IETF Logo Mail Archive

Re: [dane] Compressed Call for Adoption: draft-gilmore-dane-rawkeys-00

Michael Richardson <mcr+ietf@sandelman.ca> Fri, 27 June 2014 18:02 UTC

Return-Path: <mcr@sandelman.ca>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B65821A03B4 for <dane@ietfa.amsl.com>; Fri, 27 Jun 2014 11:02:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.542
X-Spam-Level:
X-Spam-Status: No, score=-2.542 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001, T_TVD_MIME_NO_HEADERS=0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bBfHktL64zdD for <dane@ietfa.amsl.com>; Fri, 27 Jun 2014 11:02:41 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B87171ACD01 for <dane@ietf.org>; Fri, 27 Jun 2014 11:02:39 -0700 (PDT)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 3FDE8E00C for <dane@ietf.org>; Fri, 27 Jun 2014 13:56:52 -0400 (EDT)
Received: by sandelman.ca (Postfix, from userid 179) id 3853163B7F; Wed, 25 Jun 2014 08:47:48 -0400 (EDT)
Received: from sandelman.ca (localhost [127.0.0.1]) by sandelman.ca (Postfix) with ESMTP id 2467F63AED for <dane@ietf.org>; Wed, 25 Jun 2014 08:47:48 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: dane@ietf.org
In-Reply-To: <20140623150158.GE17723@mournblade.imrryr.org>
References: <CAHw9_i+EtVskqkT1V9V_bvPOCpGdZpz4-Vr4ME_DiC7EvxVQwg@mail.gmail.com> <20140623150158.GE17723@mournblade.imrryr.org>
X-Mailer: MH-E 8.2; nmh 1.3-dev; GNU Emacs 23.4.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha1"; protocol="application/pgp-signature"
Date: Wed, 25 Jun 2014 08:47:48 -0400
Message-ID: <14997.1403700468@sandelman.ca>
Sender: mcr@sandelman.ca
Archived-At: http://mailarchive.ietf.org/arch/msg/dane/Xn84IIQfiVXU0G5W9P2rJCWyhNI
Subject: Re: [dane] Compressed Call for Adoption: draft-gilmore-dane-rawkeys-00
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Jun 2014 18:02:42 -0000

I have read draft-gilmore-dane-rawkeys.
I think that some of the goal text in section 4, that explains that this
mechanism can be used for both certificate and raw key based TLS, should move
much earlier in the document.

My impression is that this document does not require any new assigned
numbers or protocol values, but rather simply explains how a raw key can be
contained in a minimal DER encoded format such that it can be contained in
the TLSA record.  I found reading the document difficult as it contained too
many "extende" statements; likely this is because I have not done a TLSA
implementation so I am not sufficiently familiar with the underlying data
structures.

Mention of a way to validate a key by hash is mentioned, but I'm unclear how
that works from my first reading.

I support adoption of this document; it needs a co-author.

--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-

v2.23.0 | Report a Bug | By Email