Re: [dane] draft-fanf-dane-mua-00.txt
James Cloos <cloos@jhcloos.com> Tue, 12 February 2013 21:07 UTC
Return-Path: <cloos@jhcloos.com>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D54921F8C16 for <dane@ietfa.amsl.com>; Tue, 12 Feb 2013 13:07:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.612
X-Spam-Level:
X-Spam-Status: No, score=0.612 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FAKE_REPLY_C=2.012, J_CHICKENPOX_33=0.6, J_CHICKENPOX_84=0.6, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MRPXP-JifW2S for <dane@ietfa.amsl.com>; Tue, 12 Feb 2013 13:07:42 -0800 (PST)
Received: from eagle.jhcloos.com (eagle.jhcloos.com [IPv6:2604:8800:100:81ca::53]) by ietfa.amsl.com (Postfix) with ESMTP id 6039121F8BC9 for <dane@ietf.org>; Tue, 12 Feb 2013 13:07:39 -0800 (PST)
Received: by eagle.jhcloos.com (Postfix, from userid 10) id 59813401C0; Tue, 12 Feb 2013 21:07:14 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jhcloos.com; s=eagle; t=1360703258; bh=+W00AQ2ZaPXuNjnCgcnd+VJZPkQUPd/QDNTQaUuW2Ec=; h=From:To:Subject:Date:Message-ID:MIME-Version:Content-Type; b=Ulw1R+4C1A82DSHX3ltHmTIi6YuEIWS2lra4lVEUSIUEeB4pUMAiCoOm72f2nRsJQ 2onzvJ2cYD7KV/0RMwtaTNQMLf6ooK6Yccvxx0vD54dCs5DHdwSu5qKy+fjo/DICQg QXn50XAWpiTOpfmV6+5pD/PS8dfEBmaIQ8ktp7pI=
Received: by carbon.jhcloos.org (Postfix, from userid 500) id 2D4FD6007A; Tue, 12 Feb 2013 21:06:08 +0000 (UTC)
From: James Cloos <cloos@jhcloos.com>
To: dane@ietf.org
User-Agent: Gnus/5.130006 (Ma Gnus v0.6) Emacs/24.3.50 (gnu/linux)
Face: iVBORw0KGgoAAAANSUhEUgAAABAAAAAQAgMAAABinRfyAAAACVBMVEX///8ZGXBQKKnCrDQ3 AAAAJElEQVQImWNgQAAXzwQg4SKASgAlXIEEiwsSIYBEcLaAtMEAADJnB+kKcKioAAAAAElFTkSu QmCC
Copyright: Copyright 2013 James Cloos
OpenPGP: ED7DAEA6; url=http://jhcloos.com/public_key/0xED7DAEA6.asc
OpenPGP-Fingerprint: E9E9 F828 61A4 6EA9 0F2B 63E7 997A 9F17 ED7D AEA6
Date: Tue, 12 Feb 2013 16:06:08 -0500
Message-ID: <m3r4kl6y3q.fsf@carbon.jhcloos.org>
Lines: 49
MIME-Version: 1.0
Content-Type: text/plain
X-Hashcash: 1:30:130212:dane@ietf.org::oEJyJ1BxBFt693VE:000OLRCK
Subject: Re: [dane] draft-fanf-dane-mua-00.txt
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Feb 2013 21:07:49 -0000
I finally made time to read it through in one sitting.
And it looks spot on. (Presuming I correctly grokked the intent. :)
AIUI:
When dnssec is bogus:
die!die!die! ;^)
In the case where dnssec is unavailable:
if the server was specified by the user:
that hostname:port is used for sni
(and CN if the client lacks sni)
or, if the server was specified via SRV:
the email addr's right-hand-part is used
for sni (and CN if the client lacks sni)
When dnssec is available and verifies:
whether the server was specified by the user or via SRV:
that hostname:port is use for tlsa, sni
(and CN if the client lacks sni)
if tlsa rr exists:
the server MUST support tls
With, in the non-SRV cases, port defaulting to:
tcp/143 for imap://
tcp/993 for imaps://
tcp/110 for pop://
tcp/995 for pops://
tcp/587 for submission://
Yes?
That seems to meet all of the needs and current realities.
-JimC
--
James Cloos <cloos@jhcloos.com> OpenPGP: 1024D/ED7DAEA6
- Re: [dane] draft-fanf-dane-mua-00.txt James Cloos
- Re: [dane] draft-fanf-dane-mua-00.txt Tony Finch