Re: [dane] draft-ietf-dane-smime

Doug Montgomery <dougm.work@gmail.com> Thu, 02 October 2014 21:05 UTC

Return-Path: <dougm.work@gmail.com>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0875B1ACD67 for <dane@ietfa.amsl.com>; Thu, 2 Oct 2014 14:05:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wJeK_TQqvir9 for <dane@ietfa.amsl.com>; Thu, 2 Oct 2014 14:05:37 -0700 (PDT)
Received: from mail-lb0-x235.google.com (mail-lb0-x235.google.com [IPv6:2a00:1450:4010:c04::235]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 419491ACD61 for <dane@ietf.org>; Thu, 2 Oct 2014 14:05:37 -0700 (PDT)
Received: by mail-lb0-f181.google.com with SMTP id l4so2966438lbv.26 for <dane@ietf.org>; Thu, 02 Oct 2014 14:05:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=JipHSkcxxypcEQ7VWkE/9NDVabPz/ViykDpWW999lIA=; b=ff43l93wdHfo8txO9G3irmajjCqCTfg5V0lA1pE2vGovqhiJegSi6KRuMeF4S7AqNm LtHYt/xL2uMiBkksnaKxoAKEjuy5NGGQnF0/kasR3+sVQuoRwm53qsOrMNY1L5WA0Q8c OG9BJrDNXorcG3StpCKGeghnGPJDM0KaBSa72kW6WaIPf8hogLBggPH3UDUwwNsbffgJ iPqb9q/UnnNMGtZnECLgTqhtFuQR55mXAO7Hs1OZQjmDYJJiBD0C8UlrKw5JgC1PtxKs 29hUIyOGSH+gS71xnNKR4tBx/wSOsegyklfkGSf38OFkNvUb0OGrM3EJcSd/vaDYhvnH n83A==
X-Received: by 10.152.197.35 with SMTP id ir3mr1359763lac.82.1412283935069; Thu, 02 Oct 2014 14:05:35 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.25.88.134 with HTTP; Thu, 2 Oct 2014 14:05:14 -0700 (PDT)
In-Reply-To: <F85169F2-8263-443B-BBCC-5BA9AE2EE8E4@kirei.se>
References: <273F9612-13AF-4CB8-B15C-912AAD04C738@verisign.com> <CF875C06-E4DA-4DCA-A722-5FDEE04B3069@vpnc.org> <CAMaMmn=pD--mUM2oEHMWmQ7WuO_ReCZQRfTKgVpHtoXyBxj8zQ@mail.gmail.com> <F85169F2-8263-443B-BBCC-5BA9AE2EE8E4@kirei.se>
From: Doug Montgomery <dougm.work@gmail.com>
Date: Thu, 02 Oct 2014 17:05:14 -0400
Message-ID: <CAMaMmnn4zJRW+bsEmU61QBQ4TeqZnUSj1ZEsbt624tcfV=Xsmg@mail.gmail.com>
To: Jakob Schlyter <jakob@kirei.se>
Content-Type: multipart/alternative; boundary="001a11341542459bbf050476faa0"
Archived-At: http://mailarchive.ietf.org/arch/msg/dane/3FkbB37uqAKPIf7ONo5j1ZvMyFE
Cc: Paul Hoffman <paul.hoffman@vpnc.org>, dane WG list <dane@ietf.org>
Subject: Re: [dane] draft-ietf-dane-smime
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Oct 2014 21:05:40 -0000

And how is that definitively distinguishable from that email identity never
having a CERT in DANE in the first place?

dougm

On Thu, Oct 2, 2014 at 5:00 PM, Jakob Schlyter <jakob@kirei.se> wrote:

> On 2 okt 2014, at 22:56, Doug Montgomery <dougm.work@gmail.com> wrote:
>
> > Having a scalable, simple, but definitive way to indicate that a
> previously valid email-identity/certificate is no longer valid within a
> given domain is a useful feature that doesn't seem to have an analog use
> case in TLS.
>
> If you trust in DANE, and the certificate is no longer published in DNS,
> it is not valid - no revocation is needed.
> If you do not trust in DANE, normal/legacy revocation procedures
> (OCSP/CRL) applies.
>
> my 0.01€,
>
>         jakob
>
>


-- 
DougM at Work