IETF Logo Mail Archive

Re: [dane] Reusing TLSA

"Matt Miller (mamille2)" <mamille2@cisco.com> Mon, 24 September 2012 17:06 UTC

Return-Path: <mamille2@cisco.com>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC01F21E8045 for <dane@ietfa.amsl.com>; Mon, 24 Sep 2012 10:06:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.689
X-Spam-Level:
X-Spam-Status: No, score=-10.689 tagged_above=-999 required=5 tests=[AWL=-0.090, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yTmLkqA9VGHA for <dane@ietfa.amsl.com>; Mon, 24 Sep 2012 10:06:56 -0700 (PDT)
Received: from rcdn-iport-6.cisco.com (rcdn-iport-6.cisco.com [173.37.86.77]) by ietfa.amsl.com (Postfix) with ESMTP id B381721F8822 for <dane@ietf.org>; Mon, 24 Sep 2012 10:06:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=5214; q=dns/txt; s=iport; t=1348506407; x=1349716007; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=ESfcaIsI+V3GBtcf6gSpgJSdJ9VT3ZJF6Evd+57QxQo=; b=PoqeACcy0o64yhDv0LzVeCkMKIKoxpHIXT9td6u43dQsqhr+nikBJPsU yJ5exc8fDwN2i9jYG1cCOqqPb0Ivkfo6oTaWhoeGxaUPl9EMZajdg/z4F O84uQrWWXSklIyL/iA6uBI9oKRxskGZmdXyeq0NYLW+DOUIh9u31ra6rv E=;
X-Files: smime.p7s, PGP.sig : 2214, 535
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Ai4FAIGRYFCtJV2b/2dsb2JhbABFhUS4e4EIgiABAQEDARIBZgULAgEIRgIwJQIEDgUOFIddBphin2iLHIVKYAOOa4EghVqOOoFpgmeCFw
X-IronPort-AV: E=Sophos; i="4.80,476,1344211200"; d="sig'?p7s'?scan'208"; a="124745668"
Received: from rcdn-core-4.cisco.com ([173.37.93.155]) by rcdn-iport-6.cisco.com with ESMTP; 24 Sep 2012 17:06:47 +0000
Received: from xhc-aln-x11.cisco.com (xhc-aln-x11.cisco.com [173.36.12.85]) by rcdn-core-4.cisco.com (8.14.5/8.14.5) with ESMTP id q8OH6l0E010308 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Mon, 24 Sep 2012 17:06:47 GMT
Received: from xmb-aln-x11.cisco.com ([169.254.6.219]) by xhc-aln-x11.cisco.com ([173.36.12.85]) with mapi id 14.02.0298.004; Mon, 24 Sep 2012 12:06:46 -0500
From: "Matt Miller (mamille2)" <mamille2@cisco.com>
To: Paul Hoffman <paul.hoffman@vpnc.org>
Thread-Topic: [dane] Reusing TLSA
Thread-Index: AQHNmnTvQD2x62iAGE2dgNir0RNHUpeaDO6A
Date: Mon, 24 Sep 2012 17:06:46 +0000
Message-ID: <91558793-B9DC-4FB4-8717-078F0A64430B@cisco.com>
References: <FE6C9DF2-E86E-4CEF-A537-D68C5952B602@vpnc.org>
In-Reply-To: <FE6C9DF2-E86E-4CEF-A537-D68C5952B602@vpnc.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-pgp-agent: GPGMail 1.3.3
x-originating-ip: [64.101.72.40]
x-tm-as-product-ver: SMEX-10.2.0.1135-7.000.1014-19206.004
x-tm-as-result: No--34.561000-8.000000-31
x-tm-as-user-approved-sender: No
x-tm-as-user-blocked-sender: No
Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="pgp-sha1"; boundary="Apple-Mail-6-832034395"
MIME-Version: 1.0
Cc: IETF DANE WG list <dane@ietf.org>
Subject: Re: [dane] Reusing TLSA
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Sep 2012 17:06:58 -0000

On Sep 24, 2012, at 10:51, Paul Hoffman wrote:

> I'm starting this as a new thread because Richard conflated two topics *and* missed the fact that there is already a WG document.
> 
> The question becomes what the registration of an RRtype "means". If it means the bits on the wire of the *response* and their semantics, then I think the S/MIME document can use the TLSA RRtype. If an RRtype also means the bits on the wire of the request and response, we can't.
> 
> Personally, I think that the RRtype is defined just by the bits in the response, so we could reuse, but others might disagree.
> 

In my naivete, I've interpreted the RRType to define the bits in the response.  Which explains why I've been confused why draft-hoffman-dane-smime can't re-use TLSA.


- m&m

Matt Miller - <mamille2@cisco.com>
Cisco Systems, Inc.

v2.23.0 | Report a Bug | By Email