Re: [dispatch] New Version Notification for draft-johansson-dispatch-dane-sip-00.txt

"Olle E. Johansson" <oej@edvina.net> Sat, 11 January 2014 14:59 UTC

Return-Path: <oej@edvina.net>
X-Original-To: dispatch@ietfa.amsl.com
Delivered-To: dispatch@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 37CEE1AE009 for <dispatch@ietfa.amsl.com>; Sat, 11 Jan 2014 06:59:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.55
X-Spam-Level:
X-Spam-Status: No, score=-1.55 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_SE=0.35, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ldTa8WpnX2c0 for <dispatch@ietfa.amsl.com>; Sat, 11 Jan 2014 06:59:34 -0800 (PST)
Received: from smtp7.webway.se (smtp7.webway.se [IPv6:2a02:920:212e::205]) by ietfa.amsl.com (Postfix) with ESMTP id 981C31AE007 for <dispatch@ietf.org>; Sat, 11 Jan 2014 06:59:33 -0800 (PST)
Received: from [192.168.40.13] (h87-96-134-129.dynamic.se.alltele.net [87.96.134.129]) by smtp7.webway.se (Postfix) with ESMTPA id E6F5993C2A1; Sat, 11 Jan 2014 14:59:21 +0000 (UTC)
Content-Type: multipart/alternative; boundary="Apple-Mail=_B055EE70-3924-4044-BF94-BFC0D6E24E6B"
Mime-Version: 1.0 (Mac OS X Mail 7.1 \(1827\))
From: "Olle E. Johansson" <oej@edvina.net>
In-Reply-To: <CAGL6epLH9L65DLoup30PW2d_jhbk3yHUDgwDWRYu0WAo0Hs3fA@mail.gmail.com>
Date: Sat, 11 Jan 2014 15:59:20 +0100
Message-Id: <A8E964F6-A7FB-4E12-97A0-DF0FF8CA8220@edvina.net>
References: <20140102101042.27427.64547.idtracker@ietfa.amsl.com> <0BA14051-5C7F-4416-8CD2-413347D540D3@edvina.net> <52C83591.3080702@alum.mit.edu> <EB6CEF2F-3207-47E7-9463-ACDDEF2A7826@edvina.net> <CALiegfmXUex+Z4dSnMy5vG2W3UjgTLKtnYAM4j=vp5dn2aFfdg@mail.gmail.com> <A7C3304F-A767-4B4A-89E9-01D8F074D8F6@edvina.net> <CALiegf=BnS7s4z0h6t1f=UQ+L8ApZ90cBXA22Webb3cCZYPufg@mail.gmail.com> <BFF6255C-0FC5-431A-A075-5425E74A2B8C@edvina.net> <CALiegfm-DF7ao4HjsMD2-TyHa1Eyez541KDkC=T6HTZJWKa5MQ@mail.gmail.com> <CAGL6epLH9L65DLoup30PW2d_jhbk3yHUDgwDWRYu0WAo0Hs3fA@mail.gmail.com>
To: Rifaat Shekh-Yusef <rifaat.ietf@gmail.com>
X-Mailer: Apple Mail (2.1827)
Cc: "dispatch@ietf.org list" <dispatch@ietf.org>
Subject: Re: [dispatch] New Version Notification for draft-johansson-dispatch-dane-sip-00.txt
X-BeenThere: dispatch@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DISPATCH Working Group Mail List <dispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dispatch>, <mailto:dispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dispatch/>
List-Post: <mailto:dispatch@ietf.org>
List-Help: <mailto:dispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dispatch>, <mailto:dispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Jan 2014 14:59:37 -0000

On 08 Jan 2014, at 14:23, Rifaat Shekh-Yusef <rifaat.ietf@gmail.com> wrote:

> The following is a quote from RFC6066, Section 3:
> 
>    Currently, the only server names supported are DNS hostnames;
>    however, this does not imply any dependency of TLS on DNS, and other
>    name types may be added in the future (by an RFC that updates this
>    document).
> 
> Should a new name_type be defined for this purpose, instead of overloading the host_name type?
> 
You are right, we are not allowed to ask for a domain. Now, what's fastest - getting TLS implementations
that support a new "domain" name_type or SIP-domain name type or DNSsec/Dane? :-)


If we need to add a new name_type - I guess that's work outside of RAI, maybe in the TLS wg. I don't see RFC 6066 defining an IANA registry for name_types even though it mentions that more name types can be added by RFCs.

Summary: In order for SIP domain certs to use SNI we do need to write an RFC that defines new name types when asking for a domain or a SIP URI that matches a SIP domain certificate. We might have to add a new IANA registry. Then we need code for this is the TLS libraries.

/O
> Regards,
>  Rifaat
> 
> 
> 
> On Wed, Jan 8, 2014 at 4:06 AM, Iñaki Baz Castillo <ibc@aliax.net> wrote:
> 2014/1/8 Olle E. Johansson <oej@edvina.net>et>:
> >> Honestly I've never understood the real difference between a domain
> >> and a hostname. Of course, IMHO, the SIP client should provide in the
> >> SNI the destination domain of the server it is attempting to connect
> >> to.
> > Right, but...
> >
> > Does anyone find this in any published document?
> 
> Not AFAIK :)
> But in this case SIP should follow well proven mechanisms and rules of HTTP(s).
> 
> 
> --
> Iñaki Baz Castillo
> <ibc@aliax.net>
> _______________________________________________
> dispatch mailing list
> dispatch@ietf.org
> https://www.ietf.org/mailman/listinfo/dispatch
>