Re: [keyassure] I-D Action:draft-ietf-dane-protocol-05.txt
Ben Laurie <benl@google.com> Wed, 23 February 2011 11:03 UTC
Return-Path: <benl@google.com>
X-Original-To: keyassure@core3.amsl.com
Delivered-To: keyassure@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 572443A684B for <keyassure@core3.amsl.com>; Wed, 23 Feb 2011 03:03:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.977
X-Spam-Level:
X-Spam-Status: No, score=-105.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cMR0IVS-1Ngg for <keyassure@core3.amsl.com>; Wed, 23 Feb 2011 03:03:41 -0800 (PST)
Received: from smtp-out.google.com (smtp-out.google.com [216.239.44.51]) by core3.amsl.com (Postfix) with ESMTP id 57A703A680A for <keyassure@ietf.org>; Wed, 23 Feb 2011 03:03:40 -0800 (PST)
Received: from wpaz5.hot.corp.google.com (wpaz5.hot.corp.google.com [172.24.198.69]) by smtp-out.google.com with ESMTP id p1NB4RVp003207 for <keyassure@ietf.org>; Wed, 23 Feb 2011 03:04:27 -0800
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=google.com; s=beta; t=1298459067; bh=YTUS1Y3M5RtpI9q5RfH8j1+Qxgc=; h=MIME-Version:In-Reply-To:References:Date:Message-ID:Subject:From: To:Cc:Content-Type:Content-Transfer-Encoding; b=EodAoiGuYlGz2vwfTspzcljGJ9X4aXHSzCW+13yVRLDd4H9LWlAwZaR/FQerQOalr enscc/F9en1KUPewJnqUQ==
Received: from vws4 (vws4.prod.google.com [10.241.21.132]) by wpaz5.hot.corp.google.com with ESMTP id p1NB4PgK031302 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT) for <keyassure@ietf.org>; Wed, 23 Feb 2011 03:04:26 -0800
Received: by vws4 with SMTP id 4so2126597vws.34 for <keyassure@ietf.org>; Wed, 23 Feb 2011 03:04:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=beta; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=z2isxopT9nPRuYMAE+V6HkbAP8mVL2slfGlznQVwCM4=; b=gZJS+6i+n/oNZoy+BEKZEiRjt/7/aRlW92MxHqwJ+3wgOsUEPZJXp+TFmfkio8keSI nisxk0gZSMiFJBXa9RMA==
DomainKey-Signature: a=rsa-sha1; c=nofws; d=google.com; s=beta; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=HI0Ouap9UL3GADyDc1T9e9Vfr+QXxd1PuvEeDCv4nP1Vay9imtVHc2s4qCsbxaFyBL m/gccjk9qTgZjN4sqUQA==
MIME-Version: 1.0
Received: by 10.52.158.136 with SMTP id wu8mr5836325vdb.148.1298459064502; Wed, 23 Feb 2011 03:04:24 -0800 (PST)
Received: by 10.220.88.137 with HTTP; Wed, 23 Feb 2011 03:04:24 -0800 (PST)
In-Reply-To: <27B72168-C055-4C0F-B880-15E43AC5E7BE@kirei.se>
References: <20110223070001.22677.26185.idtracker@localhost> <27B72168-C055-4C0F-B880-15E43AC5E7BE@kirei.se>
Date: Wed, 23 Feb 2011 11:04:24 +0000
Message-ID: <AANLkTikCOa7jwYNrcLM7SCBor93r=qm+q5gapweU7DKC@mail.gmail.com>
From: Ben Laurie <benl@google.com>
To: Jakob Schlyter <jakob@kirei.se>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
X-System-Of-Record: true
Cc: keyassure <keyassure@ietf.org>
Subject: Re: [keyassure] I-D Action:draft-ietf-dane-protocol-05.txt
X-BeenThere: keyassure@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Key Assurance With DNSSEC <keyassure.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/keyassure>
List-Post: <mailto:keyassure@ietf.org>
List-Help: <mailto:keyassure-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Feb 2011 11:03:42 -0000
On 23 February 2011 07:06, Jakob Schlyter <jakob@kirei.se> wrote: > On 23 feb 2011, at 08.00, internet-drafts@ietf.org wrote: > >> A New Internet-Draft is available from the on-line Internet-Drafts directories. >> This draft is a work item of the DNS-based Authentication of Named Entities Working Group of the IETF. >> >> >> Title : Using Secure DNS to Associate Certificates with Domain Names For TLS >> Author(s) : P. Hoffman, J. Schlyter >> Filename : draft-ietf-dane-protocol-05.txt >> Pages : 12 >> Date : 2011-02-22 > > We've made some updates and clarifications based on input from Scott Schmit and others, and also addressed issue #20. > Diff and full history can be found at http://tools.ietf.org/wg/dane/draft-ietf-dane-protocol/. In this version you define cert types like this: 1 -- An end-entity certificate in DER encoding 2 -- A certification authority's certificate in DER encoding and later say: Certificate types 1 and 2 explicitly only apply to PKIX-formatted certificates. If TLS allows other formats later, or if extensions to this protocol are made that accept other formats for certificates, those certificates will need certificate types. Since DER encoding can be applied to anything specified in ASN.1, perhaps this explicitness should be in the definitions, e.g.: 1 -- A PKIX end-entity certificate in DER encoding 2 -- A PKIX certification authority's certificate in DER encoding
- [keyassure] I-D Action:draft-ietf-dane-protocol-0… Internet-Drafts
- Re: [keyassure] I-D Action:draft-ietf-dane-protoc… Jakob Schlyter
- Re: [keyassure] I-D Action:draft-ietf-dane-protoc… Ben Laurie
- Re: [keyassure] I-D Action:draft-ietf-dane-protoc… Jakob Schlyter
- Re: [keyassure] I-D Action:draft-ietf-dane-protoc… Martin Rex
- Re: [keyassure] I-D Action:draft-ietf-dane-protoc… Paul Hoffman
- Re: [keyassure] I-D Action:draft-ietf-dane-protoc… Martin Rex
- Re: [keyassure] I-D Action:draft-ietf-dane-protoc… Paul Hoffman
- Re: [keyassure] I-D Action:draft-ietf-dane-protoc… Stephen Kent
- Re: [keyassure] I-D Action:draft-ietf-dane-protoc… Peter Gutmann
- Re: [keyassure] I-D Action:draft-ietf-dane-protoc… Martin Rex
- Re: [keyassure] I-D Action:draft-ietf-dane-protoc… Stephen Kent