Re: [Danish] Proposed WG Charter

Paul Wouters <paul@nohats.ca> Sun, 13 June 2021 22:21 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: danish@ietfa.amsl.com
Delivered-To: danish@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 88D683A11BD for <danish@ietfa.amsl.com>; Sun, 13 Jun 2021 15:21:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BmtZOdJpRPjk for <danish@ietfa.amsl.com>; Sun, 13 Jun 2021 15:21:50 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C6BCF3A11B8 for <danish@ietf.org>; Sun, 13 Jun 2021 15:21:50 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 4G38FQ3HgJzCb7 for <danish@ietf.org>; Mon, 14 Jun 2021 00:21:46 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1623622906; bh=d98VKBhpnd8FOS/xJGUyW1IxAC4J1MZYGN4UNBr37ys=; h=From:Subject:Date:References:In-Reply-To:To; b=KdBi8At/adXBLjP1XvUnKRdur5uP98PnuGsePYxAnnyrMh/D94c3RyocJD4d15JYU z4YwAsjZghhQC1/ltuFuvz1gn6ecLoSTaAhWYjZVjMmi0+R41nR/yDvfAz8qz0Lf7M PJUVdrBmU5vk7de1juGVTN7IJWsLbFHh4Fz4TzvM=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id AiC5QnvSVU6Q for <danish@ietf.org>; Mon, 14 Jun 2021 00:21:45 +0200 (CEST)
Received: from bofh.nohats.ca (bofh.nohats.ca [193.110.157.194]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS for <danish@ietf.org>; Mon, 14 Jun 2021 00:21:45 +0200 (CEST)
Received: from smtpclient.apple (unknown [193.110.157.209]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by bofh.nohats.ca (Postfix) with ESMTPSA id D237182456 for <danish@ietf.org>; Sun, 13 Jun 2021 18:21:43 -0400 (EDT)
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
From: Paul Wouters <paul@nohats.ca>
Mime-Version: 1.0 (1.0)
Date: Sun, 13 Jun 2021 18:21:42 -0400
Message-Id: <A7723DDA-3B78-46AD-9449-B6DF7F211706@nohats.ca>
References: <YMZwG/l/pne2tHJF@straasha.imrryr.org>
In-Reply-To: <YMZwG/l/pne2tHJF@straasha.imrryr.org>
To: danish@ietf.org
X-Mailer: iPhone Mail (18E212)
Archived-At: <https://mailarchive.ietf.org/arch/msg/danish/_1LIIOTsEQgsEJk3zKYMyNclpNQ>
Subject: Re: [Danish] Proposed WG Charter
X-BeenThere: danish@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <danish.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/danish>, <mailto:danish-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/danish/>
List-Post: <mailto:danish@ietf.org>
List-Help: <mailto:danish-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/danish>, <mailto:danish-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Jun 2021 22:21:56 -0000

On Jun 13, 2021, at 16:52, Viktor Dukhovni <ietf-dane@dukhovni.org> wrote:
> 
> On Sat, Jun 12, 2021 at 08:25:07AM -0700, Ash Wilson wrote:
> 
>> This is the final text for the proposed charter. We are seeking
>> support for the formation of the working group, as well as support for
>> implementation, adoption, and documentation efforts.
> 
> I see that others have commented positively on the charter, and yet
> somehow for me it seems rather muddled.  It is not clear to me what
> the motivating use-cases really are, nor how DANISH would resolve
> the key difficulties in those use-cases.

Same here. I did give feedback in the past already but especially the “client verification with and without dnssec” seem to be two widely different problems. And the one without dnssec (webpki) already exists ?

> Extending DANE to client auth is certainly an option for "devices" that
> one might reasonably want to register in DNS.

I have given this some thought in the last few weeks and I haven’t been able to find a use case where one actually wants client authentication using some IoT device on mobile data network. All use cases I can think of would not want to expose the client via public dnssec key registry or via public CA certs. I’d love to hear an example practical use case for DANISH.

Paul