Re: [dane] Compressed Call for Adoption: draft-gilmore-dane-rawkeys-00

[Viktor Dukhovni <viktor1dane@dukhovni.org>]

On Mon, Jun 23, 2014 at 06:16:01AM -0400, Warren Kumari wrote:

> This starts a Call for Adoption for draft-gilmore-dane-rawkeys-00.
> The draft is available here:
> https://datatracker.ietf.org/doc/draft-gilmore-dane-rawkeys-00/

I am a day or two away from essentially compatible language in the
next (04) revision of draft-ietf-dane-ops.

I have no major objections to the substance of the new draft, we'll
mostly just need to decide how it relates to the revised ops draft,
which is now a 6698 update.   We should be able to merge the best
parts of the two parallel treatments, and either expand the coverage
of raw public keys in the ops draft, or shrink it, moving all
coverage of this issue to the new draft.

My technical issue with the new draft was that it seemed to suggest
that any DANE-EE(3) TLSA RR can be used to match raw public keys,
while in fact only DANE-EE(3) SPKI(1) matches raw public keys.

The new draft operates at two layers, on the one hand concretely
extending 6698 to support raw public keys, and on the other hand
generalizing the approach to arbitrary "key material" (conceptually
beyond even raw public keys).  My best guess is that were some
other kind of "key material" to be used with TLS, that is not in
SPKI format, the draft is trying to suggest that we'd use DANE-EE(3)
anyway (but likely with a new selector value, though this is not
stated).  I would for now not try to generalize beyond SPKI.  It
is not clear what those generalizations will really entail or
whether any are likely to happen in the near future.

Since I think "adoption" is not final approval of the content, but
rather agreement that there is useful and relevant material to
build on, while the draft is not done, I support adoption.

-- 
	Viktor.