Re: [dane] DNS errors text
Viktor Dukhovni <ietf-dane@dukhovni.org> Thu, 02 October 2014 03:18 UTC
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8699A1A0034 for <dane@ietfa.amsl.com>; Wed, 1 Oct 2014 20:18:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EPZydcTS6kq8 for <dane@ietfa.amsl.com>; Wed, 1 Oct 2014 20:18:02 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AF08E1A000A for <dane@ietf.org>; Wed, 1 Oct 2014 20:18:02 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id 822C42AB2B5; Thu, 2 Oct 2014 03:18:00 +0000 (UTC)
Date: Thu, 02 Oct 2014 03:18:00 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: dane@ietf.org
Message-ID: <20141002031800.GU13254@mournblade.imrryr.org>
References: <542CB20B.4020803@andyet.net> <7D2E911A-9D78-4242-A61D-7704DE4A60D4@vpnc.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <7D2E911A-9D78-4242-A61D-7704DE4A60D4@vpnc.org>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: http://mailarchive.ietf.org/arch/msg/dane/CdWzEAV77cIAq3y75G-arqK0A0M
Subject: Re: [dane] DNS errors text
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: dane@ietf.org
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Oct 2014 03:18:04 -0000
On Wed, Oct 01, 2014 at 07:13:17PM -0700, Paul Hoffman wrote: > On Oct 1, 2014, at 7:01 PM, Peter Saint-Andre - &yet <peter@andyet.net> wrote: > > > Section 2.1 of draft-ietf-dane-smtp-with-dane has some thorough text on DNS errors. Viktor suggested that draft-ietf-dane-srv needs the same text. I would strongly prefer NOT to have the same text in two documents for various reasons. When I mentioned this to the chairs, they suggested moving the text from the SMTP document to the SRV document since it is more generic. I don't really care where it lives, I just want it to be in one place. What do WG participants think? > > As long as the SMTP document points to the SRV document for the > errors, it's fine to have it live in the SRV document. The main issue that comes to mind is that the SRV draft is at present silent about whether DANE security is opportunistic or mandatory. Some of the error text is IIRC specific to the opportunistic mode of operation, because this comes more ways to attempt to mount downgrade attacks. I don't think the SRV draft should sit on the fence with respect to opportunistic use. It probably needs to describe both modes of operation explicitly. Otherwise, yes I have no problem importing the DNS error handling by referehce, but I also see little disadvantage to simply repeating the text, one stop shopping is easier on the reader. -- Viktor.
- [dane] DNS errors text Peter Saint-Andre - &yet
- Re: [dane] DNS errors text Paul Hoffman
- Re: [dane] DNS errors text Viktor Dukhovni
- Re: [dane] DNS errors text Andrew Sullivan
- Re: [dane] DNS errors text Viktor Dukhovni
- Re: [dane] DNS errors text Peter Saint-Andre - &yet