On the Security of the Proposed Ballot SC-082 Redux

[Henry Birge-Lee]

Hi all,

After the failing of SC-082 I was involved in some discussions that lead to what is now being referred to within the Validation Subcommittee as Ballot SC-082 Redux.

At a recent Validation Subcommittee, a Forum member asked about a security justification and Michael Slaughter mentioned a previous PDF slide deck I had shared in the read regarding Ballot SC-082 (also attached here). I felt the justification presented in these slides was incomplete, and I also foresaw that many Forum members that did not partake in that discussion would ask regarding the security impact of SC-082 Redux should it be proposed by Michael Slaughter for public discussion. In light of this and to justify my own support of this ballot without any CA affiliation, I wrote up a more substantial document containing my own security analysis on this ballot and the security motivations around why I support it. This document is attached to this email as "Security of SC 082 redux".

Finally, I will mention that I support the ballot as it is currently drafted, although I think the Forum would have better alignment with the IETF if the proposed tag ended in the suffix "-persist" (e.g., _validation-static would become _validation-persist) to align with an I-D being proposed to the IETF dnsop working group ( https://datatracker.ietf.org/doc/draft-sheth-identifiers-dns/ ).

Best,

Henry