Re: [dane] Start of WGLC for draft-ietf-dane-registry-acronym
Paul Hoffman <paul.hoffman@vpnc.org> Mon, 30 September 2013 02:16 UTC
Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0AEA621F9D2C for <dane@ietfa.amsl.com>; Sun, 29 Sep 2013 19:16:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.557
X-Spam-Level:
X-Spam-Status: No, score=-102.557 tagged_above=-999 required=5 tests=[AWL=0.042, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Gc4IMYCatGbk for <dane@ietfa.amsl.com>; Sun, 29 Sep 2013 19:16:46 -0700 (PDT)
Received: from hoffman.proper.com (IPv6.Hoffman.Proper.COM [IPv6:2605:8e00:100:41::81]) by ietfa.amsl.com (Postfix) with ESMTP id 9237C21F9D23 for <dane@ietf.org>; Sun, 29 Sep 2013 19:16:46 -0700 (PDT)
Received: from [10.20.30.90] (50-1-98-185.dsl.dynamic.sonic.net [50.1.98.185]) (authenticated bits=0) by hoffman.proper.com (8.14.7/8.14.5) with ESMTP id r8U2GhdO069372 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO) for <dane@ietf.org>; Sun, 29 Sep 2013 19:16:44 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
X-Authentication-Warning: hoffman.proper.com: Host 50-1-98-185.dsl.dynamic.sonic.net [50.1.98.185] claimed to be [10.20.30.90]
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
From: Paul Hoffman <paul.hoffman@vpnc.org>
In-Reply-To: <20130920021124.GE29796@mournblade.imrryr.org>
Date: Sun, 29 Sep 2013 19:16:43 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <4D79E741-F559-4D6D-9AB0-E7B35A62C783@vpnc.org>
References: <20130919201216.14866.61161.idtracker@ietfa.amsl.com> <EACEEB05-2023-4F76-A6FE-A9B2FDC0AA59@kumari.net> <m361twqxn9.fsf@carbon.jhcloos.org> <20130919221035.GC29796@mournblade.imrryr.org> <20130920021124.GE29796@mournblade.imrryr.org>
To: dane@ietf.org
X-Mailer: Apple Mail (2.1510)
Subject: Re: [dane] Start of WGLC for draft-ietf-dane-registry-acronym
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Sep 2013 02:16:47 -0000
On Sep 19, 2013, at 7:11 PM, Viktor Dukhovni <viktor1dane@dukhovni.org> wrote: > On Thu, Sep 19, 2013 at 10:10:35PM +0000, Viktor Dukhovni wrote: > >> Agreed on PKIX-TA vs. PKIX-CA. > > On second thought, I am not so sure, the CA constraint with usage > 0, is NOT a trust-anchor, the trust-anchor is still the PKIX root CA. > > This usage requires the presence of a given CA (root or intermediate) > in the chain, but does not promote that CA to a trust anchor (as > with usage 2). So perhaps the original PKIX-CA is in fact better. PKIX is not clear if there are PKIX TAs that are not CAs, as we discussed extensively earlier in this WG. We do not need to open those wounds with molten salt. Either term is probably technically accurate, and we won't know for sure. The rest of this document seems fine, and is a valuable addition to the DANE world. --Paul Hoffman
- [dane] I-D Action: draft-ietf-dane-registry-acron… internet-drafts
- [dane] Start of WGLC for draft-ietf-dane-registry… Warren Kumari
- Re: [dane] Start of WGLC for draft-ietf-dane-regi… Andreas Schulze
- Re: [dane] Start of WGLC for draft-ietf-dane-regi… Yoav Nir
- Re: [dane] Start of WGLC for draft-ietf-dane-regi… Stephen Farrell
- Re: [dane] Start of WGLC for draft-ietf-dane-regi… Warren Kumari
- Re: [dane] Start of WGLC for draft-ietf-dane-regi… James Cloos
- Re: [dane] Start of WGLC for draft-ietf-dane-regi… Viktor Dukhovni
- Re: [dane] Start of WGLC for draft-ietf-dane-regi… James Cloos
- Re: [dane] Start of WGLC for draft-ietf-dane-regi… Viktor Dukhovni
- Re: [dane] Start of WGLC for draft-ietf-dane-regi… Olle E. Johansson
- Re: [dane] Start of WGLC for draft-ietf-dane-regi… James Cloos
- Re: [dane] Start of WGLC for draft-ietf-dane-regi… Viktor Dukhovni
- Re: [dane] Start of WGLC for draft-ietf-dane-regi… Viktor Dukhovni
- Re: [dane] Start of WGLC for draft-ietf-dane-regi… Paul Hoffman
- Re: [dane] Start of WGLC for draft-ietf-dane-regi… Wes Hardaker
- Re: [dane] Start of WGLC for draft-ietf-dane-regi… Viktor Dukhovni
- Re: [dane] Start of WGLC for draft-ietf-dane-regi… Warren Kumari
- Re: [dane] Start of WGLC for draft-ietf-dane-regi… Wes Hardaker
- Re: [dane] Start of WGLC for draft-ietf-dane-regi… Wes Hardaker
- Re: [dane] Start of WGLC for draft-ietf-dane-regi… Warren Kumari
- Re: [dane] Start of WGLC for draft-ietf-dane-regi… Jim Schaad
- Re: [dane] Start of WGLC for draft-ietf-dane-regi… Mark Andrews
- Re: [dane] Start of WGLC for draft-ietf-dane-regi… Viktor Dukhovni
- Re: [dane] Start of WGLC for draft-ietf-dane-regi… Stephen Kent
- Re: [dane] Start of WGLC for draft-ietf-dane-regi… Viktor Dukhovni
- Re: [dane] Start of WGLC for draft-ietf-dane-regi… Jim Schaad
- Re: [dane] Start of WGLC for draft-ietf-dane-regi… Viktor Dukhovni
- Re: [dane] Start of WGLC for draft-ietf-dane-regi… Jim Schaad
- Re: [dane] Start of WGLC for draft-ietf-dane-regi… Olafur Gudmundsson
- Re: [dane] Start of WGLC for draft-ietf-dane-regi… Olafur Gudmundsson
- Re: [dane] Start of WGLC for draft-ietf-dane-regi… Olafur Gudmundsson
- Re: [dane] Start of WGLC for draft-ietf-dane-regi… Warren Kumari
- Re: [dane] Start of WGLC for draft-ietf-dane-regi… Olafur Gudmundsson
- Re: [dane] Start of WGLC for draft-ietf-dane-regi… Viktor Dukhovni
- Re: [dane] Start of WGLC for draft-ietf-dane-regi… Jim Schaad