Re: Global PKI on DNS?

2002-06-11 Thread Keith Moore
Since I assume that most people on the lists already understand this stuff, I'll followup to Peter privately... > Somebody suggested out-of-band that I might be trolling with my last > post, but actually I was just surrendering to my frustration, for which > I apologize. I know what a wasteland

Re: Global PKI on DNS?

2002-06-11 Thread Peter Deutsch
g'day, Keith Moore wrote: > > > Somebody (I > > think it was Keith) suggested earlier in this thread that nobody should > > be trusted with the single PKI root. Maybe the same sentiment applies to > > DNS roots, as well?? > > no, it doesn't follow at all.you need a unique root (of some kind

Re: Global PKI on DNS?

2002-06-11 Thread Eric A. Hall
on 6/11/2002 11:01 PM David Conrad said the following: > Why would anyone care about root or TLD _certificates_? Uhh, because it was requested: on 6/8/2002 8:22 AM Franck Martin said the following: | The root servers would share the ROOT Certificates and would sign a | certificate to each

Re: Global PKI on DNS?

2002-06-11 Thread David Conrad
On 6/11/02 6:51 PM, "Derek Atkins" <[EMAIL PROTECTED]> wrote: > David Conrad <[EMAIL PROTECTED]> writes: > >> Why do you think the roots and TLDs would get millions of TCP queries for >> their certs? Why would anyone want to get the certs of the roots or tlds? > > Just to play devil's advocate

Re: Global PKI on DNS?

2002-06-11 Thread David Conrad
On 6/11/02 6:15 PM, "Eric A. Hall" <[EMAIL PROTECTED]> wrote: >> Why do you think the roots and TLDs would get millions of TCP queries for >> their certs? Why would anyone want to get the certs of the roots or tlds? > Why do you think anybody would cache them long-term if they were right > there

Re: Global PKI on DNS?

2002-06-11 Thread Keith Moore
> These arguments are going beyond silly and reaching ludicrous. Yes, some > ISPs do stupid things. That's when you choose a different ISP or come up > with some workaround. Yes, there are broken DNS servers out there that > can't handle TCP queries. Get an unbroken DNS server, there are plent

Re: modems

2002-06-11 Thread Bill Cunningham
So the modems change binaries such as the protocols developed by IETF to analog, I didn't know that. I remember acc/couplers. I had an exaternal 300 bps modem once, wow things have changed. My speaker goes off after handshaking. - Original Message - From: "Nepple, Bruce" <[EMAIL PROTECTED]

Re: Global PKI on DNS?

2002-06-11 Thread Eric A. Hall
on 6/11/2002 8:00 PM David Conrad said the following: > Why do you think the roots and TLDs would get millions of TCP queries for > their certs? Why would anyone want to get the certs of the roots or tlds? Why do you think anybody would cache them long-term if they were right there handy in th

Re: Global PKI on DNS?

2002-06-11 Thread David Conrad
On 6/11/02 4:34 PM, "Eric A. Hall" <[EMAIL PROTECTED]> wrote: >> The big deal is that some of the more restrictive ISPs may not permit >> customers to bypass their DNS servers. Same as with HTTP interception >> proxies. > No, the big deal is that the roots and TLDs would be crippled from > millio

Re: Global PKI on DNS?

2002-06-11 Thread Vernon Schryver
> To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] > From: "John Stracke" <[EMAIL PROTECTED]> > >So users wanting this new service will be pretty motivated to switch DNS > >servers when the time comes, what's the big deal in that? > > The big deal is that some

RE: modems

2002-06-11 Thread Nepple, Bruce
Are you sure the sound he is hearing is not the modem fan screeching? :P > -Original Message- > From: Pete Resnick [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, June 11, 2002 1:37 PM > To: Lloyd Wood > Cc: Bill Cunningham; ietf > Subject: Re: modems > > > On 6/11/02 at 9:04 PM +0100, Llo

Re: Global PKI on DNS?

2002-06-11 Thread Keith Moore
> Somebody (I > think it was Keith) suggested earlier in this thread that nobody should > be trusted with the single PKI root. Maybe the same sentiment applies to > DNS roots, as well?? no, it doesn't follow at all.you need a unique root (of some kind) to prevent name conflicts - mutual sel

Re: Global PKI on DNS?

2002-06-11 Thread Eric A. Hall
on 6/11/2002 5:36 PM John Stracke said the following: > The big deal is that some of the more restrictive ISPs may not permit > customers to bypass their DNS servers. Same as with HTTP interception > proxies. No, the big deal is that the roots and TLDs would be crippled from millions of TCP

Re: Global PKI on DNS?

2002-06-11 Thread Peter Deutsch
John Stracke wrote: > > >> Because it's not their software? If I wanted to do PKI through DNS, and > my > >> ISP's server did not support TCP, I might be stuck. Personally, I > don't > >> depend on my ISP for DNS, but many users do. > > > >So users wanting this new service will be pretty motiv

Re: Global PKI on DNS?

2002-06-11 Thread John Stracke
>> Because it's not their software? If I wanted to do PKI through DNS, and my >> ISP's server did not support TCP, I might be stuck. Personally, I don't >> depend on my ISP for DNS, but many users do. > >So users wanting this new service will be pretty motivated to switch DNS >servers when the

Re: Global PKI on DNS?

2002-06-11 Thread Peter Deutsch
g'day, John Stracke wrote: > > >Such software would not see this kind of data unless a user > >of the server tried to use this stuff, and in that case I don't see > >why that user couldn't upgrade her own software to get it to work. > > Because it's not their software? If I wanted to do PKI thr

Re: modems

2002-06-11 Thread Pete Resnick
On 6/11/02 at 9:04 PM +0100, Lloyd Wood wrote: >You're confusing your modems and your acoustic couplers. > >An electrical transmission in the ~3.5kHz bandpass range that equates >to the dominant frequencies used by the human voice, which the phone >system was engineered to convert and carry easil

Re: Global PKI on DNS?

2002-06-11 Thread John Stracke
>Such software would not see this kind of data unless a user >of the server tried to use this stuff, and in that case I don't see >why that user couldn't upgrade her own software to get it to work. Because it's not their software? If I wanted to do PKI through DNS, and my ISP's server did not su

Re: Global PKI on DNS?

2002-06-11 Thread Simon Josefsson
(Please respect Reply-To) "Eric A. Hall" <[EMAIL PROTECTED]> writes: > on 6/8/2002 8:54 PM Simon Josefsson said the following: > >> Despite the FUD presented by certain individuals that doesn't want >> keys/certs in DNS, people have already tarted doing it and it works >> fine. > > Setting aside

Re: Global PKI on DNS?

2002-06-11 Thread Eric A. Hall
on 6/8/2002 8:54 PM Simon Josefsson said the following: > Despite the FUD presented by certain individuals that doesn't want > keys/certs in DNS, people have already tarted doing it and it works > fine. Setting aside the issue of whether or not people are spreading FUD, perhaps you could tell u

RE: modems

2002-06-11 Thread Bill Strahm
I'll go a little farther... Common configurations for modems leave the speaker on during handshaking, but turn it off during normal data traffic... When I was doing a lot of modem programming I remember there were ATA commands that would turn off the speaker, or leave it on all the time... Reall

Re: modems

2002-06-11 Thread Pete Resnick
On 6/11/02 at 3:22 AM -0400, Bill Cunningham wrote: >I know modems communicate on the physical layer by electrical pulses >or binaries sent on copper wires. No, not at all. Modems communicate by sound. They MODulate the electrical pulses they get from the computer into sound, and the other en

Re: modems

2002-06-11 Thread David Frascone
Ummm . . . how 'bout: During handshaking the modem's speaker is on. On Tuesday, 11 Jun 2002, Pankaj Bhandari wrote: > Screeching occurs during handshaking. > > During the handshaking, the frequency is audible, thats the reason for screeching. > > > > -Original Message- > > From:

RE: modems

2002-06-11 Thread Pankaj Bhandari
Screeching occurs during handshaking. During the handshaking, the frequency is audible, thats the reason for screeching. > -Original Message- > From: Bill Cunningham [SMTP:[EMAIL PROTECTED]] > Sent: Tuesday, June 11, 2002 12:53 PM > To: [EMAIL PROTECTED] > Subject: modems > > I k

Re: Global PKI on DNS?

2002-06-11 Thread Arne Ansper
> > 1) short lived certs > > 2) CRL's published at regular intervals. > > > > both involve a regularly-signed short-lived objects. > > Errr - OCSP? last year we implemented a system that used DNS (with security extensions) to distribute ceritificate validity information (among other things)

Re: Global PKI on DNS?

2002-06-11 Thread Ben Laurie
Bill Sommerfeld wrote: >> As others have pointed out, the DNS already has the capability >> to store certs. So you could use the DNS as a publication >> method. But is this the only thing a PKI needs? How would >> one revolke a cert that was in the DNS? How can you update >

Re: Global PKI on DNS?

2002-06-11 Thread Bill Sommerfeld
> As others have pointed out, the DNS already has the capability > to store certs. So you could use the DNS as a publication > method. But is this the only thing a PKI needs? How would > one revolke a cert that was in the DNS? How can you update > -every- cached c

Re: Global PKI on DNS?

2002-06-11 Thread Simon Josefsson
Pekka Savola <[EMAIL PROTECTED]> writes: > On Sat, 8 Jun 2002, Michael Richardson wrote: >> > "Franck" == Franck Martin <[EMAIL PROTECTED]> writes: >> Franck> I was wondering if the best system to build a global PKI wouldn't be the >> Franck> DNS system already in place? >> >> Fra

Re: [idn] Re: CDNC Final Comments on Last call of IDN drafts

2002-06-11 Thread Dave Crocker
At 09:07 PM 6/7/2002 -0700, liana Ye wrote: >This is CDNC final comments. Please respect their experties >in dealing with large character sets. The IETF has showed a great deal of respect for that expertise. It is the reason the IETF has extended discussion about IDN much, much longer than was

Re: [idn] Re: CDNC Final Comments on Last call of IDN drafts

2002-06-11 Thread liana Ye
This is CDNC final comments. Please respect their experties in dealing with large character sets. Yes, it is difficult to standardize character mapping tables, as we know well enough. Without the mapping tables there is no IDN either. Yes, you are right on divide and conquor. What is dividabl

Re: modems

2002-06-11 Thread Valdis . Kletnieks
On Tue, 11 Jun 2002 03:22:40 EDT, Bill Cunningham <[EMAIL PROTECTED]> said: > communication? Computers don't communicate by screeching...or do they? Any language that you don't understand sounds like screeching. msg08507/pgp0.pgp Description: PGP signature

modems

2002-06-11 Thread Bill Cunningham
I know modems communicate on the physical layer by electrical pulses or binaries sent on copper wires. Is that screeching you hear electrical communication? Computers don't communicate by screeching...or do they?