Re: [dane] WGLC: DANE-SRV & DANE-SMTP

Dan York <york@isoc.org> Mon, 08 December 2014 20:19 UTC

Return-Path: <york@isoc.org>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 40B391A887C for <dane@ietfa.amsl.com>; Mon, 8 Dec 2014 12:19:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BDhqnvAnl3is for <dane@ietfa.amsl.com>; Mon, 8 Dec 2014 12:19:00 -0800 (PST)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2on0071.outbound.protection.outlook.com [65.55.169.71]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6EF761A888C for <dane@ietf.org>; Mon, 8 Dec 2014 12:18:58 -0800 (PST)
Received: from BLUPR06MB243.namprd06.prod.outlook.com (10.242.191.154) by BLUPR06MB242.namprd06.prod.outlook.com (10.242.191.142) with Microsoft SMTP Server (TLS) id 15.1.31.17; Mon, 8 Dec 2014 20:18:54 +0000
Received: from BLUPR06MB243.namprd06.prod.outlook.com ([169.254.7.68]) by BLUPR06MB243.namprd06.prod.outlook.com ([169.254.7.68]) with mapi id 15.01.0026.003; Mon, 8 Dec 2014 20:18:54 +0000
From: Dan York <york@isoc.org>
To: Paul Hoffman <paul.hoffman@vpnc.org>
Thread-Topic: [dane] WGLC: DANE-SRV & DANE-SMTP
Thread-Index: AQHP/vetC2cBN15JzUGG0PyM027+/5xxefeAgA1154CAB1qPgA==
Date: Mon, 08 Dec 2014 20:18:53 +0000
Message-ID: <2B97DD9A-149D-43CB-9B5B-1860731F767C@isoc.org>
References: <0DAFC2A8-A1E2-46F4-BA52-E8261CB09159@ogud.com> <DAEF080F-7AD1-46F6-8C33-F4E7CCC5C0B5@ogud.com> <6F20D61B-DB10-4ECA-9447-3A8DFD7137DA@vpnc.org>
In-Reply-To: <6F20D61B-DB10-4ECA-9447-3A8DFD7137DA@vpnc.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [2604:6000:9fc0:79:75e8:98cf:f373:661e]
x-microsoft-antispam: BCL:0;PCL:0;RULEID:;SRVR:BLUPR06MB242;
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:;SRVR:BLUPR06MB242;
x-forefront-prvs: 041963B986
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(377454003)(199003)(24454002)(189002)(15975445007)(107046002)(106116001)(19617315012)(99286002)(106356001)(105586002)(97736003)(110136001)(16236675004)(15395725005)(21056001)(36756003)(46102003)(4396001)(68736005)(40100003)(82746002)(122556002)(102836002)(101416001)(19580405001)(19580395003)(33656002)(31966008)(64706001)(99396003)(77156002)(62966003)(20776003)(120916001)(87936001)(54356999)(50986999)(2656002)(76176999)(83716003)(92566001)(86362001)(104396002); DIR:OUT; SFP:1101; SCL:1; SRVR:BLUPR06MB242; H:BLUPR06MB243.namprd06.prod.outlook.com; FPR:; SPF:None; MLV:sfv; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
Content-Type: multipart/alternative; boundary="_000_2B97DD9A149D43CB9B5B1860731F767Cisocorg_"
MIME-Version: 1.0
X-OriginatorOrg: isoc.org
Archived-At: http://mailarchive.ietf.org/arch/msg/dane/Wp26ShzTdZItn3WpYSC5_sFQsfI
Cc: "<dane@ietf.org>" <dane@ietf.org>
Subject: Re: [dane] WGLC: DANE-SRV & DANE-SMTP
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Dec 2014 20:19:03 -0000

Olafur & Warren,

I realize that WGLC formally ended on Friday, but I'll note that I have read these two documents and I didn't really much beyond comments that Stephane and Viktor have already made. I support the documents moving ahead subject to the comments that have been sent around.

In https://tools.ietf.org/html/draft-ietf-dane-srv-08  I have these two comments:

1. A nitpick where the abstract says:
----
   The DANE specification (RFC 6698) describes how to use TLSA resource
   records in the DNS to associate a server's host name with its TLS
   certificate, where the association is secured with DNSSEC.  However,
   application protocols that use SRV records (RFC 2782) to indirectly
   name the target server host names for a service domain cannot apply
   the rules from RFC 6698.
----

I think there is a singular/plural mismatch here.  I think it should be "to indirectly name the target server host **name** for a service domain"

2. Where is 'Certificate Usage "DANE-EE"' defined?  I see it referenced here in section 4.2 but I don't find any reference to "DANE-EE" in RFC 6698 or find a definition in this document?

In https://tools.ietf.org/html/draft-ietf-dane-smtp-with-dane-13 nothing leapt out at me in terms of comments, although I will admit I did not read it as thoroughly as the SRV one.  I will note that DANE-EE *is* used and defined here in this document.

My 2 cents,
Dan


--
Dan York
Senior Content Strategist, Internet Society
york@isoc.org<mailto:york@isoc.org>   +1-802-735-1624
Jabber: york@jabber.isoc.org<mailto:york@jabber.isoc.org>
Skype: danyork   http://twitter.com/danyork

http://www.internetsociety.org/deploy360/

On Dec 3, 2014, at 11:00 PM, Paul Hoffman <paul.hoffman@vpnc.org<mailto:paul.hoffman@vpnc.org>>
 wrote:

I have read these two documents and they seem fine. I'm sure there will be significant comments in IETF Last Call from folks in Apps Area, both about the use of SRV and SMTP, and possibly technical changes based on those, but as a WG product, both of these seem fine.

--Paul Hoffman
_______________________________________________
dane mailing list
dane@ietf.org<mailto:dane@ietf.org>
https://www.ietf.org/mailman/listinfo/dane