Re: [TLS] Enforcing Protocol Invariants

Viktor Dukhovni <ietf-dane@dukhovni.org> Sun, 18 November 2018 21:51 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE49F130DE4 for <tls@ietfa.amsl.com>; Sun, 18 Nov 2018 13:51:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iqy8TLUiaze1 for <tls@ietfa.amsl.com>; Sun, 18 Nov 2018 13:51:52 -0800 (PST)
Received: from straasha.imrryr.org (straasha.imrryr.org [100.2.39.101]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2D887127598 for <tls@ietf.org>; Sun, 18 Nov 2018 13:51:52 -0800 (PST)
Received: from [192.168.1.161] (unknown [192.168.1.161]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by straasha.imrryr.org (Postfix) with ESMTPSA id 7FED7327209 for <tls@ietf.org>; Sun, 18 Nov 2018 16:51:51 -0500 (EST)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 12.1 \(3445.101.1\))
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
In-Reply-To: <C684D079-58AD-4B3B-AD02-F87CBA7A0D4D@akamai.com>
Date: Sun, 18 Nov 2018 16:51:50 -0500
Content-Transfer-Encoding: 7bit
Reply-To: "<tls@ietf.org>" <tls@ietf.org>
Message-Id: <95216C9F-B677-43E4-8031-50D80B514046@dukhovni.org>
References: <CAO7N=i0g9d9x5RdF_guKm3GDAxVRHSV+eHffs6kiJm6dWO7tvw@mail.gmail.com> <CANLjSvXD9_u1UDkRkaNc8fnr=iQYKq73c8j9huMEPnH0XzuU0Q@mail.gmail.com> <D880B51B-ECAB-4158-A0EE-8FF67F9247EC@dukhovni.org> <AF08DB30-144B-427E-9B3E-AC90C4B7E7DB@akamai.com> <20181118201506.GC4122@straasha.imrryr.org> <C684D079-58AD-4B3B-AD02-F87CBA7A0D4D@akamai.com>
To: "<tls@ietf.org>" <tls@ietf.org>
X-Mailer: Apple Mail (2.3445.101.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/nCxjmqNC5DeIcZKEJ5IaGUV6bvo>
Subject: Re: [TLS] Enforcing Protocol Invariants
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Nov 2018 21:51:54 -0000


> On Nov 18, 2018, at 4:27 PM, Salz, Rich <rsalz@akamai.com>; wrote:
> 
>>   [ I don't know why you would choose to argue this point, let's not
>>      confuse TLS with the CA/B forum WebPKI in browsers.  My post was
>>      about TLS.
> 
> I am not.  You say TLS is CA/B WebPKI.

No, I specifically say that TLS *is not* CA/B WebPKI.
The OP to whom I responded was comparing WebPKI to
DNSSEC, so my response was about WebPKI and its use
in TLS (which also supports other models).

Anyway, this is way off topic.  I've made my points,
and stand by them.  I think we're done.

-- 
	Viktor.