Re: [dane] Brian Haberman's No Objection on draft-ietf-dane-srv-13: (with COMMENT)
Viktor Dukhovni <ietf-dane@dukhovni.org> Mon, 20 April 2015 15:29 UTC
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6A5BF1B2EF5 for <dane@ietfa.amsl.com>; Mon, 20 Apr 2015 08:29:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rHr7u_tnCMOk for <dane@ietfa.amsl.com>; Mon, 20 Apr 2015 08:29:53 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F15581B2EF4 for <dane@ietf.org>; Mon, 20 Apr 2015 08:29:52 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id 1F2FD283032; Mon, 20 Apr 2015 15:29:52 +0000 (UTC)
Date: Mon, 20 Apr 2015 15:29:52 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: dane@ietf.org
Message-ID: <20150420152951.GD25758@mournblade.imrryr.org>
References: <20150420145051.12174.16885.idtracker@ietfa.amsl.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20150420145051.12174.16885.idtracker@ietfa.amsl.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/dane/Xm469s6byJQn8RUJY6Oom4re4qE>
Subject: Re: [dane] Brian Haberman's No Objection on draft-ietf-dane-srv-13: (with COMMENT)
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: dane@ietf.org
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Apr 2015 15:29:54 -0000
On Mon, Apr 20, 2015 at 07:50:51AM -0700, Brian Haberman wrote: > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > * The reference to Section 4 of draft-ietf-dane-smtp-with-dane in the > Note within section 3.1 seems out-of-date. Don't know how that became section 4, this was a reference to section 2.1 in version 12 (previous) of the draft, which was correct. > * The intro to Section 3.2 says "A and/or AAAA", but the first two > bullets in the list seems to assume that both A and AAAA lookups are > performed. Some clients only have IPv4 connectivity, and will only make A queries. Other clients only have IPv6 connectivity and will only make AAAA queries, some will perform both. The client avoids TLSA queries when none of the address records it found were secure. In practice since the A and AAAA records belong to the same "owner", it would be very surprising if they had a different security status. The only way that happens is if the cached DS RRset (or negative entry) expires from the cache between the two queries, and the zone's DNSSEC status changed since last queried. -- Viktor.
- [dane] Brian Haberman's No Objection on draft-iet… Brian Haberman
- Re: [dane] Brian Haberman's No Objection on draft… Viktor Dukhovni
- Re: [dane] Brian Haberman's No Objection on draft… Brian Haberman
- Re: [dane] Brian Haberman's No Objection on draft… Viktor Dukhovni
- Re: [dane] Brian Haberman's No Objection on draft… Peter Saint-Andre - &yet