Re: [dane] draft-ietf-dane-smime

["Osterweil, Eric" <eosterweil@verisign.com>]

On Oct 20, 2014, at 11:54 AM, Paul Hoffman <paul.hoffman@vpnc.org> wrote:

> On Oct 20, 2014, at 8:23 AM, Osterweil, Eric <eosterweil@verisign.com> wrote:
> 
>> TLS and S/MIME use pretty different security models (session vs. object security)
> 
> Sure, but how is that difference relevant here? DANE is about distributing certificates and keying information through DNS: it is agnostic to the security model.

The relevant information needed during distribution would seem to vary based on the security model (as evidenced by this thread).  Actually, that’s been one of the main points of this thread.

>> , so necessarily coupling the RRs doesn’t seem to make sense.  
> 
> It has so far in the WG. The WG asked us early on to make as few changes as possible to the TLSA definition.

Paul, we are all part of the working group.  This is the the working group.  I feel like I must be missing some nuanced distinction you have in mind between working group discussions (like this one) and some other arbitration?

>> In addition, to echo what others have already said on the list, I really don’t think it is reasonable to gate updates to the SMIMEA proposal on updating TLSA.
> 
> Fully agree, and that's not what I was proposing. The two changes that you have proposed (revocation indication and alternate sources for getting the information)

Paul, these were not my proposals.  These were proposed by Scott Rose.  I saw merit in them and when they seemed to be dismissed out of hand I voiced my support.  Also, the proposal included the _encr + _sign labels.

> can be done as new values to the existing RR subfields. Doing so would make what you want usable for both SMIMEA and TLSA. Proposals to make those changes can trivially be done as stand-alone Internet Drafts.

But we are still roughing out this draft.  This would seem to be a good opportunity to try and get things write in the initial work.

>>> A better process would be for the proponents to offer a standalone draft for the idea that will be an extension that would be usable to both TLSA and SMIMEA and any other documents that come later.
>> 
>> Just by looking at the list, it seems like there are a number of voices that disagree with you on this.  
> 
> Where "a number" means "two", and even they didn't actually disagree about creating standalone drafts, simply that the assumption that the use cases might be different.

I think this thread is devolving.  The number is greater than two, and reviewing the posts of this thread should corroborate the higher level of interest.

>> Also, isn’t the SMIMEA work still an evolving draft?  
> 
> Yes, of course.
> 
>> What else does one need besides: articulated rationale, proposed requirements, operational data, suggested text, and running code from multiple people in order to support suggested revisions?  
> 
> Consensus in the WG. That may seem anathema to you, but it's the way that the IETF works.

Paul, what constituted ``the WG’’ in your mind? 

Eric