[art] draft-ietf-dance-client-auth-09 ietf last call Artart review
Arnt Gulbrandsen via Datatracker <noreply@ietf.org> Mon, 12 January 2026 16:39 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: art@ietf.org
Delivered-To: art@mail2.ietf.org
Received: from [10.244.6.11] (unknown [4.156.85.76]) by mail2.ietf.org (Postfix) with ESMTP id 5A4BBA67EFF4; Mon, 12 Jan 2026 08:39:53 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Arnt Gulbrandsen via Datatracker <noreply@ietf.org>
To: art@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 12.55.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <176823599306.764059.7845639436342695371@dt-datatracker-5656579b89-r5kdq>
Date: Mon, 12 Jan 2026 08:39:53 -0800
Message-ID-Hash: TB3GTGCLLS42N5OMJHRKIKMGCEJHV2ED
X-Message-ID-Hash: TB3GTGCLLS42N5OMJHRKIKMGCEJHV2ED
X-MailFrom: noreply@ietf.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-art.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: dance@ietf.org, draft-ietf-dance-client-auth.all@ietf.org, last-call@ietf.org
X-Mailman-Version: 3.3.9rc6
Reply-To: Arnt Gulbrandsen <arnt@gulbrandsen.priv.no>
Subject: [art] draft-ietf-dance-client-auth-09 ietf last call Artart review
List-Id: Applications and Real-Time Area Discussion <art.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/art/lLt1bLMTuU11UN5ImwPcRtys0MA>
List-Archive: <https://mailarchive.ietf.org/arch/browse/art>
List-Help: <mailto:art-request@ietf.org?subject=help>
List-Owner: <mailto:art-owner@ietf.org>
List-Post: <mailto:art@ietf.org>
List-Subscribe: <mailto:art-join@ietf.org>
List-Unsubscribe: <mailto:art-leave@ietf.org>
Document: draft-ietf-dance-client-auth Title: TLS Client Authentication via DANE TLSA records Reviewer: Arnt Gulbrandsen Review result: Ready with Nits Hi, I'm the designated ART reviewer for this document, and I'm a little late with this, after spending a vacation without much mail and my first working week with. Sorry. The document looks very nice to me, I'd say it may be ready. I have two questions that may be nits. 1. What happens if the TLS DANE Client Identity extension is used and there is a dNSName in the cert, and they differ? My sense is that the dNSName and identity have to match, and if they don't, TLS negotiation fails. But I don't see this explicitly anywhere. 2. Section 3 starts with "The client SHOULD explicitly…" and I'm curious why that's not a MUST. I assume a MUST would lead to fewer interoperation combinations to test, and I don't see any reason why a client cannot support this TLS extension. Is interop combinations a smaller concern than I imagine?
- [art] draft-ietf-dance-client-auth-09 ietf last c… Arnt Gulbrandsen via Datatracker
- [art] Re: draft-ietf-dance-client-auth-09 ietf la… Shumon Huque