IETF Logo Mail Archive

Re: [lamps] CAA tree climbing, gurrghhg

Ryan Sleevi <ryan-ietf@sleevi.com> Sat, 07 October 2017 16:24 UTC

Return-Path: <ryan-ietf@sleevi.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 482A3134CC5 for <spasm@ietfa.amsl.com>; Sat, 7 Oct 2017 09:24:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.299
X-Spam-Level:
X-Spam-Status: No, score=-4.299 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-2.8, RCVD_IN_SORBS_SPAM=0.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sleevi.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yIOt9K2BRdhR for <spasm@ietfa.amsl.com>; Sat, 7 Oct 2017 09:24:44 -0700 (PDT)
Received: from homiemail-a102.g.dreamhost.com (sub4.mail.dreamhost.com [69.163.253.135]) (using TLSv1.1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1397A134CC4 for <spasm@ietf.org>; Sat, 7 Oct 2017 09:24:44 -0700 (PDT)
Received: from homiemail-a102.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a102.g.dreamhost.com (Postfix) with ESMTP id 3B15B20047602 for <spasm@ietf.org>; Sat, 7 Oct 2017 09:24:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sleevi.com; h=mime-version :in-reply-to:references:from:date:message-id:subject:to:cc :content-type; s=sleevi.com; bh=9m6cmJLjrSPUNiKrguephoUTur8=; b= mVnsI9shGnuo41yBlSflV9PRRh/I8fHLI+i5nH1G+MTqTsCUtok1pxEcntLb9adi 0Ts+EkZ7MmQ8OkLzmx+ffj9MgNdL8lUKexNsd7YVWjKxOuNJwMncYQtTGk08ZwoD W29iH6XqlbgdKJOjFuzOR3Tghla2UvMupUsxkJo1prY=
Received: from mail-io0-f170.google.com (mail-io0-f170.google.com [209.85.223.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: ryan@sleevi.com) by homiemail-a102.g.dreamhost.com (Postfix) with ESMTPSA id 12ADD20047600 for <spasm@ietf.org>; Sat, 7 Oct 2017 09:24:43 -0700 (PDT)
Received: by mail-io0-f170.google.com with SMTP id z187so18343221ioz.12 for <spasm@ietf.org>; Sat, 07 Oct 2017 09:24:43 -0700 (PDT)
X-Gm-Message-State: AMCzsaWR6w65zr+nz2bNqsH7167SjpVaj06fxadP5vGaUwiD1LxVp169 ZzRq4hWUnZJXkXSi69+b5nd9IhMzwfo6wfBpUkA=
X-Google-Smtp-Source: AOwi7QDt4AKBPQvBB7DJ0lUvTz0pWC5eeO3gh3Cv+7T/9TLi2spx3XZUwWSaLlZZ98q+x1B/miTbV+qjYndxHyFpLtA=
X-Received: by 10.107.38.202 with SMTP id m193mr7258998iom.98.1507393482288; Sat, 07 Oct 2017 09:24:42 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.2.176.220 with HTTP; Sat, 7 Oct 2017 09:24:41 -0700 (PDT)
In-Reply-To: <alpine.OSX.2.21.1710071101400.36268@ary.qy>
References: <CACh0qC+jRjPMsf7YmDqoKZ0X1zWE2p=fUAo5uN3bZwwzBRG9Kg@mail.gmail.com> <alpine.OSX.2.21.1710061656080.33175@ary.qy> <7b98f765-4fea-5b71-e860-e46c11d6617e@eff.org> <alpine.OSX.2.21.1710061814390.33785@ary.qy> <CAMm+LwhiPhqQbfhHHaZZ6aoA5WS=FZ5q+ETtC4CLA_OWirgrhw@mail.gmail.com> <alpine.OSX.2.21.1710071101400.36268@ary.qy>
From: Ryan Sleevi <ryan-ietf@sleevi.com>
Date: Sat, 07 Oct 2017 12:24:41 -0400
X-Gmail-Original-Message-ID: <CAErg=HGZeWRM51PD28KoZR+AE4CKVvoC-JgQg3BQu_fE_6iaAg@mail.gmail.com>
Message-ID: <CAErg=HGZeWRM51PD28KoZR+AE4CKVvoC-JgQg3BQu_fE_6iaAg@mail.gmail.com>
To: John R Levine <johnl@taugh.com>
Cc: Phillip Hallam-Baker <phill@hallambaker.com>, SPASM <spasm@ietf.org>
Content-Type: multipart/alternative; boundary="001a114075100c74e8055af765fe"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/a96Ng8gV8kg5dNt_Z_o4n8Y09Ew>
Subject: Re: [lamps] CAA tree climbing, gurrghhg
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 07 Oct 2017 16:24:46 -0000

On Sat, Oct 7, 2017 at 11:09 AM, John R Levine <johnl@taugh.com> wrote:

> One side effect of that is that there cannot be any loose ends. PSL is a
>> loose end.
>>
>
> Perhaps, but CAs already use it a zillion times a minute to decide what
> certs to issue.
>
> We debated the dbound problem at great length and then decided that it
>> doesn't matter. There are really only a few TLDs of any consequence and if
>> they did something silly, we can vote to unsilly as a special case. And
>> since they know that, it is unlikely folk will be silly.
>>
>
> It would not be silly for Verisign to put a CAA at com. saying it has no
> certs at all.  But it would be extremely silly for CAs to apply that CAA to
> 2LDs or 3LDs under .com.
>

I don't think that's the same meaning. I think, especially in the world of
gTLDs, it's both reasonable and sensible to allow CAA records at the TLD,
and there's no need for the public suffix list concerns. At best, such
problems are business problems - not technology problems.

v2.23.0 | Report a Bug | By Email