Re: [dispatch] DANE SRV draft and SIP
Peter Saint-Andre <stpeter@stpeter.im> Mon, 22 April 2013 18:28 UTC
Return-Path: <stpeter@stpeter.im>
X-Original-To: dispatch@ietfa.amsl.com
Delivered-To: dispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1065521F933F for <dispatch@ietfa.amsl.com>; Mon, 22 Apr 2013 11:28:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.979
X-Spam-Level:
X-Spam-Status: No, score=-101.979 tagged_above=-999 required=5 tests=[AWL=-0.620, BAYES_00=-2.599, SARE_LWSHORTT=1.24, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HEFgqMhvkXOc for <dispatch@ietfa.amsl.com>; Mon, 22 Apr 2013 11:28:23 -0700 (PDT)
Received: from stpeter.im (mailhost.stpeter.im [207.210.219.225]) by ietfa.amsl.com (Postfix) with ESMTP id E5CFA21F933B for <dispatch@ietf.org>; Mon, 22 Apr 2013 11:28:22 -0700 (PDT)
Received: from ergon.local (unknown [128.107.239.234]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id 4FC7A41026; Mon, 22 Apr 2013 12:39:09 -0600 (MDT)
Message-ID: <51758144.1090201@stpeter.im>
Date: Mon, 22 Apr 2013 12:28:20 -0600
From: Peter Saint-Andre <stpeter@stpeter.im>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:17.0) Gecko/20130328 Thunderbird/17.0.5
MIME-Version: 1.0
To: "Olle E. Johansson" <oej@edvina.net>
References: <A4E7BF8C-AF95-4669-8855-497C46067C1A@edvina.net> <C0FFAED0-AA24-41E4-979E-FFB8167A1940@edvina.net> <CAHBDyN5Ys6zcXKAyZQRwmD_RzD19Fe-4v5kWxvFpNZzEwWdxnA@mail.gmail.com> <949EF20990823C4C85C18D59AA11AD8B02B11A@FR712WXCHMBA11.zeu.alcatel-lucent.com> <667E20A3-B542-4C5D-B88D-200EA94EE3C7@edvina.net>
In-Reply-To: <667E20A3-B542-4C5D-B88D-200EA94EE3C7@edvina.net>
X-Enigmail-Version: 1.5.1
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: "dispatch@ietf.org list" <dispatch@ietf.org>
Subject: Re: [dispatch] DANE SRV draft and SIP
X-BeenThere: dispatch@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DISPATCH Working Group Mail List <dispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dispatch>, <mailto:dispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dispatch>
List-Post: <mailto:dispatch@ietf.org>
List-Help: <mailto:dispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dispatch>, <mailto:dispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Apr 2013 18:28:24 -0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 4/22/13 12:18 PM, Olle E. Johansson wrote: > > 22 apr 2013 kl. 18:42 skrev "DRAGE, Keith (Keith)" > <keith.drage@alcatel-lucent.com>: > >> While there was never a formal mailing list poll (because we >> never got to the point of needing a 3261bis), I think there was a >> considerable body of opinion during the development of >> domain-certs that the material would form part of any 3261bis >> work. That I think lends support to any further work being done >> in sipcore. >> >> I do suggest you look back in the archives for the mailing list >> discussion on domain-certs. You'll find it on the sip (not >> sipcore) mailing list archive. You'll find the WG discussion >> between Feb 2008 and April 2009 with the IESG approval discussion >> continuing until May 2010. > > Keith, Thank you for the reference. > > Note that I'm not saying that RFC 5922 is wrong. The issue at hand > is that the DANE groups current RFC suggests a solution not > compatible with 5922. We need to decide which way to go. > > We could recommend that the DANE way is used when DNSsec and DANE > validation is possible, and keep RFC 5922 for other cases. Well, it's clear to me that we wouldn't allow checking of the derived domain (in RFC 6125 terms) unless DNSSEC validation succeeds. Since that is currently a rare event, we'd just continue to do what RFC 5922 says, which in draft-ietf-xmpp-dna we call the PKI prooftype. > Or update the recommendation in 5922 to make sip with TLS better in > regards to hosting larger amounts of domains. I think that is somewhat a separate issue from defining the DANE prooftype, because other prooftypes might be possible or more deployable in the short term, such as the POSH prooftype that Matt Miller and I have defined in draft-miller-xmpp-posh-prooftype (but which is not specific to XMPP). Peter -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.19 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJRdYFEAAoJEOoGpJErxa2pLCoP/1wYQA2CGqmaCwtG0udAP9bL PyaYjqWqofvEdnJk/Nm/HKZdZ3MuGzpqydWo11Yi/GOyyjIzZrNQKZ2c4gPhCiNB KdOMiMGBU625vsCJjhu8E5b14sXc4lJc7iEf2dfmMQpwer26YmGrRpolVSsBZ/td 3FvkbPChbC9zg8YHSN9k9tkQlxfwwK5sjgIMDGtOhaKnhUBlIiGV0iTXZL1nkMdq X9DUWzlvCHxNHWB2W1nbtYagNWu6QaoJTI88O/5qcwP4pZsrHbhelvqeuERfF+sY sBIBrxYBNUhM9a7wWhxrlqSBeM/nt/oM46osV/sI5qrobkNs26l7hHkh/CVzpr/H 72c1PaujqKJx4Osidyi24a9Lc6JTke/v4gr+ObN9zDBaUvAcXghqk73j8P2rUsj+ T64/lN1n22G87d9sdi9X7RUdfTlPmg65CFmfhBMTfYnz2ZL7YzVxvnKs+Q/BF/1S 7pHMJoviKM7V1cx3OYaEBqFnnRzWOlcfrULzy0VrFw7IjxD6+W9RxGoi2Zv1R2xL tBy+FV9iUXS9CHyrEmjm+DYgqopg70PCaIEjHZzrC2SCbWw2DBbP0K/d5YL51Vmz Hyz8T3h4pSfgkwa/wPs7WeP6UrHV3Cz66077L+taLuT1NV7JP1lr9L8pLDMj6xQ8 fpkwx+0yZnAY8VBDp76A =6W3o -----END PGP SIGNATURE-----
- [dispatch] Fwd: DANE SRV draft and SIP Olle E. Johansson
- Re: [dispatch] Fwd: DANE SRV draft and SIP Mary Barnes
- Re: [dispatch] Fwd: DANE SRV draft and SIP Olle E. Johansson
- Re: [dispatch] Fwd: DANE SRV draft and SIP Vijay K. Gurbani
- Re: [dispatch] Fwd: DANE SRV draft and SIP DRAGE, Keith (Keith)
- Re: [dispatch] Fwd: DANE SRV draft and SIP Peter Saint-Andre
- Re: [dispatch] DANE SRV draft and SIP Olle E. Johansson
- Re: [dispatch] DANE SRV draft and SIP Peter Saint-Andre
- Re: [dispatch] DANE SRV draft and SIP Olle E. Johansson
- Re: [dispatch] DANE SRV draft and SIP Peter Saint-Andre
- [dispatch] Brigining SIP+DANE to Dispatch Cullen Jennings
- Re: [dispatch] Brigining SIP+DANE to Dispatch Olle E. Johansson
- Re: [dispatch] Brigining SIP+DANE to Dispatch DRAGE, Keith (Keith)
- Re: [dispatch] Brigining SIP+DANE to Dispatch Paul Kyzivat
- Re: [dispatch] Brigining SIP+DANE to Dispatch Olle E. Johansson