Re: [pkix] TLS server authentication schemes...
Phillip Hallam-Baker <hallam@gmail.com> Sat, 11 June 2011 17:09 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DF68B11E81DA for <pkix@ietfa.amsl.com>; Sat, 11 Jun 2011 10:09:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.598
X-Spam-Level:
X-Spam-Status: No, score=-3.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uq6QXLXg5sFg for <pkix@ietfa.amsl.com>; Sat, 11 Jun 2011 10:09:15 -0700 (PDT)
Received: from mail-yw0-f44.google.com (mail-yw0-f44.google.com [209.85.213.44]) by ietfa.amsl.com (Postfix) with ESMTP id EF4F111E81D5 for <pkix@ietf.org>; Sat, 11 Jun 2011 10:09:14 -0700 (PDT)
Received: by ywp31 with SMTP id 31so1961579ywp.31 for <pkix@ietf.org>; Sat, 11 Jun 2011 10:09:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=xSFbncP+WeVM7JcMh2jLQfSpRTH/YWSCMC0yKWQlpiE=; b=ttxYoubTpdVEihlIT92eaQd0cdmmu1SwDWnFuGrbebIa8Tck7IaakKSV1cXhYhlAQJ RRSzNHCMJpoqlvbKufKK1ps6E9N5boI+dC2TInH7pQ7gpz/TmFTQpwjN46FJYiJjMtDC Mj2envlAQKR/t316HdEOLVtvhZUvv7cDQfgRA=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=Sm+/VdkRoBUl3ygt3h2EeaZVYLAcz5AK+I4s921xhDPoG1qJ3WKNyKzKoXNsocWdSz eEw+ukZBcZj15MLWJwndIIJY41aZ3fHYWcRBq4dEFz5D9Z0BYftfQfWOPmohhAh/jHUG 0q6s70ogrSI5mnmNYse2vr6n820XreaXF45eg=
MIME-Version: 1.0
Received: by 10.100.255.2 with SMTP id c2mr3239637ani.41.1307812154402; Sat, 11 Jun 2011 10:09:14 -0700 (PDT)
Received: by 10.100.41.5 with HTTP; Sat, 11 Jun 2011 10:09:13 -0700 (PDT)
In-Reply-To: <E7E88F96-A016-489E-9DF9-19C2E6A519F9@vpnc.org>
References: <4DF2C54C.4060706@nma.com> <201106110429.p5B4TuoF019430@fs4113.wdf.sap.corp> <BANLkTimn5jBGZkAjVJfYgLsUzS5nUv7NFw@mail.gmail.com> <E7E88F96-A016-489E-9DF9-19C2E6A519F9@vpnc.org>
Date: Sat, 11 Jun 2011 13:09:13 -0400
Message-ID: <BANLkTiktSdetwg4sLaA3zBoCJ_wNpUG27Q@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Paul Hoffman <paul.hoffman@vpnc.org>
Content-Type: multipart/alternative; boundary="00163662e661e5664104a572beb3"
Cc: pkix@ietf.org
Subject: Re: [pkix] TLS server authentication schemes...
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pkix>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Jun 2011 17:09:16 -0000
No, that really is the case you are making. It may be rather inconvenient for you to see your points laid out in that fashion but that is exactly what you have been arguing. There are three issues here 1) Are the parts of CAA that you are objecting to useful? I don't think anyone is objecting to the fact that they are. 2) Are they within PKIX charter scope? They are very clearly within the IETF PKIX charter. They are very clearly similar to schemes such as OCSP and SCVP that the group has considered previously. 3) Are they in DANE charter scope? That is rather less clear because the DANE charter does not actually explicitly state that it is going to propose the restriction semantics you describe in your draft. I find this argument over process to be rather tiresome and irrelevant. I suggest that if someone has a problem with doing CAA in PKIX that they propose an applicability statement to the IESG and let them handle it. I also think that you would be much better advised to remove the restriction semantics from your own draft until such time as you have demonstrated that you have an effective and reliable mechanism for key distribution first. On Sat, Jun 11, 2011 at 11:10 AM, Paul Hoffman <paul.hoffman@vpnc.org>wrote: > On Jun 11, 2011, at 6:55 AM, Phillip Hallam-Baker wrote: > > > The argument you and Paul seem to be advancing is: > > False. I am advancing the arguments that I give in my messages, not the > ones you attribute to me. Again: please state what you believe, but maybe > consider not stating what others believe. > > --Paul Hoffman > > -- Website: http://hallambaker.com/
- [pkix] Proposing CAA as PKIX Working Group Item Phillip Hallam-Baker
- Re: [pkix] Proposing CAA as PKIX Working Group It… Manger, James H
- Re: [pkix] Proposing CAA as PKIX Working Group It… Paul Hoffman
- Re: [pkix] Proposing CAA as PKIX Working Group It… Phillip Hallam-Baker
- Re: [pkix] Proposing CAA as PKIX Working Group It… Phillip Hallam-Baker
- Re: [pkix] Proposing CAA as PKIX Working Group It… Stefan Santesson
- Re: [pkix] Proposing CAA as PKIX Working Group It… Tim Moses
- Re: [pkix] Proposing CAA as PKIX Working Group It… Phillip Hallam-Baker
- Re: [pkix] Proposing CAA as PKIX Working Group It… Alan Sill
- Re: [pkix] Proposing CAA as PKIX Working Group It… Phillip Hallam-Baker
- Re: [pkix] Proposing CAA as PKIX Working Group It… koichi sugimoto
- Re: [pkix] Proposing CAA as PKIX Working Group It… i-barreira
- Re: [pkix] Proposing CAA as PKIX Working Group It… Martin Rex
- Re: [pkix] Proposing CAA as PKIX Working Group It… Paul Hoffman
- Re: [pkix] Proposing CAA as PKIX Working Group It… koichi sugimoto
- Re: [pkix] Proposing CAA as PKIX Working Group It… Phillip Hallam-Baker
- Re: [pkix] Proposing CAA as PKIX Working Group It… Stephen Kent
- Re: [pkix] Proposing CAA as PKIX Working Group It… Paul Hoffman
- Re: [pkix] Proposing CAA as PKIX Working Group It… Stephen Kent
- Re: [pkix] Proposing CAA as PKIX Working Group It… Phillip Hallam-Baker
- Re: [pkix] Proposing CAA as PKIX Working Group It… Paul Hoffman
- Re: [pkix] Proposing CAA as PKIX Working Group It… Michael D'Errico
- Re: [pkix] [TLS] Proposing CAA as PKIX Working Gr… Yoav Nir
- Re: [pkix] [TLS] Proposing CAA as PKIX Working Gr… Phillip Hallam-Baker
- Re: [pkix] Proposing CAA as PKIX Working Group It… Stephen Kent
- Re: [pkix] [TLS] Proposing CAA as PKIX Working Gr… Yoav Nir
- Re: [pkix] [TLS] Proposing CAA as PKIX Working Gr… Marsh Ray
- Re: [pkix] [TLS] Proposing CAA as PKIX Working Gr… Phillip Hallam-Baker
- Re: [pkix] Proposing CAA as PKIX Working Group It… Phillip Hallam-Baker
- Re: [pkix] Proposing CAA as PKIX Working Group It… Paul Hoffman
- Re: [pkix] Proposing CAA as PKIX Working Group It… Matt McCutchen
- Re: [pkix] Proposing CAA as PKIX Working Group It… Paul Hoffman
- Re: [pkix] Proposing CAA as PKIX Working Group It… Matt McCutchen
- Re: [pkix] Proposing CAA as PKIX Working Group It… Paul Hoffman
- Re: [pkix] Proposing CAA as PKIX Working Group It… Phillip Hallam-Baker
- Re: [pkix] [TLS] Proposing CAA as PKIX Working Gr… Peter Gutmann
- Re: [pkix] [TLS] Proposing CAA as PKIX Working Gr… Marsh Ray
- Re: [pkix] [TLS] Proposing CAA as PKIX Working Gr… Peter Gutmann
- Re: [pkix] [TLS] Proposing CAA as PKIX Working Gr… Yoav Nir
- Re: [pkix] [TLS] Proposing CAA as PKIX Working Gr… koichi sugimoto
- Re: [pkix] [TLS] Proposing CAA as PKIX Working Gr… Peter Gutmann
- Re: [pkix] [TLS] Proposing CAA as PKIX Working Gr… Yoav Nir
- Re: [pkix] [TLS] Proposing CAA as PKIX Working Gr… Yoav Nir
- Re: [pkix] [TLS] Proposing CAA as PKIX Working Gr… Peter Gutmann
- Re: [pkix] [TLS] Proposing CAA as PKIX Working Gr… Yoav Nir
- Re: [pkix] [TLS] Proposing CAA as PKIX Working Gr… Peter Gutmann
- Re: [pkix] [TLS] Proposing CAA as PKIX Working Gr… Phillip Hallam-Baker
- Re: [pkix] [TLS] Proposing CAA as PKIX Working Gr… Phillip Hallam-Baker
- Re: [pkix] [TLS] Proposing CAA as PKIX Working Gr… Marsh Ray
- Re: [pkix] [TLS] Proposing CAA as PKIX Working Gr… Martin Rex
- Re: [pkix] [TLS] Proposing CAA as PKIX Working Gr… Yoav Nir
- Re: [pkix] [TLS] Proposing CAA as PKIX Working Gr… Tom Gindin
- [pkix] CAA and relying parties Paul Hoffman
- Re: [pkix] CAA and relying parties koichi sugimoto
- Re: [pkix] CAA and relying parties Phillip Hallam-Baker
- Re: [pkix] CAA and relying parties Kemp, David P.
- Re: [pkix] CAA and relying parties Paul Hoffman
- Re: [pkix] CAA and relying parties Matt McCutchen
- Re: [pkix] CAA and relying parties Ed Gerck, Ph.D.
- [pkix] TLS server authentication schemes... Matt McCutchen
- Re: [pkix] TLS server authentication schemes... Ed Gerck, Ph.D.
- Re: [pkix] CAA and relying parties Martin Rex
- Re: [pkix] CAA and relying parties Phillip Hallam-Baker
- Re: [pkix] TLS server authentication schemes... Martin Rex
- Re: [pkix] TLS server authentication schemes... Ed Gerck, Ph.D.
- Re: [pkix] CAA and relying parties Yoav Nir
- Re: [pkix] TLS server authentication schemes... Phillip Hallam-Baker
- [pkix] OT: what is permitted Paul Hoffman
- Re: [pkix] TLS server authentication schemes... Paul Hoffman
- Re: [pkix] TLS server authentication schemes... Phillip Hallam-Baker
- Re: [pkix] [TLS] Proposing CAA as PKIX Working Gr… Geoffrey Keating
- Re: [pkix] CAA and relying parties Phillip Hallam-Baker
- Re: [pkix] CAA and relying parties Scott Schmit
- Re: [pkix] CAA and relying parties Ed Gerck, Ph.D.
- Re: [pkix] CAA and relying parties Stephen Farrell
- Re: [pkix] TLS server authentication schemes... Martin Rex
- Re: [pkix] TLS server authentication schemes... Phillip Hallam-Baker
- [pkix] CAA and identifiers Paul Hoffman
- Re: [pkix] CAA and identifiers Stephen Farrell
- Re: [pkix] TLS server authentication schemes... koichi sugimoto