IETF Logo Mail Archive

Re: [dane] Start of WGLC for draft-ietf-dane-registry-acronym

James Cloos <cloos@jhcloos.com> Fri, 20 September 2013 10:12 UTC

Return-Path: <cloos@jhcloos.com>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BF12621F91A3 for <dane@ietfa.amsl.com>; Fri, 20 Sep 2013 03:12:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.875
X-Spam-Level:
X-Spam-Status: No, score=-1.875 tagged_above=-999 required=5 tests=[AWL=-0.476, BAYES_00=-2.599, J_CHICKENPOX_22=0.6, J_CHICKENPOX_44=0.6]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xgYbqNkwozR2 for <dane@ietfa.amsl.com>; Fri, 20 Sep 2013 03:12:51 -0700 (PDT)
Received: from ore.jhcloos.com (ore.jhcloos.com [198.147.23.85]) by ietfa.amsl.com (Postfix) with ESMTP id 938B521F9195 for <dane@ietf.org>; Fri, 20 Sep 2013 03:12:51 -0700 (PDT)
Received: by ore.jhcloos.com (Postfix, from userid 10) id 111921E135; Fri, 20 Sep 2013 10:12:49 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jhcloos.com; s=ore13; t=1379671969; bh=QPJgu0f23ZJ3DwAo/SesypfseZFJw3gejRm2ZL8bghI=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=avyjEwvEFsOrZclKmdBP+1ahjJKhEcGUcVAOAwml7Kaei4t2wZ/toznAAS615b8lp k0B6iMqfyuBA43sPQbc79gQosn+pjfbrmGJjDD0ilA6wBi+TM0dQ0F7n/KsxcXJcWh 5Xgg7pEhuU8F5wSoUZAC6mOKHcLjdGjM5IkPO7LteOw==
Received: by carbon.jhcloos.org (Postfix, from userid 500) id 110536001E; Fri, 20 Sep 2013 10:10:48 +0000 (UTC)
From: James Cloos <cloos@jhcloos.com>
To: dane@ietf.org
In-Reply-To: <20130920021124.GE29796@mournblade.imrryr.org> (Viktor Dukhovni's message of "Fri, 20 Sep 2013 02:11:24 +0000")
References: <20130919201216.14866.61161.idtracker@ietfa.amsl.com> <EACEEB05-2023-4F76-A6FE-A9B2FDC0AA59@kumari.net> <m361twqxn9.fsf@carbon.jhcloos.org> <20130919221035.GC29796@mournblade.imrryr.org> <20130920021124.GE29796@mournblade.imrryr.org>
User-Agent: Gnus/5.130008 (Ma Gnus v0.8) Emacs/24.3.50 (gnu/linux)
Face: iVBORw0KGgoAAAANSUhEUgAAABAAAAAQAgMAAABinRfyAAAACVBMVEX///8ZGXBQKKnCrDQ3 AAAAJElEQVQImWNgQAAXzwQg4SKASgAlXIEEiwsSIYBEcLaAtMEAADJnB+kKcKioAAAAAElFTkSu QmCC
Copyright: Copyright 2013 James Cloos
OpenPGP: ED7DAEA6; url=http://jhcloos.com/public_key/0xED7DAEA6.asc
OpenPGP-Fingerprint: E9E9 F828 61A4 6EA9 0F2B 63E7 997A 9F17 ED7D AEA6
Date: Fri, 20 Sep 2013 06:10:48 -0400
Message-ID: <m3d2o3pzum.fsf@carbon.jhcloos.org>
Lines: 18
MIME-Version: 1.0
Content-Type: text/plain
X-Hashcash: 1:28:130920:dane@ietf.org::j+GuTJrEW/ipeszy:0000k2mg
X-Hashcash: 1:28:130920:viktor1dane@dukhovni.org::+JDJo35FM9oPSRie:000000000000000000000000000000000000HL0DZ
Subject: Re: [dane] Start of WGLC for draft-ietf-dane-registry-acronym
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Sep 2013 10:12:55 -0000

>>>>> "VD" == Viktor Dukhovni <viktor1dane@dukhovni.org> writes:

VD> This usage requires the presence of a given CA (root or intermediate)
VD> in the chain, but does not promote that CA to a trust anchor (as
VD> with usage 2).  So perhaps the original PKIX-CA is in fact better.

On a ship with multiple anchors, each /is/ still an anchor.  Even if
the crew does not trust one at a time to hold the ship in place.

The type 0/1 tlsa are anchors, but the admin lacks trust in either
technology on its own and requires both technologies verify.

It also IMHO looks cleaner (perhaps also less confusing) to have one
bit specify EE|TA and the other specify CERT|DANE.

-JimC
-- 
James Cloos <cloos@jhcloos.com>         OpenPGP: 1024D/ED7DAEA6

v2.23.0 | Report a Bug | By Email