Re: [dane] draft-ietf-dane-smime
Paul Wouters <paul@nohats.ca> Mon, 20 October 2014 16:11 UTC
Return-Path: <paul@nohats.ca>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1F3FF1A1B4D for <dane@ietfa.amsl.com>; Mon, 20 Oct 2014 09:11:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.01
X-Spam-Level:
X-Spam-Status: No, score=-2.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wtXcaYhDFVDK for <dane@ietfa.amsl.com>; Mon, 20 Oct 2014 09:11:07 -0700 (PDT)
Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 265621A1B28 for <dane@ietf.org>; Mon, 20 Oct 2014 09:10:21 -0700 (PDT)
Received: from bofh.nohats.ca (bofh.nohats.ca [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id DC39780055; Mon, 20 Oct 2014 12:10:19 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1413821419; bh=tyZ4hZAoltduCJ+8+y5bnPy6ZKSax0xQuHEiPGCuAQg=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=qJPjZsfXu7X4FITdTs6FTDL+dR8uI+6zsWprDtVFXxaXFbDg9wmvgxYAR6zMytLyI pye/y50IGU7vznTJs2onlxSpS+gN0qCkcPEN3TnyZ1fgIStU7XvY2Qr+smgU/rQscz 7Ax54JuLtKpoFjQ77FF86j6ROM52DMngIxfr1O1E=
Received: from localhost (paul@localhost) by bofh.nohats.ca (8.14.7/8.14.7/Submit) with ESMTP id s9KGAIbu008885; Mon, 20 Oct 2014 12:10:19 -0400
X-Authentication-Warning: bofh.nohats.ca: paul owned process doing -bs
Date: Mon, 20 Oct 2014 12:10:18 -0400
From: Paul Wouters <paul@nohats.ca>
To: "Osterweil, Eric" <eosterweil@verisign.com>
In-Reply-To: <B4AE1805-22D9-4E63-A18C-1EEC55C1C2E3@verisign.com>
Message-ID: <alpine.LFD.2.10.1410201207480.3499@bofh.nohats.ca>
References: <273F9612-13AF-4CB8-B15C-912AAD04C738@verisign.com> <CF875C06-E4DA-4DCA-A722-5FDEE04B3069@vpnc.org> <67BDE5B6-58C7-4E0B-8CB4-045E51027D85@ieca.com> <E507FC56-947B-4A93-AA81-F0507D2FBC69@ogud.com> <62F1DB86-59B4-4165-9AEE-82A829B6A9A9@kirei.se> <20141017150448.GV20066@mournblade.imrryr.org> <B4AE1805-22D9-4E63-A18C-1EEC55C1C2E3@verisign.com>
User-Agent: Alpine 2.10 (LFD 1266 2009-07-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: http://mailarchive.ietf.org/arch/msg/dane/Vn23m0KQEn3N-oAPN1NK196Emww
Cc: "<dane@ietf.org>" <dane@ietf.org>
Subject: Re: [dane] draft-ietf-dane-smime
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Oct 2014 16:11:14 -0000
On Mon, 20 Oct 2014, Osterweil, Eric wrote: > For what it’s worth, I think the proposed text was exactly inline with what you both are suggesting. The suggestion was a way to help enterprises express their needs (under some circumstances) a little more cleanly in DNS. For example, a single DANE TA could be used to authorized all of an organization’s S/MIME users, and selective ``user-no-longer-valid'' (i.e. revocation) entries could override this. This could definitely allow for the fact that the S/MIME cert of a ``user-no-longer-valid'' employee was once valid, but not at the time of querying DNS. As you both point out (I believe), this is different than other notions of revocation. For email addresses that are no longer valid, we have an SMTP error code that prevents delivery. The SMIME and OPENPGPKEY records are not substitutes for "is a valid email user" and it would needlessly complicate the records. Paul
- [dane] draft-ietf-dane-smime Osterweil, Eric
- Re: [dane] draft-ietf-dane-smime Paul Hoffman
- Re: [dane] draft-ietf-dane-smime Doug Montgomery
- Re: [dane] draft-ietf-dane-smime Jakob Schlyter
- Re: [dane] draft-ietf-dane-smime Doug Montgomery
- Re: [dane] draft-ietf-dane-smime Paul Hoffman
- Re: [dane] draft-ietf-dane-smime Viktor Dukhovni
- Re: [dane] draft-ietf-dane-smime Viktor Dukhovni
- Re: [dane] draft-ietf-dane-smime Sean Turner
- Re: [dane] draft-ietf-dane-smime Olafur Gudmundsson
- Re: [dane] draft-ietf-dane-smime Jakob Schlyter
- Re: [dane] draft-ietf-dane-smime Paul Hoffman
- Re: [dane] draft-ietf-dane-smime Viktor Dukhovni
- Re: [dane] draft-ietf-dane-smime Osterweil, Eric
- Re: [dane] draft-ietf-dane-smime Osterweil, Eric
- Re: [dane] draft-ietf-dane-smime Paul Hoffman
- Re: [dane] draft-ietf-dane-smime Viktor Dukhovni
- Re: [dane] draft-ietf-dane-smime Paul Hoffman
- Re: [dane] draft-ietf-dane-smime Osterweil, Eric
- Re: [dane] draft-ietf-dane-smime Viktor Dukhovni
- Re: [dane] draft-ietf-dane-smime Paul Wouters
- [dane] Deployment considerations - Re: draft-ietf… Dan York
- Re: [dane] draft-ietf-dane-smime Warren Kumari
- Re: [dane] Deployment considerations - Re: draft-… Viktor Dukhovni
- Re: [dane] draft-ietf-dane-smime Warren Kumari
- Re: [dane] Deployment considerations - Re: draft-… Mark Andrews
- Re: [dane] draft-ietf-dane-smime Osterweil, Eric
- Re: [dane] draft-ietf-dane-smime Paul Wouters
- Re: [dane] draft-ietf-dane-smime Danny McPherson
- Re: [dane] draft-ietf-dane-smime Viktor Dukhovni
- Re: [dane] draft-ietf-dane-smime Osterweil, Eric
- Re: [dane] draft-ietf-dane-smime Viktor Dukhovni
- Re: [dane] draft-ietf-dane-smime Jakob Schlyter