Re: [dane] draft-ietf-dane-smime
Jakob Schlyter <jakob@kirei.se> Thu, 02 October 2014 21:00 UTC
Return-Path: <jakob@kirei.se>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BEE991ACD78 for <dane@ietfa.amsl.com>; Thu, 2 Oct 2014 14:00:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.437
X-Spam-Level:
X-Spam-Status: No, score=-2.437 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_EQ_SE=0.35, RP_MATCHES_RCVD=-0.786, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KOXf1p5AleuF for <dane@ietfa.amsl.com>; Thu, 2 Oct 2014 14:00:50 -0700 (PDT)
Received: from spg.kirei.se (spg.kirei.se [IPv6:2001:67c:394:15::9]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 065961ACD6A for <dane@ietf.org>; Thu, 2 Oct 2014 14:00:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kirei.se; s=spg20100524; h=received:content-type:mime-version:subject:from:in-reply-to:date:cc: content-transfer-encoding:message-id:references:to:x-mailer; bh=6Ds+GQUL2EYbVJypKBqEeh42Jq9dzo6KVxz4/HusOBQ=; b=DXgZLvcv7nlz0zs0k8ZLbDAiVZJntFLQrN1ZsBOwqsfJvpkBLrl3DhBNFD1ORytlU7W2LsxLn3wjN SjtV8+PkN9cmGX3/aL8oJOX7l2MmPTnrMVFYLGHXIndySLcHBreoWzIFm28rklFBT4ljPwDYmYbyqV vDiPwSxnJa7qu7sY=
Received: from mail.kirei.se (unknown [91.206.174.10]) by spg-relay.kirei.se (Halon Mail Gateway) with ESMTPS; Thu, 2 Oct 2014 23:00:34 +0200 (CEST)
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Jakob Schlyter <jakob@kirei.se>
In-Reply-To: <CAMaMmn=pD--mUM2oEHMWmQ7WuO_ReCZQRfTKgVpHtoXyBxj8zQ@mail.gmail.com>
Date: Thu, 02 Oct 2014 23:00:39 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <F85169F2-8263-443B-BBCC-5BA9AE2EE8E4@kirei.se>
References: <273F9612-13AF-4CB8-B15C-912AAD04C738@verisign.com> <CF875C06-E4DA-4DCA-A722-5FDEE04B3069@vpnc.org> <CAMaMmn=pD--mUM2oEHMWmQ7WuO_ReCZQRfTKgVpHtoXyBxj8zQ@mail.gmail.com>
To: Doug Montgomery <dougm.work@gmail.com>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: http://mailarchive.ietf.org/arch/msg/dane/B-qFEvloMfD8cqhKlThiK1aOuy4
Cc: Paul Hoffman <paul.hoffman@vpnc.org>, dane WG list <dane@ietf.org>
Subject: Re: [dane] draft-ietf-dane-smime
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Oct 2014 21:00:54 -0000
On 2 okt 2014, at 22:56, Doug Montgomery <dougm.work@gmail.com> wrote: > Having a scalable, simple, but definitive way to indicate that a previously valid email-identity/certificate is no longer valid within a given domain is a useful feature that doesn't seem to have an analog use case in TLS. If you trust in DANE, and the certificate is no longer published in DNS, it is not valid - no revocation is needed. If you do not trust in DANE, normal/legacy revocation procedures (OCSP/CRL) applies. my 0.01€, jakob
- [dane] draft-ietf-dane-smime Osterweil, Eric
- Re: [dane] draft-ietf-dane-smime Paul Hoffman
- Re: [dane] draft-ietf-dane-smime Doug Montgomery
- Re: [dane] draft-ietf-dane-smime Jakob Schlyter
- Re: [dane] draft-ietf-dane-smime Doug Montgomery
- Re: [dane] draft-ietf-dane-smime Paul Hoffman
- Re: [dane] draft-ietf-dane-smime Viktor Dukhovni
- Re: [dane] draft-ietf-dane-smime Viktor Dukhovni
- Re: [dane] draft-ietf-dane-smime Sean Turner
- Re: [dane] draft-ietf-dane-smime Olafur Gudmundsson
- Re: [dane] draft-ietf-dane-smime Jakob Schlyter
- Re: [dane] draft-ietf-dane-smime Paul Hoffman
- Re: [dane] draft-ietf-dane-smime Viktor Dukhovni
- Re: [dane] draft-ietf-dane-smime Osterweil, Eric
- Re: [dane] draft-ietf-dane-smime Osterweil, Eric
- Re: [dane] draft-ietf-dane-smime Paul Hoffman
- Re: [dane] draft-ietf-dane-smime Viktor Dukhovni
- Re: [dane] draft-ietf-dane-smime Paul Hoffman
- Re: [dane] draft-ietf-dane-smime Osterweil, Eric
- Re: [dane] draft-ietf-dane-smime Viktor Dukhovni
- Re: [dane] draft-ietf-dane-smime Paul Wouters
- [dane] Deployment considerations - Re: draft-ietf… Dan York
- Re: [dane] draft-ietf-dane-smime Warren Kumari
- Re: [dane] Deployment considerations - Re: draft-… Viktor Dukhovni
- Re: [dane] draft-ietf-dane-smime Warren Kumari
- Re: [dane] Deployment considerations - Re: draft-… Mark Andrews
- Re: [dane] draft-ietf-dane-smime Osterweil, Eric
- Re: [dane] draft-ietf-dane-smime Paul Wouters
- Re: [dane] draft-ietf-dane-smime Danny McPherson
- Re: [dane] draft-ietf-dane-smime Viktor Dukhovni
- Re: [dane] draft-ietf-dane-smime Osterweil, Eric
- Re: [dane] draft-ietf-dane-smime Viktor Dukhovni
- Re: [dane] draft-ietf-dane-smime Jakob Schlyter