IETF Logo Mail Archive

Re: [dane] draft-ietf-dane-smime

"Osterweil, Eric" <eosterweil@verisign.com> Mon, 20 October 2014 15:30 UTC

Return-Path: <eosterweil@verisign.com>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0842C1A1B7F for <dane@ietfa.amsl.com>; Mon, 20 Oct 2014 08:30:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WRr-8a5MTTOM for <dane@ietfa.amsl.com>; Mon, 20 Oct 2014 08:30:04 -0700 (PDT)
Received: from exprod6og115.obsmtp.com (exprod6og115.obsmtp.com [64.18.1.35]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EC4C51A6EF0 for <dane@ietf.org>; Mon, 20 Oct 2014 08:23:58 -0700 (PDT)
Received: from brn1lxmailout02.vcorp.ad.vrsn.com ([72.13.63.42]) (using TLSv1) by exprod6ob115.postini.com ([64.18.5.12]) with SMTP ID DSNKVEUpDkkVpoBbkWKSzMA/w2XhBcFpjIW5@postini.com; Mon, 20 Oct 2014 08:24:01 PDT
Received: from BRN1WNEXCHM01.vcorp.ad.vrsn.com (brn1wnexchm01.vcorp.ad.vrsn.com [10.173.152.255]) by brn1lxmailout02.vcorp.ad.vrsn.com (8.13.8/8.13.8) with ESMTP id s9KFNvY4023995 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Mon, 20 Oct 2014 11:23:57 -0400
Received: from BRN1WNEXMBX01.vcorp.ad.vrsn.com ([::1]) by BRN1WNEXCHM01.vcorp.ad.vrsn.com ([::1]) with mapi id 14.03.0174.001; Mon, 20 Oct 2014 11:23:56 -0400
From: "Osterweil, Eric" <eosterweil@verisign.com>
To: Paul Hoffman <paul.hoffman@vpnc.org>
Thread-Topic: [dane] draft-ietf-dane-smime
Thread-Index: AQHP2+CXduy9obN06UaH3lWvHXXI5ZwabJwAgBgn4ICAAikmgIAEwWkA
Date: Mon, 20 Oct 2014 15:23:57 +0000
Message-ID: <FE426405-9658-41BD-BD3B-68D358CC3CEB@verisign.com>
References: <273F9612-13AF-4CB8-B15C-912AAD04C738@verisign.com> <CF875C06-E4DA-4DCA-A722-5FDEE04B3069@vpnc.org> <67BDE5B6-58C7-4E0B-8CB4-045E51027D85@ieca.com> <3473729E-BC37-48DB-9ACD-FB872CB666DE@vpnc.org>
In-Reply-To: <3473729E-BC37-48DB-9ACD-FB872CB666DE@vpnc.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.173.152.4]
Content-Type: text/plain; charset="Windows-1252"
Content-ID: <CE589DBD01B08D44A98525D74C60523D@verisign.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/dane/8srQx7rMqMfASVIJKvIHplzUvps
Cc: "<dane@ietf.org>" <dane@ietf.org>
Subject: Re: [dane] draft-ietf-dane-smime
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Oct 2014 15:30:06 -0000

On Oct 17, 2014, at 10:46 AM, Paul Hoffman <paul.hoffman@vpnc.org> wrote:

> On Oct 15, 2014, at 10:46 PM, Sean Turner <turners@ieca.com> wrote:
> 
>> The idea that the proponents of these changes need to go change the TLSA spec because you think it applies to both seems a little bit excessive.  If you think the changes apply to both, then great feel free to go and propose those changes get made in the TLSA spec; I see no reason to burden the proponents of these changes with that job.
> 
> Nor do I see a reason for the proponents to burden us with making the changes here if there is no support for them. As you probably saw, another WG member pointed out that there were significant technical issues with the wording of the revocation proposal. If we incorporate that into the S/MIME draft, that draft will get delayed while the proponents get their wording right.

Hey Paul,

TLS and S/MIME use pretty different security models (session vs. object security), so necessarily coupling the RRs doesn’t seem to make sense.  In addition, to echo what others have already said on the list, I really don’t think it is reasonable to gate updates to the SMIMEA proposal on updating TLSA.

> A better process would be for the proponents to offer a standalone draft for the idea that will be an extension that would be usable to both TLSA and SMIMEA and any other documents that come later.

Just by looking at the list, it seems like there are a number of voices that disagree with you on this.  Also, isn’t the SMIMEA work still an evolving draft?  What else does one need besides: articulated rationale, proposed requirements, operational data, suggested text, and running code from multiple people in order to support suggested revisions?  Please accept the proposed SMIMEA changes into the SMIMEA draft so that we can make progress on this work.

Thank you,

Eric

v2.30.2 | Report a Bug | By Email | System Status