Re: [dane] [Technical Errata Reported] RFC7672 (5395)

Viktor Dukhovni <ietf-dane@dukhovni.org> Sun, 17 June 2018 00:27 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9A03C130E3B for <dane@ietfa.amsl.com>; Sat, 16 Jun 2018 17:27:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kFqqByd7tgun for <dane@ietfa.amsl.com>; Sat, 16 Jun 2018 17:27:14 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [108.5.242.66]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4EF89130E12 for <dane@ietf.org>; Sat, 16 Jun 2018 17:27:14 -0700 (PDT)
Received: from [192.168.0.15] (209-122-241-179.s10917.c3-0.avec-cbr1.nyr-avec.ny.cable.rcncustomer.com [209.122.241.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mournblade.imrryr.org (Postfix) with ESMTPSA id E315B7A330D; Sun, 17 Jun 2018 00:27:11 +0000 (UTC) (envelope-from ietf-dane@dukhovni.org)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 11.4 \(3445.8.2\))
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
In-Reply-To: <FB36F471-DFF2-4302-892B-0FDC11DFCA9E@vpnc.org>
Date: Sat, 16 Jun 2018 20:26:11 -0400
Cc: RFC Errata System <rfc-editor@rfc-editor.org>, ietf@hardakers.net, kaduk@mit.edu, ekr@rtfm.com, ogud@ogud.com, warren@kumari.net, matt@mattmccutchen.net, dane@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <3AF039B2-558A-41A8-9DBD-14D1CD935ED0@dukhovni.org>
References: <20180616142946.51588B810A8@rfc-editor.org> <FB36F471-DFF2-4302-892B-0FDC11DFCA9E@vpnc.org>
To: Paul Hoffman <paul.hoffman@vpnc.org>
X-Mailer: Apple Mail (2.3445.8.2)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dane/Jk7mEqBSGzRoXT7YocqY-V4r84I>
Subject: Re: [dane] [Technical Errata Reported] RFC7672 (5395)
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 17 Jun 2018 00:27:17 -0000


> On Jun 16, 2018, at 7:10 PM, Paul Hoffman <paul.hoffman@vpnc.org> wrote:
> 
> This erratum should be rejected. RFC 4035 defines "indeterminate" in Section 4.4.3.

(That'd be section 4.3, for anyone reading along).

> RFC 4035 and RFC 4033 define "indeterminate" differently.

Actually, the erratum is correct.  RFC7672 uses the definition
from "RFC4035", and the intent was to make it clear that the
definition of "indeterminate" from RFC4033 is not used.  Rather,
what 4033 calls "indeterminate", "7672" considers (more aptly)
"insecure".  The original text erroneously distanced itself from
4035 instead of 4033.

-- 
	Viktor.