Re: [Trans] On the worthiness of DNSSEC and PKI (Re: DNSSEC also needs CT)

Melinda Shore <melinda.shore@gmail.com> Sat, 10 May 2014 03:08 UTC

Return-Path: <melinda.shore@gmail.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0BDF31A01A7 for <trans@ietfa.amsl.com>; Fri, 9 May 2014 20:08:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jrgkP-RO-zKC for <trans@ietfa.amsl.com>; Fri, 9 May 2014 20:08:14 -0700 (PDT)
Received: from mail-pd0-x22d.google.com (mail-pd0-x22d.google.com [IPv6:2607:f8b0:400e:c02::22d]) by ietfa.amsl.com (Postfix) with ESMTP id 5DEBD1A01AD for <trans@ietf.org>; Fri, 9 May 2014 20:08:14 -0700 (PDT)
Received: by mail-pd0-f173.google.com with SMTP id y10so4403641pdj.32 for <trans@ietf.org>; Fri, 09 May 2014 20:08:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=Vl0TYbVdCVItm0zoc36KUSTD3k7EHGwyybLbl9XfFYA=; b=O9/F/UA5544NyBuBTIFrkIM3vShnl0SWMMVZcQLmoX2ytWQTtNnLJwGXWBa8Ohpmza DyGjxigHsWt8VIq89hjhcv7rMvJ6N3/uAGgX1TQAX/gLjxJDUgEhYbuD6bpuf/x88hwy 7pK0A4dqjQdGAzNK6fC4bUNwdRcE/nNqeyM0bZSmpEUYYrAOdrwLu0tTYFp5MdUubiCU FwwOWS67jIDGt8KeqpW7PBt5PWVYABVyxaK2OUm5BVtYXJSD1qrxsGpyqSTsKhYO+vI/ fBK/9lrf3DwT5IwiQe1Xq9GX5DJ4nQYK41njfNMKqfQsRwQgcGRmL9GTnh3UdN/Mg5nI 7FRw==
X-Received: by 10.66.66.108 with SMTP id e12mr27708747pat.35.1399691288746; Fri, 09 May 2014 20:08:08 -0700 (PDT)
Received: from spandex.local (63-140-99-143.dynamic.dsl.acsalaska.net. [63.140.99.143]) by mx.google.com with ESMTPSA id ss2sm15687589pab.8.2014.05.09.20.08.06 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 09 May 2014 20:08:07 -0700 (PDT)
Message-ID: <536D9816.1070008@gmail.com>
Date: Fri, 09 May 2014 19:08:06 -0800
From: Melinda Shore <melinda.shore@gmail.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: Tao Effect <contact@taoeffect.com>
References: <CAK3OfOjRg3B69WBhcVxCFZBZt3LeOz_F=giqT37+FUPC+OxTwA@mail.gmail.com> <D8E4B721-E4C1-4CC2-8FCF-343EE197ED79@taoeffect.com>
In-Reply-To: <D8E4B721-E4C1-4CC2-8FCF-343EE197ED79@taoeffect.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/trans/EaDbWM1Vn7O6oxLfNTyh4Th91oI
Cc: "Mehner, Carl" <Carl.Mehner@usaa.com>, "trans@ietf.org" <trans@ietf.org>
Subject: Re: [Trans] On the worthiness of DNSSEC and PKI (Re: DNSSEC also needs CT)
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 10 May 2014 03:08:20 -0000

On 5/9/14 4:31 PM, Tao Effect wrote:
> Maybe I'll post a more detailed version of this later (with citations,
> illustrations, etc.). But seeing as this is a technical list, I hope it
> will do for now.


Hi, Greg:

This mailing list is to support the work of the trans working
group rather than for general discussion of CT, and this
discussion is starting to skirt the edges of what we're doing.
Right now there's a proposal to look at the possibility of
applying CT to DNSSEC.  A general discussion of "the worthiness of
DNSSEC and PKI" doesn't really go to that proposal.

We kept the therightkey@ietf.org mailing list around for discussions
of just this nature, and I'd be grateful if you could keep the
discussion here focused on the applicability of CT to DNSSEC and
take the more general discussion over there.

Thanks,

Melinda