Re: [dane] Start of WGLC for draft-ietf-dane-registry-acronym

Paul Hoffman <paul.hoffman@vpnc.org> Mon, 30 September 2013 02:16 UTC

Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
From: Paul Hoffman <paul.hoffman@vpnc.org>
In-Reply-To: <20130920021124.GE29796@mournblade.imrryr.org>
Date: Sun, 29 Sep 2013 19:16:43 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <4D79E741-F559-4D6D-9AB0-E7B35A62C783@vpnc.org>
References: <20130919201216.14866.61161.idtracker@ietfa.amsl.com> <EACEEB05-2023-4F76-A6FE-A9B2FDC0AA59@kumari.net> <m361twqxn9.fsf@carbon.jhcloos.org> <20130919221035.GC29796@mournblade.imrryr.org> <20130920021124.GE29796@mournblade.imrryr.org>
To: dane@ietf.org
Subject: Re: [dane] Start of WGLC for draft-ietf-dane-registry-acronym
Precedence: list

On Sep 19, 2013, at 7:11 PM, Viktor Dukhovni <viktor1dane@dukhovni.org> wrote:

> On Thu, Sep 19, 2013 at 10:10:35PM +0000, Viktor Dukhovni wrote:
> 
>> Agreed on PKIX-TA vs. PKIX-CA.
> 
> On second thought, I am not so sure, the CA constraint with usage
> 0, is NOT a trust-anchor, the trust-anchor is still the PKIX root CA.
> 
> This usage requires the presence of a given CA (root or intermediate)
> in the chain, but does not promote that CA to a trust anchor (as
> with usage 2).  So perhaps the original PKIX-CA is in fact better.

PKIX is not clear if there are PKIX TAs that are not CAs, as we discussed extensively earlier in this WG. We do not need to open those wounds with molten salt. Either term is probably technically accurate, and we won't know for sure.

The rest of this document seems fine, and is a valuable addition to the DANE world.

--Paul Hoffman

[dane] I-D Action: draft-ietf-dane-registry-acron… internet-drafts
[dane] Start of WGLC for draft-ietf-dane-registry… Warren Kumari
Re: [dane] Start of WGLC for draft-ietf-dane-regi… Andreas Schulze
Re: [dane] Start of WGLC for draft-ietf-dane-regi… Yoav Nir
Re: [dane] Start of WGLC for draft-ietf-dane-regi… Stephen Farrell
Re: [dane] Start of WGLC for draft-ietf-dane-regi… Warren Kumari
Re: [dane] Start of WGLC for draft-ietf-dane-regi… James Cloos
Re: [dane] Start of WGLC for draft-ietf-dane-regi… Viktor Dukhovni
Re: [dane] Start of WGLC for draft-ietf-dane-regi… James Cloos
Re: [dane] Start of WGLC for draft-ietf-dane-regi… Viktor Dukhovni
Re: [dane] Start of WGLC for draft-ietf-dane-regi… Olle E. Johansson
Re: [dane] Start of WGLC for draft-ietf-dane-regi… James Cloos
Re: [dane] Start of WGLC for draft-ietf-dane-regi… Viktor Dukhovni
Re: [dane] Start of WGLC for draft-ietf-dane-regi… Viktor Dukhovni
Re: [dane] Start of WGLC for draft-ietf-dane-regi… Paul Hoffman
Re: [dane] Start of WGLC for draft-ietf-dane-regi… Wes Hardaker
Re: [dane] Start of WGLC for draft-ietf-dane-regi… Viktor Dukhovni
Re: [dane] Start of WGLC for draft-ietf-dane-regi… Warren Kumari
Re: [dane] Start of WGLC for draft-ietf-dane-regi… Wes Hardaker
Re: [dane] Start of WGLC for draft-ietf-dane-regi… Wes Hardaker
Re: [dane] Start of WGLC for draft-ietf-dane-regi… Warren Kumari
Re: [dane] Start of WGLC for draft-ietf-dane-regi… Jim Schaad
Re: [dane] Start of WGLC for draft-ietf-dane-regi… Mark Andrews
Re: [dane] Start of WGLC for draft-ietf-dane-regi… Viktor Dukhovni
Re: [dane] Start of WGLC for draft-ietf-dane-regi… Stephen Kent
Re: [dane] Start of WGLC for draft-ietf-dane-regi… Viktor Dukhovni
Re: [dane] Start of WGLC for draft-ietf-dane-regi… Jim Schaad
Re: [dane] Start of WGLC for draft-ietf-dane-regi… Viktor Dukhovni
Re: [dane] Start of WGLC for draft-ietf-dane-regi… Jim Schaad
Re: [dane] Start of WGLC for draft-ietf-dane-regi… Olafur Gudmundsson
Re: [dane] Start of WGLC for draft-ietf-dane-regi… Olafur Gudmundsson
Re: [dane] Start of WGLC for draft-ietf-dane-regi… Olafur Gudmundsson
Re: [dane] Start of WGLC for draft-ietf-dane-regi… Warren Kumari
Re: [dane] Start of WGLC for draft-ietf-dane-regi… Olafur Gudmundsson
Re: [dane] Start of WGLC for draft-ietf-dane-regi… Viktor Dukhovni
Re: [dane] Start of WGLC for draft-ietf-dane-regi… Jim Schaad