Re: [dane] namespace management, DANE Client Authentication draft updated

Sandoche Balakrichenan <sandoche.balakrichenan@afnic.fr> Thu, 11 April 2019 10:57 UTC

Return-Path: <sandoche.balakrichenan@afnic.fr>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9A81F1201B6 for <dane@ietfa.amsl.com>; Thu, 11 Apr 2019 03:57:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RCminndE36XE for <dane@ietfa.amsl.com>; Thu, 11 Apr 2019 03:57:38 -0700 (PDT)
Received: from mx4.nic.fr (mx4.nic.fr [IPv6:2001:67c:2218:2::4:12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D1E3212011D for <dane@ietf.org>; Thu, 11 Apr 2019 03:57:37 -0700 (PDT)
Received: from mx4.nic.fr (localhost [127.0.0.1]) by mx4.nic.fr (Postfix) with SMTP id EAF73288C85; Thu, 11 Apr 2019 12:57:34 +0200 (CEST)
Received: by mx4.nic.fr (Postfix, from userid 500) id E421F288C95; Thu, 11 Apr 2019 12:57:34 +0200 (CEST)
Received: from relay01.prive.nic.fr (relay01.prive.nic.fr [IPv6:2001:67c:2218:15::11]) by mx4.nic.fr (Postfix) with ESMTP id DAA64288C85; Thu, 11 Apr 2019 12:57:34 +0200 (CEST)
Received: from zimbra.afnic.fr (hebe.prod-int.prive.th3.nic.fr [10.1.81.80]) by relay01.prive.nic.fr (Postfix) with ESMTP id D6F436424E47; Thu, 11 Apr 2019 12:57:34 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1]) by zimbra.afnic.fr (Postfix) with ESMTP id D06272D7C8B1; Thu, 11 Apr 2019 12:57:34 +0200 (CEST)
Received: from zimbra.afnic.fr ([127.0.0.1]) by localhost (zimbra.afnic.fr [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id BitC4lCGz4g4; Thu, 11 Apr 2019 12:57:34 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1]) by zimbra.afnic.fr (Postfix) with ESMTP id 6BD062D7CA2D; Thu, 11 Apr 2019 12:57:34 +0200 (CEST)
X-Virus-Scanned: amavisd-new at zimbra.afnic.fr
Received: from zimbra.afnic.fr ([127.0.0.1]) by localhost (zimbra.afnic.fr [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id kkBZTkCRT7KT; Thu, 11 Apr 2019 12:57:34 +0200 (CEST)
Received: from [10.10.86.48] (unknown [10.10.86.48]) by zimbra.afnic.fr (Postfix) with ESMTPSA id 50ECE2D7C8B1; Thu, 11 Apr 2019 12:57:34 +0200 (CEST)
To: shuque@gmail.com
References: <20160114024910.67019.qmail@ary.lan>
Cc: dane@ietf.org, ietf-dane@dukhovni.org
From: Sandoche Balakrichenan <sandoche.balakrichenan@afnic.fr>
Openpgp: preference=signencrypt
Message-ID: <1b9fca81-c4cf-6f15-b9ee-bef4eef1320a@afnic.fr>
Date: Thu, 11 Apr 2019 12:57:34 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1
MIME-Version: 1.0
In-Reply-To: <20160114024910.67019.qmail@ary.lan>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Content-Language: en-US
X-Bogosity: No, tests=bogofilter, spamicity=0.151428, version=1.2.2
X-PMX-Version: 6.0.0.2142326, Antispam-Engine: 2.7.2.2107409, Antispam-Data: 2019.4.11.103016
Archived-At: <https://mailarchive.ietf.org/arch/msg/dane/P4HMf_ZTAre8XyNEo5N_-xJwwiY>
Subject: Re: [dane] namespace management, DANE Client Authentication draft updated
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Apr 2019 10:57:41 -0000

Shumon and Viktor,

I have an Internet of Things (IoT) use-case, in which i am evaluating
using TLSA RR for both server and client authentication.

For the client authentication mechanism during TLS handshake, the DANE
client authentication draft seems to be in the right direction.

Is the draft not updated (since 2017) because the draft is not viable
operationally or is it just due to lack of interest?

I did not get this information from the mailing list archive.

Sandoche.


On 14/01/2016 03:49, John Levine wrote:
>> This forces clients that use both TCP and UDP to publish their TLSA
>> records twice (or better publish one as a CNAME for the other, or
>> make both CNAMEs to a third thing).  Is this really worth it?
> How much of a problem has it been for TLSA server records?  I honestly don't
> know but I'd be surprised if the answer were other than "not much".  
>
> Creating the certificate and turning that into the right hex for the
> TLSA master record seems vastly harder than adding a CNAME which, if
> you are right that nobody ever does anything different on TCP and UDP,
> could be added mechanically.
>
> R's,
> John
>
> _______________________________________________
> dane mailing list
> dane@ietf.org
> https://www.ietf.org/mailman/listinfo/dane