Re: [dane] Anyone interested in writing a DANE tutorial?

Sandoche Balakrichenan <sandoche.balakrichenan@afnic.fr> Tue, 16 April 2013 06:22 UTC

Return-Path: <sandoche.balakrichenan@afnic.fr>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4590C21F95E4 for <dane@ietfa.amsl.com>; Mon, 15 Apr 2013 23:22:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.249
X-Spam-Level:
X-Spam-Status: No, score=-2.249 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_FR=0.35]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id obtzQvPz0Blt for <dane@ietfa.amsl.com>; Mon, 15 Apr 2013 23:22:16 -0700 (PDT)
Received: from mx4.nic.fr (mx4.nic.fr [192.134.4.12]) by ietfa.amsl.com (Postfix) with ESMTP id 9AF1F21F8FE9 for <dane@ietf.org>; Mon, 15 Apr 2013 23:22:16 -0700 (PDT)
Received: from mx4.nic.fr (localhost [127.0.0.1]) by mx4.nic.fr (Postfix) with SMTP id 01AA22807A4; Tue, 16 Apr 2013 08:21:46 +0200 (CEST)
Received: from relay2.nic.fr (relay2.nic.fr [192.134.4.163]) by mx4.nic.fr (Postfix) with ESMTP id F130228068F; Tue, 16 Apr 2013 08:21:45 +0200 (CEST)
Received: from [10.10.86.63] (tirodite.tech.prive.sqy.nic.fr [10.10.86.63]) by relay2.nic.fr (Postfix) with ESMTP id DED88B38055; Tue, 16 Apr 2013 08:21:15 +0200 (CEST)
Message-ID: <516CEDDE.1080605@hermes.nic.fr>
Date: Tue, 16 Apr 2013 08:21:18 +0200
From: Sandoche Balakrichenan <sandoche.balakrichenan@afnic.fr>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/20130308 Thunderbird/17.0.4
MIME-Version: 1.0
To: dane@ietf.org
References: <699F0F4D-3E06-44F5-88A4-40C1FC569E98@danyork.org> <516BFBE9.5010509@hermes.nic.fr> <20130415183025.GD23574@mournblade.imrryr.org>
In-Reply-To: <20130415183025.GD23574@mournblade.imrryr.org>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Subject: Re: [dane] Anyone interested in writing a DANE tutorial?
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Apr 2013 06:22:17 -0000

Thank for your feedback. My comments below:

On 04/15/2013 08:30 PM, Viktor Dukhovni wrote:
> On Mon, Apr 15, 2013 at 03:08:57PM +0200, Sandoche Balakrichenan wrote:
>
>> Even though it took some time, here in i attach a tutorial style
>> document which explains implementing DANE and a Proof of Concept using a
>> browser add-on.
> The "guide" could be much shorter.  Just explain clearly how to set up
> TLSA records for HTTPS in the context of an already signed DNSSEC zone.
==> The focus of the document was to act as a guide for someone who has
a domain name and has some knowledge (an expert does not need this
document) of configuring his domain zone to add a TLSA RR and do an
end-to-end test. Making it more shorter, i felt will not fulfill this
objective.
>
> The description of DNSSEC configuration is too miminal to be very
> useful. In fact almost downright dangerous, since operating a DNSSEC
> zone is a lot more involved than a one-time registration of a DS
> RR in the parent zone.  This topic is covered in a lot more depth
> elsewhere and you're unlikely to do it justice except by reference
> to something that already covers this well.
==> Completely agree. Will provide a proper reference in the next iteration.
>
> Since the write-up explains none of the implementation details of
> the browser client plugin, the discussion of the client behaviour
> is just a distraction.
==> My first comment answers this question.
>
> Is the document a paper for academic publication or a How-To guide
> for system administrators?  It seems to be a strange mixture of
> the two.
>
==> More as an How-To guide?

Thanks again,
Sandoche.