Re: [dane] Review draft-hoffman-dane-smime-04.txt
Carl Wallace <carl@redhoundsoftware.com> Wed, 12 September 2012 00:29 UTC
Return-Path: <carl@redhoundsoftware.com>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 724D921F8584 for <dane@ietfa.amsl.com>; Tue, 11 Sep 2012 17:29:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L87rkV2BVpiF for <dane@ietfa.amsl.com>; Tue, 11 Sep 2012 17:29:30 -0700 (PDT)
Received: from mail-gg0-f172.google.com (mail-gg0-f172.google.com [209.85.161.172]) by ietfa.amsl.com (Postfix) with ESMTP id F05C321F8582 for <dane@ietf.org>; Tue, 11 Sep 2012 17:29:29 -0700 (PDT)
Received: by ggnh4 with SMTP id h4so258785ggn.31 for <dane@ietf.org>; Tue, 11 Sep 2012 17:29:29 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=user-agent:date:subject:from:to:message-id:thread-topic:in-reply-to :mime-version:content-type:content-transfer-encoding :x-gm-message-state; bh=ufXnPXf+EslfdBJd3rR/bWDzTnLwSdA9FItsBrKtCco=; b=Cla3Fw46GkLOa9lEyhbfagTji6MIj+WCo8DkLN4r3TMF0R5V/K5NwMFj+dgzqmPGMH gKwJhzxbXQkXxwTg38Z5eu696Rn62+evgs+Q3X2vUV5EOv47iif0F/GeVJ8brgk+C91t l5iiP8x34kWjXZ2woPaS0QnqzcwwoPBB96VwAxrKvis1MqnQdyDS90e4pyrBljYX8zaK r6hX1prfVzEhzNS3aUpPsFS/zncjcUdrC+9cgYaGB7AoN+m8a2PcJAbE8qm18jNyEec7 tUQuEvb9xj8SYAPkTrgsWMoSByV8cp8F0V5cLrQIIs4URL7qlygmz8MczshNWAivULkC 3/7A==
Received: by 10.236.197.3 with SMTP id s3mr18378040yhn.1.1347409769435; Tue, 11 Sep 2012 17:29:29 -0700 (PDT)
Received: from [192.168.2.3] (pool-72-66-83-116.washdc.fios.verizon.net. [72.66.83.116]) by mx.google.com with ESMTPS id p21sm33019555yhj.11.2012.09.11.17.29.25 (version=SSLv3 cipher=OTHER); Tue, 11 Sep 2012 17:29:28 -0700 (PDT)
User-Agent: Microsoft-MacOutlook/14.2.3.120616
Date: Tue, 11 Sep 2012 20:29:20 -0400
From: Carl Wallace <carl@redhoundsoftware.com>
To: Jim Schaad <ietf@augustcellars.com>, 'IETF DANE WG list' <dane@ietf.org>
Message-ID: <CC754DD8.26E51%carl@redhoundsoftware.com>
Thread-Topic: [dane] Review draft-hoffman-dane-smime-04.txt
In-Reply-To: <04c801cd907a$32c47c80$984d7580$@augustcellars.com>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
X-Gm-Message-State: ALoCoQlN+ccUJayydQvZsv7nvysbXQJkR8TJlt5DfH6VJaD8fp09Qqch0czQQsIGAMcqGlpGQt+p
Subject: Re: [dane] Review draft-hoffman-dane-smime-04.txt
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Sep 2012 00:29:30 -0000
On 9/11/12 8:04 PM, "Jim Schaad" <ietf@augustcellars.com> wrote: ><snip> >2. In order to deal with issues that are present for S/MIME and not for >TLS, I believe that a new conjunction items is required to be added to the >Certificate Usage field that says a) this is the EE certificate to be used >and b) this is the trust anchor to be used. Why the trust anchor? It's far more common (in my experience) to have to install a trust anchor to exchange email with someone than to interact with a web server. It's also common for the trust anchor considered by the sender to vary from the trust anchor used by the verifier. A CA constraint should work well here. >3. If the certificate lookup problem is to be solved, then it needs to be >made clear that the full certificate selector is going to be the common >one >for the EE certificate of an S/MIME recipient for encryption, but it may >not >be for an S/MIME sender that is signing. Certificate lookup for encryption seems like something that might be better solved using a certificate transparency log. <snip>
- [dane] Review draft-hoffman-dane-smime-04.txt Jim Schaad
- Re: [dane] Review draft-hoffman-dane-smime-04.txt Carl Wallace
- Re: [dane] Review draft-hoffman-dane-smime-04.txt Jim Schaad