Re: [saag] Last Call: <draft-dukhovni-opportunistic-security-01.txt> (Opportunistic Security: some protection most of the time) to Informational RFC

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: saag@xxxxxxxx
Subject: Re: [saag] Last Call: <draft-dukhovni-opportunistic-security-01.txt> (Opportunistic Security: some protection most of the time) to Informational RFC
From: Dave Crocker <dhc@xxxxxxxxxxxx>
Date: Tue, 05 Aug 2014 19:26:10 -0700
Archived-at: http://mailarchive.ietf.org/arch/msg/ietf/19DFvZJyhX74YMWsQmeyrLT9paU
Cc: ietf@xxxxxxxx
Delivered-to: ietf@xxxxxxxxxxxxxx
In-reply-to: <20140806012706.GN15044@mournblade.imrryr.org>
Organization: Brandenburg InternetWorking
Reply-to: dcrocker@xxxxxxxx
User-agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0

On 8/5/2014 6:27 PM, Viktor Dukhovni wrote:
> It is when authentication is then used *only* with peers that
> publish TLSA RRs and not with peers that don't. 

My point was/is that reliance on DNSSec means that there is an
INDEPENDENT authentication hierarchy.

Taking a look at the entire 'system' that DANE is part of, the
authentication is NOT only between peers.

Use DANE without DNSSec, and calling it opportunistic probably makes
sense.  Using it with DNSSec and it doesn't.

d/

-- 
Dave Crocker
Brandenburg InternetWorking
bbiw.net

Follow-Ups:
- Re: [saag] Last Call: <draft-dukhovni-opportunistic-security-01.txt> (Opportunistic Security: some protection most of the time) to Informational RFC
  - From: Patrik Fältström
- Re: [saag] Last Call: <draft-dukhovni-opportunistic-security-01.txt> (Opportunistic Security: some protection most of the time) to Informational RFC
  - From: Viktor Dukhovni

References:
- Re: [saag] Last Call: <draft-dukhovni-opportunistic-security-01.txt> (Opportunistic Security: some protection most of the time) to Informational RFC
  - From: Viktor Dukhovni
- Re: [saag] Last Call: <draft-dukhovni-opportunistic-security-01.txt> (Opportunistic Security: some protection most of the time) to Informational RFC
  - From: t.p.
- Re: [saag] Last Call: <draft-dukhovni-opportunistic-security-01.txt> (Opportunistic Security: some protection most of the time) to Informational RFC
  - From: Stephen Kent
- Re: [saag] Last Call: <draft-dukhovni-opportunistic-security-01.txt> (Opportunistic Security: some protection most of the time) to Informational RFC
  - From: t.p.
- Re: [saag] Last Call: <draft-dukhovni-opportunistic-security-01.txt> (Opportunistic Security: some protection most of the time) to Informational RFC
  - From: Viktor Dukhovni
- Re: [saag] Last Call: <draft-dukhovni-opportunistic-security-01.txt> (Opportunistic Security: some protection most of the time) to Informational RFC
  - From: Stephen Kent
- Re: [saag] Last Call: <draft-dukhovni-opportunistic-security-01.txt> (Opportunistic Security: some protection most of the time) to Informational RFC
  - From: Stephen Kent
- Re: [saag] Last Call: <draft-dukhovni-opportunistic-security-01.txt> (Opportunistic Security: some protection most of the time) to Informational RFC
  - From: Nico Williams
- Re: [saag] Last Call: <draft-dukhovni-opportunistic-security-01.txt> (Opportunistic Security: some protection most of the time) to Informational RFC
  - From: Dave Crocker
- Re: [saag] Last Call: <draft-dukhovni-opportunistic-security-01.txt> (Opportunistic Security: some protection most of the time) to Informational RFC
  - From: Viktor Dukhovni

[Index of Archives] [IETF Annoucements] [IETF] [IP Storage] [Yosemite News] [Linux SCTP] [Linux Newbies] [Fedora Users]