Re: [dane] DANE Client Authentication draft updated

Kim Alvefur <zash@zash.se> Wed, 13 January 2016 02:10 UTC

Return-Path: <zash@zash.se>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 646731B2BD4 for <dane@ietfa.amsl.com>; Tue, 12 Jan 2016 18:10:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.551
X-Spam-Level:
X-Spam-Status: No, score=-1.551 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_SE=0.35, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f6sXYTzA7yma for <dane@ietfa.amsl.com>; Tue, 12 Jan 2016 18:10:16 -0800 (PST)
Received: from mail.zash.se (ip66.hethane.riksnet.nu [85.11.25.66]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 75ECB1B2BD3 for <dane@ietf.org>; Tue, 12 Jan 2016 18:10:16 -0800 (PST)
Received: from localhost (localhost [::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.zash.se (Postfix) with ESMTPSA id 7B19061E46 for <dane@ietf.org>; Wed, 13 Jan 2016 03:10:13 +0100 (CET)
To: dane@ietf.org
References: <CAHPuVdXb3HJfxayJbAqjYu4aYrHaJgeSrAVJ1GcnL863-6g7-Q@mail.gmail.com> <m3ziwa8sww.fsf@carbon.jhcloos.org> <CAHPuVdXYWoD5bZubAu5pEe18sfr69Nat=gp_7iagcVrAgTkY=g@mail.gmail.com>
From: Kim Alvefur <zash@zash.se>
Openpgp: id=3E52119EF853C59678DBBF6BADED9A77B67AD329; url=http://zash.se/~zash/pubkey.asc
X-Enigmail-Draft-Status: N1110
Message-ID: <5695B204.2000507@zash.se>
Date: Wed, 13 Jan 2016 03:10:12 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Icedove/38.5.0
MIME-Version: 1.0
In-Reply-To: <CAHPuVdXYWoD5bZubAu5pEe18sfr69Nat=gp_7iagcVrAgTkY=g@mail.gmail.com>
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="paVNrxrETVGsMUUct5R8fcBfpn4IwbnR0"
Archived-At: <http://mailarchive.ietf.org/arch/msg/dane/wE_e--9NrUs7X8S2peS_MdyBnp4>
Subject: Re: [dane] DANE Client Authentication draft updated
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Jan 2016 02:10:20 -0000

On 01/12/2016 11:21 PM, Shumon Huque wrote:
> On the "_smtp-client" label choice,

That seems like it will cause confusion considering _xmpp-client is used
in the XMPP world to refer to where the end-users connect their user
agents to, so basically equivalent to _submission in email.  And then
there's _xmpp-server for communication between servers.

FWIW, I would suggest _smtp-out as a less confusing label.

The word "client" is a bit ambiguous whether it refers to a user agent
or a server in the process of connecting to another server. It would
help to be more explicit about which one of these are being referred to,
or if it applies to both.

Client-DANE in the later context, enabling mutual authentication between
SMTP servers could be a nice improvement / complement to SPF & co.

-- 
Kim "Zash" Alvefur