Re: [lamps] CAA records on CNAMEs
Tim Hollebeek <tim.hollebeek@digicert.com> Mon, 18 March 2019 18:06 UTC
Return-Path: <tim.hollebeek@digicert.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D1EB312D4ED for <spasm@ietfa.amsl.com>; Mon, 18 Mar 2019 11:06:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.302
X-Spam-Level:
X-Spam-Status: No, score=-4.302 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=digicert.com header.b=h7NFi917; dkim=pass (1024-bit key) header.d=digicert.com header.b=QFokOpjP
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pxMvEBYRo_AP for <spasm@ietfa.amsl.com>; Mon, 18 Mar 2019 11:06:36 -0700 (PDT)
Received: from us-smtp-delivery-173.mimecast.com (us-smtp-delivery-173.mimecast.com [63.128.21.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7DE2312D4E8 for <spasm@ietf.org>; Mon, 18 Mar 2019 11:06:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digicert.com; s=mimecast20190124; t=1552932395; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=jNOiqDGRKxyZAeSRYTVHM9S+rusirakdfeM6Rr3Qdf8=; b=h7NFi9172ArIh//SmKbDvRdAlF9clETxUE6M4QJvDlrseGPMTnhtam5ZyT1XjAvk/xVQ7ZgwsdIASPPlr2r79u+gCrSeNn4lldTAZEFA2eZLvSVdFQUGmtOW9LXg9K+NKGYit2sVl0aMIkhx3/t62bbncmSRpUfIipFKd/ZCwdU=
Received: from NAM05-BY2-obe.outbound.protection.outlook.com (mail-by2nam05lp2055.outbound.protection.outlook.com [104.47.50.55]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-224-Ht5GZRLAMd-bV1zq5IEb1A-1; Mon, 18 Mar 2019 14:06:34 -0400
X-MC-Unique: Ht5GZRLAMd-bV1zq5IEb1A-1
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digicert.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jNOiqDGRKxyZAeSRYTVHM9S+rusirakdfeM6Rr3Qdf8=; b=QFokOpjPWjK2E0M/EVKGJLFFKLdtagJNwgs04yVr/0BAKeSMwYNO8/r5yYAWmGPPvH+f6gT9jaQiztEtbtYsPH8cns7YLH8TPOtj1tL/50a8H6URQuRF53NiqAQE9kCNGVzZOoLjSODaTWVF8z73swVo/w5/cmC234IKjRk0Y/M=
Received: from BN6PR14MB1106.namprd14.prod.outlook.com (10.173.161.15) by BN6PR14MB1188.namprd14.prod.outlook.com (10.173.161.10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1709.14; Mon, 18 Mar 2019 18:06:31 +0000
Received: from BN6PR14MB1106.namprd14.prod.outlook.com ([fe80::e49b:fa9c:9718:9941]) by BN6PR14MB1106.namprd14.prod.outlook.com ([fe80::e49b:fa9c:9718:9941%4]) with mapi id 15.20.1709.015; Mon, 18 Mar 2019 18:06:31 +0000
From: Tim Hollebeek <tim.hollebeek@digicert.com>
To: Jan Schaumann <jschauma@netmeister.org>, "spasm@ietf.org" <spasm@ietf.org>
Thread-Topic: [lamps] CAA records on CNAMEs
Thread-Index: AQHU3EgqDykQXQcrQ0mC8Zclj0PKi6YQHrsAgAFwmICAAAyfkIAAEW4AgAADyeA=
Date: Mon, 18 Mar 2019 18:06:31 +0000
Message-ID: <BN6PR14MB1106D67F17B5DE9FB2D7020B83470@BN6PR14MB1106.namprd14.prod.outlook.com>
References: <20190316223225.GC11586@netmeister.org> <20190317180256.GA4279@LK-Perkele-VII> <20190318160211.GC22311@netmeister.org> <BN6PR14MB1106E81499036021704CA32683470@BN6PR14MB1106.namprd14.prod.outlook.com> <20190318174944.GE22311@netmeister.org>
In-Reply-To: <20190318174944.GE22311@netmeister.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=tim.hollebeek@digicert.com;
x-originating-ip: [98.111.253.32]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 36740a1f-000e-4ccf-051f-08d6abcc7338
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600127)(711020)(4605104)(2017052603328)(7153060)(49563074)(7193020); SRVR:BN6PR14MB1188;
x-ms-traffictypediagnostic: BN6PR14MB1188:
x-microsoft-antispam-prvs: <BN6PR14MB11885062CEE794575F65A76583470@BN6PR14MB1188.namprd14.prod.outlook.com>
x-forefront-prvs: 098076C36C
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(979002)(136003)(366004)(39860400002)(376002)(346002)(396003)(199004)(13464003)(189003)(105586002)(25786009)(6116002)(76176011)(106356001)(99286004)(68736007)(5660300002)(3846002)(99936001)(86362001)(966005)(478600001)(14454004)(74316002)(7696005)(305945005)(71200400001)(2501003)(229853002)(53936002)(186003)(6436002)(97736004)(8936002)(6246003)(7736002)(561944003)(71190400001)(476003)(33656002)(256004)(316002)(93886005)(486006)(81156014)(81166006)(446003)(11346002)(110136005)(2906002)(102836004)(8676002)(52536014)(53546011)(6506007)(26005)(6306002)(44832011)(9686003)(66066001)(55016002)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1102; SCL:1; SRVR:BN6PR14MB1188; H:BN6PR14MB1106.namprd14.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: digicert.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: /fd0iq0SAzpKEyTCSbrfW0mPoDPzIAiydJKml2WP9HuXRNNAAfgWT7tvVdKIRAwVb7dMMbFlMDQbSkQJmE32RCOB9gO4ESnXn8jaQ1PWZ1cTxR/qeFqn4Cf9TlXqSMn9J8q6LzdWVTxpXo1xkWkAKP2oUifMo7WiVXpZNQ56p4g5iLzcEodgBMD4frsb5z5d2zVYuaavasuNZy3cMpiCAlXkidhC2F+01QtBNyTYZ1VFshKaDvwJ0lwGNW0UNgKR4xkzR26eMy34kLYk1sTQ4NU7zjvsI3FSMU1/SAc+mX6K1ywT/aHRzq0ZtwuqaodjTP17iEgO1ph1ycj0RD0QUfKyR8frJV6II/P47v0MCso9JQi0NtbUV0YcEBvRe1LZCy63PU2tWynMr2yru5SSXkMaTCrhKdXawr+kgPytymU=
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="2.16.840.1.101.3.4.2.1"; boundary="----=_NextPart_000_0539_01D4DD93.C6BD1B00"
MIME-Version: 1.0
X-OriginatorOrg: digicert.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 36740a1f-000e-4ccf-051f-08d6abcc7338
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Mar 2019 18:06:31.3462 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cf813fa1-bde5-4e75-9479-f6aaa8b1f284
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR14MB1188
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/dWfgTRjtmmGoCGZuFqdXSUz6FqY>
Subject: Re: [lamps] CAA records on CNAMEs
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Mar 2019 18:06:40 -0000
I don't think there really have been any arguments against. People have just had other higher priorities. Getting something standardized takes time and effort. The are a bunch of other reasonable extensions to CAA that can and should be considered. I do agree that it's probably time to start pulling a formal document together so that they can be fleshed out. RFC 6844bis was more of a "fix a bunch of broken stuff" thing than a "let's add some new features" thing. Now that that's on its way out the door, perhaps it is time for a CAA extensions discussion. -Tim > -----Original Message----- > From: Spasm <spasm-bounces@ietf.org> On Behalf Of Jan Schaumann > Sent: Monday, March 18, 2019 1:50 PM > To: spasm@ietf.org > Subject: Re: [lamps] CAA records on CNAMEs > > Tim Hollebeek <tim.hollebeek@digicert.com> wrote: > > > As such, I think the proposal is strictly inferior to much simpler > > solutions e.g. the ones involving prefix tags. > > Agreed. > > > The prefix tag issue resurfaces every six to twelve months or so > > I'd be interested to hear arguments previously used against a prefix tag to > ensure they are addressed or at least considered should we propose to pursue > this. > > -Jan > > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://www.ietf.org/mailman/listinfo/spasm
- [lamps] CAA records on CNAMEs Jan Schaumann
- Re: [lamps] CAA records on CNAMEs Tim Wicinski
- Re: [lamps] CAA records on CNAMEs Russ Housley
- Re: [lamps] CAA records on CNAMEs Ilari Liusvaara
- Re: [lamps] CAA records on CNAMEs Ilari Liusvaara
- Re: [lamps] CAA records on CNAMEs Tim Wicinski
- Re: [lamps] CAA records on CNAMEs Salz, Rich
- Re: [lamps] CAA records on CNAMEs Phillip Hallam-Baker
- Re: [lamps] CAA records on CNAMEs Jan Schaumann
- Re: [lamps] CAA records on CNAMEs Tim Hollebeek
- Re: [lamps] CAA records on CNAMEs Jan Schaumann
- Re: [lamps] CAA records on CNAMEs Tim Hollebeek
- Re: [lamps] CAA records on CNAMEs Phillip Hallam-Baker