Re: [therightkey] Basically, it's about keeping the CAs honest
"Kyle Hamilton" <aerowolf@gmail.com> Mon, 13 February 2012 23:18 UTC
Return-Path: <aerowolf@gmail.com>
X-Original-To: therightkey@ietfa.amsl.com
Delivered-To: therightkey@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8CA6321F856D for <therightkey@ietfa.amsl.com>; Mon, 13 Feb 2012 15:18:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.846
X-Spam-Level:
X-Spam-Status: No, score=-1.846 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MIME_BASE64_TEXT=1.753, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vZ56C7pG4XCz for <therightkey@ietfa.amsl.com>; Mon, 13 Feb 2012 15:18:29 -0800 (PST)
Received: from mail-tul01m020-f172.google.com (mail-tul01m020-f172.google.com [209.85.214.172]) by ietfa.amsl.com (Postfix) with ESMTP id CF01821F8552 for <therightkey@ietf.org>; Mon, 13 Feb 2012 15:18:23 -0800 (PST)
Received: by obbwd15 with SMTP id wd15so8609929obb.31 for <therightkey@ietf.org>; Mon, 13 Feb 2012 15:18:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=from:to:cc:date:message-id:subject:in-reply-to:references :mime-version:content-type; bh=Dg674AOz4lhFQhP+KxftN0kB1Ec5bZfCyRqxFVX8j8g=; b=jnIiVycUGuCTn0nwV+0ovZ1l8Mkiue70fWDainYq3tWAELG8KlQKa2+V+b3kXDovVo mP6XhfDhdgHB3OFSdAO/bmPsYDhIhTuRSp9PESUFYSN0YTAGiAVuK6dq7f/2lPAUM7Aa TleHjiXFGYWT+p+D9xbhy+D7xwiB16u0iv8SU=
Received: by 10.60.0.195 with SMTP id 3mr5119232oeg.2.1329175103507; Mon, 13 Feb 2012 15:18:23 -0800 (PST)
Received: from penango (jis1.qyv.name. [174.143.212.165]) by mx.google.com with ESMTPS id n7sm4200541oeh.4.2012.02.13.15.18.20 (version=SSLv3 cipher=OTHER); Mon, 13 Feb 2012 15:18:21 -0800 (PST)
From: Kyle Hamilton <aerowolf@gmail.com>
To: mrex@sap.com
Date: Mon, 13 Feb 2012 15:18:14 -0800
Message-ID: <gym4j6kw3igupdmfi2jezwJv4X.penango@mail.gmail.com>
In-Reply-To: <CAK3OfOhx_xbx1TrJL==BjmqVM8zZKDa8u4rQ7wCpKom4ZZODOg@mail.gmail.com>
References: <CAK3OfOhx_xbx1TrJL==BjmqVM8zZKDa8u4rQ7wCpKom4ZZODOg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha1"; boundary="gmsm1.9.5eqgym4j6lwwlvxync89f2"
Cc: therightkey@ietf.org, Phillip Hallam-Baker <hallam@gmail.com>, drc@virtualized.org
Subject: Re: [therightkey] Basically, it's about keeping the CAs honest
X-BeenThere: therightkey@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <therightkey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/therightkey>, <mailto:therightkey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/therightkey>
List-Post: <mailto:therightkey@ietf.org>
List-Help: <mailto:therightkey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/therightkey>, <mailto:therightkey-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Feb 2012 23:18:29 -0000
On Mon, Feb 13, 2012 at 11:21 AM, Martin Rex <mrex@sap.com> wrote: > Phillip Hallam-Baker wrote: >> >> What I find wrong with the MITM proxies is that they offer a >> completely transparent mechanism. The user is not notified that they >> are being logged. I think that is a broken approach because the whole >> point of accountability controls is that people behave differently >> when they know they are being watched. > > MITM proxies are bad in several ways. Not only that they're trying > to hide (by faking server certs), they also breaking client-cert > authentication, interfere with TLS channel bindings and will > break other approaches that intend to fix the shortcomings of the > Browser's TLS X.509 PKI trust model. Continuing to do the same thing and expecting different results is one of the definitions of insanity, you know? Our prohibitions have led to our unenforceable prohibitions being broken. We MUST stop prohibiting things, and recognize that there are valid use-cases which our narrow-minded interpretations of "Absolute Correctness Or It's Crap" have failed to take into account. There are more things in Heaven and Earth than are dreamt of in your philosophy, Horatio. They exist regardless of whether we agree with them. The least we can do is permit them. (And, there's another aspect: if we intentionally break all of the software that currently exists, we will have committed the largest technical attack on the international financial and communications infrastructure in history, and we would rightly be branded terrorists.) -Kyle H
- [therightkey] Basically, it's about keeping the C… Nico Williams
- Re: [therightkey] Basically, it's about keeping t… Martin Rex
- Re: [therightkey] Basically, it's about keeping t… David Conrad
- Re: [therightkey] Basically, it's about keeping t… Phillip Hallam-Baker
- Re: [therightkey] Basically, it's about keeping t… Nico Williams
- Re: [therightkey] Basically, it's about keeping t… David Conrad
- Re: [therightkey] Basically, it's about keeping t… Martin Millnert
- Re: [therightkey] Basically, it's about keeping t… Martin Millnert
- Re: [therightkey] Basically, it's about keeping t… Martin Rex
- Re: [therightkey] Basically, it's about keeping t… Phillip Hallam-Baker
- Re: [therightkey] Basically, it's about keeping t… Martin Rex
- Re: [therightkey] Basically, it's about keeping t… Benjamin Kreuter
- Re: [therightkey] Basically, it's about keeping t… Yoav Nir
- Re: [therightkey] Basically, it's about keeping t… Kyle Hamilton
- Re: [therightkey] Basically, it's about keeping t… Chris Palmer
- Re: [therightkey] Basically, it's about keeping t… Kyle Hamilton
- Re: [therightkey] Basically, it's about keeping t… Kyle Hamilton
- Re: [therightkey] Basically, it's about keeping t… Chris Palmer
- Re: [therightkey] Basically, it's about keeping t… Martin Millnert
- Re: [therightkey] Basically, it's about keeping t… Paul Lambert
- Re: [therightkey] Basically, it's about keeping t… Nico Williams
- Re: [therightkey] Basically, it's about keeping t… Phillip Hallam-Baker
- Re: [therightkey] Basically, it's about keeping t… Kyle Hamilton
- Re: [therightkey] Basically, it's about keeping t… Nico Williams
- Re: [therightkey] Basically, it's about keeping t… Martin Rex
- Re: [therightkey] Basically, it's about keeping t… Kyle Hamilton
- Re: [therightkey] Basically, it's about keeping t… Stephen Farrell
- Re: [therightkey] Basically, it's about keeping t… Kyle Hamilton
- Re: [therightkey] Basically, it's about keeping t… Kyle Hamilton
- Re: [therightkey] Basically, it's about keeping t… Paul Lambert
- Re: [therightkey] Basically, it's about keeping t… Paul Lambert
- Re: [therightkey] Basically, it's about keeping t… Carl Wallace
- Re: [therightkey] Basically, it's about keeping t… Kyle Hamilton
- Re: [therightkey] Basically, it's about keeping t… Paul Lambert
- Re: [therightkey] Basically, it's about keeping t… Martin Rex
- Re: [therightkey] Basically, it's about keeping t… Martin Rex
- Re: [therightkey] Basically, it's about keeping t… Phillip Hallam-Baker
- Re: [therightkey] Basically, it's about keeping t… Tom Ritter
- Re: [therightkey] Basically, it's about keeping t… Phillip Hallam-Baker
- Re: [therightkey] Basically, it's about keeping t… Daniel Kahn Gillmor
- Re: [therightkey] Basically, it's about keeping t… Paul Lambert
- Re: [therightkey] Basically, it's about keeping t… Phillip Hallam-Baker
- Re: [therightkey] Basically, it's about keeping t… Tom Ritter
- Re: [therightkey] Basically, it's about keeping t… Daniel Kahn Gillmor
- Re: [therightkey] Basically, it's about keeping t… Paul Lambert
- Re: [therightkey] Basically, it's about keeping t… Phillip Hallam-Baker