Re: [dane] Reusing TLSA
Olafur Gudmundsson <ogud@ogud.com> Mon, 24 September 2012 17:36 UTC
Return-Path: <ogud@ogud.com>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CD4C221F8822 for <dane@ietfa.amsl.com>; Mon, 24 Sep 2012 10:36:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.599
X-Spam-Level:
X-Spam-Status: No, score=-103.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3sjKa6efjXMk for <dane@ietfa.amsl.com>; Mon, 24 Sep 2012 10:36:15 -0700 (PDT)
Received: from smtp134.iad.emailsrvr.com (smtp134.iad.emailsrvr.com [207.97.245.134]) by ietfa.amsl.com (Postfix) with ESMTP id 4C6E121F8806 for <dane@ietf.org>; Mon, 24 Sep 2012 10:36:15 -0700 (PDT)
Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp43.relay.iad1a.emailsrvr.com (SMTP Server) with ESMTP id AD4D22D0C33 for <dane@ietf.org>; Mon, 24 Sep 2012 13:36:14 -0400 (EDT)
X-Virus-Scanned: OK
Received: by smtp43.relay.iad1a.emailsrvr.com (Authenticated sender: ogud-AT-ogud.com) with ESMTPSA id 8BD732D0C2A for <dane@ietf.org>; Mon, 24 Sep 2012 13:36:13 -0400 (EDT)
Message-ID: <50609A03.1050507@ogud.com>
Date: Mon, 24 Sep 2012 13:36:03 -0400
From: Olafur Gudmundsson <ogud@ogud.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20120907 Thunderbird/15.0.1
MIME-Version: 1.0
To: dane@ietf.org
References: <FE6C9DF2-E86E-4CEF-A537-D68C5952B602@vpnc.org>
In-Reply-To: <FE6C9DF2-E86E-4CEF-A537-D68C5952B602@vpnc.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: Re: [dane] Reusing TLSA
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Sep 2012 17:36:15 -0000
On 24/09/2012 12:51, Paul Hoffman wrote: > I'm starting this as a new thread because Richard conflated two > topics *and* missed the fact that there is already a WG document. > > The question becomes what the registration of an RRtype "means". If > it means the bits on the wire of the *response* and their semantics, > then I think the S/MIME document can use the TLSA RRtype. If an > RRtype also means the bits on the wire of the request and response, > we can't. > > Personally, I think that the RRtype is defined just by the bits in > the response, so we could reuse, but others might disagree. > > --Paul Hoffman > There are are two parts to TLSA reuse. 1) the RDATA format 2) The registries created for TLSA RR fields. a) TLSA Certificate Usages b) TLSA Selectors c) TLSA Matching Types Reuse of the TLSA format under another name can specify a different set of registries to use for the different fields. Reuse of TLSA RR by a protocol means subscribing to supporting new entries in the above registries and even allowing new entries in there that only make sense in one context. Current draft is silent on registry usage, which I take to mean that the TLSA registries are shared/inherited. Having said this I'm not sure if I care if TLSA is used or SMIMEA. PaulW, there is nothing in RFC6698 that says that NON-TLS uses of TLSA MUST use the same naming schema as TLS uses. Olafur
- Re: [dane] Reusing TLSA Matt Miller (mamille2)
- Re: [dane] Reusing TLSA Miek Gieben
- [dane] Reusing TLSA Paul Hoffman
- Re: [dane] Reusing TLSA Richard Barnes
- Re: [dane] Reusing TLSA Olafur Gudmundsson
- Re: [dane] Reusing TLSA Tony Finch
- Re: [dane] Reusing TLSA Dan York
- Re: [dane] Reusing TLSA Paul Hoffman
- Re: [dane] Reusing TLSA Ben Laurie
- Re: [dane] Reusing TLSA Paul Hoffman
- Re: [dane] Reusing TLSA Ben Laurie
- Re: [dane] Reusing TLSA Dan York
- Re: [dane] Reusing TLSA Tony Finch