On 2011-02-01 07:57 PDT, Zack Weinberg wrote: > I've been following the mailing list for the IETF's "keyassure" > working group, which plans to standardize a mechanism for putting > application-layer server keys (or their hashes) in DNS, certified by > DNSSEC. TLS/SSL is the first target, and of course also the most > interesting for the Web. > > While the current proposal seems sound technically, the WG has been > avoiding client policy -- there is a bit of policy in the current > draft, but it's worded vaguely enough to be (IMO) useless. I've > drafted a policy spec which I'd like to propose to the WG. However, > before doing so, I thought I would run it by y'all. If you like it, > perhaps we could present this as the Mozilla consensus position rather > than just one guy's opinion; if you don't like it I am eager to hear > why. > > For reference, this is the current draft proposal: > > http://tools.ietf.org/html/draft-ietf-dane-protocol-03
[snip] Zack, thanks for bringing this to this list/group. I think many of us were caught by surprise by it, because it is a browser policy proposal rather than a technical discussion of the protocols. Some of us have not been following the DANE work actively, and will need some time to read up on it and appreciate all its implications. Quite a few of us are (or, have been) die hard PKI advocates and some have seen DANE as an attempted threat to PKI. I think some of us have hoped it would fail and go away, but it seems to be becoming a juggernaut, and I think those who ignore it do so at their own peril. With regard to NSS, I think that if NSS ignores it, and is found to not adequately facilitate the implementation of DANE, it may become irrelevant. That said, at this time, I have a few comments that apply directly to your proposal. I may have more later. 1) I suggest you eliminate the word "bogus", replacing it with a much more precise description of records that MUST NOT be trusted in the establishment of a connection. Bogus is too open to interpretation, which can only lead to future disagreement. 2) After 14 years of working on SSL/TLS for browsers, I can tell you that browsers will all ignore the paragraph that says "Clients SHOULD NOT allow users to force a connection ...". I suppose that surprises no-one. I hope others will join a discussion here. -- /Nelson Bolyard -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
