IETF Logo Mail Archive

[dane] That "next" thing

Paul Hoffman <paul.hoffman@vpnc.org> Fri, 15 June 2012 22:54 UTC

Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 56FE311E80E5 for <dane@ietfa.amsl.com>; Fri, 15 Jun 2012 15:54:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qWEiUBWLTBpT for <dane@ietfa.amsl.com>; Fri, 15 Jun 2012 15:54:24 -0700 (PDT)
Received: from hoffman.proper.com (IPv6.Hoffman.Proper.COM [IPv6:2605:8e00:100:41::81]) by ietfa.amsl.com (Postfix) with ESMTP id B624411E80CE for <dane@ietf.org>; Fri, 15 Jun 2012 15:54:24 -0700 (PDT)
Received: from [10.20.30.101] (50-1-50-97.dsl.dynamic.fusionbroadband.com [50.1.50.97] (may be forged)) (authenticated bits=0) by hoffman.proper.com (8.14.5/8.14.5) with ESMTP id q5FMsMi0039063 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO) for <dane@ietf.org>; Fri, 15 Jun 2012 15:54:23 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Apple Message framework v1278)
From: Paul Hoffman <paul.hoffman@vpnc.org>
In-Reply-To: <88D74E66-459F-48D1-BE5A-9479F1A9712F@kumari.net>
Date: Fri, 15 Jun 2012 15:54:09 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <9728C1AB-D6B5-4DAC-AB12-225F1A73DA3E@vpnc.org>
References: <20120615121239.13766.94700.idtracker@ietfa.amsl.com> <88D74E66-459F-48D1-BE5A-9479F1A9712F@kumari.net>
To: dane mailing list <dane@ietf.org>
X-Mailer: Apple Mail (2.1278)
Subject: [dane] That "next" thing
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Jun 2012 22:54:25 -0000

On Jun 15, 2012, at 8:53 AM, Warren Kumari wrote:

> We have made some great progress now (although it has taken much longer than we had hoped, apologies for that), and can now start focusing on:
> A: deployment and 
> B: the "How to do DANE with $foo" series.

+1 to (B). (Of course, +1 to (A) as well, but I'm not in a position got do anything about that.)

There are two types of drafts that might be part of (B):

- Ones that use the TLSA RRtype but specify how a particular protocol uses TLS and DANE. draft-fanf-dane-smtp covers interesting bits about SMTP and DANE such as how to deal with traversing MX records, now to get the right host name, and how to deal with STARTTLS. draft-miller-xmpp-dnssec-prooftype covers interesting bits about XMPP, such as how to traverse SRV records and how to get the right host name.
  
- Ones that don't use the TLSA RRtype but do DANE-style things with non-TLS security protocols. draft-hoffman-dane-smime will parallel TLSA but for CMS. To date, there has be zero interest in the IPsec community for doing something DANE-style for IPsec.

Both of these paths seem interesting, at least to me.

--Paul Hoffman

v2.23.0 | Report a Bug | By Email