Re: [Dance] Benjamin Kaduk's Yes on charter-ietf-dance-00-01: (with COMMENT)
Wes Hardaker <wjhns1@hardakers.net> Wed, 08 September 2021 17:31 UTC
Return-Path: <wjhns1@hardakers.net>
X-Original-To: dance@ietfa.amsl.com
Delivered-To: dance@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 8C03D3A300A;
Wed, 8 Sep 2021 10:31:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 7iNnxME9VzFA; Wed, 8 Sep 2021 10:31:46 -0700 (PDT)
Received: from mail.hardakers.net (mail.hardakers.net [168.150.192.181])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id C39A93A3000;
Wed, 8 Sep 2021 10:31:45 -0700 (PDT)
Received: from localhost (unknown [10.0.0.3])
by mail.hardakers.net (Postfix) with ESMTPA id 54C3A234C7;
Wed, 8 Sep 2021 10:31:44 -0700 (PDT)
From: Wes Hardaker <wjhns1@hardakers.net>
To: Benjamin Kaduk via Datatracker <noreply@ietf.org>
Cc: "The IESG" <iesg@ietf.org>, Benjamin Kaduk <kaduk@mit.edu>,
dance-chairs@ietf.org, dance@ietf.org
References: <163112194505.829.5232324669652141364@ietfa.amsl.com>
Date: Wed, 08 Sep 2021 10:31:44 -0700
In-Reply-To: <163112194505.829.5232324669652141364@ietfa.amsl.com> (Benjamin
Kaduk via Datatracker's message of "Wed, 08 Sep 2021 10:25:45 -0700")
Message-ID: <yblv93bc6tb.fsf@w7.hardakers.net>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/dance/TdPabMrwONOmtWM9PlFQsLDSTpc>
Subject: Re: [Dance] Benjamin Kaduk's Yes on charter-ietf-dance-00-01: (with
COMMENT)
X-BeenThere: dance@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DANE Authentication for Network Clients Everywhere <dance.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dance>,
<mailto:dance-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dance/>
List-Post: <mailto:dance@ietf.org>
List-Help: <mailto:dance-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dance>,
<mailto:dance-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Sep 2021 17:31:51 -0000
Benjamin Kaduk via Datatracker <noreply@ietf.org> writes: > We might reference RFC 6698 for DANE. That's a good point. > "shared PKI root of trust" seems to imply that both parties have > credentials that chain up to the same root of trust (or at least that > the level of trust in the root is shared between parties), which need > not be the case. In principle the parties can use credentials anchored > at different roots of trust, so long as the verifier is willing to use > the corresponding root of trust for this purpose. So we might say > instead "and a root of trust deemed valid by the entity validating the > authenticated identity". Or we could ignore it, and try to not be > overly pedantic. Although that's a very valid point, I'd argue we should aim for more readable over perfect and I'm personally thinking we should leave the existing, easier to understand, language in place. -- Wes Hardaker USC/ISI
- [Dance] Benjamin Kaduk's Yes on charter-ietf-danc… Benjamin Kaduk via Datatracker
- Re: [Dance] Benjamin Kaduk's Yes on charter-ietf-… Wes Hardaker
- Re: [Dance] Benjamin Kaduk's Yes on charter-ietf-… Benjamin Kaduk