Re: [dane] Digest Algorithm Agility discussion
Mark Andrews <marka@isc.org> Tue, 18 March 2014 11:27 UTC
Return-Path: <marka@isc.org>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A2EF51A03C9 for <dane@ietfa.amsl.com>; Tue, 18 Mar 2014 04:27:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.548
X-Spam-Level:
X-Spam-Status: No, score=-2.548 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qlEKiB1WWri4 for <dane@ietfa.amsl.com>; Tue, 18 Mar 2014 04:27:08 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) by ietfa.amsl.com (Postfix) with ESMTP id 8568B1A03C7 for <dane@ietf.org>; Tue, 18 Mar 2014 04:27:08 -0700 (PDT)
Received: from mx.pao1.isc.org (localhost [127.0.0.1]) by mx.pao1.isc.org (Postfix) with ESMTP id 482ECC941E for <dane@ietf.org>; Tue, 18 Mar 2014 11:26:47 +0000 (UTC) (envelope-from marka@isc.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=isc.org; s=dkim2012; t=1395142020; bh=CSzECV/aKXQ5oI5wmtpo6xoh5I1Nh9uTcUvDl/dJ6RQ=; h=To:From:References:Subject:In-reply-to:Date; b=IdLhWHMpugTL0uAAwX+dv7PFYQzRrUnqmWQcoaZOD5gBg3c6ED2PwVDisICXaTt5m jgDDOyn3dVf+/EG4ncL8lYxeuOK8YCz0J7Ke7mtgoMjZOLlnlradpc4PjhZXnS2AwV Y1nogbXD8A9JYECkCOB+zy8tf5c+bIiqncTHcNRw=
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) by mx.pao1.isc.org (Postfix) with ESMTP for <dane@ietf.org>; Tue, 18 Mar 2014 11:26:47 +0000 (UTC) (envelope-from marka@isc.org)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id AC4AB160060 for <dane@ietf.org>; Tue, 18 Mar 2014 11:27:51 +0000 (UTC)
Received: from rock.dv.isc.org (dsl092-002-166.sfo1.dsl.speakeasy.net [66.92.2.166]) by zmx1.isc.org (Postfix) with ESMTPSA id A121E16004B for <dane@ietf.org>; Tue, 18 Mar 2014 11:27:51 +0000 (UTC)
Received: from rock.dv.isc.org (localhost [IPv6:::1]) by rock.dv.isc.org (Postfix) with ESMTP id 885B21190C03 for <dane@ietf.org>; Tue, 18 Mar 2014 22:26:47 +1100 (EST)
To: dane@ietf.org
From: Mark Andrews <marka@isc.org>
References: <alpine.LFD.2.10.1403171440540.32251@bofh.nohats.ca> <20140317222320.443521AC59@ld9781.wdf.sap.corp> <20140317225329.GK24183@mournblade.imrryr.org>
In-reply-to: Your message of "Mon, 17 Mar 2014 22:53:29 -0000." <20140317225329.GK24183@mournblade.imrryr.org>
Date: Tue, 18 Mar 2014 22:26:47 +1100
Message-Id: <20140318112647.885B21190C03@rock.dv.isc.org>
X-DCC--Metrics: post.isc.org; whitelist
Archived-At: http://mailarchive.ietf.org/arch/msg/dane/EGdd7bs5MccmFTNVm177zvcWZ2Q
Subject: Re: [dane] Digest Algorithm Agility discussion
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Mar 2014 11:27:09 -0000
This whole argument of weakest vs strongest was had years ago in DNSSEC and quite frankly is a waste of time trying to pick the strongest as you are often comparing apples and oranges. DNSSEC validators just have a way to say "we no longer trust this algorithm" and once that is set all records with that algorithm are ignored when doing validation regardless of whether there is code to support that algorithm or not. DANE implementations need a way to do the same for matching type. Stop trying to over engineer this. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
- [dane] Digest Algorithm Agility discussion Viktor Dukhovni
- Re: [dane] Digest Algorithm Agility discussion Paul Wouters
- Re: [dane] Digest Algorithm Agility discussion Viktor Dukhovni
- Re: [dane] Digest Algorithm Agility discussion Paul Hoffman
- Re: [dane] Digest Algorithm Agility discussion Paul Wouters
- Re: [dane] Digest Algorithm Agility discussion Viktor Dukhovni
- Re: [dane] Digest Algorithm Agility discussion Viktor Dukhovni
- Re: [dane] Digest Algorithm Agility discussion Paul Hoffman
- Re: [dane] Digest Algorithm Agility discussion Viktor Dukhovni
- Re: [dane] Digest Algorithm Agility discussion Paul Wouters
- Re: [dane] Digest Algorithm Agility discussion Viktor Dukhovni
- Re: [dane] Digest Algorithm Agility discussion Paul Hoffman
- Re: [dane] Digest Algorithm Agility discussion Viktor Dukhovni
- Re: [dane] Digest Algorithm Agility discussion Martin Rex
- Re: [dane] Digest Algorithm Agility discussion Viktor Dukhovni
- Re: [dane] Digest Algorithm Agility discussion Mark Andrews
- Re: [dane] Digest Algorithm Agility discussion Viktor Dukhovni
- Re: [dane] Digest Algorithm Agility discussion (c… Viktor Dukhovni
- Re: [dane] Digest Algorithm Agility discussion Jim Schaad
- Re: [dane] Digest Algorithm Agility discussion (c… Paul Hoffman
- Re: [dane] Digest Algorithm Agility discussion (c… Andrew Sullivan
- Re: [dane] Digest Algorithm Agility discussion (c… Viktor Dukhovni
- Re: [dane] Digest Algorithm Agility discussion (c… Scott Rose
- Re: [dane] Digest Algorithm Agility discussion (c… Viktor Dukhovni
- Re: [dane] Digest Algorithm Agility discussion (c… Scott Rose
- Re: [dane] Digest Algorithm Agility discussion Wes Hardaker
- Re: [dane] Digest Algorithm Agility discussion Viktor Dukhovni
- Re: [dane] Digest Algorithm Agility discussion Peter Palfrader
- Re: [dane] Digest Algorithm Agility discussion Mark Andrews
- Re: [dane] Digest Algorithm Agility discussion Viktor Dukhovni
- Re: [dane] Digest Algorithm Agility discussion Mark Andrews
- Re: [dane] Digest Algorithm Agility discussion Peter Palfrader
- Re: [dane] Digest Algorithm Agility discussion Mark Andrews
- Re: [dane] Digest Algorithm Agility discussion Viktor Dukhovni
- Re: [dane] Digest Algorithm Agility discussion Peter Palfrader
- Re: [dane] Digest Algorithm Agility discussion Viktor Dukhovni
- Re: [dane] Digest Algorithm Agility discussion Mark Andrews
- Re: [dane] Digest Algorithm Agility discussion Mark Andrews
- Re: [dane] Digest Algorithm Agility discussion Viktor Dukhovni
- Re: [dane] Digest Algorithm Agility discussion Paul Wouters
- Re: [dane] Digest Algorithm Agility discussion Viktor Dukhovni
- Re: [dane] Digest Algorithm Agility discussion Peter Palfrader
- Re: [dane] Digest Algorithm Agility discussion Wes Hardaker
- Re: [dane] Digest Algorithm Agility discussion Wes Hardaker