Re: [TLS] WGLC: draft-ietf-tls-dnssec-chain-extension-04

Shumon Huque <shuque@gmail.com> Tue, 04 July 2017 21:13 UTC

Return-Path: <shuque@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8FCBF1270AC for <tls@ietfa.amsl.com>; Tue, 4 Jul 2017 14:13:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MbildVZfbWlt for <tls@ietfa.amsl.com>; Tue, 4 Jul 2017 14:13:40 -0700 (PDT)
Received: from mail-vk0-x22c.google.com (mail-vk0-x22c.google.com [IPv6:2607:f8b0:400c:c05::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 084E8129B61 for <tls@ietf.org>; Tue, 4 Jul 2017 14:13:40 -0700 (PDT)
Received: by mail-vk0-x22c.google.com with SMTP id 191so115515332vko.2 for <tls@ietf.org>; Tue, 04 Jul 2017 14:13:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=+aRyjEXErUG819CaStPksSfGilV14KVjeGQccF15hmQ=; b=JHoqraoSg7eU3/1T1QPnT5aq3Fex3ijK4HC2I+mMFs3pouSmtOxWgY91KY0qR/pahe 6s/lGCrmZJ+0MqDRVXLIEzlHsOK0pdwDTXPg2DE9G++lVb1yBLhvHiaQEi1bB2UwiA2e EKKzQ3cN/jDErtFUVmNGX4+jVRS4CNvZ3pH34WSpgsCZAnatiKFWGqrF2AfzNQd1/sBi 97OrpXJQCAA4SSoR1yAiin36ZFE0SydaDJCxFu2ie8tgZKbI6YeDBJaR/5o5PVZuB9yI OsCCcnHcY/kpSGdtmFhWf6HkjyWKP+xYnQRmiojtzdN137BczkT4NnnvXYPg9SXeIJrr g1ng==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=+aRyjEXErUG819CaStPksSfGilV14KVjeGQccF15hmQ=; b=cYH2OAm7d76H+/PiO+5FGMNHFCfBpEM+Q+t0tIE+Lr2McGoPdEofplgaCj3Vu0kkKZ we0eT9XrQlHdXlx7p6UN46Nuv0/wys8ZKTrqGko9zRS+aXkatsYGKd8iuOPaed7il+JW VyPTViSszIzTVN+ZGPN3a3e2nbKH95LetXywkbSvUI8fWTlwEFXGhmXdCiVX3A6hEFsO KJ3AH4hA9wIk/qJ2dyx/xNSy84kr73QAJ+GFtmVT12TKiyEfA8II4ElJF1rXKlcR9UZP xNS8Sa8+CW5hUBVEaM727a7vnoQLg34rIb8+pkw+a9G2oS82vtNOtQPQhJtOILbUtIe2 o3jA==
X-Gm-Message-State: AKS2vOzjVxiejN5ejZCAaP/0qfbWtksC/Ds2tteMPgeJLGjh34V0YnaB 2nzNNSJR7YlNkh+13fogMnTlAAhjyw==
X-Received: by 10.31.188.71 with SMTP id m68mr23992911vkf.13.1499202819082; Tue, 04 Jul 2017 14:13:39 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.176.79.231 with HTTP; Tue, 4 Jul 2017 14:13:38 -0700 (PDT)
In-Reply-To: <20170704205032.zjpwduybg2hp6gcn@LK-Perkele-VII>
References: <CAOgPGoAcuFF5v8f5LWpYQtgE8WygA+n1fsg0AeVFJX1=cADUgw@mail.gmail.com> <20170702140308.6amd5ds3qqt3ju5m@LK-Perkele-VII> <CAHPuVdWHaEjMQtjdRCS4cLVZW7iJ_urAcaE3DnWgWrwzC8d2Vw@mail.gmail.com> <20170704161918.2voi3uinjv65w3j5@LK-Perkele-VII> <CAHPuVdXWH3TzRhKrydGzrESS4N-Hn3dsx67drboiB9SwW7rXsw@mail.gmail.com> <20170704205032.zjpwduybg2hp6gcn@LK-Perkele-VII>
From: Shumon Huque <shuque@gmail.com>
Date: Tue, 4 Jul 2017 17:13:38 -0400
Message-ID: <CAHPuVdXqda0QRN+FxoJr2an799EuvMFUC9YkYYkjJPk1yd5koA@mail.gmail.com>
To: Ilari Liusvaara <ilariliusvaara@welho.com>
Cc: TLS WG <tls@ietf.org>
Content-Type: multipart/alternative; boundary="001a1143aa4a7a4f9e0553845b61"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/H726RfGB0Oat1Q-kIzqKPTyJ_50>
Subject: Re: [TLS] WGLC: draft-ietf-tls-dnssec-chain-extension-04
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Jul 2017 21:13:41 -0000

On Tue, Jul 4, 2017 at 4:50 PM, Ilari Liusvaara <ilariliusvaara@welho.com>;
wrote:

> On Tue, Jul 04, 2017 at 01:18:05PM -0400, Shumon Huque wrote:
> > On Tue, Jul 4, 2017 at 12:19 PM, Ilari Liusvaara <
> ilariliusvaara@welho.com>;
> > wrote:
> >
> > > On Tue, Jul 04, 2017 at 11:33:45AM -0400, Shumon Huque wrote:
> >
> > >
> >
> > An RRset is defined as the set of records that share the same name, type,
> > and class. So an RRsig RRset should cover signatures produced by
> different
> > keys for the same RRset. But if this sounds confusing, I'm okay with
> "RRsig
> > records".
>
> RRsig is special in that it is subtyped in RRdata. I don't know if
> concept of "RRset" is redefined for RRsig to take that into account.
>
> I.e., does RRsig RRset include RRsig's for any possible A records (which
> are very much not interesting here)?
>

I think we need to say the set of RRsig records that "cover" the type in
question."

Shumon.