IETF Logo Mail Archive

Re: [dispatch] please dispatch draft-bhjl-x509-srv-02.xml

"John R Levine" <johnl@taugh.com> Sun, 21 August 2016 18:39 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: dispatch@ietfa.amsl.com
Delivered-To: dispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 19C3B12D0DC for <dispatch@ietfa.amsl.com>; Sun, 21 Aug 2016 11:39:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=22XznlHJ; dkim=pass (1536-bit key) header.d=taugh.com header.b=AkepMuTt
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EqyaL7H5Ls22 for <dispatch@ietfa.amsl.com>; Sun, 21 Aug 2016 11:39:03 -0700 (PDT)
Received: from miucha.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6FA0D12D0D9 for <dispatch@ietf.org>; Sun, 21 Aug 2016 11:39:03 -0700 (PDT)
Received: (qmail 86953 invoked from network); 21 Aug 2016 18:39:01 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=153a8.57b9f545.k1608; bh=rR2byMGcxhYXLUuY39MobCuFzDp9bgFoyWiuwvojWh0=; b=22XznlHJ1kYfZzODeC/+0vxc2iIMGov2gFna2dJdnb5at2S4HlswCB6qgFrhi3Xk4Shy22wfyFjYB/3HqF0gM0nwzj2jUuHeS8t3H4ye6r/GyYNDPBuxGruWb8B7LTnJOjSshrSJU+L6g5ryo9x8dcNhTe3u29YyYvYXQTkdrchr8sYMViwdeNaPZ2PRE0jkVtstbnWPRpPML40iDFw2g9n6hrEiv0ucdQqKSwCm7WJGDZEsKklJfVX44ky0PaXL
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=153a8.57b9f545.k1608; bh=rR2byMGcxhYXLUuY39MobCuFzDp9bgFoyWiuwvojWh0=; b=AkepMuTt5QVA4isOxqr7u9CeXETGrGQ9Vu6pWt821e+T61KhQWDyz9ESMWwy/B0/8LQdO6ajjKklwUQPrjE07xmLAoewXcwvbrN1KJrbe4YYP8ziSEVV1KAnlD7YcopjURbMZuwlalmi7Ljqcx8vBtOcYbZ+wqfBHWp7CeUQeiDCpQEc5B8+SVFd4JUxIsnOgogE1yRK8y7G/EvgSLMQ8V/r+IRgC5MEsDiLd3roSRCFUw67eqsOJzgnY6hSkL66
Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.0/X.509/SHA1) via TCP6; 21 Aug 2016 18:39:01 -0000
Date: Sun, 21 Aug 2016 14:39:01 -0400
Message-ID: <alpine.OSX.2.11.1608211434380.46380@ary.lan>
From: John R Levine <johnl@taugh.com>
To: Eric Rescorla <ekr@rtfm.com>
In-Reply-To: <CABcZeBPrrG2LAuBaf26KaSykM0mCpJ9TssvbD8h_YA0058R-vQ@mail.gmail.com>
References: <CABcZeBOvc0pO9=+SM3P5cc3JPs9i9O3Peaf2wwKbLGoQQvpsvA@mail.gmail.com> <20160821175145.26541.qmail@ary.lan> <CABcZeBPrrG2LAuBaf26KaSykM0mCpJ9TssvbD8h_YA0058R-vQ@mail.gmail.com>
User-Agent: Alpine 2.11 (OSX 23 2013-08-11)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dispatch/Td4Wlp7IWTlQ4A3iZrVwRdDbL_s>
Cc: DISPATCH <dispatch@ietf.org>
Subject: Re: [dispatch] please dispatch draft-bhjl-x509-srv-02.xml
X-BeenThere: dispatch@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: DISPATCH Working Group Mail List <dispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dispatch>, <mailto:dispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dispatch/>
List-Post: <mailto:dispatch@ietf.org>
List-Help: <mailto:dispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dispatch>, <mailto:dispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 21 Aug 2016 18:39:05 -0000

>> Sure, if that were feasible.  I see no chance at all of getting a
>> sufficient agreement that domains are authorititative, or that they
>> aren't. ...

> This seems like a potential indicator that this technology is not yet ready
> for standardization.

Possibly, although since I talked in Berlin to people from one of the 
world's largest mail systems about implementing this, it seems we can try 
and figure out what we can standardize or we can stick our heads in the 
sand.

RFC 7929 and the forthcoming similar doc for S/MIME suggest that there is 
interest in domain authenticated certs.  But it may be that the interest 
is only in the DANE clique, in which case it would be easy enough to take 
out the domain authentication stuff and perhaps move it to a separate 
experimental draft.

> As I said previously, I kind of suspect that 4387 just meant that the 
> certs were all alternative EEs, but then you probably want some other 
> way to get the intermediates for the reason listed above, but in any 
> case you shouldn't just have them all in the same bucket. So, what's 
> probably best is to concretize this by saying that this bucket is just 
> for EE and then define some other mechanism for getting intermediates.

OK.  As I said, I'm not a great pkix expert, so whatever matches what 
S/MIME actually does would be great.

Regards,
John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly

v2.23.0 | Report a Bug | By Email