IETF Logo Mail Archive

Re: [dane] Reusing TLSA

Olafur Gudmundsson <ogud@ogud.com> Mon, 24 September 2012 17:36 UTC

Return-Path: <ogud@ogud.com>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CD4C221F8822 for <dane@ietfa.amsl.com>; Mon, 24 Sep 2012 10:36:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.599
X-Spam-Level:
X-Spam-Status: No, score=-103.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3sjKa6efjXMk for <dane@ietfa.amsl.com>; Mon, 24 Sep 2012 10:36:15 -0700 (PDT)
Received: from smtp134.iad.emailsrvr.com (smtp134.iad.emailsrvr.com [207.97.245.134]) by ietfa.amsl.com (Postfix) with ESMTP id 4C6E121F8806 for <dane@ietf.org>; Mon, 24 Sep 2012 10:36:15 -0700 (PDT)
Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp43.relay.iad1a.emailsrvr.com (SMTP Server) with ESMTP id AD4D22D0C33 for <dane@ietf.org>; Mon, 24 Sep 2012 13:36:14 -0400 (EDT)
X-Virus-Scanned: OK
Received: by smtp43.relay.iad1a.emailsrvr.com (Authenticated sender: ogud-AT-ogud.com) with ESMTPSA id 8BD732D0C2A for <dane@ietf.org>; Mon, 24 Sep 2012 13:36:13 -0400 (EDT)
Message-ID: <50609A03.1050507@ogud.com>
Date: Mon, 24 Sep 2012 13:36:03 -0400
From: Olafur Gudmundsson <ogud@ogud.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20120907 Thunderbird/15.0.1
MIME-Version: 1.0
To: dane@ietf.org
References: <FE6C9DF2-E86E-4CEF-A537-D68C5952B602@vpnc.org>
In-Reply-To: <FE6C9DF2-E86E-4CEF-A537-D68C5952B602@vpnc.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: Re: [dane] Reusing TLSA
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Sep 2012 17:36:15 -0000

On 24/09/2012 12:51, Paul Hoffman wrote:
> I'm starting this as a new thread because Richard conflated two
> topics *and* missed the fact that there is already a WG document.
>
> The question becomes what the registration of an RRtype "means". If
> it means the bits on the wire of the *response* and their semantics,
> then I think the S/MIME document can use the TLSA RRtype. If an
> RRtype also means the bits on the wire of the request and response,
> we can't.
>
> Personally, I think that the RRtype is defined just by the bits in
> the response, so we could reuse, but others might disagree.
>
> --Paul Hoffman
>

There are are two parts to TLSA reuse.

1) the RDATA format
2) The registries created for TLSA RR fields.
	a) TLSA Certificate Usages
	b) TLSA Selectors
	c) TLSA Matching Types

Reuse of the TLSA format under another name can specify a different set
of registries to use for the different fields.
Reuse of TLSA RR by a protocol means subscribing to supporting new
entries in the above registries and even allowing new entries in there
that only make sense in one context.

Current draft is silent on registry usage, which I take to mean that the
TLSA registries are shared/inherited.

Having said this I'm not sure if I care if TLSA is used or SMIMEA.

PaulW, there is nothing in RFC6698 that says that NON-TLS uses of TLSA
MUST use the same naming schema as TLS uses.

	Olafur

v2.23.0 | Report a Bug | By Email