Re: [Trans] On the worthiness of DNSSEC and PKI (Re: DNSSEC also needs CT)

Melinda Shore <melinda.shore@gmail.com> Sat, 10 May 2014 03:47 UTC

Return-Path: <melinda.shore@gmail.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 74AFC1A0139 for <trans@ietfa.amsl.com>; Fri, 9 May 2014 20:47:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4_8VczmOQFiA for <trans@ietfa.amsl.com>; Fri, 9 May 2014 20:47:26 -0700 (PDT)
Received: from mail-pa0-x22e.google.com (mail-pa0-x22e.google.com [IPv6:2607:f8b0:400e:c03::22e]) by ietfa.amsl.com (Postfix) with ESMTP id 1D32C1A0138 for <trans@ietf.org>; Fri, 9 May 2014 20:47:26 -0700 (PDT)
Received: by mail-pa0-f46.google.com with SMTP id kq14so1013257pab.19 for <trans@ietf.org>; Fri, 09 May 2014 20:47:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=+mUhZpoAVy3bDavKK6LYajNmr5iUMCejBjoOp4RV+1U=; b=YZvCJiR6SAkyME9GUCOXO8SaMBjnjkLUS1PI+SATu7Gz5a7v2mc1VElanv0I/MePVw vwmNyrKJExdr2S3ucEwQP2+aPum9ROhQJiOCAzt5z9wW83HuSgnHKwyGakwu/RSK/0tq XY6xIX0eofNOEUm0lV7/uQdjiuV8CZQwgB44JkwiV3nAcr9mrIUqwDFwVncWrbPUbw3+ /7rX/8I+7gFcEUhzgaJ3yCn7s/bev81no1/LgyECN8GeUEw/8r1X1qwSjtLtOJXrFJzG Mz+Q/wUKoSfkpssaS16DuW8h+iALUhMnt5PBZjoK4nbqtn5l16IMi4QhMRUXEPiESOja bk1A==
X-Received: by 10.66.254.3 with SMTP id ae3mr27987687pad.49.1399693641033; Fri, 09 May 2014 20:47:21 -0700 (PDT)
Received: from spandex.local (63-140-99-143.dynamic.dsl.acsalaska.net. [63.140.99.143]) by mx.google.com with ESMTPSA id ja8sm10316130pbd.3.2014.05.09.20.47.18 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 09 May 2014 20:47:20 -0700 (PDT)
Message-ID: <536DA145.6050305@gmail.com>
Date: Fri, 09 May 2014 19:47:17 -0800
From: Melinda Shore <melinda.shore@gmail.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: Tao Effect <contact@taoeffect.com>
References: <CAK3OfOjRg3B69WBhcVxCFZBZt3LeOz_F=giqT37+FUPC+OxTwA@mail.gmail.com> <D8E4B721-E4C1-4CC2-8FCF-343EE197ED79@taoeffect.com> <536D9816.1070008@gmail.com> <7719F0ED-7188-4B57-BEE6-245FD0314D36@taoeffect.com>
In-Reply-To: <7719F0ED-7188-4B57-BEE6-245FD0314D36@taoeffect.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/trans/_qq2PG-6iVXjGp_Xm5OeaZ_3j0Q
Cc: "Mehner, Carl" <Carl.Mehner@usaa.com>, "trans@ietf.org" <trans@ietf.org>
Subject: Re: [Trans] On the worthiness of DNSSEC and PKI (Re: DNSSEC also needs CT)
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 10 May 2014 03:47:27 -0000

On 5/9/14 7:37 PM, Tao Effect wrote:
> Pointing out security and design flaws in CT is off-topic, noted, thanks.

Yes and no.  We produce documents.  There's a working group
draft in development, and if there are problems with that
draft there's no time like the present for starting a discussion
and proposing text.  There's also the beginnings of a discussion
about whether or not to take on the development of a document
on CT for DNSSEC.  If there are specific issues those need to be
brought up as well.  But we've got another mailing list for
higher-level discussions of how to deal with certificate
misissuance and it's a good place for CT discussions that don't
directly address the working group's products.

Melinda