To further your point, an area completely outside of ICANN's purview,
yet an
area requiring governance is PKI. We are at the point where deployment
of a
PKI has moved beyond technical issues, becoming almost completely the
policy
politics of trust. Until the politicians broker the trust
At 12:12 PM -0500 12/14/03, Keith Moore wrote:
To further your point, an area completely outside of ICANN's purview, yet an
area requiring governance is PKI. We are at the point where deployment of a
PKI has moved beyond technical issues, becoming almost completely the policy
politics of trust.
I'd put this a different way. Until PKIs are able to represent the
rich diversity of trust relationships that exist in the real world,
they are mere curiosities with marginal practical value.
Oh, please. Describe a trust relationship that cannot be represented
using current PKI technology
At 2:14 PM -0500 12/14/03, Keith Moore wrote:
I'd put this a different way. Until PKIs are able to represent
the rich diversity of trust relationships that exist in the real
world, they are mere curiosities with marginal practical value.
Oh, please. Describe a trust relationship that cannot be
On Sun, 14 Dec 2003 14:14:56 EST, Keith Moore said:
I trust my mother and my siblings to make statements about the
identities of other family members.
I trust the State of Tennessee to make statements about the identities
of state agencies.
However, I'll bet a dinner that you most likely do
All of those statements, assertions, and so on can be made in simple
signed messages. When you get a message with statements about your
job, you verify that the message has been signed using your boss'
public key. What's the problem here?
Some of the problems occur when I start trusting
On Sun, 14 Dec 2003 11:33:23 PST, Paul Hoffman / IMC said:
At 2:14 PM -0500 12/14/03, Keith Moore wrote:
I trust my boss to make statements about my job.
All of those statements, assertions, and so on can be made in simple
signed messages. When you get a message with statements about your
I just saw a message that was forwarded to the [EMAIL PROTECTED] list by
spamassassin.
Apparently spamassassin decided it was spam but forwarded to the list
anyway with explanation of why it thought it was spam. Not only was
the message legitimate (it was an I-D announcement) but it reveals
I trust my mother and my siblings to make statements about the
identities of other family members.
I trust the State of Tennessee to make statements about the identities
of state agencies.
However, I'll bet a dinner that you most likely do *not* trust your
mother and
siblings to make statements
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
| All of those statements, assertions, and so on can be made in simple
| signed messages. When you get a message with statements about your job,
| you verify that the message has been signed using your boss' public key.
| What's the problem here?
|
|
oops. apparently this message was somehow fed back from the list by
somebody's machine,
not by a spamassassin at ietf.org. sorry about that.
At 2:48 PM -0500 12/14/03, Keith Moore wrote:
All of those statements, assertions, and so on can be made in
simple signed messages. When you get a message with statements
about your job, you verify that the message has been signed using
your boss' public key. What's the problem here?
Some of
At 2:52 PM -0500 12/14/03, [EMAIL PROTECTED] wrote:
On Sun, 14 Dec 2003 11:33:23 PST, Paul Hoffman / IMC said:
At 2:14 PM -0500 12/14/03, Keith Moore wrote:
I trust my boss to make statements about my job.
All of those statements, assertions, and so on can be made in simple
signed messages.
On Sun, 14 Dec 2003 12:09:37 PST, Paul Hoffman / IMC said:
All of that is describable, and many vendors have such products.
There are no standards (or none that are significantly followed) for
such assertions. So? Many different PKIs can handle such assertions,
once you codify them.
I'm
At 4:29 PM -0500 12/14/03, [EMAIL PROTECTED] wrote:
On Sun, 14 Dec 2003 12:09:37 PST, Paul Hoffman / IMC said:
All of that is describable, and many vendors have such products.
There are no standards (or none that are significantly followed) for
such assertions. So? Many different PKIs can
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
|
| You're talking about a problem with software, not with the standards.
|
We believe in running code.
MVH leifj
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
On Sun, 14 Dec 2003 14:01:02 PST, Paul Hoffman / IMC said:
This has nearly nothing to do with the technical part of the PKI, and
everything to do with the humans.
Right. And to quote what Keith Moore said at the start of this thread:
I'd put this a different way. Until PKIs are able to
On Sun, Dec 14, 2003 at 03:20:03PM -0500, Keith Moore wrote:
oops. apparently this message was somehow fed back from the list by
somebody's machine,
not by a spamassassin at ietf.org. sorry about that.
Regardless, I think the particular method used by the IETF announce list
to attach
On Mon, 2003-12-15 at 05:12, Keith Moore wrote:
To further your point, an area completely outside of ICANN's purview,
yet an
area requiring governance is PKI. We are at the point where deployment
of a
PKI has moved beyond technical issues, becoming almost completely the
policy
I tottally support the criterias used by Spamassassin even if they are RFC compliants...
We need some tools to help us clean the SPAM. Yes there are some false positives, but I have less of them than SPAM...
I clean most of my mailbox by looking a the SPAM header, without having to read all
Paul Hoffman;
All of that is describable, and many vendors have such products. There
are no standards (or none that are significantly followed) for such
assertions. So? Many different PKIs can handle such assertions, once you
codify them.
Are you saying we need many different PKIs for all the
Paul Hoffman;
Until PKIs are able to represent the rich diversity of trust
relationships that exist in the real world, they are mere curiosities
with marginal practical value.
PKIs are able to represent the blah blah blah; your software isn't yet
translating that into something that you want
Hmmm, we talked about some of it...
look in the IETF archives on Global PKI on DNS?
Cheers
On Mon, 2003-12-15 at 12:03, Masataka Ohta wrote:
Paul Hoffman;
Until PKIs are able to represent the rich diversity of trust
relationships that exist in the real world, they are mere curiosities
On Thu, 2003-12-11 at 16:05, Sally Floyd wrote:
One might hope that Linux implementors would make a better decision
next time around.
The linux implementation actually helped have a _lot_ of broken
devices fixed. I have ECN turned on always (for the last few years);
i find broken devices once
On Mon, 15 Dec 2003 12:47:43 +1200, Franck Martin said:
Hmmm, we talked about some of it...
look in the IETF archives on Global PKI on DNS?
Paul, Keith, and myself have bounced a few e-mails in private back and forth,
and unless I'm totally mis-forgetting that thread, what we're discussing
Paul Hoffman / IMC writes:
Oh, please. Describe a trust relationship that cannot be represented
using current PKI technology (PKIX certs, S/MIME signed messages,
OpenPGP certs, OpenPGP signed messages, or SPKI certs). The lack of
ability to represent the trust relationship is not what is
jamal writes:
So the Linux decision was infact a very good one. An award of some form
is in order.
Maybe Microsoft will be inspired to do things the same way: it can
change its implementations in order to break 10% of all sites around the
world, and when anyone complains, it can say that it
On Mon, 15 Dec 2003 05:34:53 +0100, Anthony G. Atkielski [EMAIL PROTECTED] said:
The main contention seems to be the system with the problem. If it's
Linux, it's not a bug, it's feature. If it's Microsoft, it's not a
feature, it's a bug.
Linux could at least stand on the claim that it was
[EMAIL PROTECTED] writes:
Linux could at least stand on the claim that it was implementing
the RFCs as written, and that the interoperability problem was
due to the other end failing to implement the RFCs.
The RFCs are not specific enough to support such a claim.
Feel free to point at
29 matches
Mail list logo
