[Trans] DNS for CT
Ben Laurie <benl@google.com> Tue, 23 February 2016 16:00 UTC
Return-Path: <benl@google.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 644561B3362 for <trans@ietfa.amsl.com>; Tue, 23 Feb 2016 08:00:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.384
X-Spam-Level:
X-Spam-Status: No, score=-1.384 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.006, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Kw5_cFycKk7C for <trans@ietfa.amsl.com>; Tue, 23 Feb 2016 08:00:45 -0800 (PST)
Received: from mail-ig0-x230.google.com (mail-ig0-x230.google.com [IPv6:2607:f8b0:4001:c05::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 15AB31A8AF8 for <trans@ietf.org>; Tue, 23 Feb 2016 08:00:43 -0800 (PST)
Received: by mail-ig0-x230.google.com with SMTP id y8so114263321igp.0 for <trans@ietf.org>; Tue, 23 Feb 2016 08:00:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=MUFLfI20FiiwtZjglenpkEBlAGdD5i7WVroqFxd1Mmw=; b=X7cJ/1maekpIiLgUtoI+CnB7lBrbz1HeAvOC5ZGH7RWo6dNT1FlScaO0dD8+ITixDM 3PjOUwY9WxDhvwwqni2HYEDZCYPT0nrw2aLl6B0pCjP+1YuhpsiaI+AEWOHgD3didxm2 lsvy4KNKOBr++xpkssPfXMFfkT1KOJm/jVkJBZfrgNxFRiZtKM3gT8DZhfe6OESQifct EmpFzqTkkDp9QXS76jsitJQ9JY4fGp64Jt/GD3jrHslYw5jNsToFv7XDDjE81LDnwWbQ 4d20o3Dm4FJ1yKI/WMGz/FHYl2YVY76Yg8EQKdZV7fMw5nqraH/2l84cG5e57+ELW5W1 pntw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:date:message-id:subject:from:to :content-type; bh=MUFLfI20FiiwtZjglenpkEBlAGdD5i7WVroqFxd1Mmw=; b=RGdiuyNgFjZ/2loDRUhmuGLhMyTyGXYMRwoEjVvYv1jaiGrwKHsrqP116TrKN4JNoY vTIX4UIbnIJgC+QyD64x/sNtd6JqHi+HcFOR9Xs7ZENfwlUUyZedRmbRwiEDmykXwBPb dmUl3EB1l2TrErE3NMBtZdUszVjmi8tF/2Y5BNL3tU7hTWhhZ1r0c3/VdK23Z4eUb9Rx 3Ek2KIKukKCwIXGN4ThbslKbLPKCWvIdUmHbJ0WdNOcaFBBmvjb+wZRiDhtYl7mLj5rz dxw41cb/miVeEtPtWcw0Z1DYccRV+RqTl+U/U+SMNPe0oF7vHRSomvRe3GYXxH/41uSE wTpA==
X-Gm-Message-State: AG10YORaaVYhC2OLCcNrDN1/7Kiyl5P7NWnY6kWZnEU8MUvUxG962k0frqJAUFFzttEYLWgGybdNZaUfj/7Nuw0E
MIME-Version: 1.0
X-Received: by 10.50.132.6 with SMTP id oq6mr18681419igb.32.1456243242305; Tue, 23 Feb 2016 08:00:42 -0800 (PST)
Received: by 10.64.26.98 with HTTP; Tue, 23 Feb 2016 08:00:42 -0800 (PST)
Date: Tue, 23 Feb 2016 16:00:42 +0000
Message-ID: <CABrd9SQs77jBeTf7Z-M0b9zbKG6=L3Ho020FvNDE5SNRyk=Tig@mail.gmail.com>
From: Ben Laurie <benl@google.com>
To: "trans@ietf.org" <trans@ietf.org>, "certificate-transparency@googlegroups.com" <certificate-transparency@googlegroups.com>, Pierre Phaneuf <pphaneuf@google.com>
Content-Type: multipart/alternative; boundary="047d7b3a9b5c2a6ca4052c720dea"
Archived-At: <http://mailarchive.ietf.org/arch/msg/trans/8qwf-p9K6gb4XJOtG8N9T-7Ug04>
Subject: [Trans] DNS for CT
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Feb 2016 16:00:49 -0000
As we've mentioned several times, we've been working on a way to retrieve CT data over DNS to improve the privacy properties of inclusion proofs. So, I'm pleased to announce that we now have a test DNS service up for some of our logs. The documentation for the protocol can be found here: https://github.com/google/certificate-transparency-rfcs/blob/master/dns/draft-ct-over-dns.md The base domains for the supported logs are: aviator.ct.googleapis.com pilot.ct.googleapis.com testtube.ct.googleapis.com and a demo showing use of the DNS records is here: https://github.com/google/certificate-transparency/blob/master/python/utilities/dnslookup/dnslookup.py The demo is pretty primitive, but does show all the things you can get from the DNS. Comments and improvements welcome.
- [Trans] DNS for CT Ben Laurie
- Re: [Trans] DNS for CT Paul Hoffman
- Re: [Trans] DNS for CT Ben Laurie
- Re: [Trans] DNS for CT Ben Laurie