IETF Logo Mail Archive

Re: [TLS] Consensus Call on draft-ietf-tls-dnssec-chain-extension

Melinda Shore <melinda.shore@nomountain.net> Wed, 04 April 2018 22:12 UTC

Return-Path: <melinda.shore@nomountain.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7503F12D86C for <tls@ietfa.amsl.com>; Wed, 4 Apr 2018 15:12:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nomountain-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 80F4RFvBIoun for <tls@ietfa.amsl.com>; Wed, 4 Apr 2018 15:12:04 -0700 (PDT)
Received: from mail-pl0-x22a.google.com (mail-pl0-x22a.google.com [IPv6:2607:f8b0:400e:c01::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9D62812D876 for <tls@ietf.org>; Wed, 4 Apr 2018 15:12:04 -0700 (PDT)
Received: by mail-pl0-x22a.google.com with SMTP id bj1-v6so13702057plb.8 for <tls@ietf.org>; Wed, 04 Apr 2018 15:12:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nomountain-net.20150623.gappssmtp.com; s=20150623; h=subject:to:references:from:openpgp:autocrypt:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=Gk16SifS4vMQ1HFlhRKCaCyVgixeFS6hwBRaE0FqH/Q=; b=1/zN2YOm2Smq7Dw5cvKBqnyaUFWeT48FkyO12SqApjfIgzgRYbed9I/6/IqQNyaorm /XypJ/gA2t1r1QYYZJBIlM4cCvykFfEhl1oANhI3NqIn3OlxeGuVOgIhU8zhSc/kKIqJ F4CmFwKw7K5V/rUO2UEouR2oZ+TbcFvQ5zQ+z2r3bUpaLLNidEfgjY3lpq7IMIXzPKlz +9tbuh3FqmrpIgkh2vRdq4QewxPtznfOvtC3ptfpCZjmQ+GY3JLpmbagCbAoHAZkWcab Y/W6cD5YWTcOcNRRvuB5nloI27HWVEdpkc0DVV/Sn3l1kHp/83NtFjJgBz+ezbybEhbG CRBA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:openpgp:autocrypt :message-id:date:user-agent:mime-version:in-reply-to :content-language:content-transfer-encoding; bh=Gk16SifS4vMQ1HFlhRKCaCyVgixeFS6hwBRaE0FqH/Q=; b=hRHtG0ORoKmyapqSFrBUBGG8gPz+CDtW0IIn1X+Z32LlWxP7jDczqyZOlg7qrfDqBo lTdwcAP9fbVaDj10pKWzq+V6ennOVDqqrIR8cwA3WonDgdCMPNSfrKiu8Jx74EU/xaVv LnSR9HgyaQE7DnWcpZtHaQTBnsEanuF2hWCTEi+IZthrwJq8oGC72cRoWzW8wWCMAYkl nhgFMOYWrAxDDqejWtFrKaIXNPXilwDJiXoEZSooMslPZjdo6B9aKqEYyoUwpYLVLvHr Vd/eNhpUsl7BGKDehYf8FET5e3PyHmX9kR2eO/7z5MGbols7z+AxYppm658x5dWx4UtG ECKw==
X-Gm-Message-State: AElRT7HEb+R2GUzCWvbGIqGh94GRsPWr88NM9dcklk7Hbns8eUxt58RB XmhCFarCWEVOzvXSaykfByHV5qmABA==
X-Google-Smtp-Source: AIpwx49LtS8Dz8BphBVXlVsf3QHhj6aIRW1OroNbdKqOyPhGVk9YuED/UsTkKGwPsZhNntxvGwQpPw==
X-Received: by 10.99.54.75 with SMTP id d72mr12991176pga.96.1522879923858; Wed, 04 Apr 2018 15:12:03 -0700 (PDT)
Received: from Melindas-MacBook-Pro.local ([2620:11a:c081:20:f12c:1dde:a8f2:78f4]) by smtp.gmail.com with ESMTPSA id s78sm12304573pfa.161.2018.04.04.15.12.03 for <tls@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 04 Apr 2018 15:12:03 -0700 (PDT)
To: tls@ietf.org
References: <CAOgPGoAhzEtxpW5mzmkf2kv3AcugNy0dAzhvpaqrTSuMSqWqfw@mail.gmail.com> <CAL02cgSmsETZvUD8NxiFhCiRn9e7Sgwz+hT+OA08hejvZziarw@mail.gmail.com>
From: Melinda Shore <melinda.shore@nomountain.net>
Openpgp: preference=signencrypt
Autocrypt: addr=melinda.shore@nomountain.net; prefer-encrypt=mutual; keydata= xsFNBFppZ0gBEADFwxAi5szDOsM/6+CH4pbYTX7D+2gjLY4xEE7ydQcAF1WVLvcWXrpZM0GO /eA4N1PJ+OT5o8o9zVr7izMJkiLwcnQmxHdlYgZ9E+Cm8hDtMyEPBQwsYTkE5kpbGCmBAZ+W rHNHjvDg366uZQHzJejenB1/V4+rxMZs1Ak34Az2MVOz9Doecaiadpw3NpH3+1VXY/qilqnM lznINSANqD0ktxB/CVKjxl3/K5JnVnLp0h2kiUqt19hQPX2JmLcgaHzu+Ceb34/HZWhs0CiF c4auhQ3A9PcccOprQh6IGW1xo6RP3OEbeRFqeovgBWS+DIWzMIM0a3G2LDid0889QYwEv0zZ RPDCcF3g15mlkeUUmwKQ6eAagPyTqLtTiOKULqy9bQahyX2eqlySrF+HqlwGeNoG+A4l1Z2Y S7NCBLPIzUk2RuSKMBaKw86ORzvg2Advrw4bdv7kbDkArGzywky61SEB/q+GqR466mekXx2F O+m8RuoSnWrBsKvD/bhELHcneorIBleGz+VL7i5adU0rIydG3jPTfUeXoCZIeNx1LannxnAR ihKdh5+FE26WiiK6VmZWkvFjaPFwWGjvAsi82Pd9QgHhnG/XzINpXw/3HF4wtBTU5nIExMzC +FbJxCPq1kXpqSxJqg7hgUFvD5jUD9lpN5Br/S2dUgJj95bbPQARAQABzSdNZWxpbmRhIFNo b3JlIDxtZWxpbmRhLnNob3JlQGdtYWlsLmNvbT7CwZcEEwEKAEECGwMFCQlnUwAFCwkIBwMF FQoJCAsFFgIDAQACHgECF4AWIQRPaC2TKheW+CDyNMDfuJFymnbbjwUCWml0ZAIZAQAKCRDf uJFymnbbjwiCEACjyYe2HGofiuEla4aI3CvIEzEpn2HsMWXrrqqybtPwIMv3aQ0XrxFPkeWk JN9CYwG23IZIE9h7gB2PMIEtzOswzEUGioryHjqZ6NWbX9yjoyIPkVKAAGcn66shF/8ZPhxu cG2dLNY0UxrbF6NmWlGLGSHkd2wTYCQUVNKq7gWrHIYzSXBwKL+zlOhw9JqPk8a/+JeSFLE/ dZBlKJLpllELGSGtvpOuCJz/ICK/jXiEKDFaiMveResRNIP7SsLcoxwcIdVra5q0oQbE/zlD tlq6yPR8aO3cYm6MTkFcZW0pPQiFqXXOpZJGCxJMjd10qKBAr3uJ+czomFp0kVkosckSau5Q +h66MY73PDQnfmjDCzgN4w+TU5dv5wM6Zq9nutFuBtf0EELN0tKuSakI2mlpvIjPzSHh0Xmi mBhjWurmWXyHAV3PDbEMwEePJKAOeP8xx/qalmD8f424TA897nVqZ/oKtrVeIua+P6v87z5+ 9EFvrAX3ZDb9YOk+HvnNLBpDl3Vk7aZzNTjsNZcVbYTGZBOOtjMw5dOz/5xDv8kpaf4ORxEL Nf5BZaSEWZLW+pRtNE3fWJ5uuJvqDitwnI6WLS7Q5MkuHRz0/nVMqT0JRuFOChGQrY6/kmbH JK82xf1Xy2y7UFADuhlx6iOCaG08BFEDVmsGDna0SF3nNq//gc7BTQRaaWdIARAAoGbjNfII c0robr/p9JFslgnhFq8fRMtNxIBY+WpQbeefji793TrHcgRycY7XdHGUtV2imZYK9WGdDqUD b/1ssvLkltgWeochtUijff9TJnySzZ448WgUD+MmjMA3Ut8F+4aFmNfSKVT2R2A0d+RQIEpx v7OsHviDiEzNUyaDibOPsoHiuXQuy30aI/pZBB2K03IJWFbsLMithTc/7BfJCVtXxGRzOuqY Um4Qr8GxAlm2+Hgxl2ymWPdltUU0OVObXfAzC18mIqUKYa3KHkV6W9fA2zpxNFsCEFdMgYHP 604lLf8FY2rHdUa7AjwUAv7ifmR5J769jKMSFgQbEbSmBxuumji/pw1fF9Zorheo+HM7b4Jn aq8Dx6QClcYX8HfxuLLjQbp2MOP5AFfW9vnonV+XptzbTzzZf6jY7JhB0Bp/+SSkR0b0LNMr ooFw4TdjdJHqB62xghPJMgP3fNy+xPXfeYbH9ycaUc5nmk83vjaXCGl+bl3SjmggYy7cdbTq wwOF1+2N52PsGimWGt0bwu8rpRSYin2Fg0q4lnkF3F49OqfB+rxerMvS3l/cUUY0yO6gxxcc LjECChqoLn17cbtKccXDKl0xFD2Z8VFlL7hY42LxJrTvdvjrfzbqLVfCb0T8INjp2IzCaHVN V+4cxLPHY7YGRvrdxRBit4tRCVEAEQEAAcLBfAQYAQoAJhYhBE9oLZMqF5b4IPI0wN+4kXKa dtuPBQJaaWdIAhsMBQkJZ1MAAAoJEN+4kXKadtuPJK4P/R/PeirQEAgFdEXFd0Kme+YmOaQs aUcsQGkdD4xOY4mFeYFBzwira/VD2beAYvm8zS0NiiSukceFzX+ZUFqKRKNSMbTohT45K0CK TZGJhVsjhqSqUiA4YLCabMGasTwy6aPufRjZUlBur97DAJ8fhr7b6nM5L4OlDwzfyWCu+QSB qAhmTMqK9QdBJkWI/fC3cI0/eXUGV42b1gQ3iMfjcVGSqAOwJUf8YLDdzxxquEgKTCy9Ef6m 4iyM1D50z7ebAbNKXn5VbzK7YCDImfRXWDxPlVsufl9gJnhYOmZeVu+h0FD+nmGUFeWm2foo lvZWNU5qrKqUyA7v2TMu6S5J8VeRNb0MvsLIoZbg2MnWkOB1qDWmO0BW/se07L4yUYvnB+wc uI8aIU1lLmrpLjJk9HhGnrFiUq2gJsbH36icA6bItHIWbJLl4xJvYF+q2OzIczmZe1c/Rfuj GE7U5k9ZqZCwDFn9fybilAn50gB0ZQ8VDgBukEiaB1gBqmMt14hfWzet8kOsZZZaEm2zLz/V VtHv4hSjChCL3yLwINCK5T3HygBrrk9WscCFO3WvzeyznF8gw0hFLks71y/wZFso8bi83S2O nk7wumU/3wOYkvzwFI9Fm61jax0LUOTmNvmpdr+iXS7v8OiGSQgaU6LDgDs85q3vt9X5NRys KnfcUcQv
Message-ID: <f9b2a2bd-1cdb-8a97-639c-4d1cc0ebddf8@nomountain.net>
Date: Wed, 04 Apr 2018 15:12:02 -0700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.6.0
MIME-Version: 1.0
In-Reply-To: <CAL02cgSmsETZvUD8NxiFhCiRn9e7Sgwz+hT+OA08hejvZziarw@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/QZ9ZGx0mPRSufA7ZEZFuccJ00nE>
Subject: Re: [TLS] Consensus Call on draft-ietf-tls-dnssec-chain-extension
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Apr 2018 22:12:06 -0000

On 4/4/18 2:53 PM, Richard Barnes wrote:
> I support publication of the document as is.  I would also be
> comfortable with a minor modification to say that TLSA certificate
> usages 0 and 1 (the restrictive ones) MUST NOT be used with this mechanism.

The addition of text that clarifies that seems absolutely reasonable
to me.

I do think there would be a problem with adding additional complexity
to the extension to support functionality that nobody has said that
they intend to use (including the proponents of the changes), given
that the changes would not be introduced to correct an error in
the existing spec.

Melinda


-- 
Software longa, hardware brevis

PGP key fingerprint  4F68 2D93 2A17 96F8 20F2
                     34C0 DFB8 9172 9A76 DB8F

v2.23.0 | Report a Bug | By Email