ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [saag] Last Call: <draft-dukhovni-opportunistic-security-01.txt> (Opportunistic Security: some protection most of the time) to Informational RFC

2014-08-05 21:28:54
from [Dave Crocker] [Permanent Link] 
On 8/5/2014 6:27 PM, Viktor Dukhovni wrote:

It is when authentication is then used *only* with peers that
publish TLSA RRs and not with peers that don't. 



My point was/is that reliance on DNSSec means that there is an
INDEPENDENT authentication hierarchy.

Taking a look at the entire 'system' that DANE is part of, the
authentication is NOT only between peers.

Use DANE without DNSSec, and calling it opportunistic probably makes
sense.  Using it with DNSSec and it doesn't.


d/


-- 
Dave Crocker
Brandenburg InternetWorking
bbiw.net
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [saag] Last Call: <draft-dukhovni-opportunistic-security-01.txt> (Opportunistic Security: some protection most of the time) to Informational RFC, Viktor Dukhovni
Next by Date:  Re: [saag] Last Call: <draft-dukhovni-opportunistic-security-01.txt> (Opportunistic Security: some protection most of the time) to Informational RFC, Viktor Dukhovni
Previous by Thread:  Re: [saag] Last Call: <draft-dukhovni-opportunistic-security-01.txt> (Opportunistic Security: some protection most of the time) to Informational RFC, Viktor Dukhovni
Next by Thread:  Re: [saag] Last Call: <draft-dukhovni-opportunistic-security-01.txt> (Opportunistic Security: some protection most of the time) to Informational RFC, Viktor Dukhovni
Indexes:  [Date] [Thread] [Top] [All Lists]