Re: [websec] Consensus call: Issue #57 (max-max-age)
Trevor Perrin <trevp@trevp.net> Tue, 04 June 2013 17:18 UTC
Return-Path: <trevp@trevp.net>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0A29A21F9B6B for <websec@ietfa.amsl.com>; Tue, 4 Jun 2013 10:18:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.48
X-Spam-Level:
X-Spam-Status: No, score=0.48 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_PBL=0.905, RDNS_NONE=0.1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jAOugD+y8iJL for <websec@ietfa.amsl.com>; Tue, 4 Jun 2013 10:18:15 -0700 (PDT)
Received: from mail-wg0-x22f.google.com (mail-wg0-x22f.google.com [IPv6:2a00:1450:400c:c00::22f]) by ietfa.amsl.com (Postfix) with ESMTP id 8C5BB21E80A1 for <websec@ietf.org>; Tue, 4 Jun 2013 08:24:37 -0700 (PDT)
Received: by mail-wg0-f47.google.com with SMTP id e11so348765wgh.14 for <websec@ietf.org>; Tue, 04 Jun 2013 08:24:36 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-originating-ip:in-reply-to:references:date :message-id:subject:from:to:cc:content-type:x-gm-message-state; bh=C0yUfwOl7nPRjqsBpd8RTN8Jl2LdjvqVFtc+gPm7TK4=; b=TAeKxgQoWUAprL/YLddQMPPNoRENyo+N30kj+sHJTZql5atqGzZ+/RYnEx5+mN2c7K 5yY3iBD9VvUAGX6KLF/nR2Ln65TtaAQQLvOsdOZ29sn9WcOkgiH87X5tRf8IC4pLGd6J dsYTCHDLm/Q6v2N6EkYSwXOHgX7nez3opgjhbrbdDJNO8jQBkZZrRvQ3xYkpb0fl/44f ub6oPBl+JyQd59wPo3fdxUTx4WyuXeZ7hsvPI0FiLXMa1YrLCvwHdziIJCL/hwieHM9m +ly4V10d7Py36ZUIkgH6Vl4FbfMILQvAoNlqMnYiKKdvqxRP/lV4bzW9ISzGkOOt4vRU f/DQ==
MIME-Version: 1.0
X-Received: by 10.180.88.231 with SMTP id bj7mr2132091wib.5.1370359476713; Tue, 04 Jun 2013 08:24:36 -0700 (PDT)
Received: by 10.217.110.129 with HTTP; Tue, 4 Jun 2013 08:24:36 -0700 (PDT)
X-Originating-IP: [166.147.108.64]
In-Reply-To: <77BFAD41-36DD-46C7-A277-D1416F7EE958@checkpoint.com>
References: <43C5DE99-43EB-42FC-8F61-24F9A9429FD1@checkpoint.com> <CA+cU71=Q_QkHqiQ95AZgw8Bi7U_mgCi4icMypwFUp1C6i=apUA@mail.gmail.com> <518EE510.9060600@it.aoyama.ac.jp> <8450797E-818C-445C-ABD2-1B8F9AE1DBB9@checkpoint.com> <5194918A.7030300@gondrom.org> <CAGZ8ZG0SWZD9e-NP2RhQMQ-=F5JUCCytF2NYTdWH7u13hhBqqQ@mail.gmail.com> <519D3254.1040508@gondrom.org> <CAGZ8ZG15ZbjfDcu+bpetvfZxKG1ycW9t1AGuQ+A5cfpfkUAfnw@mail.gmail.com> <CAOuvq237_B1h6mBryP3UHh=auqtUhs93-_oKMSsHOjqSX977bQ@mail.gmail.com> <51A49A5C.5080002@gondrom.org> <CAOuvq20_zACXraV9iN6mUbDwML8GkSCwh9w2Cuow818YOLL-Sw@mail.gmail.com> <7AD36561-65B4-448C-A371-907B12B75AF1@checkpoint.com> <CAOuvq23a0BiO5pGDPLLvHY0bZ0JvVrFb7Aq-nGDoBQS_S8HFDw@mail.gmail.com> <584386D2-223C-4B6F-89BA-78769113D293@checkpoint.com> <CAGZ8ZG3ktYcJutAH19qW+=EP8oopq=XCTZ_td3Gyw2o2mMvzNA@mail.gmail.com> <51ADBBA3.3000105@gondrom.org> <77BFAD41-36DD-46C7-A277-D1416F7EE958@checkpoint.com>
Date: Tue, 04 Jun 2013 08:24:36 -0700
Message-ID: <CAGZ8ZG3p59Arz8r09Pe+Lmzi0hninVaXbBTHDgPqPYxnnS+fJA@mail.gmail.com>
From: Trevor Perrin <trevp@trevp.net>
To: Yoav Nir <ynir@checkpoint.com>
Content-Type: multipart/alternative; boundary="f46d0443048ad30f5204de55adf7"
X-Gm-Message-State: ALoCoQkGKuhj/FZMUtQ+rfHFkt4Ii02+JqfO0Hw1Tq9KVXX0qY1k9p+lkFJ8iBrK3s6sxbeDQ+4X
Cc: "<websec@ietf.org>" <websec@ietf.org>
Subject: Re: [websec] Consensus call: Issue #57 (max-max-age)
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Jun 2013 17:18:20 -0000
On Tue, Jun 4, 2013 at 4:07 AM, Yoav Nir <ynir@checkpoint.com> wrote: > > If we want to find out a hash of the public key for an HTTPS server > using heavy infrastructure, we might as well use DANE, no? > If TLSA records have typical DNS TTLs (a few hours or days), then they will probably be too short-lived to be effectively stored in lists and downloaded to browsers, etc. If they are longer-lived, then all the issues we're discussing here will still arise (a DNS hijacker or disgruntled sysadmin setting a long-lived DANE pin, etc.). Trevor
- Re: [websec] Consensus call: Issue #57 (max-max-a… Yoav Nir
- [websec] Consensus call: Issue #57 (max-max-age) Yoav Nir
- Re: [websec] Consensus call: Issue #57 (max-max-a… Trevor Perrin
- Re: [websec] Consensus call: Issue #57 (max-max-a… Tom Ritter
- Re: [websec] Consensus call: Issue #57 (max-max-a… Martin J. Dürst
- Re: [websec] Consensus call: Issue #57 (max-max-a… Tobias Gondrom
- Re: [websec] Consensus call: Issue #57 (max-max-a… Tobias Gondrom
- Re: [websec] Consensus call: Issue #57 (max-max-a… Trevor Perrin
- Re: [websec] Consensus call: Issue #57 (max-max-a… Yoav Nir
- Re: [websec] Consensus call: Issue #57 (max-max-a… Tobias Gondrom
- Re: [websec] Consensus call: Issue #57 (max-max-a… Yoav Nir
- Re: [websec] Consensus call: Issue #57 (max-max-a… Tobias Gondrom
- Re: [websec] Consensus call: Issue #57 (max-max-a… Trevor Perrin
- Re: [websec] Consensus call: Issue #57 (max-max-a… Ryan Sleevi
- Re: [websec] Consensus call: Issue #57 (max-max-a… Trevor Perrin
- Re: [websec] Consensus call: Issue #57 (max-max-a… Chris Palmer
- Re: [websec] Consensus call: Issue #57 (max-max-a… Daniel Veditz
- Re: [websec] Consensus call: Issue #57 (max-max-a… Trevor Perrin
- Re: [websec] Consensus call: Issue #57 (max-max-a… Tobias Gondrom
- Re: [websec] Consensus call: Issue #57 (max-max-a… Tobias Gondrom
- Re: [websec] Consensus call: Issue #57 (max-max-a… Chris Palmer
- Re: [websec] Consensus call: Issue #57 (max-max-a… Yoav Nir
- Re: [websec] Consensus call: Issue #57 (max-max-a… Tobias Gondrom
- Re: [websec] Consensus call: Issue #57 (max-max-a… Chris Palmer
- Re: [websec] Consensus call: Issue #57 (max-max-a… Yoav Nir
- Re: [websec] Consensus call: Issue #57 (max-max-a… Trevor Perrin
- Re: [websec] Consensus call: Issue #57 (max-max-a… Tobias Gondrom
- Re: [websec] Consensus call: Issue #57 (max-max-a… Yoav Nir
- Re: [websec] Consensus call: Issue #57 (max-max-a… Tobias Gondrom
- Re: [websec] Consensus call: Issue #57 (max-max-a… Sheehe, Charles J. (GRC-DPC0)
- Re: [websec] Consensus call: Issue #57 (max-max-a… Trevor Perrin
- Re: [websec] Consensus call: Issue #57 (max-max-a… Trevor Perrin
- Re: [websec] Consensus call: Issue #57 (max-max-a… Trevor Perrin
- Re: [websec] Consensus call: Issue #57 (max-max-a… Sheehe, Charles J. (GRC-DPC0)
- Re: [websec] Consensus call: Issue #57 (max-max-a… Trevor Perrin