Re: [dane] Two additions to draft-york-dane-deployment-observations-00

Viktor Dukhovni <ietf-dane@dukhovni.org> Sun, 09 November 2014 04:14 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6674C1A0366 for <dane@ietfa.amsl.com>; Sat, 8 Nov 2014 20:14:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Bp29RE6oyZPE for <dane@ietfa.amsl.com>; Sat, 8 Nov 2014 20:14:46 -0800 (PST)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 49A0D1A0364 for <dane@ietf.org>; Sat, 8 Nov 2014 20:14:46 -0800 (PST)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id 4D8222AB109; Sun, 9 Nov 2014 04:14:44 +0000 (UTC)
Date: Sun, 09 Nov 2014 04:14:44 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: dane@ietf.org
Message-ID: <20141109041443.GJ161@mournblade.imrryr.org>
References: <20141107232915.GA31913@laperouse.bortzmeyer.org> <6DB8CC95-E47A-4C0B-BC0B-7D9A4F8F65B5@edvina.net> <20141109035925.GA20946@laperouse.bortzmeyer.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20141109035925.GA20946@laperouse.bortzmeyer.org>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: http://mailarchive.ietf.org/arch/msg/dane/tfqBad7Ok3MuroFPvxcISciAV0o
Subject: Re: [dane] Two additions to draft-york-dane-deployment-observations-00
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: dane@ietf.org
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 09 Nov 2014 04:14:47 -0000

On Sat, Nov 08, 2014 at 05:59:25PM -1000, Stephane Bortzmeyer wrote:

> As far as I know, there is currently no software for that.

I have code for that.  It establishes the TLS connection via SMTP +
STARTTLS, after finding TLSA RRs for a domain's MX hosts.  Delete all the
SMTP logic and you can test pure TLS too, though I'm aware of any real
applications that combine straight TLS with DANE.

What application protocols did you have in mind?

-- 
	Viktor.