Re: [Gen-art] Genart telechat review of draft-ietf-tls-dnssec-chain-extension-06
Shumon Huque <shuque@gmail.com> Wed, 07 February 2018 04:31 UTC
Return-Path: <shuque@gmail.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C70231243F6; Tue, 6 Feb 2018 20:31:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XQWH5v1J1WOp; Tue, 6 Feb 2018 20:31:23 -0800 (PST)
Received: from mail-it0-x230.google.com (mail-it0-x230.google.com [IPv6:2607:f8b0:4001:c0b::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9AA4412422F; Tue, 6 Feb 2018 20:31:20 -0800 (PST)
Received: by mail-it0-x230.google.com with SMTP id k131so613000ith.4; Tue, 06 Feb 2018 20:31:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=JbfG52p0Xkowqo9dfpQZoa1Q5FJxcbxsm6LGGCXed9k=; b=GZzkxhxiSA7pCevT6QRoua3O3pmIPz/A+eye5GbKGdKFzfCFZHKx4ZY/Q3Wzti5O1G 0Ht2xQz0NmpcJhAzRvHYvyDkuUh7+w3fNL9xccWA/d3a3EUR5C4/uDtryIfLuR4ZtPmr qCRPCuT6qIGpeyL8vrbHO8ofmpqUZqAmh2iA4578SywE6147x8so21OmO08NiR0wUB7B 663vH6LRaYhfVpDlFv47qk5nn5MEMOf7Y3x1xl4vk74CvetB19+UP5VJG+6GVB1WFHzg haGNjFVtvJ2o8JJcSx5KbFJXYcPH1xd+VqTxpEVD+1o55lpUhDdTjss6j0RrtohRLFK3 nxcA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=JbfG52p0Xkowqo9dfpQZoa1Q5FJxcbxsm6LGGCXed9k=; b=KfgZWCzxvqEs/ajz7ih8qPYLqcRUcKUPS7hUoRzjlrESinez8qzz4edO/tMpxigvlA WqTV41n8FusfNsop2kqWznmA84ZOAMe2posrQx+yOhJNi1g1qAjifegmDvaaSU6hshBZ iFv2kzqiezJq41DfzEg+PeQ7EkXpeqnoRElOwdB91lzUQfk5F/QVuz/8eiYkColYgJkB M+psuAho9Ermf03Hhx4TVncjf9TcxTBIQs9JDLmwCyZ37dOHohecuEV6MJ3MahD4wiRT ecOtjzRzIilBZYQ/NcfwtzlJqFACpLatCfU8Yrji6T1T8SpCjopQH1KKXtbkB/HnLmr1 vYsA==
X-Gm-Message-State: APf1xPD/wE1IxP0tkjhRIylttApFPza4MhqkTo47hAKnDWcjK7t6PNsZ PJreHAx5vKKoVZg5dsyZOi/ZB0oS8S3zen6ve/4=
X-Google-Smtp-Source: AH8x226uFspNKNkgiw71w3gAaFGEp5el6SVX+6dgYN7hOZ/dISkfKFkV+xyXVkYMlmEC0o1wHh2UR5TNeOIe5VCXEkE=
X-Received: by 10.36.73.77 with SMTP id z74mr140321ita.72.1517977879979; Tue, 06 Feb 2018 20:31:19 -0800 (PST)
MIME-Version: 1.0
Received: by 10.79.201.198 with HTTP; Tue, 6 Feb 2018 20:31:19 -0800 (PST)
In-Reply-To: <151796675979.25928.2038193051971303546@ietfa.amsl.com>
References: <151796675979.25928.2038193051971303546@ietfa.amsl.com>
From: Shumon Huque <shuque@gmail.com>
Date: Tue, 06 Feb 2018 23:31:19 -0500
Message-ID: <CAHPuVdWmSDoPQsO9z=Nw6yLSNC5c=oQjqrxOjc9ZP_W8cNq9Lw@mail.gmail.com>
To: Matthew Miller <linuxwolf+ietf@outer-planes.net>
Cc: gen-art@ietf.org, ietf <ietf@ietf.org>, draft-ietf-tls-dnssec-chain-extension.all@ietf.org, TLS WG <tls@ietf.org>
Content-Type: multipart/alternative; boundary="001a11c145d05029c3056497c466"
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/FLyz7FAc7dnqNlCvxZs6vQWBaVI>
Subject: Re: [Gen-art] Genart telechat review of draft-ietf-tls-dnssec-chain-extension-06
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Feb 2018 04:31:26 -0000
On Tue, Feb 6, 2018 at 8:25 PM, Matthew Miller < linuxwolf+ietf@outer-planes.net> wrote: > Reviewer: Matthew Miller > Review result: Ready with Nits > > I am the assigned Gen-ART reviewer for this draft. The General Area > Review Team (Gen-ART) reviews all IETF documents being processed > by the IESG for the IETF Chair. Please wait for direction from your > document shepherd or AD before posting a new version of the draft. > > For more information, please see the FAQ at > > <https://trac.ietf.org/trac/gen/wiki/GenArtfaq>. > > Document: draft-ietf-tls-dnssec-chain-extension-06 > Reviewer: Matthew A. Miller > Review Date: 2018-02-06 > IETF LC End Date: 2018-02-07 > IESG Telechat date: 2018-02-08 > > Summary: > > This document is ready, with one issue that I think could benefit > from some clarification. > > Major issues: > > NONE > > Minor issue: > > This is more a question, that might warrant some clarification: > In 7. Verification, the last paragraph discusses client-side > caching of the RRsets. If a client has cached the full RRset chain > from TLSA to root RRSIG (and that cache is still viable), is the > client still expected to specify the "dnssec_chain" extension? > > In my reading, that does not seem necessary, and I think it might > be worth noting if that is true. > Yes, if the client has cached either the validated TLSA RRset or the full chain, then it doesn't need to send the dnssec_chain for subsequent connections. If it has only cached other portions of the chain, then it needs to. We can clarify this. Shumon Huque
- [Gen-art] Genart telechat review of draft-ietf-tl… Matthew Miller
- Re: [Gen-art] Genart telechat review of draft-iet… Shumon Huque
- Re: [Gen-art] Genart telechat review of draft-iet… Alissa Cooper