Re: [Trans] DNSSEC also needs CT

Nico Williams <nico@cryptonector.com> Thu, 22 May 2014 18:25 UTC

MIME-Version: 1.0
In-Reply-To: <537E3E17.8000901@bbn.com>
References: <CAK3OfOjiL2DTJPH3CaAjg8YGrrwN56SgQ+DnqPXx4MLbgXQN+A@mail.gmail.com> <537E3229.4070402@bbn.com> <CAMm+Lwjbi5t7Efgyf4cNdh-2=DqbeSE4xgxf3TchPZBAyERwug@mail.gmail.com> <537E3E17.8000901@bbn.com>
Date: Thu, 22 May 2014 13:24:49 -0500
Message-ID: <CAK3OfOgE-0jhSfPBn+EoWw5CJx+jLU6vcKC3k=3NHGNkTDouAw@mail.gmail.com>
From: Nico Williams <nico@cryptonector.com>
To: Stephen Kent <kent@bbn.com>
Content-Type: multipart/alternative; boundary="089e0122f1b681338704fa013a52"
Archived-At: http://mailarchive.ietf.org/arch/msg/trans/hCSgFuNg5u1Qc_y0NJS7APYNTP0
Cc: trans@ietf.org
Subject: Re: [Trans] DNSSEC also needs CT
Precedence: list

On May 22, 2014 1:12 PM, "Stephen Kent" <kent@bbn.com> wrote:
>
> PHB,
>
>> On Thu, May 22, 2014 at 1:21 PM, Stephen Kent<kent@bbn.com>  wrote:
>> Don't think of CT in this case being something to solve a problem
>> faced by DNSSEC users, instead think of it as something that enables
>> use for problems where it is otherwise unsuited.
>
> That's a very confusing last phrase.

I had no problem reading it.  Your complaints that we're all inarticulate
are getting old.

>> The other major advantage is that it provides a tool to avoid some of
>> the cryptographic lock in problems that are causing certain countries
>> to cause issues in ICANN. You don't have to agree with their analysis
>> to find value in addressing the concerns.
>
> I understand their concerns. But the lack of a well-articulated
architecture
> for CT, much less a CT for DNSSEC, makes it hard for me to gauge whether
> this is a good idea.

In other words, your concern is about CT in general, not DNSSEC in
particular.  Sounds like a separable issue to me.  But if CT makes sense
then it makes sense for DNSSEC.

Nico
--

[Trans] DNSSEC also needs CT Nico Williams
Re: [Trans] EXTERNAL: DNSSEC also needs CT Mehner, Carl
Re: [Trans] EXTERNAL: DNSSEC also needs CT Tao Effect
Re: [Trans] EXTERNAL: DNSSEC also needs CT Tao Effect
Re: [Trans] EXTERNAL: DNSSEC also needs CT Nico Williams
Re: [Trans] DNSSEC also needs CT Phillip Hallam-Baker
Re: [Trans] EXTERNAL: DNSSEC also needs CT Tao Effect
Re: [Trans] DNSSEC also needs CT Nico Williams
Re: [Trans] DNSSEC also needs CT Warren Kumari
Re: [Trans] DNSSEC also needs CT Paul Wouters
Re: [Trans] DNSSEC also needs CT Daniel Kahn Gillmor
Re: [Trans] DNSSEC also needs CT Phillip Hallam-Baker
Re: [Trans] DNSSEC also needs CT Paul Wouters
Re: [Trans] DNSSEC also needs CT Phillip Hallam-Baker
Re: [Trans] DNSSEC also needs CT Ben Laurie
Re: [Trans] DNSSEC also needs CT Joseph Bonneau
Re: [Trans] DNSSEC also needs CT Nico Williams
Re: [Trans] DNSSEC also needs CT Joseph Bonneau
Re: [Trans] DNSSEC also needs CT Nico Williams
Re: [Trans] DNSSEC also needs CT Salz, Rich
Re: [Trans] DNSSEC also needs CT Joseph Bonneau
Re: [Trans] DNSSEC also needs CT Nico Williams
Re: [Trans] DNSSEC also needs CT Joseph Bonneau
[Trans] Volunteer opportunity! (was Re: DNSSEC al… Melinda Shore
Re: [Trans] DNSSEC also needs CT Nico Williams
Re: [Trans] Volunteer opportunity! (was Re: DNSSE… Dmitry Belyavsky
Re: [Trans] DNSSEC also needs CT Ben Laurie
Re: [Trans] DNSSEC also needs CT Paul Wouters
Re: [Trans] DNSSEC also needs CT Nico Williams
[Trans] ***SPAM*** 8.1 (5) Re: DNSSEC also needs … Daniel Kahn Gillmor
Re: [Trans] DNSSEC also needs CT Nico Williams
[Trans] ***SPAM*** 7.971 (5) Re: ***SPAM*** 8.1 (… Ben Laurie
Re: [Trans] DNSSEC also needs CT Ben Laurie
Re: [Trans] DNSSEC also needs CT Nico Williams
[Trans] ***SPAM*** 8.956 (5) Re: ***SPAM*** 8.1 (… Nico Williams
Re: [Trans] DNSSEC also needs CT Paul Wouters
Re: [Trans] DNSSEC also needs CT Ben Laurie
Re: [Trans] DNSSEC also needs CT Nico Williams
Re: [Trans] DNSSEC also needs CT Paul Wouters
Re: [Trans] DNSSEC also needs CT Ben Laurie
[Trans] ***SPAM*** 8.1 (5) Re: Re: DNSSEC also ne… Daniel Kahn Gillmor
[Trans] ***SPAM*** 8.956 (5) Re: ***SPAM*** 8.1 (… Nico Williams
Re: [Trans] Volunteer opportunity! (was Re: DNSSE… Melinda Shore
Re: [Trans] Volunteer opportunity! (was Re: DNSSE… Dmitry Belyavsky
Re: [Trans] DNSSEC also needs CT Stephen Kent
Re: [Trans] DNSSEC also needs CT Osterweil, Eric
Re: [Trans] DNSSEC also needs CT Phillip Hallam-Baker
Re: [Trans] DNSSEC also needs CT Nico Williams
Re: [Trans] DNSSEC also needs CT Osterweil, Eric
Re: [Trans] DNSSEC also needs CT Paul Wouters
Re: [Trans] DNSSEC also needs CT Daniel Kahn Gillmor
Re: [Trans] Volunteer opportunity! (was Re: DNSSE… Stephen Kent
Re: [Trans] DNSSEC also needs CT Stephen Kent
Re: [Trans] DNSSEC also needs CT Nico Williams
Re: [Trans] DNSSEC also needs CT Stephen Kent
Re: [Trans] DNSSEC also needs CT Phillip Hallam-Baker
Re: [Trans] DNSSEC also needs CT Nico Williams
Re: [Trans] DNSSEC also needs CT Ben Laurie
Re: [Trans] DNSSEC also needs CT Ben Laurie
Re: [Trans] DNSSEC also needs CT Phillip Hallam-Baker
Re: [Trans] Volunteer opportunity! (was Re: DNSSE… Dmitry Belyavsky
Re: [Trans] Volunteer opportunity! (was Re: DNSSE… i-barreira
Re: [Trans] Volunteer opportunity! (was Re: DNSSE… Ben Laurie
Re: [Trans] Volunteer opportunity! (was Re: DNSSE… Ben Laurie
Re: [Trans] DNSSEC also needs CT Stephen Kent
Re: [Trans] DNSSEC also needs CT Stephen Kent
Re: [Trans] DNSSEC also needs CT Nico Williams
Re: [Trans] Volunteer opportunity! (was Re: DNSSE… Stephen Kent
Re: [Trans] Volunteer opportunity! (was Re: DNSSE… Dmitry Belyavsky
Re: [Trans] Volunteer opportunity! (was Re: DNSSE… Ben Laurie
Re: [Trans] Volunteer opportunity! (was Re: DNSSE… Dmitry Belyavsky
Re: [Trans] Volunteer opportunity! (was Re: DNSSE… Ben Laurie
[Trans] trans doc issues Stephen Kent