Re: [dane] Working group Last call: draft-ietf-dane-smime-11.txt

Jim Schaad <ietf@augustcellars.com> Mon, 25 July 2016 14:02 UTC

Return-Path: <ietf@augustcellars.com>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8F86712D87A for <dane@ietfa.amsl.com>; Mon, 25 Jul 2016 07:02:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.188
X-Spam-Level:
X-Spam-Status: No, score=-3.188 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-1.287, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y4RrlCe517QG for <dane@ietfa.amsl.com>; Mon, 25 Jul 2016 07:02:50 -0700 (PDT)
Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B9EE312D790 for <dane@ietf.org>; Mon, 25 Jul 2016 07:02:49 -0700 (PDT)
Received: from hebrews (192.168.1.152) by mail2.augustcellars.com (192.168.1.201) with Microsoft SMTP Server (TLS) id 15.0.1178.4; Mon, 25 Jul 2016 07:08:54 -0700
From: Jim Schaad <ietf@augustcellars.com>
To: 'Paul Wouters' <paul@nohats.ca>, 'Warren Kumari' <warren@kumari.net>
References: <F7B890A0-6A67-41C0-B46A-831EC55452D3@ogud.com> <CAHw9_i+2wGPgKk9oKJLH+ZF-5pztPMeDv+4=SXP5qgM1-PH7fw@mail.gmail.com> <alpine.LRH.2.20.1607250908430.18124@bofh.nohats.ca>
In-Reply-To: <alpine.LRH.2.20.1607250908430.18124@bofh.nohats.ca>
Date: Mon, 25 Jul 2016 07:02:36 -0700
Message-ID: <032801d1e67d$34d80d90$9e8828b0$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQKO9jUL14/4foXd2RoMMb1DpIWOmgI0XZifAcquQy6ejxVbQA==
Content-Language: en-us
X-Originating-IP: [192.168.1.152]
Archived-At: <https://mailarchive.ietf.org/arch/msg/dane/z63skYVl6d4slf9QfSCsKXwbyO8>
Cc: 'dane WG list' <dane@ietf.org>
Subject: Re: [dane] Working group Last call: draft-ietf-dane-smime-11.txt
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jul 2016 14:02:56 -0000


> -----Original Message-----
> From: dane [mailto:dane-bounces@ietf.org] On Behalf Of Paul Wouters
> Sent: Monday, July 25, 2016 6:33 AM
> To: Warren Kumari <warren@kumari.net>
> Cc: dane WG list <dane@ietf.org>
> Subject: Re: [dane] Working group Last call: draft-ietf-dane-smime-11.txt
> 
> On Sun, 24 Jul 2016, Warren Kumari wrote:
> 
> > A reminder that this WGLC closes tomorrow -- so far we have not really
> > seen sufficient feedback on this document. PLEASE review this document
> > and provide comment.
> 
> I have reviewed the document. I think it is ready for IETF LC but it could see a
> few small changes:
> 
> It should probably update its reference in the introduction to list soon to be RFC-
> 7929 (openpgpkey) and wait on that doc (in AUTH48 now) to go out first.
> 
>  	The SMIMEA resource record has no special TTL requirements.
> 
> During openpgpkey discussion, it was decided it was better to remove this line. I
> would think the same applies to smime.
> 
> During openpgpkey discussion, people insisted on specifying the "experimental
> goal" of the Experimental RFC. That section is missing in this document.
> 
> Section 3's title is a bit long. In openpgpkey we used a shorter title. I suggest
> "Location of the SMIMEA record".
> 
> The openpgpkey had updated the "tcp only" phrasing to make it more layer
> agnostic and mentions DNS-COOKIES as a defense and method to allow UDP.
> You might want to consider using the same approach instead of banning UDP
> altogether.
> 
> > I also wanted to make sure people (including the authors) had seen:
> > https://www.ietf.org/mail-archive/web/dane/current/msg08382.html
> 
> This has come up in the past when discussing SMIME. One suggestion was to use
> a different prefix (like _encrypt. and _sign). When this was brought up, the
> patent status of this was not entirely clear, and there were privacy discussions
> raised on exposing queries to the purpose of the query. Perhaps the document
> can state that if the certificate is obtained via SMIMEA, it should be checked
> whether it is suitable for the task to perform. And that publishers are
> encouraged to publish SMIMEA records for certificates that allow both signing
> and encryption.
> But this latter approach did not have a clear consensus.

This is not the issue that my message was designed to highlight.  In S/MIME it is possible to say which of the message formats and which content encryption algorithms are supported by a client.  This is not the same as designating if a certificate is being used for encryption or signing.

Jim

> 
> Paul
> 
> > W
> >
> > On Sat, Jul 9, 2016 at 12:53 PM, Olafur Gudmundsson <ogud@ogud.com>
> wrote:
> >>
> >> Dear Colleagues
> >>
> >> The editors of
> >> https://datatracker.ietf.org/doc/draft-ietf-dane-smime/ have
> >> requested a WGLC, the chairs are satisfied that the document is in
> >> good shape. This message starts a three week WG LC, that concludes on
> >> Monday July 25 23:59 UTC (we have extended the usual 2 weeks because
> >> of the upcoming meeting, travel, etc).
> >>
> >> This document is on the Experimental track, it is a close relative of
> >> a prior document from our group
> >> https://datatracker.ietf.org/doc/draft-ietf-dane-openpgpkey/  which
> >> is in
> >> AUTH-48 at this point.
> >> Any discussions on “local part” other than to point out a difference
> >> between the OPENPGP document and this one are out of scope.
> >>
> >> Any other issues should be brought forward
> >>
> >> thanks
> >>   Olafur & Warren
> >>
> >> _______________________________________________
> >> dane mailing list
> >> dane@ietf.org
> >> https://www.ietf.org/mailman/listinfo/dane
> >>
> >
> >
> >
> > --
> > I don't think the execution is relevant when it was obviously a bad
> > idea in the first place.
> > This is like putting rabid weasels in your pants, and later expressing
> > regret at having chosen those particular rabid weasels and that pair
> > of pants.
> >   ---maf
> >
> > _______________________________________________
> > dane mailing list
> > dane@ietf.org
> > https://www.ietf.org/mailman/listinfo/dane
> >
> 
> _______________________________________________
> dane mailing list
> dane@ietf.org
> https://www.ietf.org/mailman/listinfo/dane