Re: [apps-discuss] [dane]
Martin Rex <mrex@sap.com> Wed, 02 May 2012 18:53 UTC
Return-Path: <mrex@sap.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C84B011E80B2; Wed, 2 May 2012 11:53:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.231
X-Spam-Level:
X-Spam-Status: No, score=-9.231 tagged_above=-999 required=5 tests=[AWL=-0.782, BAYES_00=-2.599, HELO_EQ_DE=0.35, J_CHICKENPOX_34=0.6, J_CHICKENPOX_46=0.6, J_CHICKENPOX_84=0.6, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j6-udFn5t6DH; Wed, 2 May 2012 11:53:20 -0700 (PDT)
Received: from smtpde02.sap-ag.de (smtpde02.sap-ag.de [155.56.68.140]) by ietfa.amsl.com (Postfix) with ESMTP id CF94D11E80B1; Wed, 2 May 2012 11:53:19 -0700 (PDT)
Received: from mail.sap.corp by smtpde02.sap-ag.de (26) with ESMTP id q42IrIZV028717 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 2 May 2012 20:53:18 +0200 (MEST)
From: Martin Rex <mrex@sap.com>
Message-Id: <201205021853.q42IrHJJ005341@fs4113.wdf.sap.corp>
To: ned.freed@mrochek.com
Date: Wed, 02 May 2012 20:53:17 +0200
In-Reply-To: <01OF07L047040006TF@mauve.mrochek.com> from "Ned Freed" at May 2, 12 11:10:49 am
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-SAP: out
Cc: mrex@sap.com, ned.freed@mrochek.com, apps-discuss@ietf.org, dane@ietf.org, paul.hoffman@vpnc.org, iesg@ietf.org, paul@nohats.ca
Subject: Re: [apps-discuss] [dane]
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: mrex@sap.com
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 May 2012 18:53:20 -0000
Ned Freed wrote: > > > Updates: should only be used if the change is supposed to apply not only > > to implementations of the *new* document, but that all new implementors of > > the *old* (=updated) document should ignore certain parts of the old > > document and use the new document instead. > > Which is exactly the sense in which it is being used here. Although > I think it unlikely given how limited DANE is, it is nevertheless > possible that some subsequent use of TLSA will require tweaking of > something in the DANE specification. We're not omnipotent and we > don't always get every detail right. Just the opposite. Quite similar to rfc6125, DANE-protocol assumes that you already have a trustworthy hostname for which to retrieve the certificate association. This way, DANE-protocol can be put into a black block module for the caller and does not need to be updated or changed depending on the usage scenario. It would even be possible to tunnel the TLSA+DNSSEC records for performing DANE-protocol through a TLS extension instead of looking it up in a combined TLS+DANE module in a fashion that is completely opaque to the application caller. What some of the app specs (other than HTTPS) may have to specify _and_ implement, in order to be able to use DANE, is how to securely obtain a hostname&port which can be used as input to an implementation of DANE-protocol or input to rfc6125 matching for PKIX-based matching to DV-validated server certificates. But such an apps-specific spec is _not_ an update to DANE itself, in spite of refering to DANE. It is irrelevant to the DANE software module. New TLS cipher suites usually do not update or change TLS, new crypto algorithms usually do not update or change PKIX, new mime-types ususally do not update HTTP or the internet message format. > > > - retaining full interop with old implementations based on only > > the full spec, and clear distinction of features that were > > added or dropped in the updated parts. > > This, OTOH, is unduly constraining. Not at all. Maybe you're misreading this. It says that anything that claims to update an earlier document must explain where and how it does that, an in particular outline omissions and mark additions as such, so that it will be clear to the reader of the document. Example: http://tools.ietf.org/html/rfc5321#section-1.2 -Martin
- Re: [apps-discuss] [dane] AppsDir review of Martin Rex
- Re: [apps-discuss] [dane] AppsDir review of draft… Mark Andrews
- [apps-discuss] AppsDir review of draft-ietf-dane-… Peter Saint-Andre
- [apps-discuss] AppsDir review of draft-ietf-dane-… Alexey Melnikov
- Re: [apps-discuss] AppsDir review of draft-ietf-d… Alexey Melnikov
- Re: [apps-discuss] AppsDir review of draft-ietf-d… Peter Saint-Andre
- Re: [apps-discuss] [dane] AppsDir review of draft… Paul Hoffman
- Re: [apps-discuss] [dane] AppsDir review of draft… Paul Hoffman
- Re: [apps-discuss] [dane] AppsDir review of draft… Paul Wouters
- Re: [apps-discuss] [dane] AppsDir review of draft… Warren Kumari
- Re: [apps-discuss] [dane] AppsDir review of draft… Alexey Melnikov
- Re: [apps-discuss] [dane] AppsDir review of draft… Paul Hoffman
- Re: [apps-discuss] [dane] AppsDir review of draft… James Cloos
- Re: [apps-discuss] [dane] AppsDir review of draft… Alexey Melnikov
- Re: [apps-discuss] [dane] AppsDir review of draft… Paul Hoffman
- Re: [apps-discuss] [dane] AppsDir review of draft… Paul Hoffman
- Re: [apps-discuss] [dane] AppsDir review of draft… John Gilmore
- Re: [apps-discuss] [dane] AppsDir review of draft… Mark Andrews
- Re: [apps-discuss] [dane] AppsDir review of draft… Patrik Fältström
- Re: [apps-discuss] [dane] AppsDir review of draft… S Moonesamy
- Re: [apps-discuss] [dane] AppsDir review of draft… John Gilmore
- Re: [apps-discuss] [dane] AppsDir review of draft… Peter Saint-Andre
- Re: [apps-discuss] [dane] AppsDir review of draft… Peter Saint-Andre
- Re: [apps-discuss] [dane] AppsDir review of draft… Ned Freed
- Re: [apps-discuss] [dane] AppsDir review of draft… SM
- Re: [apps-discuss] [dane] AppsDir review of draft… James Cloos
- Re: [apps-discuss] [dane] AppsDir review of draft… Tony Finch
- Re: [apps-discuss] [dane] AppsDir review of draft… Martin Rex
- Re: [apps-discuss] [dane] AppsDir review of draft… Peter Saint-Andre
- Re: [apps-discuss] [dane] AppsDir review of draft… Tony Finch
- Re: [apps-discuss] [dane] AppsDir review of draft… Matt Miller
- Re: [apps-discuss] [dane] AppsDir review of draft… Martin Rex
- Re: [apps-discuss] [dane] AppsDir review of draft… Tony Finch
- Re: [apps-discuss] [dane] AppsDir review of draft… Warren Kumari
- Re: [apps-discuss] [dane] AppsDir review of draft… Martin Rex
- Re: [apps-discuss] [dane] AppsDir review of draft… James Cloos
- Re: [apps-discuss] [dane] AppsDir review of draft… Tony Finch
- Re: [apps-discuss] [dane] AppsDir review of draft… Ned Freed
- Re: [apps-discuss] [dane] AppsDir review of draft… James Cloos
- Re: [apps-discuss] [dane] AppsDir review of draft… James Cloos
- Re: [apps-discuss] [dane] AppsDir review of draft… James Cloos
- Re: [apps-discuss] [dane] AppsDir review of draft… Martin Rex
- Re: [apps-discuss] [dane] AppsDir review of draft… Matt Miller
- Re: [apps-discuss] [dane] AppsDir review of draft… Paul Hoffman
- [apps-discuss] Documenting DANE for XMPP (WAS: [d… Matt Miller
- Re: [apps-discuss] [dane] AppsDir review of draft… Dave Cridland
- Re: [apps-discuss] [dane] AppsDir review of draft… Tony Finch
- Re: [apps-discuss] [dane] AppsDir review of draft… Ned Freed
- Re: [apps-discuss] [dane] AppsDir review of draft… Stephen Farrell
- Re: [apps-discuss] [dane] AppsDir review of draft… Ned Freed
- Re: [apps-discuss] [dane] AppsDir review of draft… Stephen Farrell
- Re: [apps-discuss] [dane] AppsDir review of draft… Ned Freed
- Re: [apps-discuss] [dane] AppsDir review of draft… James Cloos
- Re: [apps-discuss] [dane] AppsDir review of draft… Stephen Farrell
- Re: [apps-discuss] [dane] AppsDir review of draft… Tony Finch
- Re: [apps-discuss] [dane] AppsDir review of draft… Ned Freed
- Re: [apps-discuss] [dane] AppsDir review of draft… Peter Saint-Andre
- Re: [apps-discuss] [dane] AppsDir review of draft… Paul Hoffman
- Re: [apps-discuss] [dane] AppsDir review of draft… Peter Saint-Andre
- Re: [apps-discuss] [dane] AppsDir review of draft… Ned Freed
- Re: [apps-discuss] [dane] AppsDir review of draft… Stephen Farrell
- Re: [apps-discuss] [dane] AppsDir review of draft… Jakob Schlyter
- Re: [apps-discuss] [dane] AppsDir review of draft… Mark Andrews
- Re: [apps-discuss] [dane] Documenting DANE for XM… Richard L. Barnes
- Re: [apps-discuss] [dane] Martin Rex
- Re: [apps-discuss] [dane] AppsDir review of draft… Tony Finch
- Re: [apps-discuss] [dane] AppsDir review of draft… Paul Hoffman
- Re: [apps-discuss] [dane] AppsDir review of draft… Tony Finch
- Re: [apps-discuss] [dane] AppsDir review of draft… Peter Saint-Andre
- Re: [apps-discuss] [dane] AppsDir review of draft… Peter Saint-Andre
- Re: [apps-discuss] [dane] AppsDir review of draft… Paul Hoffman
- Re: [apps-discuss] [dane] AppsDir review of draft… Paul Hoffman
- Re: [apps-discuss] [dane] AppsDir review of draft… Ned Freed
- Re: [apps-discuss] [dane] AppsDir review of draft… Ned Freed
- Re: [apps-discuss] [dane] AppsDir review of draft… Tony Finch
- Re: [apps-discuss] [dane] AppsDir review of draft… Tony Finch
- Re: [apps-discuss] [dane] AppsDir review of Mark Andrews
- Re: [apps-discuss] [dane] AppsDir review of Tony Finch
- Re: [apps-discuss] [dane] AppsDir review of draft… Mark Andrews
- Re: [apps-discuss] [dane] AppsDir review of draft… Warren Kumari
- Re: [apps-discuss] [dane] Ned Freed
- Re: [apps-discuss] [dane] Martin Rex
- Re: [apps-discuss] [dane] AppsDir review of Martin Rex
- Re: [apps-discuss] [dane] Ned Freed
- Re: [apps-discuss] [dane] Martin Rex
- Re: [apps-discuss] [dane] AppsDir review of Mark Andrews
- Re: [apps-discuss] [dane] Ned Freed
- [apps-discuss] MX and DANE (Was: [dane] AppsDir r… Ondřej Surý
- [apps-discuss] Client-defined port -> particular … Ondřej Surý
- Re: [apps-discuss] [dane] AppsDir review of draft… Ondřej Surý
- Re: [apps-discuss] [dane] MX and DANE (Was: AppsD… Tony Finch
- Re: [apps-discuss] [dane] MX and DANE (Was: AppsD… Richard L. Barnes
- Re: [apps-discuss] [dane] MX and DANE (Was: AppsD… Ondřej Surý
- Re: [apps-discuss] [dane] AppsDir review of draft… Ondřej Surý
- Re: [apps-discuss] [dane] AppsDir review of Ondřej Surý
- Re: [apps-discuss] [dane] AppsDir review of draft… Peter Saint-Andre
- Re: [apps-discuss] [dane] AppsDir review of draft… Paul Hoffman
- Re: [apps-discuss] [dane] AppsDir review of draft… SM
- Re: [apps-discuss] [dane] AppsDir review of draft… Peter Saint-Andre
- Re: [apps-discuss] [dane] AppsDir review of draft… Andrew Sullivan
- Re: [apps-discuss] [dane] AppsDir review of draft… Paul Hoffman
- Re: [apps-discuss] [dane] AppsDir review of draft… SM
- Re: [apps-discuss] [dane] AppsDir review of draft… Peter Saint-Andre
- Re: [apps-discuss] [dane] MX and DANE (Was: AppsD… Mark Andrews
- Re: [apps-discuss] [dane] AppsDir review of draft… Ned Freed
- Re: [apps-discuss] [dane] AppsDir review of draft… Peter Saint-Andre
- Re: [apps-discuss] [dane] AppsDir review of draft… Paul Hoffman
- Re: [apps-discuss] [dane] AppsDir review of draft… Andrew Sullivan
- Re: [apps-discuss] [dane] MX and DANE (Was: AppsD… Martin Rex
- Re: [apps-discuss] [dane] AppsDir review of draft… Ondřej Surý