IETF Logo Mail Archive

Re: (short version) Re: Last Call: <draft-faltstrom-uri-10.txt> (The Uniform Resource Identifier (URI) DNS Resource Record) to Proposed Standard

Viktor Dukhovni <ietf-dane@dukhovni.org> Mon, 02 March 2015 15:52 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 64E551A00D4 for <ietf@ietfa.amsl.com>; Mon, 2 Mar 2015 07:52:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wnBLB6Uxzuhq for <ietf@ietfa.amsl.com>; Mon, 2 Mar 2015 07:52:07 -0800 (PST)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 58ACA1A008A for <ietf@ietf.org>; Mon, 2 Mar 2015 07:52:02 -0800 (PST)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id A6DCC282FC0; Mon, 2 Mar 2015 15:52:00 +0000 (UTC)
Date: Mon, 02 Mar 2015 15:52:00 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: ietf@ietf.org
Subject: Re: (short version) Re: Last Call: <draft-faltstrom-uri-10.txt> (The Uniform Resource Identifier (URI) DNS Resource Record) to Proposed Standard
Message-ID: <20150302155200.GM1260@mournblade.imrryr.org>
References: <20150224172649.GX1260@mournblade.imrryr.org> <tslvbircj0d.fsf@mit.edu> <0325DF3F-17F3-4400-BDEA-EDB5334BF35C@frobbit.se> <20150225180227.GT1260@mournblade.imrryr.org> <7AB921D35A7F9B23A53BD11A@JcK-HP8200.jck.com> <tslvbip8io6.fsf@mit.edu> <54F09A35.9060506@qti.qualcomm.com> <CAK3OfOjTs84ckEXanQrtQZU-ei-o5C0wRLQq4inQ8mb5cKXAow@mail.gmail.com> <20150227182707.GW1260@mournblade.imrryr.org> <tslh9u742rw.fsf@mit.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <tslh9u742rw.fsf@mit.edu>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/DQ6i0uysQMLNvlFnNwAlebNQAVg>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: ietf@ietf.org
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Mar 2015 15:52:08 -0000

On Fri, Feb 27, 2015 at 01:39:47PM -0500, Sam Hartman wrote:

> If you're willing to trust DNS and if you're using DNSSec, I don't see
> why you can't just trust the target of the redirection.

That's what one generally does.  Indeed TLSA records don't change
that part of the picture when trust in DNSSEC anchors makes sense.

> What are you getting out of forcing DANE?

I don't want to hijack this thread, so perhaps we can leave that
question for some future more appropriate context.

-- 
	Viktor.

v2.23.0 | Report a Bug | By Email