Re: [dane] Anyone interested in writing a DANE tutorial?

Viktor Dukhovni <viktor1dane@dukhovni.org> Mon, 15 April 2013 18:30 UTC

Return-Path: <viktor1dane@dukhovni.org>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 932E121F96BC for <dane@ietfa.amsl.com>; Mon, 15 Apr 2013 11:30:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eMm2Mn8ROzXo for <dane@ietfa.amsl.com>; Mon, 15 Apr 2013 11:30:27 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [208.77.212.107]) by ietfa.amsl.com (Postfix) with ESMTP id D84A621F96BB for <dane@ietf.org>; Mon, 15 Apr 2013 11:30:26 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id 0C2C42AB962; Mon, 15 Apr 2013 18:30:26 +0000 (UTC)
Date: Mon, 15 Apr 2013 18:30:25 +0000
From: Viktor Dukhovni <viktor1dane@dukhovni.org>
To: dane@ietf.org
Message-ID: <20130415183025.GD23574@mournblade.imrryr.org>
References: <699F0F4D-3E06-44F5-88A4-40C1FC569E98@danyork.org> <516BFBE9.5010509@hermes.nic.fr>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <516BFBE9.5010509@hermes.nic.fr>
User-Agent: Mutt/1.5.21 (2010-09-15)
Subject: Re: [dane] Anyone interested in writing a DANE tutorial?
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: dane@ietf.org
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Apr 2013 18:30:27 -0000

On Mon, Apr 15, 2013 at 03:08:57PM +0200, Sandoche Balakrichenan wrote:

> Even though it took some time, here in i attach a tutorial style
> document which explains implementing DANE and a Proof of Concept using a
> browser add-on.

The "guide" could be much shorter.  Just explain clearly how to set up
TLSA records for HTTPS in the context of an already signed DNSSEC zone.

The description of DNSSEC configuration is too miminal to be very
useful. In fact almost downright dangerous, since operating a DNSSEC
zone is a lot more involved than a one-time registration of a DS
RR in the parent zone.  This topic is covered in a lot more depth
elsewhere and you're unlikely to do it justice except by reference
to something that already covers this well.

Since the write-up explains none of the implementation details of
the browser client plugin, the discussion of the client behaviour
is just a distraction.

Is the document a paper for academic publication or a How-To guide
for system administrators?  It seems to be a strange mixture of
the two.

-- 
	Viktor.