gYtAgyRDCHSuOCC4SpUa2zer2VOt9O5Bo64DgU1kXPQ0Q.8Q4YK6mW_ iBQ_vWgUm7mUgaQCyWNJ_PSsplZvqjZw55oFxCxqj2qv6I55d_oxapWNxH_2 aO3er9hVyKTZertTkLBQKD4ij_npm5wAFf3F7l7AiLtI6zUiKwb.pOl_eNvy YeH484GBVRpmuxyGJs7W0AAiNQ7XMK_FeK2v0MdhVcoHm9wCuUmPNRQGASSE FFKw3tU43gt.bDonXHN_rbnfwDYzyNXpqPUY4deEfPenpLbXB2eIIDOukcO8 UczO8R357vMRY1UanWYRSXsjGCkbVGhNBvlxFnQ--
Received: from [50.201.233.2] by web125503.mail.ne1.yahoo.com via HTTP; Tue, 24 Sep 2013 13:39:33 PDT
X-Rocket-MIMEInfo: 002.001, SSd2ZSBiZWd1biB0byBwcm9wb3NlIGFuIGFsdGVybmF0aXZlIHRvIEROUy9EQU5FLCB0aGXCoFBFUlNQRUNUSVZFUyBwcm9qZWN0IGZyb20gQ01VLCBpbiB2ZXJzaW9uIDAxIG9mIHRoZSBwcm9ibGVtIHN0YXRlbWVudDogaHR0cDovL2RhdGF0cmFja2VyLmlldGYub3JnL2RvYy9kcmFmdC1tYWxicmFpbi10bHMtc3Ryb25nLWF1dGhlbnRpY2F0aW9uLgrCoApIYXZlIHlvdSBjb25zaWRlcmVkIHdoYXQgY2hhbmdlcyB0byB0aGUgRE5TIHN5c3RlbSB3b3VsZCBhZGRyZXNzIHlvdXIgY29uY2VybnM_wqAgSSd2ZSABMAEBAQE-
X-Mailer: YahooMailWebService/0.8.157.561
References: <5237B44C.7000405@KingsMountain.com> <52381C78.8090504@cs.tcd.ie> <1379445547.56870.YahooMailNeo@web125503.mail.ne1.yahoo.com> <87k3i6pkbj.fsf@latte.josefsson.org>
Message-ID: <1380055173.35886.YahooMailNeo@web125503.mail.ne1.yahoo.com>
Date: Tue, 24 Sep 2013 13:39:33 -0700
From: Karl Malbrain <malbrain@yahoo.com>
To: Simon Josefsson <simon@josefsson.org>
In-Reply-To: <87k3i6pkbj.fsf@latte.josefsson.org>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="-2005986409-1660849184-1380055173=:35886"
Cc: perpass <perpass@ietf.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [perpass] tld strong authentication deployment draft
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Karl Malbrain <malbrain@yahoo.com>
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Sep 2013 20:39:42 -0000
I've begun to propose an alternative to DNS/DANE, the PERSPECTIVES project from CMU, in version 01 of the problem statement: http://datatracker.ietf.org/doc/draft-malbrain-tls-strong-authentication. Have you considered what changes to the DNS system would address your concerns? I've proposed encrypted and authenticated connections in another thread. Karl Malbrain ________________________________ From: Simon Josefsson <simon@josefsson.org> To: Karl Malbrain <malbrain@yahoo.com> Cc: perpass <perpass@ietf.org>; Stephen Farrell <stephen.farrell@cs.tcd.ie> Sent: Tuesday, September 24, 2013 3:48 AM Subject: Re: [perpass] tld strong authentication deployment draft Karl Malbrain <malbrain@yahoo.com> writes: > I've uploaded a draft on tls strong authentication deployment: > > http://datatracker.ietf.org/doc/draft-malbrain-tls-strong-authentication > Any comments would be appreciated. I believe that anything based on DNS is the wrong way forward if your problem statement involve well funded adversaries. I think DNS-based distribution of keying material is a good way to simplify and bootstrap opportunistic encrypted channels, however, it would not provide strong authentication in the way that I would like to define it. /Simon _______________________________________________ perpass mailing list perpass@ietf.org https://www.ietf.org/mailman/listinfo/perpass
- [perpass] rough list of concrete stuff from list Stephen Farrell
- Re: [perpass] rough list of concrete stuff from l… Phillip Hallam-Baker
- Re: [perpass] rough list of concrete stuff from l… =JeffH
- Re: [perpass] rough list of concrete stuff from l… Stephen Farrell
- Re: [perpass] rough list of concrete stuff from l… Stephen Farrell
- Re: [perpass] rough list of concrete stuff from l… Jari Arkko
- Re: [perpass] rough list of concrete stuff from l… Hannes Tschofenig
- Re: [perpass] rough list of concrete stuff from l… Stephen Farrell
- Re: [perpass] rough list of concrete stuff from l… Lucy Lynch
- Re: [perpass] tld strong authentication deploymen… Karl Malbrain
- Re: [perpass] rough list of concrete stuff from l… =JeffH
- Re: [perpass] tld strong authentication deploymen… Simon Josefsson
- Re: [perpass] tld strong authentication deploymen… Peter Saint-Andre
- Re: [perpass] tld strong authentication deploymen… Karl Malbrain
- Re: [perpass] tld strong authentication deploymen… Simon Josefsson
- Re: [perpass] tld strong authentication deploymen… Paul Wouters
- Re: [perpass] tls strong authentication deploymen… Karl Malbrain