Re: [TLS] Consensus Call on draft-ietf-tls-dnssec-chain-extension
Joseph Salowey <joe@salowey.net> Wed, 18 April 2018 18:22 UTC
Return-Path: <joe@salowey.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8F974120454 for <tls@ietfa.amsl.com>; Wed, 18 Apr 2018 11:22:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.61
X-Spam-Level:
X-Spam-Status: No, score=-2.61 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=salowey-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pM_MtoHgExuv for <tls@ietfa.amsl.com>; Wed, 18 Apr 2018 11:22:46 -0700 (PDT)
Received: from mail-qk0-x22c.google.com (mail-qk0-x22c.google.com [IPv6:2607:f8b0:400d:c09::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 143A91200FC for <tls@ietf.org>; Wed, 18 Apr 2018 11:22:46 -0700 (PDT)
Received: by mail-qk0-x22c.google.com with SMTP id v2so2760737qkh.10 for <tls@ietf.org>; Wed, 18 Apr 2018 11:22:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=salowey-net.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=4acwQPnoaz7HuT8jrLDy6Sj7kQTR3NpaIxV949PWioc=; b=tI/UqK6430CXbzzt9u6eOPZsX1qmZbHQ23lATvOT6pwOzbRVU8yuMsWhIdFnnFpOnZ Oym1M5tX5f09diG+Co93afuFucwxIzFjSI8FWFQHlJOKX7c/wwBzAG9VYADlkeVF+3u1 KG2pMgNzjUvRyf44Rb5PkyrxEjVXQebRw3q6gWCU+bogWO/nE3CKXcNYU7CJp//GXvX8 9Xg8iIVOLDnw+5Fqeonj/MQsDMq7MPrT725KkFHGxonrPq+LS4aEe5tAn8DdFIWMJAfI MWzUxo1UjUj9wKjZS3ywkyLE7COffujpyATXSf5S5uDVOzAOeM27xVtZwgbyXPC3zAD2 lnLQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=4acwQPnoaz7HuT8jrLDy6Sj7kQTR3NpaIxV949PWioc=; b=IUn+mtEAl9s1/tvqMxX/QuDfK6rvLstlFMlZGcoGUZMr4bLD6H6JqBHtZPWcIqUn5X KhTj3OL81vlGO4exd6t1uQ53xbxrSRGhEISj47LuAxu/ZFvwethircJI48X+099oIKNV 16HejPUfg9xOJ3RMwsfMBvhmpaPkx/kJ5sRcZH4ObKBvShSfQzjmwk7CXa/mGDc2kuDa 8yMRO+Ou4wyagIICw/ydXunANFwvxl5Lm3I3j5UMEVlHD2qov0Wu01SekKqQrQOI9ROT pZHH22t8wnNiK1pC1UuEWL/m91W0pkk8p3IOta4jsWD6TFzTQvaAG2dga40bD25VIzoi fC2A==
X-Gm-Message-State: ALQs6tDr/OoCS3DgwE6tnsqhrTsOs8b0WHfBjeZqWmP0RM76/VS5uF7b L9sXqUTvFHpgtRojuX0GZA4RfRCF9dVVpFWvajU91QO7
X-Google-Smtp-Source: AB8JxZqOxleyfRrPWniWRcDbVdsS1/HNcT/h1e4G/ulAeONlgcsMPoKtu2FRV1n5mhhyfIDIgj3EG2PSiUOesQTQmiU=
X-Received: by 10.55.131.196 with SMTP id f187mr2768973qkd.97.1524075764926; Wed, 18 Apr 2018 11:22:44 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.200.24.250 with HTTP; Wed, 18 Apr 2018 11:22:24 -0700 (PDT)
In-Reply-To: <CAOgPGoAhzEtxpW5mzmkf2kv3AcugNy0dAzhvpaqrTSuMSqWqfw@mail.gmail.com>
References: <CAOgPGoAhzEtxpW5mzmkf2kv3AcugNy0dAzhvpaqrTSuMSqWqfw@mail.gmail.com>
From: Joseph Salowey <joe@salowey.net>
Date: Wed, 18 Apr 2018 11:22:24 -0700
Message-ID: <CAOgPGoCbHzuAZra5+i647gtLbR9ZV0-nEE+A7K6e8cUMNjNYtA@mail.gmail.com>
To: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c07019294621c056a238afc"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Sq9cbn0ThFNEzs4OPJs3JRNrUL8>
Subject: Re: [TLS] Consensus Call on draft-ietf-tls-dnssec-chain-extension
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Apr 2018 18:22:48 -0000
We've had a lot of discussion on this thread that has pointed out that there are enough issues with the current document that we should recommend that the AD pull it back from the RFC editor. Concerns have been raised about the trade-offs associated with pinning and I do not think we currently have consensus to add pinning. While I think it may be possible to come to consensus on pinning I think it may take some time. I believe we can quickly get consensus for the following approach: 1. Scope the document to the assertive use cases 2. Explicitly allow (but do not require) DoE be included 3. Remove current text about pinning 4. Re-submit the document for publication and start work on a separate extension that supports pinning I understand that not everyone is happy with publishing the document scoped down in this way, but there is a community of users who would find it useful. I am soliciting suggestions for text for the 1-3 and I encourage proponents of the more restrictive use case to get a draft together that we can consider for adoption by the working group. I also want to thank the participants for keeping the discussion mostly civil and having patience as we go through this process. Joe On Wed, Apr 4, 2018 at 10:50 AM, Joseph Salowey <joe@salowey.net> wrote: > Hi Folks, > > Some objections were raised late during the review of > the draft-ietf-tls-dnssec-chain-extension. The question before the > working group is either to publish the document as is or to bring the > document back into the working group to address the following issues: > > - Recommendation of adding denial of existence proofs in the chain > provided by the extension > - Adding signaling to require the use of this extension for a period of > time (Pinning with TTL) > > This is a consensus call on how to progress this document. Please answer > the following questions: > > 1) Do you support publication of the document as is, leaving these two > issues to potentially be addressed in follow-up work? > > If the answer to 1) is no then please indicate if you think the working > group should work on the document to include > > A) Recommendation of adding denial of existence proofs in the chain > provided by the extension > B) Adding signaling to require the use of this extension for a period of > time (Pinning with TTL) > C) Both > > This call will be open until April 18, 2018. > > Thanks, > > Joe > > >
- [TLS] Consensus Call on draft-ietf-tls-dnssec-cha… Joseph Salowey
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Paul Wouters
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Richard Barnes
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Melinda Shore
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Viktor Dukhovni
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Viktor Dukhovni
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Martin Thomson
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Viktor Dukhovni
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Eric Rescorla
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Nico Williams
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Nico Williams
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Nico Williams
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Richard Barnes
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Nico Williams
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Eric Rescorla
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Nico Williams
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Nico Williams
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Eric Rescorla
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Richard Barnes
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Eric Rescorla
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Nico Williams
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Nico Williams
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Viktor Dukhovni
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Nico Williams
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Eric Rescorla
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Martin Thomson
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Viktor Dukhovni
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Paul Wouters
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Paul Wouters
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Paul Wouters
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Paul Wouters
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Ilari Liusvaara
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Eric Rescorla
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Eric Rescorla
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Viktor Dukhovni
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Eric Rescorla
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Viktor Dukhovni
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Nico Williams
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Nico Williams
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Viktor Dukhovni
- [TLS] DPRIV has the downgrade too (Re: Consensus … Nico Williams
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Tim Hollebeek
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Willem Toorop
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Shumon Huque
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Viktor Dukhovni
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Paul Wouters
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Viktor Dukhovni
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Benjamin Kaduk
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Shumon Huque
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Benjamin Kaduk
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Shumon Huque
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… James Cloos
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Nico Williams
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Melinda Shore
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Nico Williams
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Nico Williams
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Viktor Dukhovni
- [TLS] A new argument (Re: Consensus Call on draft… Nico Williams
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Benjamin Kaduk
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Viktor Dukhovni
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Paul Wouters
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Richard Barnes
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Paul Wouters
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Richard Barnes
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Kathleen Moriarty
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Benjamin Kaduk
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Willem Toorop
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Viktor Dukhovni
- Re: [TLS] [dane] Consensus Call on draft-ietf-tls… John Gilmore
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Viktor Dukhovni
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Ilari Liusvaara
- Re: [TLS] [dane] Consensus Call on draft-ietf-tls… Viktor Dukhovni
- Re: [TLS] [dane] Consensus Call on draft-ietf-tls… Viktor Dukhovni
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Melinda Shore
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Martin Thomson
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Richard Barnes
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Melinda Shore
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Viktor Dukhovni
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Shumon Huque
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Martin Thomson
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Willem Toorop
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… James Cloos
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Viktor Dukhovni
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Eric Rescorla
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Eric Rescorla
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Viktor Dukhovni
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Viktor Dukhovni
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Eric Rescorla
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Viktor Dukhovni
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Viktor Dukhovni
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Melinda Shore
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Viktor Dukhovni
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Eric Rescorla
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Viktor Dukhovni
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Sam Hartman
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Nico Williams
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Jim Fenton
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Nico Williams
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Nico Williams
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Richard Barnes
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Nico Williams
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Nico Williams
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Viktor Dukhovni
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Bill Frantz
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Paul Wouters
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Viktor Dukhovni
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Nico Williams
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Joseph Salowey
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Richard Barnes
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Melinda Shore
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Paul Wouters
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Richard Barnes
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Viktor Dukhovni
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Richard Barnes
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Viktor Dukhovni
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Viktor Dukhovni
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Nico Williams
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Richard Barnes
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Richard Barnes
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Nico Williams
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Viktor Dukhovni
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Shumon Huque
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Peter Gutmann
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Viktor Dukhovni
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Nico Williams
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Joseph Salowey
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Viktor Dukhovni
- Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Joseph Salowey