Re: [dane] lists and Meeting plans for Buenos Aires?
Shumon Huque <shuque@gmail.com> Fri, 05 February 2016 01:48 UTC
Return-Path: <shuque@gmail.com>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 006811B2C73 for <dane@ietfa.amsl.com>; Thu, 4 Feb 2016 17:48:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gS-bYprGtDW9 for <dane@ietfa.amsl.com>; Thu, 4 Feb 2016 17:48:45 -0800 (PST)
Received: from mail-qg0-x22d.google.com (mail-qg0-x22d.google.com [IPv6:2607:f8b0:400d:c04::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C5A4E1B2C71 for <dane@ietf.org>; Thu, 4 Feb 2016 17:48:44 -0800 (PST)
Received: by mail-qg0-x22d.google.com with SMTP id u30so57488072qge.1 for <dane@ietf.org>; Thu, 04 Feb 2016 17:48:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=zxanhj7B6mH3fj5BZQpGqFQzzh90OyyF61FoO9vGqU8=; b=JxnDEJNdcdUmUjBmFtZCuoYaQ74zjmdtYzc1n67z7bsY2Ttl+BL+4zXxWuWK1IwFH5 qzHX/R0aSyHxNnOgn4hI0Hfbz/nkuNWZvHbcH1U6FK3Y837Qdbi9RQjiUDFFK4RF73nF J4lnHMl7+TcZ50AJiEq4isED4os0QGOEBeFl/qUCWK6GRRrNZZIVe9iq/AUvOgzPjkPR RtlGOH6AHmYlj/ABRGQ4Chms+Pim4G1iKx+4Ul7VF4V9s3+ch52otOdowUfUTUULOrk4 PtDChoJQmP1L6aUlmUQWH3X6eRoRRiTH+jDN70Nn8Q4kl0m1j80T88YQzEysrvEZ7iKV GF9w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type; bh=zxanhj7B6mH3fj5BZQpGqFQzzh90OyyF61FoO9vGqU8=; b=gVvm/mQ4+POcRc89dF7H4TpEG72N1DCIqAUYTh47c6jUpzezOiePd9A5quoTKU91e5 Di2IiKpu7KzEiCpXBThocs8UUUF4RmDpT+iSj14A0ZEMTBbcbfK4MJQI4hxfxUiY0Z2s pFgQIyCquB143z9n0A5cC499GbKlx4PUNStD6VfBpxmhXvOcIJOGgZg3mAShcINT0Ulw R+UVN8wRFha/FcE1JTeM8M0Fx1dWxRW1/XGXfIaIeHttqNtHbyn7CLXM9+Ham+ul7N6p J5RGuy2SgPGQUNLy2JAe33daXwz33bK8yhfxpRd77jEhx56jAyA31l3ed2z/gtt5kdhz CgGQ==
X-Gm-Message-State: AG10YOQV5XrajTYzBCARKse6GS3tiIwQ9d4MtihgO/4X7TzPZkuEq8yIAaUPhgARlHluEhXTV1XQmcb0Cn92sw==
MIME-Version: 1.0
X-Received: by 10.140.168.85 with SMTP id o82mr14133760qho.10.1454636924022; Thu, 04 Feb 2016 17:48:44 -0800 (PST)
Received: by 10.140.102.9 with HTTP; Thu, 4 Feb 2016 17:48:43 -0800 (PST)
In-Reply-To: <20160205012800.GR19242@mournblade.imrryr.org>
References: <20160204230640.69198.qmail@ary.lan> <D4E3DF75-272A-4AE2-B48E-5DAF01E5D1CA@insensate.co.uk> <alpine.OSX.2.11.1602042001180.72884@ary.lan> <20160205012800.GR19242@mournblade.imrryr.org>
Date: Thu, 04 Feb 2016 20:48:43 -0500
Message-ID: <CAHPuVdWRCrx1mm1vQVSXne15x=Bh7z-10v0Vvbe4kp79AG5v9g@mail.gmail.com>
From: Shumon Huque <shuque@gmail.com>
To: "<dane@ietf.org>" <dane@ietf.org>
Content-Type: multipart/alternative; boundary="001a113ab5d222384c052afc0dc5"
Archived-At: <http://mailarchive.ietf.org/arch/msg/dane/gOBee9uds5qsCqfzXWEJpBem7YI>
Subject: Re: [dane] lists and Meeting plans for Buenos Aires?
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Feb 2016 01:48:47 -0000
On Thu, Feb 4, 2016 at 8:28 PM, Viktor Dukhovni <ietf-dane@dukhovni.org> wrote: > On Thu, Feb 04, 2016 at 08:14:49PM -0500, John R Levine wrote: > > > >As for the use of keeping the ML open after the WG has died: remind me > again how successful that has been in the IETF. > > > > It varies. Of the ones I can think of, the ietf-smtp list is useful as a > > place to kick around proposed SMTP changes, such as a current discussion > > about whether a compressed data extension would be a good idea and if so > how > > to do it. There are certainly plenty that either have no traffic, or the > > messages aren't interesting. > > > > It doesn't make any difference to me whether the dane list stays open, > but > > if there is more left to say about publishing stuff in the DNS secured by > > DNSSEC, it'd be as good a place as any. > > We still have client DANE auth on the charter and Shumon's draft > (I'm taking a back seat this time) is in early stages of development. > And the TLS working group might soon be looking at the DANE stapling > extension, it may useful to have some veterans here to provide > feedback to the TLS WG. > Hmm, I hadn't noticed until you mentioned it, that client DANE records are already in the current charter, so this piece is already covered. I hope to request a call for working group adoption of our draft on this topic in the near future. > So some work still remains, even though things are quite slow just > now. > > At this time most of my energy is on the deployment side, in > particular at present on getting OpenSSL 1.1.0 out the door. > > It seems that Claus Assmann has started looking at the DANE support > in 1.1.0, if anyone else has started testing it and has feedback, > feel free to share. The alpha3 release scheduled for next week > might be a good time to get your feet wet. > > Note, OpenSSL 1.1.0 provides peer chain verification via application > provided TLSA records, obtaining and (DNSSEC) validating those TLSA > records is up to the application. There are opportunities here > for more "feature-complete" libraries that provide the "missing" > glue and provide a more integrated interface that does that does > the TLSA lookup with either in-application DNSSEC validation or > AD-bit trust from a local resolver, and then uses OpenSSL to do > the DANE TLS bits. > I've written some code using the new OpenSSL 1.1.0 DANE APIs that already does this (both the application validation version using getdns and one that inspects AD bit from a trusted resolver using ldns). I'll send you a separate note off list about this with some feedback. Also the getdns library will likely develop an integrated DANE TLS connection function that will do this. -- Shumon Huque
- Re: [dane] Why shut down the DANE group? Stephen Farrell
- Re: [dane] Why shut down the DANE group? John Gilmore
- Re: [dane] Why shut down the DANE group? Melinda Shore
- [dane] Meeting plans for Buenos Aires? Mankin, Allison
- Re: [dane] Meeting plans for Buenos Aires? Olafur Gudmundsson
- Re: [dane] Meeting plans for Buenos Aires? Mankin, Allison
- Re: [dane] Meeting plans for Buenos Aires? Melinda Shore
- Re: [dane] Meeting plans for Buenos Aires? Sean Leonard
- Re: [dane] Meeting plans for Buenos Aires? Olafur Gudmundsson
- Re: [dane] Meeting plans for Buenos Aires? Shumon Huque
- Re: [dane] Meeting plans for Buenos Aires? Benno Overeinder
- Re: [dane] Meeting plans for Buenos Aires? Dave Crocker
- Re: [dane] Meeting plans for Buenos Aires? Shumon Huque
- Re: [dane] Meeting plans for Buenos Aires? Dan York
- Re: [dane] Meeting plans for Buenos Aires? John Levine
- Re: [dane] Meeting plans for Buenos Aires? Lawrence Conroy
- Re: [dane] lists and Meeting plans for Buenos Air… John R Levine
- Re: [dane] lists and Meeting plans for Buenos Air… Viktor Dukhovni
- Re: [dane] Meeting plans for Buenos Aires? Shumon Huque
- Re: [dane] lists and Meeting plans for Buenos Air… Shumon Huque
- Re: [dane] Meeting plans for Buenos Aires? John R Levine
- Re: [dane] Meeting plans for Buenos Aires? Lawrence Conroy
- [dane] Why shut down the DANE group? John Gilmore
- Re: [dane] Meeting plans for Buenos Aires? Olafur Gudmundsson
- Re: [dane] Why shut down the DANE group? Phillip Hallam-Baker
- [dane] Putting HPKP header into DNS - Re: Why shu… Dan York
- Re: [dane] Why shut down the DANE group? Dave Crocker
- Re: [dane] Putting HPKP header into DNS - Re: Why… Paul Wouters
- Re: [dane] Why shut down the DANE group? Viktor Dukhovni
- Re: [dane] Why shut down the DANE group? Phillip Hallam-Baker
- Re: [dane] Why shut down the DANE group? Viktor Dukhovni
- Re: [dane] Why shut down the DANE group? Patrik Fältström
- Re: [dane] Why shut down the DANE group? Dave Crocker
- Re: [dane] Why shut down the DANE group? Viktor Dukhovni
- Re: [dane] Putting HPKP header into DNS - Re: Why… Phillip Hallam-Baker
- Re: [dane] Meeting plans for Buenos Aires? Alexey Melnikov
- Re: [dane] Putting HPKP header into DNS - Re: Why… Martin Thomson
- Re: [dane] Putting HPKP header into DNS - Re: Why… Phillip Hallam-Baker
- Re: [dane] Meeting plans for Buenos Aires? Warren Kumari
- Re: [dane] Putting HPKP header into DNS - Re: Why… Viktor Dukhovni
- Re: [dane] Putting HPKP header into DNS - Re: Why… Phillip Hallam-Baker
- Re: [dane] Why shut down the DANE group? Geoff Huston
- Re: [dane] Why shut down the DANE group? Patrik Fältström
- Re: [dane] Why shut down the DANE group? Warren Kumari
- Re: [dane] Why shut down the DANE group? Patrik Fältström
- Re: [dane] Why shut down the DANE group? John Levine
- Re: [dane] Why shut down the DANE group? John R Levine
- Re: [dane] Why shut down the DANE group? Patrik Fältström
- Re: [dane] Why shut down the DANE group? John R Levine