Re: [Trans] On the worthiness of DNSSEC and PKI (Re: DNSSEC also needs CT)

Tao Effect <contact@taoeffect.com> Sat, 10 May 2014 04:08 UTC

Return-Path: <contact@taoeffect.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6343E1A0139 for <trans@ietfa.amsl.com>; Fri, 9 May 2014 21:08:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.334
X-Spam-Level:
X-Spam-Status: No, score=-1.334 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_SOFTFAIL=0.665] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7pSuxvl9SDUX for <trans@ietfa.amsl.com>; Fri, 9 May 2014 21:08:09 -0700 (PDT)
Received: from homiemail-a7.g.dreamhost.com (homie.mail.dreamhost.com [208.97.132.208]) by ietfa.amsl.com (Postfix) with ESMTP id 23E871A0141 for <trans@ietf.org>; Fri, 9 May 2014 21:08:09 -0700 (PDT)
Received: from homiemail-a7.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a7.g.dreamhost.com (Postfix) with ESMTP id 0176F25C063; Fri, 9 May 2014 21:08:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=taoeffect.com; h= content-type:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; s=taoeffect.com; bh=IpuRs4h2EaUhLhFUE CX77IkBTDE=; b=FO2FQQGm5rxvTO2sJj+SN78pwwXxWmFEjAAghquXb/9nFo7fv qG0zrkXJMTwDxvpPRygDvyK8998cNskyqvKQt2V4HGuDKnt//h67c7f/obyM2BuD ER6mTowO9/VU9j6Vs7VV11bkHcnF1Kj+/Fd3CnWMD3fpnavQVyL2FZe3pU=
Received: from [192.168.1.5] (173-17-72-87.client.mchsi.com [173.17.72.87]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: contact@taoeffect.com) by homiemail-a7.g.dreamhost.com (Postfix) with ESMTPSA id 6F3DE25C062; Fri, 9 May 2014 21:08:02 -0700 (PDT)
Content-Type: multipart/signed; boundary="Apple-Mail=_715EFE23-A93A-4197-8860-FA7DD7605A51"; protocol="application/pgp-signature"; micalg=pgp-sha512
Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\))
X-Pgp-Agent: GPGMail 2.1 (525b9ae)
From: Tao Effect <contact@taoeffect.com>
In-Reply-To: <536DA145.6050305@gmail.com>
Date: Fri, 9 May 2014 23:07:58 -0500
X-Mao-Original-Outgoing-Id: 421387678.321059-4e91f3b100c8c4accb7275b0dfc7c155
Message-Id: <A1536ACA-245A-4D29-9A4B-72649C8227AB@taoeffect.com>
References: <CAK3OfOjRg3B69WBhcVxCFZBZt3LeOz_F=giqT37+FUPC+OxTwA@mail.gmail.com> <D8E4B721-E4C1-4CC2-8FCF-343EE197ED79@taoeffect.com> <536D9816.1070008@gmail.com> <7719F0ED-7188-4B57-BEE6-245FD0314D36@taoeffect.com> <536DA145.6050305@gmail.com>
To: Melinda Shore <melinda.shore@gmail.com>
X-Mailer: Apple Mail (2.1874)
Archived-At: http://mailarchive.ietf.org/arch/msg/trans/5i0KHm3EHjLQoHsTn9K4a4loY_Y
Cc: "Mehner, Carl" <Carl.Mehner@usaa.com>, "trans@ietf.org" <trans@ietf.org>
Subject: Re: [Trans] On the worthiness of DNSSEC and PKI (Re: DNSSEC also needs CT)
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 10 May 2014 04:08:10 -0000

On May 9, 2014, at 10:47 PM, Melinda Shore <melinda.shore@gmail.com> wrote:
> 
> Yes and no.  We produce documents.  There's a working group
> draft in development, and if there are problems with that
> draft there's no time like the present for starting a discussion
> and proposing text.

... OK, I think I did Step 1: "starting a discussion" about the problems in CT.

Is Step 2: "proposing a modification to the RFC that fixes those problems"?

What do I do if the problems are fundamental to the design of CT and the solution is to do something else?

Is there an IETF process in place for "The work we're doing would harm the Internet so maybe we should stop?"

> But we've got another mailing list for
> higher-level discussions of how to deal with certificate
> misissuance and it's a good place for CT discussions that don't
> directly address the working group's products.

Wasn't the point of CT precisely to "deal with certificate misissuance"?

That is to be discussed in a list that is not specific to CT though?

Apologies for all these questions. I'm just confused by the rules of this list.

--
Please do not email me anything that you are not comfortable also sharing with the NSA.