Re: [dane] Call for Adoption: "Using Secure DNS to Associate Certificates with Domain Names For S/MIME"

Henry Story <henry.story@bblfish.net> Tue, 25 September 2012 07:21 UTC

Return-Path: <henry.story@bblfish.net>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9364E21F879F for <dane@ietfa.amsl.com>; Tue, 25 Sep 2012 00:21:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fsjiJHnB2Huz for <dane@ietfa.amsl.com>; Tue, 25 Sep 2012 00:21:56 -0700 (PDT)
Received: from mail-wi0-f172.google.com (mail-wi0-f172.google.com [209.85.212.172]) by ietfa.amsl.com (Postfix) with ESMTP id 906B621F86D3 for <dane@ietf.org>; Tue, 25 Sep 2012 00:21:56 -0700 (PDT)
Received: by wibhq12 with SMTP id hq12so2231724wib.13 for <dane@ietf.org>; Tue, 25 Sep 2012 00:21:55 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to:x-mailer :x-gm-message-state; bh=aTMNlQoBn2vBisuuPE5XnLQBeZGP/HC2ixoAoOSd9NE=; b=TUkJeHQdFw5pqWAY2QRJCr1oLHx6WhtFcEmKcHAmLYmZyFuDGOxlZC1StIhQTqUfBt x0xO7u2TCsCaOLD9Cv+grwOS9eYgPMsufAIexoXxlQQowuIz8BYb1DbjLITrQZpZbdTy YTTwhRAUhhmo4XLhpr4bAOFwdyzys/UyB0E0Yh9HyV1IibTUrcbYrMs/bOS1gPN834Vx OZovx7ciOml3pmUOiVFs+QBJBo0Qwi1KzwXNe71nQiokets5E5+XWna47SddymmW1LFj qW9CP1MSbNUg8yH8S+w8AwPtorUeXlUd5Df8I7V6JMCN/MF+TLukdgTtWd2Ef94WVmUj BVpw==
Received: by 10.180.105.130 with SMTP id gm2mr19688876wib.6.1348557715531; Tue, 25 Sep 2012 00:21:55 -0700 (PDT)
Received: from bblfish.home (AAubervilliers-651-1-165-173.w81-249.abo.wanadoo.fr. [81.249.236.173]) by mx.google.com with ESMTPS id dm3sm21372129wib.3.2012.09.25.00.21.51 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 25 Sep 2012 00:21:54 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 6.1 \(1498\))
From: Henry Story <henry.story@bblfish.net>
In-Reply-To: <357AB2FD-DF7E-49EC-B3D6-D0F6BC20A79F@kumari.net>
Date: Tue, 25 Sep 2012 09:21:49 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <1975D6BE-FC50-4F50-A7AF-9AF976ECDD4E@bblfish.net>
References: <BCDB44B9-6AB0-4230-B1EF-FDDB37C77F38@kumari.net> <357AB2FD-DF7E-49EC-B3D6-D0F6BC20A79F@kumari.net>
To: Warren Kumari <warren@kumari.net>, "public-webid@w3.org" <public-webid@w3.org>
X-Mailer: Apple Mail (2.1498)
X-Gm-Message-State: ALoCoQngtZ2XSm3aFpd5kbw8xsfpdrMote6M4/uxbdRsdBYQtU/ik57p7qMZ48aFiAZnLbHZDH7s
Cc: IETF DANE WG list <dane@ietf.org>
Subject: Re: [dane] Call for Adoption: "Using Secure DNS to Associate Certificates with Domain Names For S/MIME"
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Sep 2012 07:21:57 -0000

Ref: http://tools.ietf.org/html/draft-hoffman-dane-smime-04

On 21 Sep 2012, at 19:27, Warren Kumari <warren@kumari.net> wrote:

> 
> On Sep 10, 2012, at 5:25 PM, Warren Kumari <warren@kumari.net> wrote:
> 
>> Dear WG,
>> 
>> This draft has already revived some comment (and has been revised to incorporate / address those),  so I'm assuming that there will be sufficient interest to adopt, but for the form of the thing:
>> 
>> This starts a call for adoption of draft-hoffman-dane-smime. 
>> Please provide feedback as to if you would like this draft adopted by Sept 17th, 2012.
> 
> We have discussed this, and see sufficient interest for adopting this draft -- would the authors please re-submit as draft-dane-?


On the whole, my view is that associating a public key to a user is better done by WebID http://webid.info/  ( see spec http://webid.info/spec/ ). Putting that information in the DNS misses out on a lot of other information you would like to have about a user, is difficult to read, write, and on the whole is very cumbersome. The reason for putting public keys of servers in the DNS is that servers tend not to change that much, their tend to not be that many services per domain, etc...

There are proposals of using the WebID public keys for MIME on the WebID community group.

Henry

> 
> W
> 
>> 
>> W
>> 
>> -- 
>> Never criticize a man till you've walked a mile in his shoes.  Then if he didn't like what you've said, he's a mile away and barefoot. 
>> 
>> 
>> 
> 
> _______________________________________________
> dane mailing list
> dane@ietf.org
> https://www.ietf.org/mailman/listinfo/dane

Social Web Architect
http://bblfish.net/