Re: [saag] IETF 93 Agenda Request - Key Discovery
Viktor Dukhovni <ietf-dane@dukhovni.org> Fri, 17 July 2015 03:26 UTC
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DADDC1A8764 for <saag@ietfa.amsl.com>; Thu, 16 Jul 2015 20:26:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2FMAkG1mKfRt for <saag@ietfa.amsl.com>; Thu, 16 Jul 2015 20:26:37 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6F91F1A701C for <saag@ietf.org>; Thu, 16 Jul 2015 20:26:37 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id 6AD46284D68; Fri, 17 Jul 2015 03:26:35 +0000 (UTC)
Date: Fri, 17 Jul 2015 03:26:35 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: saag@ietf.org
Message-ID: <20150717032635.GT28047@mournblade.imrryr.org>
References: <55A7F601.9040902@cisco.com> <20150716185728.GM28047@mournblade.imrryr.org> <CAMm+Lwjxj0viw99pJHFeETYALTbVcuXc5LAztwHqHgHzCouZFQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CAMm+Lwjxj0viw99pJHFeETYALTbVcuXc5LAztwHqHgHzCouZFQ@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/fxJ6kG7YdyLFHhCg4SnP9ONpJ0U>
Subject: Re: [saag] IETF 93 Agenda Request - Key Discovery
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: saag@ietf.org
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Jul 2015 03:26:39 -0000
On Thu, Jul 16, 2015 at 10:14:46PM -0400, Phillip Hallam-Baker wrote: > Since DANE has now been around for what, four years without making much > headway, I think we should be very clear in saying that the field is wide > open to alternatives. That was DANE for browsers, now we're starting to see uptake in places where it makes more sense to start. Plus TLS library support for DANE is not there yet, so lack of uptake is not surprising. This too will change. > That said, as a CA, the last thing I ever want to see is a customer's > private key. If it is not the liability that would kill me, I would have > lawful access demands every hour of the day and night to handle. People > have asked me to provide that type of service on numerous occasions. It > isn't for lack of demand that it does not exist. Well, the proposal is not quite to store the private key at the CA, but it is to use the CAs to authenticate the server where the private keys are stored to the user (an MiTMed user is likely to disclose access tokens and compromise the private key). > I do not use PKCS#12 in the mesh following my 'no new ASN.1' design goal. > It is a seriously complex and poorly documented spec. I am using JOSE JWE > instead. I did say PKCS#12 or similar, can't say I am exceptionally fond of PKCS#12 either. The similarity need neither be a requirement for ASN.1, nor an exclusion. -- Viktor.
- [saag] IETF 93 Agenda Request - Key Discovery ⌘ Matt Miller
- Re: [saag] IETF 93 Agenda Request - Key Discovery Viktor Dukhovni
- Re: [saag] IETF 93 Agenda Request - Key Discovery Phillip Hallam-Baker
- Re: [saag] IETF 93 Agenda Request - Key Discovery Viktor Dukhovni
- Re: [saag] IETF 93 Agenda Request - Key Discovery John Levine
- Re: [saag] IETF 93 Agenda Request - Key Discovery Viktor Dukhovni
- Re: [saag] IETF 93 Agenda Request - Key Discovery John Levine
- Re: [saag] IETF 93 Agenda Request - Key Discovery ⌘ Matt Miller
- Re: [saag] IETF 93 Agenda Request - Key Discovery Viktor Dukhovni
- Re: [saag] IETF 93 Agenda Request - Key Discovery Richard Barnes
- Re: [saag] IETF 93 Agenda Request - Key Discovery Richard Barnes
- Re: [saag] IETF 93 Agenda Request - Key Discovery Russ Housley
- Re: [saag] IETF 93 Agenda Request - Key Discovery 🔓Dan Wing
- Re: [saag] IETF 93 Agenda Request - Key Discovery Richard Barnes
- Re: [saag] IETF 93 Agenda Request - Key Discovery Viktor Dukhovni
- Re: [saag] IETF 93 Agenda Request - Key Discovery Phil Hunt
- Re: [saag] IETF 93 Agenda Request - Key Discovery Viktor Dukhovni
- Re: [saag] IETF 93 Agenda Request - Key Discovery Richard Barnes
- Re: [saag] IETF 93 Agenda Request - Key Discovery ⌘ Matt Miller
- Re: [saag] IETF 93 Agenda Request - Key Discovery Viktor Dukhovni
- Re: [saag] SASL for mail, was IETF 93 Agenda Requ… John Levine
- Re: [saag] IETF 93 Agenda Request - Key Discovery Richard Barnes
- Re: [saag] IETF 93 Agenda Request - Key Discovery Viktor Dukhovni
- Re: [saag] IETF 93 Agenda Request - Key Discovery John R Levine
- Re: [saag] IETF 93 Agenda Request - Key Discovery Benjamin Kaduk
- Re: [saag] IETF 93 Agenda Request - Key Discovery Viktor Dukhovni
- Re: [saag] IETF 93 Agenda Request - Key Discovery Chris Newman