Re: [lamps] Next steps on CAA
"John R Levine" <johnl@taugh.com> Sat, 07 October 2017 20:13 UTC
Return-Path: <johnl@taugh.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9117D1342F3 for <spasm@ietfa.amsl.com>; Sat, 7 Oct 2017 13:13:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=BbFNYjX/; dkim=pass (1536-bit key) header.d=taugh.com header.b=QIk8YeDw
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9d3EErUguA2R for <spasm@ietfa.amsl.com>; Sat, 7 Oct 2017 13:13:37 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AAAFA134B58 for <spasm@ietf.org>; Sat, 7 Oct 2017 13:13:37 -0700 (PDT)
Received: (qmail 22737 invoked from network); 7 Oct 2017 20:13:36 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=58cf.59d93570.k1710; bh=1jpX1gS1jEH3pJjAKxRbWoVkeiGK4ebsfr/igWcxrJk=; b=BbFNYjX/193eNKUNmitWOYPAKO4ImVsdB1OSmfy5IV1hZe31s+wb6vFVn+wdGyDnW2bXPhD7Z7aL9o0++WQeGnsGkDKAqpwIeR76xFl+mRtWm9hKu1yLxBlwn8Nl9BvlmoAQQUXQREgljOnbVIjwDmClNGys0irU8Brox5SJu1cc/vkSZcgpliVwhF8+yrbGjvRzBap1Mp/y07qhLwolIRpzM22o6Hg88tlJVqSQvsm/Abs5ZTQmYMl5j0LABvNJ
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=58cf.59d93570.k1710; bh=1jpX1gS1jEH3pJjAKxRbWoVkeiGK4ebsfr/igWcxrJk=; b=QIk8YeDw3+dh2A8gL7FbNn5SV97kI9Uy/tZWeLHZ3AG6CHJ2HO6rJlL4G0eZI5J5uH2UWsU3RWLckxrTpY4it9P9cUEc6S1lb6zDvBsNxzjA7Ouu/IJ5R+c8c7uPpDq+i6WAj9iyreljOZr8V5UaKtED1EjMn8L38mNCOOh0oIIkPocXE/Ay0CkVpB98rn6Pj5WKK+Faq31noC/L6agU2UQ28FdqJIyM7KEuLXth546WEzSAL7kXQhm8JxbDkOmL
Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2/X.509/AEAD) via TCP6; 07 Oct 2017 20:13:36 -0000
Date: Sat, 07 Oct 2017 16:13:35 -0400
Message-ID: <alpine.OSX.2.21.1710071606190.37220@ary.qy>
From: John R Levine <johnl@taugh.com>
To: Phillip Hallam-Baker <phill@hallambaker.com>
Cc: SPASM <spasm@ietf.org>
In-Reply-To: <CAMm+Lwiy1U_CrJ+1HxqBEbpRr99vGC0o6ztX-yCMF1YpvEZe7Q@mail.gmail.com>
References: <CAMm+Lwj3NkBnXy8_ERS+ZnRE3OhFrJi2WwaDeThiNimqm5Domg@mail.gmail.com> <20171007185103.13239.qmail@ary.lan> <CAMm+Lwiy1U_CrJ+1HxqBEbpRr99vGC0o6ztX-yCMF1YpvEZe7Q@mail.gmail.com>
User-Agent: Alpine 2.21 (OSX 202 2017-01-01)
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="0-1167435722-1507407216=:37220"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/lNZoSaATua1iJpOj4j34aYtUHls>
Subject: Re: [lamps] Next steps on CAA
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 07 Oct 2017 20:13:39 -0000
On Sat, 7 Oct 2017, Phillip Hallam-Baker wrote: >> Right. I think that solves everything but the DNAME problem, and I >> think the DNAME problem, if it actually exists, is insoluble. > I don't think there is a DNAME problem. Neither do I but for a completely different reason. The CNAME problem here is that you use a CNAME to point your web server at a third party host but you want to publish your own CAA, not the host's CAA. Hypothetically, you might want to do the same thing with DNAME, but every DNAME I've ever seen other than AS112 aliases two name trees where the corresponding names are (or at least are supposed to be) under the same control. Regards, John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY Please consider the environment before reading this e-mail. https://jl.ly
- [lamps] Next steps on CAA Phillip Hallam-Baker
- Re: [lamps] Next steps on CAA Jacob Hoffman-Andrews
- Re: [lamps] Next steps on CAA Russ Housley
- Re: [lamps] Next steps on CAA John Levine
- Re: [lamps] Next steps on CAA Patrick Donahue
- Re: [lamps] Next steps on CAA John R Levine
- Re: [lamps] Next steps on CAA Phillip Hallam-Baker
- Re: [lamps] Next steps on CAA Jacob Hoffman-Andrews
- Re: [lamps] Next steps on CAA John R Levine
- Re: [lamps] Next steps on CAA Jacob Hoffman-Andrews
- Re: [lamps] Next steps on CAA John R Levine
- [lamps] CAA tree climbing, gurrghhg John R Levine
- Re: [lamps] Next steps on CAA Phillip Hallam-Baker
- Re: [lamps] CAA tree climbing, gurrghhg Phillip Hallam-Baker
- Re: [lamps] CAA tree climbing, gurrghhg John R Levine
- Re: [lamps] CAA tree climbing, gurrghhg Ryan Sleevi
- Re: [lamps] CAA tree climbing, gurrghhg John R Levine
- Re: [lamps] CAA tree climbing, gurrghhg Phillip Hallam-Baker
- Re: [lamps] Next steps on CAA John Levine
- Re: [lamps] Next steps on CAA Phillip Hallam-Baker
- Re: [lamps] Next steps on CAA John R Levine
- Re: [lamps] Next steps on CAA Phillip Hallam-Baker
- Re: [lamps] Next steps on CAA John R Levine