Re: UTA: Server certificate management (Re: Last Call: <draft-ietf-uta-email-tls-certs-05.txt>)
"John Levine" <johnl@taugh.com> Fri, 04 December 2015 03:53 UTC
Return-Path: <johnl@taugh.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 451501B2CA3 for <ietf@ietfa.amsl.com>; Thu, 3 Dec 2015 19:53:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.037
X-Spam-Level:
X-Spam-Status: No, score=-1.037 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4nlu01vPFvru for <ietf@ietfa.amsl.com>; Thu, 3 Dec 2015 19:53:28 -0800 (PST)
Received: from miucha.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 298F81B2CA2 for <ietf@ietf.org>; Thu, 3 Dec 2015 19:53:28 -0800 (PST)
Received: (qmail 20499 invoked from network); 4 Dec 2015 03:53:26 -0000
Received: from unknown (64.57.183.18) by mail1.iecc.com with QMQP; 4 Dec 2015 03:53:26 -0000
Date: Fri, 04 Dec 2015 03:53:04 -0000
Message-ID: <20151204035304.37360.qmail@ary.lan>
From: John Levine <johnl@taugh.com>
To: ietf@ietf.org
Subject: Re: UTA: Server certificate management (Re: Last Call: <draft-ietf-uta-email-tls-certs-05.txt>)
In-Reply-To: <5660AD34.5010208@alvestrand.no>
Organization:
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/P7MKbMshnxhEPN4UPVuyU8HsndE>
Cc: harald@alvestrand.no
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Dec 2015 03:53:29 -0000
>The "technical omission" here is "using 6186 together with mail servers >supporting a high number of domains is going to be painful, and this >document doesn't say how to solve it". Wait a minute. If you don't use the SRV-IDs, which you don't need if use DNSSEC on the SRV records, 6186 scales just fine. No SNI, nothing but SRV records that have the domain name that should match the DNS-ID the server presents. What am I missing? On the other hand, if you need the SRV-ID records, a server that supports two domains is going to be just as schrod if the domains don't happen to bear a relationship to the DNS-ID that CAs can verify. R's, John
- Re: Last Call: <draft-ietf-uta-email-tls-certs-05… Russ Housley
- Re: Last Call: <draft-ietf-uta-email-tls-certs-05… Samir Srivastava
- Re: Last Call: <draft-ietf-uta-email-tls-certs-05… Samir Srivastava
- Re: Last Call: <draft-ietf-uta-email-tls-certs-05… Samir Srivastava
- SPAM: - Re: Last Call: <draft-ietf-uta-email-tls-… ComKal Networks
- Re: SPAM: - Re: Last Call: <draft-ietf-uta-email-… Samir Srivastava
- Re: SPAM: - Re: Last Call: <draft-ietf-uta-email-… Niels Dettenbach
- Re: SPAM: - Re: Last Call: <draft-ietf-uta-email-… Samir Srivastava
- Re: SPAM: - Re: Last Call: <draft-ietf-uta-email-… Samir Srivastava
- Re: SPAM: - Re: Last Call: <draft-ietf-uta-email-… Samir Srivastava
- Re: SPAM: - Re: Last Call: <draft-ietf-uta-email-… Randy Bush
- Re: SPAM: - Re: Last Call: <draft-ietf-uta-email-… Samir Srivastava
- Re: SPAM: - Re: Last Call: <draft-ietf-uta-email-… Randy Bush
- Re: SPAM: - Re: Last Call: <draft-ietf-uta-email-… Samir Srivastava
- Re: Last Call: <draft-ietf-uta-email-tls-certs-05… Alexey Melnikov
- Re: SPAM: - Re: Last Call: <draft-ietf-uta-email-… Samir Srivastava
- Re: Last Call: <draft-ietf-uta-email-tls-certs-05… Mike StJohns
- Re: Last Call: <draft-ietf-uta-email-tls-certs-05… John C Klensin
- Re: SPAM: - Re: Last Call: <draft-ietf-uta-email-… JORDI PALET MARTINEZ
- Re: SPAM: - Re: Last Call: <draft-ietf-uta-email-… Samir Srivastava
- Re: Last Call: <draft-ietf-uta-email-tls-certs-05… Leif Johansson
- Re: Last Call: <draft-ietf-uta-email-tls-certs-05… Russ Housley
- Re: Last Call: <draft-ietf-uta-email-tls-certs-05… Viktor Dukhovni
- Re: Last Call: <draft-ietf-uta-email-tls-certs-05… Viktor Dukhovni
- Re: Last Call: <draft-ietf-uta-email-tls-certs-05… JORDI PALET MARTINEZ
- Re: Last Call: <draft-ietf-uta-email-tls-certs-05… stephen.farrell
- Re: [Uta] Last Call: <draft-ietf-uta-email-tls-ce… Alexey Melnikov
- Re: [Uta] Last Call: <draft-ietf-uta-email-tls-ce… Julien ÉLIE
- Re: Last Call: <draft-ietf-uta-email-tls-certs-05… Alessandro Vesely
- Re: Last Call: <draft-ietf-uta-email-tls-certs-05… Alexey Melnikov
- Re: Last Call: <draft-ietf-uta-email-tls-certs-05… Viktor Dukhovni
- Re: Last Call: <draft-ietf-uta-email-tls-certs-05… John C Klensin
- Re: Last Call: <draft-ietf-uta-email-tls-certs-05… Viktor Dukhovni
- Re: Last Call: <draft-ietf-uta-email-tls-certs-05… Alexey Melnikov
- Re: [Uta] Last Call: <draft-ietf-uta-email-tls-ce… Alexey Melnikov
- Re: Last Call: <draft-ietf-uta-email-tls-certs-05… Alessandro Vesely
- UTA: Server certificate management (Re: Last Call… Harald Alvestrand
- Re: UTA: Server certificate management (Re: Last … John Levine
- Re: UTA: Server certificate management (Re: Last … Dave Cridland
- Re: UTA: Server certificate management (Re: Last … Viktor Dukhovni
- Re: UTA: Server certificate management (Re: Last … Harald Alvestrand
- Re: UTA: Server certificate management (Re: Last … Alexey Melnikov
- Re: UTA: Server certificate management (Re: Last … Alexey Melnikov
- Re: UTA: Server certificate management (Re: Last … John Levine
- Re: UTA: Server certificate management (Re: Last … Harald Alvestrand
- Re: UTA: Server certificate management (Re: Last … Harald Alvestrand
- Re: UTA: Server certificate management (Re: Last … Viktor Dukhovni
- Re: UTA: Server certificate management (Re: Last … John Levine
- Re: UTA: Server certificate management (Re: Last … Viktor Dukhovni
- Re: UTA: Server certificate management (Re: Last … John Levine
- Re: UTA: Server certificate management (Re: Last … Viktor Dukhovni
- Re: UTA: Server certificate management (Re: Last … John Levine
- Re: UTA: Server certificate management (Re: Last … Harald Alvestrand
- Re: UTA: Server certificate management (Re: Last … Viktor Dukhovni
- Re: UTA: Server certificate management (Re: Last … Harald Alvestrand
- Re: UTA: Server certificate management (Re: Last … John C Klensin
- Re: UTA: Server certificate management (Re: Last … John R Levine
- Re: UTA: Server certificate management (Re: Last … Mark Andrews
- Re: UTA: Server certificate management (Re: Last … Joe Hildebrand
- Re: UTA: Server certificate management (Re: Last … John R Levine
- Re: UTA: Server certificate management (Re: Last … John Levine
- Re: UTA: Server certificate management (Re: Last … Alexey Melnikov
- Re: UTA: Server certificate management (Re: Last … Alessandro Vesely