Re: [dane] Anyone interested in writing a DANE tutorial?

Dan York <dan-ietf@danyork.org> Fri, 28 September 2012 16:43 UTC

Return-Path: <dan-ietf@danyork.org>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B5B2F21F8528 for <dane@ietfa.amsl.com>; Fri, 28 Sep 2012 09:43:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.998
X-Spam-Level:
X-Spam-Status: No, score=-2.998 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, HTML_MESSAGE=0.001, J_CHICKENPOX_57=0.6, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BsdvnniOpzGL for <dane@ietfa.amsl.com>; Fri, 28 Sep 2012 09:43:45 -0700 (PDT)
Received: from mail-qa0-f44.google.com (mail-qa0-f44.google.com [209.85.216.44]) by ietfa.amsl.com (Postfix) with ESMTP id D18EC21F8489 for <dane@ietf.org>; Fri, 28 Sep 2012 09:43:44 -0700 (PDT)
Received: by mail-qa0-f44.google.com with SMTP id b10so31618qad.10 for <dane@ietf.org>; Fri, 28 Sep 2012 09:43:44 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :message-id:references:to:x-mailer:x-gm-message-state; bh=22YWZR8V8Hb2os2+Qle14uUCqXzg+mh+1r5g6yNEK8w=; b=WOziz25/CPoBM926dfjLW9ZdDB1iidZ9kLAyj0llcU79t0Uf6LiKOZhEU2CRDFCqCA N2VLlawHegcGpdRyI6AXzTPT7q7XuhCBMTelnf3KvPEYNwyDBT+DtXaVYTFBYqtCMbT4 9Vi+JJyk6pBG1L3ZvxZCqfoHqef086QZakTzrfxdegXPVg4wFDJQ/oB2Gkltv4hsWCyl J+4AHFZSiLL+HAS97cdHqngyfcX6pbIK+25SR0cNORNOw/8nRe94QSuY0apVsl1XlzID IjXDxSB2zw4T/TKMfR9et2xFdMaD/HTDhBeeuGNl1oPn1a2PBJEVTQz4cZ6uM3RgimnP 8bLQ==
Received: by 10.224.187.146 with SMTP id cw18mr18315804qab.35.1348850624199; Fri, 28 Sep 2012 09:43:44 -0700 (PDT)
Received: from ?IPv6:2001:470:1f07:309:e835:9054:6823:b7da? ([2001:470:1f07:309:e835:9054:6823:b7da]) by mx.google.com with ESMTPS id et6sm13156351qab.8.2012.09.28.09.43.43 (version=TLSv1/SSLv3 cipher=OTHER); Fri, 28 Sep 2012 09:43:43 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1257)
Content-Type: multipart/alternative; boundary="Apple-Mail=_01E56D2D-5884-4254-995C-B05DCA64073B"
From: Dan York <dan-ietf@danyork.org>
In-Reply-To: <50636FA2.6050403@os3.nl>
Date: Fri, 28 Sep 2012 12:43:41 -0400
Message-Id: <D57DD9FF-536B-4808-9365-F30ABDF85D3D@danyork.org>
References: <699F0F4D-3E06-44F5-88A4-40C1FC569E98@danyork.org> <50636FA2.6050403@os3.nl>
To: Pieter Lexis <pieter.lexis@os3.nl>
X-Mailer: Apple Mail (2.1257)
X-Gm-Message-State: ALoCoQlrOSfklBzavG99owt+0tKvZN3ixdEVVUISfxJ3kw7SDNjY53kTdScxhLLMK/9xMn+EWuCt
Cc: dane@ietf.org
Subject: Re: [dane] Anyone interested in writing a DANE tutorial?
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Sep 2012 16:43:45 -0000

Pieter,

On Sep 26, 2012, at 5:12 PM, Pieter Lexis wrote:

> Looks good to me. Appendix A.4 of RFC 6698[0] describes the way to do it
> (it is similar to DNSSEC key-rollover). I would recommend reading
> Appendix A in full to understand the implication of certain choices of
> matching type and selector.

Appendix A is great... but I'm looking to create something that is *extremely*
simple and easy.  I think it really needs to be tool-based so that people just
have to run some scripts.

> As for tooling, I wrote a (proof of concept) tool called 'swede'[2] in
> January of this year (and updated it when needed). It has been used to
> create the Examples (Appendix C) in RFC 6698. The code is a bit messy,
> but it works. I'm currently re-implementing it in a more maintainable
> fashion (hopefully finished within a few weeks, but you never know).

Very cool!  I'm now watching your repo at:

> 2 - https://github.com/pieterlexis/swede


and will check out the code and try it out.  I also noticed recently that you added TLSA support into dnspython although it wasn't immediately clear to me how to use that support. (dnspython could use some examples related to dnssec in general... at some point I may go and write some if no else does that first.)

Thanks for the suggestions and the link to swede.

Dan
 

-- 
Dan York  dyork@lodestar2.com
http://www.danyork.me/   skype:danyork
Phone: +1-802-735-1624
Twitter - http://twitter.com/danyork