[dane] Comment on draft-ietf-dane-smime-12
Marcos Sanz <sanz@denic.de> Thu, 06 October 2016 06:32 UTC
Return-Path: <sanz@denic.de>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E5E41200DF for <dane@ietfa.amsl.com>; Wed, 5 Oct 2016 23:32:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.196
X-Spam-Level:
X-Spam-Status: No, score=-7.196 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-2.996] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B5Vwakxd0mvH for <dane@ietfa.amsl.com>; Wed, 5 Oct 2016 23:32:09 -0700 (PDT)
Received: from office.denic.de (office.denic.de [81.91.160.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B895A12946E for <dane@ietf.org>; Wed, 5 Oct 2016 23:32:09 -0700 (PDT)
Received: from office.denic.de (mailout-6.osl.denic.de [10.122.34.32]) by office.denic.de (Postfix) with ESMTP id 96B4D1FEAA for <dane@ietf.org>; Thu, 6 Oct 2016 08:32:05 +0200 (CEST)
Received: from notes1.fra2.osl.denic.de (notes1.fra2.osl.denic.de [10.122.50.48]) by office.denic.de with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) id 1bs2Dt-0003bm-J7; Thu, 06 Oct 2016 08:32:05 +0200
To: dane@ietf.org
MIME-Version: 1.0
X-KeepSent: 3260F3E2:2BFFC454-C1258044:0021F733; type=4; name=$KeepSent
X-Mailer: IBM Notes Release 9.0.1FP5 Octobe4, 2013
From: Marcos Sanz <sanz@denic.de>
Message-ID: <OF3260F3E2.2BFFC454-ONC1258044.0021F733-C1258044.0023E528@notes.denic.de>
Date: Thu, 06 Oct 2016 08:32:04 +0200
X-MIMETrack: Serialize by Router on notes/Denic at 06.10.2016 08:32:05, Serialize complete at 06.10.2016 08:32:05
Content-Type: text/plain; charset="US-ASCII"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dane/9J1QDEMwsGzS1TH-6moNck6A-lg>
Subject: [dane] Comment on draft-ietf-dane-smime-12
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Oct 2016 06:32:12 -0000
Hello all, I just got through the dane-smime document and have one ammendment to make to section 7, specifically "applications SHOULD use TCP - not UDP". My impression is that that specific recommendation (and its rationale in the next paragraph) was mimicked from the OPENPGPKEY spec, where it makes sense because the whole armored key gets into the DNS. But since SMIMEA is very much like TLSA, I don't see the need for that TCP preference (nor does 7671 - check section 10.1.1). One might argue that QNAMES for SMIMEA will be bigger than for TLSA, since they routinely include a 28-octect hash, however, I don't buy that as a powerful enough reason. I would just delete the text and, if at all, refer to 7671 for transport considerations. Paul already reminded me that the wg last call for the document is over, but I think it still would be time to make some change, if the chairs haven't passed the doc to the IESG. Best regards, Marcos
- [dane] Comment on draft-ietf-dane-smime-12 Marcos Sanz
- Re: [dane] Comment on draft-ietf-dane-smime-12 Paul Wouters