IETF Logo Mail Archive

Re: [dane] Start of WGLC for draft-ietf-dane-openpgpkey - *please* review.

Paul Wouters <paul@nohats.ca> Fri, 13 March 2015 18:10 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EA55E1A1BC9 for <dane@ietfa.amsl.com>; Fri, 13 Mar 2015 11:10:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.01
X-Spam-Level:
X-Spam-Status: No, score=-2.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SpeYW1pl9PtC for <dane@ietfa.amsl.com>; Fri, 13 Mar 2015 11:10:13 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BE15E1A19F8 for <dane@ietf.org>; Fri, 13 Mar 2015 11:10:13 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3l3ZnJ0Qrmz26t; Fri, 13 Mar 2015 19:10:12 +0100 (CET)
Authentication-Results: mx.nohats.ca; dkim=pass reason="1024-bit key; unprotected key" header.d=nohats.ca header.i=@nohats.ca header.b=ab76h2zn; dkim-adsp=pass
X-OPENPGPKEY: Message passed unmodified
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id Bq-hVpJIBclR; Fri, 13 Mar 2015 19:10:11 +0100 (CET)
Received: from bofh.nohats.ca (206-248-139-105.dsl.teksavvy.com [206.248.139.105]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Fri, 13 Mar 2015 19:10:11 +0100 (CET)
Received: from bofh.nohats.ca (bofh.nohats.ca [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 756F8803E0; Fri, 13 Mar 2015 14:10:10 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1426270210; bh=JUPsXW00wK56uWBchZbS6jto9TurMyX9Qy2iML5J2m8=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=ab76h2znLk5x+piIXm2VYUnXtJZzJcQ+46FZA2wYpYxsM/KGHTAm9w6alWp92pvJk Kvf5F4J9riOUgusTdVNdnFo5o5S2minWFtTeisXDMiK3i6QH6SoI6ZB2luqYivHgWV 4/YOzZ3DzvliTvngcpPoAGMarDc59sXMgPoeJyYo=
Received: from localhost (paul@localhost) by bofh.nohats.ca (8.14.7/8.14.7/Submit) with ESMTP id t2DIA9JR027476; Fri, 13 Mar 2015 14:10:10 -0400
X-Authentication-Warning: bofh.nohats.ca: paul owned process doing -bs
Date: Fri, 13 Mar 2015 14:10:09 -0400
From: Paul Wouters <paul@nohats.ca>
To: Pieter Lexis <pieter.lexis@powerdns.com>
In-Reply-To: <5502E194.4020507@powerdns.com>
Message-ID: <alpine.LFD.2.10.1503131404400.22027@bofh.nohats.ca>
References: <CAHw9_iJPuG23Aok7V_wcAMirua_DPDLHy01tnd+DaUqEeK3NZA@mail.gmail.com> <CAHw9_iKU=inVWUJkj4oR7zc5Fh-ejJRpLfURaeF8J4AxCcz_BQ@mail.gmail.com> <5502E194.4020507@powerdns.com>
User-Agent: Alpine 2.10 (LFD 1266 2009-07-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/dane/dCASKcClzMcdKO1bxfYbTz8wQjc>
Cc: dane@ietf.org
Subject: Re: [dane] Start of WGLC for draft-ietf-dane-openpgpkey - *please* review.
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Mar 2015 18:10:15 -0000

On Fri, 13 Mar 2015, Pieter Lexis wrote:

Thanks for the review Pieter,

> I'm very much on the "Yes, this is good"-side of things.
>
> 3.1:
> The MAY in the last sentence is much too weak. We can’t have
> interoperability without some stronger rules. Suggest moving this whole
> section into -usage or mentioning that these will be specified in a
> later document (-usage in this case).

I'm happy to add a much larger recommendation advise in the -usage
document, but I did want to mention it in the record format document
because it _does_ affect the lookup mechanism that implementors might
need or want to support.

> 5.1:
> Singling out one RRTYPE to push DNS-COOKIES feels weird. I'm just
> mentioning it, but as this section is merely a suggestion, it is fine.

I would gladly generalise it, but this document is not allowed to update
the core DNS protocol. But I would like implementors to look at this
and possibly put that restriction in. I'm actually worried about this,
especially since using old software with the generic record syntax would
actually not have any such limitation implemented.

> Appendix A:
> Two things: I suggest moving this to -usage and adding pseudocode
> examples. The latter mostly to encourage more implementations.

I thought about keeping it software agnostic, but in the end figured
since gnupg has been around for over a decade, it is kind of similar
to using openssl commands as example. But I have no problems making
this software agnostic if the WG thinks that is more appropriate.

Paul

v2.23.0 | Report a Bug | By Email