Re: [DNSOP] [pkix] Cert Enumeration and Key Assurance With DNSSEC

On Fri, Oct 1, 2010 at 6:05 PM, Matt McCutchen wrote: > On Fri, 2010-10-01 at 11:29 -0400, Phillip Hallam-Baker wrote: > > In particular I am very concerned about the particular approach being > > taken to security policy. What the proposers are attempting to do is > > to create a mechanism that a

Re: [DNSOP] [pkix] Cert Enumeration and Key Assurance With DNSSEC

On Fri, 2010-10-01 at 11:29 -0400, Phillip Hallam-Baker wrote: > In particular I am very concerned about the particular approach being > taken to security policy. What the proposers are attempting to do is > to create a mechanism that allows a site that only uses one particular > high assurance CA

Re: [DNSOP] Fwd: I-D Action:draft-jabley-dnssec-trust-anchor-00.txt

On Fri, 1 Oct 2010, Joe Abley wrote: > On 2010-10-01, at 06:58, Tony Finch wrote: > > > What is the purpose of the historical information in the XML TA file? > > Debugging, context, historical record. Right, so it's aimed at human consumption rather than automatic tools? How much do you intend au

[DNSOP] Soliciting feedback on draft-livingood-dns-whitelisting-implications

Hi - I am soliciting feeback on this new draft, available at http://tools.ietf.org/html/draft-livingood-dns-whitelisting-implications. This was a subject that was touched on during the DNSOP WG session at IETF 77. In particular, I am looking for more text to add in the justifications / rational

Re: [DNSOP] [TLS] Cert Enumeration and Key Assurance With DNSSEC

On Fri, Oct 1, 2010 at 12:02 PM, Ben Laurie wrote: > On 1 October 2010 08:29, Phillip Hallam-Baker wrote: > > The reason that I started with the requirement to use SSL is that > security > > policy relating to trust criteria is meaningless until you have a > statement > > that use of SSL is requ

Re: [DNSOP] [TLS] Cert Enumeration and Key Assurance With DNSSEC

On 1 October 2010 08:29, Phillip Hallam-Baker wrote: > The reason that I started with the requirement to use SSL is that security > policy relating to trust criteria is meaningless until you have a statement > that use of SSL is required. I can't agree with this. If a user types an https URL, say

[DNSOP] Cert Enumeration and Key Assurance With DNSSEC

For the past month I have been participating in the KEYASSURE discussions. One aspect of those discussions that was not made clear in the original notice sent out is that the group is not only considering key assurance, the proposals made are also intended to have security policy semantics. This

Re: [DNSOP] Fwd: I-D Action:draft-jabley-dnssec-trust-anchor-00.txt

On 2010-10-01, at 06:58, Tony Finch wrote: > What is the purpose of the historical information in the XML TA file? Debugging, context, historical record. Joe ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop