Re: [dane] Call for Adoption: draft-hoffman-dane-smime.
Richard Barnes <rbarnes@bbn.com> Mon, 24 September 2012 14:52 UTC
Return-Path: <rbarnes@bbn.com>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 989EF21F87AD for <dane@ietfa.amsl.com>; Mon, 24 Sep 2012 07:52:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.729
X-Spam-Level:
X-Spam-Status: No, score=-106.729 tagged_above=-999 required=5 tests=[AWL=-0.132, BAYES_00=-2.599, HS_INDEX_PARAM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hDQdUkLRVd2e for <dane@ietfa.amsl.com>; Mon, 24 Sep 2012 07:52:06 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) by ietfa.amsl.com (Postfix) with ESMTP id C366E21F86A8 for <dane@ietf.org>; Mon, 24 Sep 2012 07:52:06 -0700 (PDT)
Received: from [128.89.253.48] (port=57368) by smtp.bbn.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.77 (FreeBSD)) (envelope-from <rbarnes@bbn.com>) id 1TGA10-0000fj-62; Mon, 24 Sep 2012 10:52:06 -0400
Date: Mon, 24 Sep 2012 16:52:05 +0200
From: Richard Barnes <rbarnes@bbn.com>
To: Miek Gieben <miek@miek.nl>
Message-ID: <5599DE4BDD364198BB815C08A43B28AD@bbn.com>
In-Reply-To: <20120924144359.GC9495@miek.nl>
References: <BCDB44B9-6AB0-4230-B1EF-FDDB37C77F38@kumari.net> <357AB2FD-DF7E-49EC-B3D6-D0F6BC20A79F@kumari.net> <C93F9961257B4ADFA226AD8C89290362@bbn.com> <20120924134925.GA9495@miek.nl> <F98183AFDDFD449982489E5D3AB81534@bbn.com> <20120924142732.GB9495@miek.nl> <8A01227AE22A4EA9BB387AF46A50A74E@bbn.com> <20120924144359.GC9495@miek.nl>
X-Mailer: sparrow 1.6.3 (build 1172)
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="50607395_51d9c564_7b3"
Cc: dane@ietf.org
Subject: Re: [dane] Call for Adoption: draft-hoffman-dane-smime.
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Sep 2012 14:52:07 -0000
FTPS is FTP over TLS :) Yeah, it does STARTTLS instead of jumping straight in, but it's still TLS. Even supposing there is an example, I don't really see the conflict. The existence of a TLSA record under _port._protocol.example.com doesn't necessarily make any statements about what protocol is running on the indicated port. RFC 6698 says what you do *if* you use TLS, but it doesn't rule out using it for some other protocol. So if your favorite security protocol uses X.509 certificates to authenticate domain names, you can still use it. There is a risk of swapping out protocols, I guess, if an attacker can, say, run a TLS service with a matching cert on the same port. But that doesn't jump out at me as a terribly likely or terribly damaging scenario. -- Richard Barnes Sent with Sparrow (http://www.sparrowmailapp.com/?sig) On Monday, September 24, 2012 at 4:43 PM, Miek Gieben wrote: > [ Quoting <rbarnes@bbn.com (mailto:rbarnes@bbn.com)> in "Re: [dane] Call for Adoption: draft..." ] > > There's a saying that goes, "We'll cross that bridge when we come to it." :) > > > > Do you have an example of such a protocol? > > uhm... ftps? > > > Regards, > > -- > Miek Gieben http://miek.nl > > _______________________________________________ > dane mailing list > dane@ietf.org (mailto:dane@ietf.org) > https://www.ietf.org/mailman/listinfo/dane > >
- Re: [dane] Call for Adoption: draft-hoffman-dane-… Warren Kumari
- Re: [dane] Call for Adoption: draft-hoffman-dane-… Richard Barnes
- Re: [dane] Call for Adoption: draft-hoffman-dane-… Miek Gieben
- Re: [dane] Call for Adoption: draft-hoffman-dane-… Richard Barnes
- Re: [dane] Call for Adoption: draft-hoffman-dane-… Matt Miller (mamille2)
- Re: [dane] Call for Adoption: draft-hoffman-dane-… Miek Gieben
- Re: [dane] Call for Adoption: draft-hoffman-dane-… Richard Barnes
- Re: [dane] Call for Adoption: draft-hoffman-dane-… Miek Gieben
- Re: [dane] Call for Adoption: draft-hoffman-dane-… Richard Barnes
- Re: [dane] Call for Adoption: draft-hoffman-dane-… Paul Wouters
- Re: [dane] Call for Adoption: draft-hoffman-dane-… Richard Barnes
- Re: [dane] Call for Adoption: draft-hoffman-dane-… James Cloos
- Re: [dane] Call for Adoption: draft-hoffman-dane-… Mark Andrews
- Re: [dane] Call for Adoption: draft-hoffman-dane-… Mark Andrews
- Re: [dane] Call for Adoption: "Using Secure DNS t… Henry Story
- Re: [dane] Call for Adoption: "Using Secure DNS t… Henry Story
- Re: [dane] Call for Adoption: "Using Secure DNS t… Paul Hoffman
- Re: [dane] Call for Adoption: "Using Secure DNS t… Henry Story
- Re: [dane] Call for Adoption: "Using Secure DNS t… Paul Hoffman
- Re: [dane] Call for Adoption: "Using Secure DNS t… Henry Story
- Re: [dane] Call for Adoption: "Using Secure DNS t… Stephen Kent
- Re: [dane] Call for Adoption: "Using Secure DNS t… Ben Laurie
- Re: [dane] Call for Adoption: "Using Secure DNS t… Ben Laurie
- Re: [dane] Call for Adoption: "Using Secure DNS t… Henry Story
- Re: [dane] Call for Adoption: "Using Secure DNS t… Paul Hoffman
- Re: [dane] Call for Adoption: "Using Secure DNS t… Paul Hoffman
- Re: [dane] Call for Adoption: "Using Secure DNS t… Warren Kumari
- Re: [dane] Call for Adoption: "Using Secure DNS t… Stephen Kent
- Re: [dane] Call for Adoption: "Using Secure DNS t… Henry Story
- Re: [dane] Call for Adoption: "Using Secure DNS t… Ben Laurie
- Re: [dane] Call for Adoption: "Using Secure DNS t… Ben Laurie
- Re: [dane] Call for Adoption: "Using Secure DNS t… Paul Hoffman
- Re: [dane] Call for Adoption: "Using Secure DNS t… Henry Story
- Re: [dane] Call for Adoption: "Using Secure DNS t… Ben Laurie
- Re: [dane] Call for Adoption: "Using Secure DNS t… Henry Story
- Re: [dane] Call for Adoption: "Using Secure DNS t… Richard Barnes
- Re: [dane] Call for Adoption: "Using Secure DNS t… Ondřej Surý
- Re: [dane] Call for Adoption: "Using Secure DNS t… Henry Story
- Re: [dane] WebID & Call for Adoption: "Using Secu… Henry Story