Re: [dane] Calling the naming issue...

Richard Barnes <rlb@ipv.sx> Tue, 10 December 2013 21:13 UTC

Return-Path: <rlb@ipv.sx>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 17C8E1AE0FE for <dane@ietfa.amsl.com>; Tue, 10 Dec 2013 13:13:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CRUMMRGtVoyA for <dane@ietfa.amsl.com>; Tue, 10 Dec 2013 13:13:18 -0800 (PST)
Received: from mail-ob0-f181.google.com (mail-ob0-f181.google.com [209.85.214.181]) by ietfa.amsl.com (Postfix) with ESMTP id 430CA1AE089 for <dane@ietf.org>; Tue, 10 Dec 2013 13:13:18 -0800 (PST)
Received: by mail-ob0-f181.google.com with SMTP id uy5so6020842obc.12 for <dane@ietf.org>; Tue, 10 Dec 2013 13:13:13 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type; bh=KPLhTaOdoGlkjK7ABEEJmOLHAAc5kvSxil9OtESaj0o=; b=B3IEZS2PY+hOHNIAnbrW8+FuOWKGLnuOIGHRl/Nw9cjEutfwsWwz0LctJx8D00NAfG qF9Qinn4/nZ4961r0P62UL6vuCjMhQK6zj6MT1vtB97DvYb4zNkvhDRVYzbRJCQgm2ap Iy39TyzKwKqwprUGGUCZmBxtqagNqYDPwrWsqeoXn7y2xfq7AIYb1zmesBv8vG/lNKfL dJbgAfnPdV05kqeLL49Z1t8APXNPfAib1MEooYnjo8Xcd+znIjjhbzGaKosGyFNXpnk/ /q7lnA2AJS3D7lhcO/smvetwjobgKSn8rLiN42V0Ekksm6e81mD8+DybbkXF+EbjuBWt 5qPg==
X-Gm-Message-State: ALoCoQl92E4WOfu7v45uJNhxtq2n4LdQu+lb9+E0KIUtKJrSLJzwCgy4oiJCvxQbiQMVWCeKNOrs
MIME-Version: 1.0
X-Received: by 10.60.58.134 with SMTP id r6mr17926348oeq.17.1386709992776; Tue, 10 Dec 2013 13:13:12 -0800 (PST)
Received: by 10.60.31.74 with HTTP; Tue, 10 Dec 2013 13:13:12 -0800 (PST)
In-Reply-To: <20131210194214.GH761@mournblade.imrryr.org>
References: <77C3BA84-1EC4-4536-B66D-D9C36CCF7C1A@kumari.net> <20131210194214.GH761@mournblade.imrryr.org>
Date: Tue, 10 Dec 2013 16:13:12 -0500
Message-ID: <CAL02cgRy5xUwUf5R0O+2JroQ5Q2f5fdXLVN8b51up08LJUTGGA@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
To: "dane@ietf.org" <dane@ietf.org>
Content-Type: multipart/alternative; boundary=089e013c71e486bf1804ed349424
Subject: Re: [dane] Calling the naming issue...
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Dec 2013 21:13:21 -0000

I'm a little confused, since I see a message from Warren on 6 Dec saying
that the call would be extended until tomorrow.  I admit that I have not
been following this discussion closely, though.

In case the window for comments / proposals is still open, my only insight
here is that usages 0/1 are very much like the "pinning" work being done in
draft-ietf-websec-key-pinning, so it might be helpful to re-use that term
here.  For 2/3, it seems like people I've talked to understand the verbs
"assert" (since that's what the domain holder is doing) or "trust" (since
that's what the recipient is being asked to do).

        0 - PIN-CA
        1 - PIN-EE
        2 - ASSERT-CA or TRUST-CA
        3 - ASSERT-EE or TRUST-EE

So that's my favorite color for the bike shed.

--Richard


On Tue, Dec 10, 2013 at 2:42 PM, Viktor Dukhovni
<viktor1dane@dukhovni.org>wrote;wrote:

> On Tue, Dec 10, 2013 at 10:37:50AM -0500, Warren Kumari wrote:
>
> > We understand that these names are not perfect and do not please
> > everyone. Despite that, there is sufficient value in the document
> > and we believe it will aid discussion and (hopefully) deployment.
> > This will also allow us to move on and discuss things of more
> > substance.
> >
> > If you are still concerned that this document might cause the
> > sky to fall, mail the list, and our AD will review when doing the
> > AD review. There is also IETF LC, so we have another chance to
> > discuss this, this time in a more public setting? :-P
>
> So long as server operators understand that PKIX-TA is not a TA,
> and DANE-TA actually employs PKIX, and are not mislead into publishing
> incorrect records, all is well.  The names could equally well be
> "Chico, Harpo, Groucho and Zeppo".
>
> I also hope that future implementors will have read the standard
> thoroughly and will have thought carefully about how to validate
> each of the four usages and will not be misled by the acronyms'
> false dichotomy.
>
> This said, the names are reasonably memorable, so I guess we can
> hope that their use will promote ease of discussion without creating
> confusion.  I am too steeped in the details now to know whether I
> would have been confused initially.
>
> --
>         Viktor.
> _______________________________________________
> dane mailing list
> dane@ietf.org
> https://www.ietf.org/mailman/listinfo/dane
>