Re: [dane] Fwd: New Version Notification for draft-york-dane-deployment-observations-00.txt

Dan York <> Mon, 10 November 2014 23:49 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 230F01AD0BE for <>; Mon, 10 Nov 2014 15:49:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id bo6xOLM9QyzK for <>; Mon, 10 Nov 2014 15:49:18 -0800 (PST)
Received: from ( []) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id D55B61AD0BB for <>; Mon, 10 Nov 2014 15:49:17 -0800 (PST)
Received: from ( by ( with Microsoft SMTP Server (TLS) id; Mon, 10 Nov 2014 23:49:16 +0000
Received: from ( by ( with Microsoft SMTP Server (TLS) id; Mon, 10 Nov 2014 23:49:16 +0000
Received: from ([]) by ([]) with mapi id 15.01.0016.006; Mon, 10 Nov 2014 23:49:15 +0000
From: Dan York <>
To: "" <>
Thread-Topic: [dane] Fwd: New Version Notification for draft-york-dane-deployment-observations-00.txt
Thread-Index: AQHP8jjOFMsq3jadb06FZXJoaiV9rJxEmBKAgBWPLYCAAFHugIAAG7OAgAAIiwA=
Date: Mon, 10 Nov 2014 23:49:15 +0000
Message-ID: <>
References: <> <> <> <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
x-microsoft-antispam: BCL:0;PCL:0;RULEID:;SRVR:BLUPR06MB244;UriScan:;
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa: BCL:0;PCL:0;RULEID:;SRVR:BLUPR06MB244;
x-forefront-prvs: 039178EF4A
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(199003)(2473001)(189002)(377454003)(24454002)(62966003)(36756003)(92566001)(77096003)(2420400002)(82746002)(15975445006)(122556002)(110136001)(77156002)(97736003)(19617315012)(16236675004)(19580405001)(19580395003)(83716003)(87936001)(33656002)(40100003)(76176999)(101416001)(2656002)(2501002)(50986999)(54356999)(99396003)(46102003)(66066001)(21056001)(4396001)(15202345003)(95666004)(1411001)(120916001)(99286002)(106356001)(106116001)(230783001)(92726001)(105586002)(64706001)(107046002)(93886004)(20776003)(2351001)(31966008)(86362001)(104396001); DIR:OUT; SFP:1101; SCL:1; SRVR:BLUPR06MB244;; FPR:; MLV:sfv; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
Content-Type: multipart/alternative; boundary="_000_6CBA9FB4212E4021BDF55AF37A717556isocorg_"
MIME-Version: 1.0
X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:;SRVR:BLUPR06MB532;
Cc: "" <>
Subject: Re: [dane] Fwd: New Version Notification for draft-york-dane-deployment-observations-00.txt
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 10 Nov 2014 23:49:23 -0000

Shumon (& also replying to Viktor),

On Nov 10, 2014, at 1:18 PM, Shumon Huque <<>> wrote:

My site (<>.) also falls into that latter category. The annotation on Dan York's page should be updated - it currently says I don't have a secure delegation, which was true at one time in the past (blame a DNSSEC oblivious registrar), but no longer.

Yes, I noticed that when I looked at Viktor's test results this morning.  I updated the page to move your site into the appropriate category:

Based on Viktor's recent test (Thank you, Viktor!), I'm updating the page with other information.

I find it interesting that 3 of the 5 out-of-date sites would seem to be be operational errors.  Two of the sites Viktor tags as:

  - Recent key rotation, no corresponding TLSA RR update.

and one is:

  - Certificate unrelated to TLSA RR.

All of these would seem to be related to operational processes where some part of the security layers get updated without other corresponding layers being also updated.  I don't know that this is really anything that we as the IETF can do anything to help with... but it's interesting to understand where the breakdown in the process occurs.