Re: [dane] WGLC: DANE-SRV & DANE-SMTP

Viktor Dukhovni <ietf-dane@dukhovni.org> Fri, 30 January 2015 00:07 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8ADD01A6F0E for <dane@ietfa.amsl.com>; Thu, 29 Jan 2015 16:07:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mTgPl1HgreCl for <dane@ietfa.amsl.com>; Thu, 29 Jan 2015 16:07:49 -0800 (PST)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 815D01A066B for <dane@ietf.org>; Thu, 29 Jan 2015 16:07:49 -0800 (PST)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id 11694282EC3; Fri, 30 Jan 2015 00:07:48 +0000 (UTC)
Date: Fri, 30 Jan 2015 00:07:48 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: dane@ietf.org
Message-ID: <20150130000747.GF8034@mournblade.imrryr.org>
References: <0DAFC2A8-A1E2-46F4-BA52-E8261CB09159@ogud.com> <9DEDC923-8B03-4AF7-82FF-60C96C614641@ieca.com> <20150122220856.GJ8034@mournblade.imrryr.org> <383563B8-2F31-48F2-9B09-C7195313DB15@ieca.com> <CAHw9_i+gYJqwaOp_=mg-EJHN7TJHZLBNKBRHXTYbVe6rQ8k8ZQ@mail.gmail.com> <54CA808C.8080507@andyet.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <54CA808C.8080507@andyet.net>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/dane/WQ897bPajGeh6mKryO2U2Pk8oMw>
Subject: Re: [dane] WGLC: DANE-SRV & DANE-SMTP
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: dane@ietf.org
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Jan 2015 00:07:51 -0000

On Thu, Jan 29, 2015 at 11:48:44AM -0700, Peter Saint-Andre - &yet wrote:

> BTW, Matt Miller and I plan to meet in person next week to work through
> Viktor's feedback on DANE-SRV, too.

Thanks.  Once concern beyond the SRV draft itself, is that in UTA
I see an XMPP draft, that delegates all the DANE bits to the SRV
draft, but the SRV draft is not XMPP-specific, and in particular
does not fully lay out requirements for opportunistic clients (as
in server-to-server XMPP where even if TLS may be required,
authentication is IIRC optional and opportunistic).

So there seems to be a specification gap between the generic SRV
document and the actual requirements of XMPP.  It seems to me that
DANE for XMPP is under-specified.  Many of the detailed issues
addressed by the SMTP draft might reasonably apply also to (server
to server) XMPP if the spec were more complete.

Who's doing the XMPP server DANE implementation?  Perhaps the
problem is that either the implementations are not mature and have
tackled all the issues yet, or the implementors have not raised them
to the spec writers...

Or perhaps I my SMTP draft is unnecessarily detailed, and people
should be able to figure all the messy bits out for themselves?

This is again about XMPP, not the SRV draft, but if the SRV draft
is to serve as a complete spec for XMPP with DANE there may be more
than needs to be said (opportunistic authentication use-case, DANE
vs. PKIX usages, ...).

Perhaps the UTA XMPP draft is the place to fill any residual gaps.

-- 
	Viktor.