IETF Logo Mail Archive

Re: [stir] current draft charter

Dave Crocker <dcrocker@bbiw.net> Wed, 12 June 2013 17:13 UTC

Return-Path: <dcrocker@bbiw.net>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6C3EF21F9B1C for <stir@ietfa.amsl.com>; Wed, 12 Jun 2013 10:13:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.399
X-Spam-Level:
X-Spam-Status: No, score=-6.399 tagged_above=-999 required=5 tests=[AWL=0.200, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i9MXbcUgd1k9 for <stir@ietfa.amsl.com>; Wed, 12 Jun 2013 10:13:07 -0700 (PDT)
Received: from sbh17.songbird.com (sbh17.songbird.com [72.52.113.17]) by ietfa.amsl.com (Postfix) with ESMTP id 7100E21F9B33 for <stir@ietf.org>; Wed, 12 Jun 2013 10:13:06 -0700 (PDT)
Received: from [192.168.1.66] (76-218-9-215.lightspeed.sntcca.sbcglobal.net [76.218.9.215]) (authenticated bits=0) by sbh17.songbird.com (8.13.8/8.13.8) with ESMTP id r5CHCvFX014212 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 12 Jun 2013 10:13:00 -0700
Message-ID: <51B8AC13.5040502@bbiw.net>
Date: Wed, 12 Jun 2013 10:12:51 -0700
From: Dave Crocker <dcrocker@bbiw.net>
Organization: Brandenburg InternetWorking
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130509 Thunderbird/17.0.6
MIME-Version: 1.0
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
References: <CDDD28BB.1F0A5%jon.peterson@neustar.biz> <51B84BAA.8020004@cs.tcd.ie>
In-Reply-To: <51B84BAA.8020004@cs.tcd.ie>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 (sbh17.songbird.com [72.52.113.67]); Wed, 12 Jun 2013 10:13:01 -0700 (PDT)
Cc: "stir@ietf.org" <stir@ietf.org>, "Peterson, Jon" <jon.peterson@neustar.biz>
Subject: Re: [stir] current draft charter
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/stir>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Jun 2013 17:13:12 -0000

On 6/12/2013 3:21 AM, Stephen Farrell wrote:
> That's a fair point. However, I'd argue that the difference between
> a DKIM-like and RPKI-like approach is far from just syntax. For
> example, in an RPKI-like approach the callee has to verify who
> delegated what to whom in order to check the signature (e.g. via
> 5280 NameConstraints). With a DKIM-like approach, that's done in
> some un- or differently-specified way by some infrastructure (before
> making the public key available) and isn't directly visible to the
> callee. That's definitely not just syntax I reckon.


My simplistic description of the DKIM-like model is that the storage 
location constitutes the cert.

The semantic of the cert is "the owner of this location authorizes use 
of the key".  Since the 'location' is a place in the DNS, the owner of 
the domain name at that location is validating use of the private key.

For very simple cert semantics like this, it works.  Semantics that are 
more complex probably won't.

d/

-- 
Dave Crocker
Brandenburg InternetWorking
bbiw.net

v2.23.0 | Report a Bug | By Email