Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1])
 by ietfa.amsl.com (Postfix) with ESMTP id CBB881A1AE1
 for <dane@ietfa.amsl.com>; Mon, 20 Oct 2014 08:55:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.647
X-Spam-Level: 
X-Spam-Status: No, score=-3.647 tagged_above=-999 required=5
 tests=[BAYES_00=-1.9, HELO_MISMATCH_COM=0.553, RCVD_IN_DNSWL_MED=-2.3]
 autolearn=ham
Received: from mail.ietf.org ([4.31.198.44])
 by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id Zd4ERHNtKhMt for <dane@ietfa.amsl.com>;
 Mon, 20 Oct 2014 08:55:24 -0700 (PDT)
Received: from proper.com (Hoffman.Proper.COM [207.182.41.81])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ietfa.amsl.com (Postfix) with ESMTPS id 744AD1A1AFD
 for <dane@ietf.org>; Mon, 20 Oct 2014 08:54:52 -0700 (PDT)
Received: from [10.20.30.90] (50-1-50-141.dsl.dynamic.fusionbroadband.com
 [50.1.50.141]) (authenticated bits=0)
 by proper.com (8.14.9/8.14.7) with ESMTP id s9KFsogQ083508
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
 Mon, 20 Oct 2014 08:54:51 -0700 (MST)
 (envelope-from paul.hoffman@vpnc.org)
X-Authentication-Warning: proper.com: Host
 50-1-50-141.dsl.dynamic.fusionbroadband.com [50.1.50.141] claimed to be
 [10.20.30.90]
Content-Type: text/plain; charset=windows-1252
Mime-Version: 1.0 (Mac OS X Mail 8.0 \(1990.1\))
From: Paul Hoffman <paul.hoffman@vpnc.org>
In-Reply-To: <FE426405-9658-41BD-BD3B-68D358CC3CEB@verisign.com>
Date: Mon, 20 Oct 2014 08:54:50 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <63BF3336-C9B8-4D16-BEB7-D42EFBB7A113@vpnc.org>
References: <273F9612-13AF-4CB8-B15C-912AAD04C738@verisign.com>
 <CF875C06-E4DA-4DCA-A722-5FDEE04B3069@vpnc.org>
 <67BDE5B6-58C7-4E0B-8CB4-045E51027D85@ieca.com>
 <3473729E-BC37-48DB-9ACD-FB872CB666DE@vpnc.org>
 <FE426405-9658-41BD-BD3B-68D358CC3CEB@verisign.com>
To: Eric Osterweil <eosterweil@verisign.com>
X-Mailer: Apple Mail (2.1990.1)
Archived-At: http://mailarchive.ietf.org/arch/msg/dane/jJpmN7rX8nwaNFGmQYO-HdiLv4g
Cc: "<dane@ietf.org>" <dane@ietf.org>
Subject: Re: [dane] draft-ietf-dane-smime
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>,
 <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>,
 <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Oct 2014 15:55:27 -0000

On Oct 20, 2014, at 8:23 AM, Osterweil, Eric <eosterweil@verisign.com> =
wrote:

> TLS and S/MIME use pretty different security models (session vs. =
object security)

Sure, but how is that difference relevant here? DANE is about =
distributing certificates and keying information through DNS: it is =
agnostic to the security model.

> , so necessarily coupling the RRs doesn=92t seem to make sense. =20

It has so far in the WG. The WG asked us early on to make as few changes =
as possible to the TLSA definition.

> In addition, to echo what others have already said on the list, I =
really don=92t think it is reasonable to gate updates to the SMIMEA =
proposal on updating TLSA.

Fully agree, and that's not what I was proposing. The two changes that =
you have proposed (revocation indication and alternate sources for =
getting the information) can be done as new values to the existing RR =
subfields. Doing so would make what you want usable for both SMIMEA and =
TLSA. Proposals to make those changes can trivially be done as =
stand-alone Internet Drafts.

>> A better process would be for the proponents to offer a standalone =
draft for the idea that will be an extension that would be usable to =
both TLSA and SMIMEA and any other documents that come later.
>=20
> Just by looking at the list, it seems like there are a number of =
voices that disagree with you on this. =20

Where "a number" means "two", and even they didn't actually disagree =
about creating standalone drafts, simply that the assumption that the =
use cases might be different.

> Also, isn=92t the SMIMEA work still an evolving draft? =20

Yes, of course.

> What else does one need besides: articulated rationale, proposed =
requirements, operational data, suggested text, and running code from =
multiple people in order to support suggested revisions? =20

Consensus in the WG. That may seem anathema to you, but it's the way =
that the IETF works.

--Paul Hoffman=