Re: [dane] FYI: New Version Notification for draft-hoffman-dane-smime-04.txt
James Cloos <cloos@jhcloos.com> Mon, 10 September 2012 22:37 UTC
Return-Path: <cloos@jhcloos.com>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8AFF721F8702 for <dane@ietfa.amsl.com>; Mon, 10 Sep 2012 15:37:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.86
X-Spam-Level:
X-Spam-Status: No, score=-1.86 tagged_above=-999 required=5 tests=[AWL=0.740, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KQxDhwz5v9Ds for <dane@ietfa.amsl.com>; Mon, 10 Sep 2012 15:37:24 -0700 (PDT)
Received: from eagle.jhcloos.com (eagle.jhcloos.com [207.210.242.212]) by ietfa.amsl.com (Postfix) with ESMTP id EA27921F8711 for <dane@ietf.org>; Mon, 10 Sep 2012 15:37:23 -0700 (PDT)
Received: by eagle.jhcloos.com (Postfix, from userid 10) id 51CA440565; Mon, 10 Sep 2012 22:36:59 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jhcloos.com; s=eagle; t=1347316643; bh=wgfbycYYnC1DFy/HBoBna1KGzvCcZsv9VY7O1h3hcPk=; h=From:To:Cc:Subject:In-Reply-To:References:Date:Message-ID: MIME-Version:Content-Type; b=BWiwx6f0I9IMGzG40zgO4xbcZZIIH4zgLdzfYlpdX5ftskKfs/MiAuQRGYkhsARVb E/xrvn0/3bOb9A/Aaqvihj2eSQtZ1tupXaxWIumwyMQxQVscxbYWJEF1UMDJ6P9TdB kTRiFJIACIITmzqvoZoGYAvCZMswW0S8KBNIYkPM=
Received: by carbon.jhcloos.org (Postfix, from userid 500) id CBA9A40056; Mon, 10 Sep 2012 22:22:30 +0000 (UTC)
From: James Cloos <cloos@jhcloos.com>
To: IETF DANE WG list <dane@ietf.org>
In-Reply-To: <577789DE-4A22-48D3-ACBE-8297B6C1DBCE@kirei.se> (Jakob Schlyter's message of "Mon, 10 Sep 2012 22:15:16 +0200")
References: <20120908161345.32470.87669.idtracker@ietfa.amsl.com> <577789DE-4A22-48D3-ACBE-8297B6C1DBCE@kirei.se>
User-Agent: Gnus/5.130006 (Ma Gnus v0.6) Emacs/24.2.50 (gnu/linux)
Face: iVBORw0KGgoAAAANSUhEUgAAABAAAAAQAgMAAABinRfyAAAACVBMVEX///8ZGXBQKKnCrDQ3 AAAAJElEQVQImWNgQAAXzwQg4SKASgAlXIEEiwsSIYBEcLaAtMEAADJnB+kKcKioAAAAAElFTkSu QmCC
Copyright: Copyright 2012 James Cloos
OpenPGP: ED7DAEA6; url=http://jhcloos.com/public_key/0xED7DAEA6.asc
OpenPGP-Fingerprint: E9E9 F828 61A4 6EA9 0F2B 63E7 997A 9F17 ED7D AEA6
Date: Mon, 10 Sep 2012 18:22:30 -0400
Message-ID: <m3r4q94iww.fsf@carbon.jhcloos.org>
Lines: 32
MIME-Version: 1.0
Content-Type: text/plain
X-Hashcash: 1:30:120910:dane@ietf.org::M/19w6sckJuJsIHV:00050yt/
X-Hashcash: 1:30:120910:jakob@kirei.se::dqwsCkbyFWIOn+6U:00FJYLf
X-Hashcash: 1:30:120910:paul.hoffman@vpnc.org::XNd68XvEONil2nPy:0000000000000000000000000000000000000002ZeXI
Cc: Paul Hoffman <paul.hoffman@vpnc.org>
Subject: Re: [dane] FYI: New Version Notification for draft-hoffman-dane-smime-04.txt
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Sep 2012 22:37:24 -0000
+1 on adopting. As for the draft, do we really need a new RR? If the content is the same as TLSA, just with a different naming scheme, why not just use TLSA? TLSA ought to be specified as suitable for anchoring any x.509-style cert or cert chain in the dns. Perhaps TLSA should have been called X509A? A requirement to update dns software for every new use case might be an excessive burden on the community. Re-using TLSA for smime means that the only type of software (with existing TLSA support) which would need updates would be DANE-specific software like swede which would need an update anyway to generate and verify associations on the new name. (Smime consumers, of course, will need an update no matter what the RR is called.) (It certainly never occured to me that more RRs would be proposed for associations to 509-style certs. I envisioned a risk of another RR for, eg, associations to OpenPGP certs, but not for other applications of the 509-style ones.) (That said, If the consensus here and at dnsext is for a new RR, then I'll join that consensus.) -JimC -- James Cloos <cloos@jhcloos.com> OpenPGP: 1024D/ED7DAEA6
- [dane] FYI: New Version Notification for draft-ho… Jakob Schlyter
- Re: [dane] FYI: New Version Notification for draf… James Cloos
- Re: [dane] FYI: New Version Notification for draf… Paul Hoffman
- Re: [dane] FYI: New Version Notification for draf… Jim Schaad
- Re: [dane] FYI: New Version Notification for draf… Tony Finch
- Re: [dane] FYI: New Version Notification for draf… Jakob Schlyter
- Re: [dane] FYI: New Version Notification for draf… Nicholas Weaver
- Re: [dane] FYI: New Version Notification for draf… Jim Schaad
- Re: [dane] FYI: New Version Notification for draf… Martin Pels
- Re: [dane] FYI: New Version Notification for draf… Jakob Schlyter
- Re: [dane] FYI: New Version Notification for draf… Paul Hoffman
- Re: [dane] FYI: New Version Notification for draf… Jim Schaad