IETF Logo Mail Archive

Re: [dane] Start of WGLC for draft-ietf-dane-registry-acronym

Olafur Gudmundsson <ogud@ogud.com> Wed, 16 October 2013 20:41 UTC

Return-Path: <ogud@ogud.com>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6541921F9C9B for <dane@ietfa.amsl.com>; Wed, 16 Oct 2013 13:41:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.507
X-Spam-Level:
X-Spam-Status: No, score=-102.507 tagged_above=-999 required=5 tests=[AWL=0.093, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iRsgKYVwHUDw for <dane@ietfa.amsl.com>; Wed, 16 Oct 2013 13:41:20 -0700 (PDT)
Received: from smtp84.ord1c.emailsrvr.com (smtp84.ord1c.emailsrvr.com [108.166.43.84]) by ietfa.amsl.com (Postfix) with ESMTP id 37F6A21F9C6B for <dane@ietf.org>; Wed, 16 Oct 2013 13:41:19 -0700 (PDT)
Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp3.relay.ord1c.emailsrvr.com (SMTP Server) with ESMTP id AA3AD500C2; Wed, 16 Oct 2013 16:41:16 -0400 (EDT)
X-Virus-Scanned: OK
Received: by smtp3.relay.ord1c.emailsrvr.com (Authenticated sender: ogud-AT-ogud.com) with ESMTPSA id 8005F50116; Wed, 16 Oct 2013 16:41:15 -0400 (EDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
From: Olafur Gudmundsson <ogud@ogud.com>
In-Reply-To: <024c01cec2dc$72b596e0$5820c4a0$@augustcellars.com>
Date: Wed, 16 Oct 2013 16:41:14 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <309DDDEA-6A01-4A68-AFCE-9B6A1B2CE874@ogud.com>
References: <20130919201216.14866.61161.idtracker@ietfa.amsl.com> <EACEEB05-2023-4F76-A6FE-A9B2FDC0AA59@kumari.net> <024c01cec2dc$72b596e0$5820c4a0$@augustcellars.com>
To: Jim Schaad <ietf@augustcellars.com>
X-Mailer: Apple Mail (2.1510)
Cc: dane@ietf.org
Subject: Re: [dane] Start of WGLC for draft-ietf-dane-registry-acronym
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Oct 2013 20:41:24 -0000

On Oct 6, 2013, at 5:38 PM, Jim Schaad <ietf@augustcellars.com> wrote:

> Sorry for being late on getting this in.
> 
> 1.  I do not understand the reasoning behind the 2119 language in the
> introduction.  How would one test this in a protocol fashion?   The document
> states that it does not change DANE in anyway, but there are requirement
> language statements that can be made?  This should be stated in  natural
> language not requirement language.  Section 1.1 can them be removed in its
> entirety.
> 

There two instances of MAY and MAY NOT
I reworded them and removed section 1.1

> It is expected that DANE parsers in applications and DNS software will adopt
> these acronyms for parsing and display purposes, however there are no
> requirements that they do so.
> 
> 2.  In section 2, it states that the references should be both RFC 6698 and
> this document, however that is not the way that the tables starting in
> section 2.1 are laid out.  They only use RFC 6698 as a reference document.
> 

There are two different set of references 
a) the references for the Registry itself 
b) the references for each allocation in the registry. 

This document only applies to the first one 
and that is what I said. 


> 3 s/input>/input./
> 
Fixed

> 4.  I don't think that this phrase "fewer bad TLSA records" is very helpful.
> What is meant by a bad TLSA record?  Is this just ones where the fields were
> put out of order or does it include ones where the certificate is
> incorrectly hashed?  If the goal is to avoid issues with the certificates
> and what is extracted, then doing something about what goes into the blob
> would make sense as well.  I would agree that specifying how this would be
> done is out of scope, but noting it as an issue would be reasonable.
> 

I agree and removed that sentence. 

> 5.  As I have stated before, I am not a fan of using DANE-TA for value 2.
> To me this loses the fact that there will be PKIX processing that occurs
> with this section.  I would strongly recommend that this become PKIX-TA.
> The use of PKIX-TA for the value of 0 never made any sense since there is
> not trust anchor decision that is associated with the certificate in this
> record.  The only two records currently that have a trust anchor, as oppose
> to a constraint, component are 2 and 3. 

I leave a call on that to the wise chairs :-) 
I do not care personally 

> 
> 6.  The note component at the end of section 2.1 should be deleted.

Gone

> 
> 7.  In section 3, the descriptive text and the example records do not match
> in very significant ways.
> 

I must be dense, there is not supposed to be any correlation between the
two paragraphs in section 3 they are supposed to be separate examples. 
thanks for good comments. 

	Olafur

> Jim
> 
> 
> _______________________________________________
> dane mailing list
> dane@ietf.org
> https://www.ietf.org/mailman/listinfo/dane

v2.23.0 | Report a Bug | By Email