IETF Logo Mail Archive

Re: [therightkey] [dane] DANE and CT

Ben Laurie <benl@google.com> Wed, 14 November 2012 16:05 UTC

Return-Path: <benl@google.com>
X-Original-To: therightkey@ietfa.amsl.com
Delivered-To: therightkey@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DB8BE21F85AB for <therightkey@ietfa.amsl.com>; Wed, 14 Nov 2012 08:05:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.856
X-Spam-Level:
X-Spam-Status: No, score=-102.856 tagged_above=-999 required=5 tests=[AWL=0.121, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3x8oLpv6kVAD for <therightkey@ietfa.amsl.com>; Wed, 14 Nov 2012 08:05:25 -0800 (PST)
Received: from mail-vc0-f172.google.com (mail-vc0-f172.google.com [209.85.220.172]) by ietfa.amsl.com (Postfix) with ESMTP id 1421221F858E for <therightkey@ietf.org>; Wed, 14 Nov 2012 08:05:24 -0800 (PST)
Received: by mail-vc0-f172.google.com with SMTP id fl11so676180vcb.31 for <therightkey@ietf.org>; Wed, 14 Nov 2012 08:05:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=16eQkrzCvoE2YFMNv9RYd7RL1zlUNQEEyYN/YZGDBYs=; b=poIbQVXcTwtzdiCSc6QNBE5BIJwqJit2VUnU7yAYVLZ+Q3NimUgABAFNJsaScqAqi+ r0QiCqYjTAob5aOf+YZfO7FvJEf/oRwcDP6Q9V4H0J1TqFac3xpz+QoyH8TMfmU5DXRo R0eo5iMwjosi6ANVP3uviwkxmmQpr+sTl9nH3GXacTUFvtCoOlkSXfjzIBU7cQkN8CRh 9glm7gkvPE+aAVD7ZkGxarIvUR/PNYowtZs195IG/aw0y02zpfjdhsLFjjrUqTHD8gad PztXTY9fKJ80fDfR8or+brhPcJnrbTyr572GzDthidfipmmwQXFuVaSMub4xI5xLyK5J nGmQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:x-gm-message-state; bh=16eQkrzCvoE2YFMNv9RYd7RL1zlUNQEEyYN/YZGDBYs=; b=QhBnozKrHHtYISvd2It5XILNeVo7UICe0eltQOG3C83UhaMM+jRyO700Pko34qFdFs 0Lyiz/asezw/sHg6DmvH4cf+p01Ya+F9EB2co1X2q/stXz4ncxS34rEyjlw2K/GCxAuA rVsfAbY63VVhZCaN0CCbuuPWBeTm171U6gANFL/KvWBcD3p8qx4+MosLgIhLKQqTaXqb JuiDI0bOrqNk0zGOq9UjiUJPouumqS91Ylo2L4w1usPVCQwm6ZY+HchzzBgk8ALEbXCu bs22KJVdAa3+8Bb1kT06eyyF3iRN6UIUPCNcgThBo1aIjQPLy60iwYaZOozOHjPsCkv1 o7Wg==
MIME-Version: 1.0
Received: by 10.220.8.138 with SMTP id h10mr11461766vch.35.1352909124522; Wed, 14 Nov 2012 08:05:24 -0800 (PST)
Received: by 10.220.228.6 with HTTP; Wed, 14 Nov 2012 08:05:24 -0800 (PST)
In-Reply-To: <alpine.LSU.2.00.1211141601220.27013@hermes-1.csi.cam.ac.uk>
References: <CABrd9SRyv+UerPJBf+gw47nWj3t4ekHRnWsKC0pHcadHV5mvmw@mail.gmail.com> <alpine.LSU.2.00.1211141601220.27013@hermes-1.csi.cam.ac.uk>
Date: Wed, 14 Nov 2012 16:05:24 +0000
Message-ID: <CABrd9SQ7mt_DSkVimrJ03K9suXEQzYSc_vZ3qUtGLCiphvRetQ@mail.gmail.com>
From: Ben Laurie <benl@google.com>
To: Tony Finch <dot@dotat.at>
Content-Type: text/plain; charset="ISO-8859-1"
X-Gm-Message-State: ALoCoQmAcF+7PjxuI5E4M06SXam+KK4cfzb/Td0v2Fz4FdPfJG96AizgCQSsMl2Gx1s/MVc3FfjVdkoX2tMlBaC1RRqI8WIYtkoXouWmLAv0tjaoglnnZ9D5z3KzTqIbOoBG3o4Zl9cjXLJTvut97YTb4K6vQvsPXVdfDfnAq38UiE4oRsthPUMZ23ddH68iIr7U7FWQfCRe
Cc: therightkey@ietf.org, IETF DANE WG list <dane@ietf.org>
Subject: Re: [therightkey] [dane] DANE and CT
X-BeenThere: therightkey@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <therightkey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/therightkey>, <mailto:therightkey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/therightkey>
List-Post: <mailto:therightkey@ietf.org>
List-Help: <mailto:therightkey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/therightkey>, <mailto:therightkey-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Nov 2012 16:05:26 -0000

On 14 November 2012 16:02, Tony Finch <dot@dotat.at> wrote:
> Ben Laurie <benl@google.com> wrote:
>
>> At the CT BoF the question was raised: what about DANE?
>>
>> Which is a good question. So, I think Google is prepared to
>> contemplate running a CT log for DANE, but this leaves some
>> questions...
>
> What problem would CT for DANE be aiming to fix?

By all means add that to the list of questions :-)

But I assume the same problem CT already fixes: misissuance of certs
(which in the DNSSEC world I guess mostly boils down to bad
delegation).

>
> Tony.
> --
> f.anthony.n.finch  <dot@dotat.at>  http://dotat.at/
> Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first.
> Rough, becoming slight or moderate. Showers, rain at first. Moderate or good,
> occasionally poor at first.

v2.23.0 | Report a Bug | By Email