Re: [dane] I-D Action: draft-ietf-dane-smime-03.txt

Viktor Dukhovni <viktor1dane@dukhovni.org> Thu, 06 February 2014 14:16 UTC

Return-Path: <viktor1dane@dukhovni.org>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 97C651A0116 for <dane@ietfa.amsl.com>; Thu, 6 Feb 2014 06:16:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l8QITCIfKNld for <dane@ietfa.amsl.com>; Thu, 6 Feb 2014 06:16:18 -0800 (PST)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) by ietfa.amsl.com (Postfix) with ESMTP id AD3921A012E for <dane@ietf.org>; Thu, 6 Feb 2014 06:16:18 -0800 (PST)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id 869EA2AB23D; Thu, 6 Feb 2014 14:16:15 +0000 (UTC)
Date: Thu, 6 Feb 2014 14:16:15 +0000
From: Viktor Dukhovni <viktor1dane@dukhovni.org>
To: dane@ietf.org
Message-ID: <20140206141615.GW278@mournblade.imrryr.org>
References: <20140106212911.12960.24322.idtracker@ietfa.amsl.com> <A1C41700-578C-45C1-9A66-ACC051970F47@gmail.com> <58D91468-4295-4AEB-A5F4-3C796CBF047A@vpnc.org> <20140205210516.GN278@mournblade.imrryr.org> <alpine.LFD.2.10.1402052254590.13653@bofh.nohats.ca> <20140206042311.GF21114@mx1.yitter.info> <20140206043138.GT278@mournblade.imrryr.org> <20140206044440.GI21114@mx1.yitter.info> <20140206045524.GU278@mournblade.imrryr.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20140206045524.GU278@mournblade.imrryr.org>
User-Agent: Mutt/1.5.21 (2010-09-15)
Subject: Re: [dane] I-D Action: draft-ietf-dane-smime-03.txt
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: dane@ietf.org
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Feb 2014 14:16:23 -0000

On Thu, Feb 06, 2014 at 04:55:24AM +0000, Viktor Dukhovni wrote:

> All I know is that libresolv (used in Postfix) returns the TTL with
> each RR.  This is only a single data point, so I would not be at all
> shocked to discover that other stub resolvers are different in this
> regard, just very mildly surprised.

OK, I also used the DNS client library in Python once for SRV record
lookups, and this too returned TTLs.

Independently of Mark (who beat me to the punch with a more foreceful
objection), I was also wondering whether perhaps you're misremembering
the issue.  Without DANE, browsers have no need for explicit DNS
lookups, they just lookup network address information via getaddrinfo()
and friends.  So perhaps the issue you had in mind was that
getaddrinfo() returns no TTLs and no validation status.  This is
a well known limitation.

Once applications are doing explicit DNS lookups (SRV, TLSA, ...)
perhaps TTLs are generally available along with the RRDATA.

-- 
	Viktor.