[TLS]Re: Trust Anchor Negotiation Surveillance Concerns and Risks

Rob Sayre <sayrer@gmail.com> Mon, 22 July 2024 17:32 UTC

MIME-Version: 1.0
References: <CAD2nvsT4qWqudiv1C1wZn6rB4_s-9EDENq5TXEbxr_ygcMFjDQ@mail.gmail.com> <CAChr6Sw+gxK3dO29F9bsLTQReJz6LzT2hZb5O7LAXmKzQbKTSw@mail.gmail.com> <CACf5n7_29CNXLf+SmpKKOWkc_3Oi2BZqZ8irU+z=3btJns_1-Q@mail.gmail.com> <CAChr6SxJ3r88a4Aehv_5fsSWb1JApV6Lg4hfwdm0Oh5x04_shQ@mail.gmail.com> <479BA457-9001-4EBC-A84F-9E3EB71E809F@akamai.com> <CACsn0cmhsh-zeJOaa7xy_2crxgvhAF=nK9FqWxxf1dB2SMhMyQ@mail.gmail.com> <Zpu0reBpH3dtFYdf@LK-Perkele-VII2.locald> <CADQzZqtsj272Gt771Ef=VhS2+WvWKkct0Jx1=wmyS7kTu0ds1w@mail.gmail.com> <CAF8qwaB3VuWSYTi-gH99+N_cgi1ZAdMpzhrSE4=KTD5xbQMwXA@mail.gmail.com> <CADQzZqtyCQwQR2WPrBdqGGUm_tvZ7Akra5z9vqJ30x9vWBtxew@mail.gmail.com> <CAF8qwaDt-vhUb-E48874QLKe-YOc3xzC4VsArzYf_BGREz0+QQ@mail.gmail.com>
In-Reply-To: <CAF8qwaDt-vhUb-E48874QLKe-YOc3xzC4VsArzYf_BGREz0+QQ@mail.gmail.com>
From: Rob Sayre <sayrer@gmail.com>
Date: Mon, 22 Jul 2024 10:32:04 -0700
Message-ID: <CAChr6SxHFR=KcEK2OdV2wGStmJRE4P-higk7JdXECWufA=vg9g@mail.gmail.com>
To: David Benjamin <davidben@chromium.org>
Content-Type: multipart/alternative; boundary="00000000000023dcf8061dd96d48"
Message-ID-Hash: UOV2INLTR7P5OB37AXZV2YL2IG3VT5BB
CC: Mike Shaver <mike.shaver@gmail.com>, TLS List <tls@ietf.org>
Precedence: list
Subject: [TLS]Re: Trust Anchor Negotiation Surveillance Concerns and Risks
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/4eWHwrxQdTd2UeiXC8UwZHnYoSE>

On Mon, Jul 22, 2024 at 9:53 AM David Benjamin <davidben@chromium.org>
wrote:

>
> Second, it assumes that the non-web PKI client does not care about the DNS
> name used. When DNS names are purely internal routing labels for API
> endpoints, etc., the exact DNS name used is not particularly significant.
> But when they are user-visible, e.g. in the UI of a web browser,
> redirecting to client-specific services isn't viable. In those situations,
> we similarly would need a different solution.
>

 I looked up the term "dns names" in Google Chrome, through the location
bar, which is not only used for DNS names. The URL I got back was this:

<
https://www.google.com/search?q=dns+names&oq=dns+names&gs_lcrp=EgZjaHJvbWUyCQgAEEUYORiABDIHCAEQABiABDIHCAIQABiABDIHCAMQABiABDIHCAQQABiABDIHCAUQABiABDIHCAYQABiABDIHCAcQABiABDIHCAgQABiABDIJCAkQABgKGIAE0gEIMjE1NGowajeoAgCwAgA&sourceid=chrome&ie=UTF-8
>

This argument doesn't seem compelling to me, aside from the other parts of
the discussion.

thanks,
Rob

[TLS]Trust Anchor Negotiation Surveillance Concer… Devon O'Brien
[TLS]Re: Trust Anchor Negotiation Surveillance Co… Rob Sayre
[TLS]Re: Trust Anchor Negotiation Surveillance Co… Nick Harper
[TLS]Re: Trust Anchor Negotiation Surveillance Co… David Adrian
[TLS]Re: Trust Anchor Negotiation Surveillance Co… Rob Sayre
[TLS]Re: Trust Anchor Negotiation Surveillance Co… Salz, Rich
[TLS]Re: Trust Anchor Negotiation Surveillance Co… Nick Harper
[TLS]Re: Trust Anchor Negotiation Surveillance Co… David Benjamin
[TLS]Re: Trust Anchor Negotiation Surveillance Co… Watson Ladd
[TLS]Re: Trust Anchor Negotiation Surveillance Co… Mike Shaver
[TLS]Re: Trust Anchor Negotiation Surveillance Co… David Benjamin
[TLS]Re: Trust Anchor Negotiation Surveillance Co… Ilari Liusvaara
[TLS]Re: Trust Anchor Negotiation Surveillance Co… Ilari Liusvaara
[TLS]Re: Trust Anchor Negotiation Surveillance Co… Salz, Rich
[TLS]Re: Trust Anchor Negotiation Surveillance Co… Dennis Jackson
[TLS]Re: Trust Anchor Negotiation Surveillance Co… Mike Shaver
[TLS]Re: Trust Anchor Negotiation Surveillance Co… David Benjamin
[TLS]Re: Trust Anchor Negotiation Surveillance Co… Mike Shaver
[TLS]Re: Trust Anchor Negotiation Surveillance Co… Devon O'Brien
[TLS]Re: Trust Anchor Negotiation Surveillance Co… Dennis Jackson
[TLS]Re: Trust Anchor Negotiation Surveillance Co… Mike Shaver
[TLS]Re: Trust Anchor Negotiation Surveillance Co… Dennis Jackson
[TLS]Re: Trust Anchor Negotiation Surveillance Co… Ilari Liusvaara
[TLS]Re: Trust Anchor Negotiation Surveillance Co… Dennis Jackson
[TLS]Re: Trust Anchor Negotiation Surveillance Co… Salz, Rich
[TLS]Re: Trust Anchor Negotiation Surveillance Co… Dennis Jackson
[TLS]Re: Trust Anchor Negotiation Surveillance Co… Salz, Rich
[TLS]Re: Trust Anchor Negotiation Surveillance Co… Dennis Jackson
[TLS]Re: Trust Anchor Negotiation Surveillance Co… Salz, Rich
[TLS]Re: Trust Anchor Negotiation Surveillance Co… Watson Ladd
[TLS]Re: Trust Anchor Negotiation Surveillance Co… Salz, Rich
[TLS]Re: Trust Anchor Negotiation Surveillance Co… Rob Sayre
[TLS]Re: Trust Anchor Negotiation Surveillance Co… Dennis Jackson
[TLS]Re: Trust Anchor Negotiation Surveillance Co… David Benjamin