Re: [therightkey] [dane] DANE and CT
Phillip Hallam-Baker <hallam@gmail.com> Fri, 16 November 2012 22:40 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: therightkey@ietfa.amsl.com
Delivered-To: therightkey@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 147E721F845B; Fri, 16 Nov 2012 14:40:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.177
X-Spam-Level:
X-Spam-Status: No, score=-4.177 tagged_above=-999 required=5 tests=[AWL=-0.579, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fjLHDZkdftYy; Fri, 16 Nov 2012 14:40:09 -0800 (PST)
Received: from mail-oa0-f44.google.com (mail-oa0-f44.google.com [209.85.219.44]) by ietfa.amsl.com (Postfix) with ESMTP id 3725A21F844A; Fri, 16 Nov 2012 14:40:09 -0800 (PST)
Received: by mail-oa0-f44.google.com with SMTP id n5so3500523oag.31 for <multiple recipients>; Fri, 16 Nov 2012 14:40:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=iA/az03uAzTI4QvMsdI5V7vVvGge6K2DVf99LDBkw2I=; b=Am7GTgMt9Z4MmtIFilcy7tc34wtMtiQutmHVKBeCgOS7yY/4//AXABThLMxgOUnzLl EEl/hjfD6LCMyGwP1ZEdiI8bjyANpoJn8t2kNJS90Jocz8RUOAI59k+ykHGP7bi4lnSx nPL2taYz7IklQo9A4+8k44/3bmjTUnmTAeSrSBNX4k7E8dfk56Dnk5+FZbliDnZeORaP aWh2YLCTShIZqiTkt90iN85iTjM7qiW4EpnYeE0kRsSDJhn/eObqVnX9g9VhroiIhLYF 0QsZIasQ60XoeGjL4UB7+P/cyuGtMKyI9Dj/CX3iOBNxB8c+2rpXqKNR//hBmnLhDUws JMRQ==
MIME-Version: 1.0
Received: by 10.182.95.205 with SMTP id dm13mr5260418obb.9.1353105607522; Fri, 16 Nov 2012 14:40:07 -0800 (PST)
Received: by 10.76.27.103 with HTTP; Fri, 16 Nov 2012 14:40:07 -0800 (PST)
In-Reply-To: <70D44D23-477C-44AC-AE5F-7EAB7BFA0207@vpnc.org>
References: <CABrd9SRyv+UerPJBf+gw47nWj3t4ekHRnWsKC0pHcadHV5mvmw@mail.gmail.com> <alpine.LSU.2.00.1211141601220.27013@hermes-1.csi.cam.ac.uk> <CABrd9SQ7mt_DSkVimrJ03K9suXEQzYSc_vZ3qUtGLCiphvRetQ@mail.gmail.com> <alpine.LFD.2.02.1211141124490.4326@bofh.nohats.ca> <CABrd9SSv7vfxOhogGmYSWC8hROyXL_z4TJC8mxNMW-apSg5Y0Q@mail.gmail.com> <alpine.LFD.2.02.1211151501490.17666@bofh.nohats.ca> <CABrd9SQPg+5CJk_Quv3J_kOedd+NeDc2aqregdcbWnZofjb8kg@mail.gmail.com> <70D44D23-477C-44AC-AE5F-7EAB7BFA0207@vpnc.org>
Date: Fri, 16 Nov 2012 17:40:07 -0500
Message-ID: <CAMm+Lwi2tkdJnQQaVchk4svzjkB9rMiu8sC1huWFGJp-FdKA-A@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Paul Hoffman <paul.hoffman@vpnc.org>
Content-Type: multipart/alternative; boundary="14dae93b63201479e604cea47310"
Cc: therightkey@ietf.org, Ben Laurie <benl@google.com>, IETF DANE WG list <dane@ietf.org>
Subject: Re: [therightkey] [dane] DANE and CT
X-BeenThere: therightkey@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <therightkey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/therightkey>, <mailto:therightkey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/therightkey>
List-Post: <mailto:therightkey@ietf.org>
List-Help: <mailto:therightkey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/therightkey>, <mailto:therightkey-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Nov 2012 22:40:10 -0000
+1 Paul is right here, the big value in CT is probably applying it as a reinforcement against people screwing with the DS records or to ensure that DLV type schemes are not being futzed with. On Fri, Nov 16, 2012 at 2:06 PM, Paul Hoffman <paul.hoffman@vpnc.org> wrote: > On Nov 16, 2012, at 3:23 AM, Ben Laurie <benl@google.com> wrote: > > > As for CT vs DANE, it is precisely because DNS does not provide a > > robust infrastructure that DANE cannot be allowed to override CT. This > > can be fixed by making DANE use some kind of equivalently strong > > transparency. I agree with others that this is probably better applied > > to DS records than to TLSA records. > > Proposal: we take this off the DANE list and keep it on therightkey list, > focused on DS instead of DANE. That is, a rogue zone with additional / > substitute DS records might affect more than DANE in the future. > > --Paul Hoffman > _______________________________________________ > therightkey mailing list > therightkey@ietf.org > https://www.ietf.org/mailman/listinfo/therightkey > -- Website: http://hallambaker.com/
- [therightkey] DANE and CT Ben Laurie
- Re: [therightkey] [dane] DANE and CT Ben Laurie
- Re: [therightkey] [dane] DANE and CT Tony Finch
- Re: [therightkey] [dane] DANE and CT Warren Kumari
- Re: [therightkey] [dane] DANE and CT Paul Wouters
- Re: [therightkey] [dane] DANE and CT Ben Laurie
- Re: [therightkey] [dane] DANE and CT Tom Ritter
- Re: [therightkey] [dane] DANE and CT Tony Finch
- Re: [therightkey] [dane] DANE and CT Ben Laurie
- Re: [therightkey] [dane] DANE and CT Shumon Huque
- Re: [therightkey] [dane] DANE and CT Tom Ritter
- Re: [therightkey] [dane] DANE and CT Ben Laurie
- Re: [therightkey] [dane] DANE and CT Carl Wallace
- Re: [therightkey] [dane] DANE and CT Shumon Huque
- Re: [therightkey] [dane] DANE and CT Frederico A C Neves
- Re: [therightkey] [dane] DANE and CT Phillip Hallam-Baker
- Re: [therightkey] [dane] DANE and CT Paul Hoffman
- Re: [therightkey] [dane] DANE and CT Shumon Huque
- Re: [therightkey] [dane] DANE and CT Paul Wouters
- Re: [therightkey] [dane] DANE and CT Paul Wouters
- Re: [therightkey] [dane] DANE and CT Danny McPherson
- Re: [therightkey] [dane] DANE and CT Phillip Hallam-Baker
- Re: [therightkey] [dane] DANE and CT Danny McPherson
- Re: [therightkey] [dane] DANE and CT Ben Laurie
- Re: [therightkey] [dane] DANE and CT Ben Laurie
- Re: [therightkey] [dane] DANE and CT Paul Wouters
- Re: [therightkey] [dane] DANE and CT Paul Wouters
- Re: [therightkey] [dane] DANE and CT Paul Hoffman
- Re: [therightkey] [dane] DANE and CT Phillip Hallam-Baker
- Re: [therightkey] [dane] DANE and CT James Cloos
- Re: [therightkey] [dane] DANE and CT Ben Laurie