[dane] WGLC: DANE-SRV feedback on 3.4 through rest of document.

[Viktor Dukhovni <ietf-dane@dukhovni.org>]

[ I'm splitting it into a few messages to keep it manageable, and
  in any case some of my comments are still pencil marks on a
  print-out, not yet transcribed. ]

This message covers 3.4 through the end of the document.

General comment (copied verbatim from abstract and introduction
feedback):

    The draft frequently talks about "hostnames", where what is
    really meant is a transport endpoint (port, transport protocol,
    host).  With PKIX-EE or DANE-EE certificate usages, TLSA records
    are more precise than the Web PKI and can associate different,
    non-interchangeable key material with distinct services on a
    single host.  So in many places I will be suggesting replacing
    statements about "hostnames" with statements about "transport
    endpoints".

3.4. Impact on TLS Usage

   First bullet:

	s/under 4/in 4/

   Third bullet:

	s/If the TLSA response is "bogus" or "indeterminate"/If the TLSA lookup fails/

   perhaps noting that a "secure" or "insecure" NXDOMAIN is not a failure (as in DNS
   error section of SMTP draft).

4.1. SRV records only

  Second paragraph:

    Also mention here that 6125 and reference identifiers don't apply
    with DANE-EE(3) (some folks may not read as far as 4.2)

4.2 TLSA Records:

  The SMTP and OPS drafts have "toned down" the degree to which the
  content of DANE-EE(3) certs is ignored, specifically only the
  hostname and expiration are superseded by DNSSEC.  Other features
  of the certificate (key usage, ...) may still be taken into account.

Material after section 4 is largely fine.

  * Please update smtp-with-dane reference from -05 to -13.

  * Should he XMPP example SRV record really be "_xmpp-client",
    or instead "_xmpp-server"?  Not familiar with XMPP, so please
    pardon my confusion if that's what it is.

-- 
	Viktor.