On Wed, Oct 17, 2018 at 02:48:47PM -0700, Eric Rescorla wrote:
> On Wed, Oct 17, 2018 at 7:40 AM Benjamin Kaduk wrote:
>
> > On Wed, Oct 17, 2018 at 06:18:27AM -0700, Eric Rescorla wrote:
> > > I'm responding to Ben here, because I think it's worth adding some
> > clarity.
> > > However, I want t
On Wed, Oct 17, 2018 at 7:40 AM Benjamin Kaduk wrote:
> On Wed, Oct 17, 2018 at 06:18:27AM -0700, Eric Rescorla wrote:
> > I'm responding to Ben here, because I think it's worth adding some
> clarity.
> > However, I want to flag that I'm going to be rather short on time for the
> > next
> > few w
> On Oct 17, 2018, at 9:18 AM, Eric Rescorla wrote:
>> (1) provides a channel for DANE records that is reliable in the absence of
>> an attack
>
> I think this alone would be worthwhile -- and is the purpose I have always had
> in mind for the draft.
Well, a security mechanism that "work
> On Oct 17, 2018, at 10:40, Benjamin Kaduk wrote:
>
> Seeing as you are busy the next few weeks, perhaps I can ask the chairs
> to go through the email history and summarize these substantial issues
> that have been raised -- I am not confident that I could reproduce them
> from memory, mysel
On Wed, Oct 17, 2018 at 06:18:27AM -0700, Eric Rescorla wrote:
> I'm responding to Ben here, because I think it's worth adding some clarity.
> However, I want to flag that I'm going to be rather short on time for the
> next
> few week and not able to spend a lot of time replying to traffic on this
I'm responding to Ben here, because I think it's worth adding some clarity.
However, I want to flag that I'm going to be rather short on time for the
next
few week and not able to spend a lot of time replying to traffic on this
topic. Even more than usual, non-response to some point does not
necess
On Wed, Oct 17, 2018 at 01:46:20AM -0400, Paul Wouters wrote:
> On Tue, 16 Oct 2018, Daniel Kahn Gillmor wrote:
>
> > That said, it sounds like negotiating the details of how to do this
> > pinning is the main blocker, and i'm sick of this proposal being blocked
> > (because i want it for "greenf
On Tue, 16 Oct 2018, Daniel Kahn Gillmor wrote:
That said, it sounds like negotiating the details of how to do this
pinning is the main blocker, and i'm sick of this proposal being blocked
(because i want it for "greenfield" implementations last year).
Imagine how sick I will be when I try to
> On Oct 16, 2018, at 9:07 PM, John Levine wrote:
>
> Something like "require DANE certs until time N" should be plenty.
>
> Remember that you can also unpin by publishing a signed NXDOMAIN or
> NODATA. Since you need to have DNSSEC working to get the pin in the
> first place, that doesn't s
On Tue, Oct 16, 2018 at 06:16:22PM -0400, Daniel Kahn Gillmor wrote:
>
> I agree with both Tom and Viktor that the current draft seems to be
> misaligned between the goals and the stated scope.
I also agree that there is some misalignment of this nature.
My attempt at a root cause analysis would
Hi from DNS land.
>pinning, but i won't go too far into the weeds here. Just a quick
>summary of my understanding:
>
> * The existence of a pin only requires that the service operator
> maintain the ability to respond to this extension in the future -- it
> doesn't require specific keys, or e
> On Oct 16, 2018, at 6:16 PM, Daniel Kahn Gillmor
> wrote:
>
> Just a quick summary of my understanding:
>
> * The existence of a pin only requires that the service operator
> maintain the ability to respond to this extension in the future -- it
> doesn't require specific keys, or even
Hi all--
I'm disappointed in how long this WG is taking to get
draft-ietf-tls-dnssec-chain-extension out the door.
I agree with both Tom and Viktor that the current draft seems to be
misaligned between the goals and the stated scope.
I wanted the draft to be done by now because i think it will b
On Mon, Oct 08, 2018 at 05:09:40PM -0700, Christopher Wood wrote:
> Notes from the TLS interim meeting held in September are now online
> [1]. To recap, the meeting attempted to focus on three primary
> questions:
>
> 1. What is the fundamental security issue? What is the purpose of this
> extensi
> On Oct 8, 2018, at 8:09 PM, Christopher Wood
> wrote:
>
> 1. What is the fundamental security issue? What is the purpose of this
> extension?
> 2. Under what circumstances should DNS records received in the
> extension be cached and reused for future use?
> 3. Is pinning required? If so, what
I was not at the interim, so this email comes without context of that
discussion. Apologies if this was exactly what the chairs didn't
want...
On Tue, 9 Oct 2018 at 00:10, Christopher Wood
wrote:
> - October 8 through October 19: Discuss the problem statement. In
> particular, if anyone feels the
16 matches
Mail list logo
