IETF Logo Mail Archive

Re: [TLS] draft-ietf-tls-dnssec-chain-extensions security considerations

Bill Frantz <frantz@pwpconsult.com> Mon, 02 July 2018 21:17 UTC

Return-Path: <frantz@pwpconsult.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1890E131372 for <tls@ietfa.amsl.com>; Mon, 2 Jul 2018 14:17:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.619
X-Spam-Level:
X-Spam-Status: No, score=-2.619 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t9j3pwWs0OIl for <tls@ietfa.amsl.com>; Mon, 2 Jul 2018 14:17:21 -0700 (PDT)
Received: from elasmtp-galgo.atl.sa.earthlink.net (elasmtp-galgo.atl.sa.earthlink.net [209.86.89.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EDD0A131369 for <tls@ietf.org>; Mon, 2 Jul 2018 14:17:20 -0700 (PDT)
Received: from [47.143.125.3] (helo=Williams-MacBook-Pro.local) by elasmtp-galgo.atl.sa.earthlink.net with esmtpa (Exim 4) (envelope-from <frantz@pwpconsult.com>) id 1fa6FI-0003dd-RX; Mon, 02 Jul 2018 17:20:29 -0400
Date: Mon, 02 Jul 2018 14:17:17 -0700
From: Bill Frantz <frantz@pwpconsult.com>
To: Joseph Salowey <joe@salowey.net>
cc: Paul Wouters <paul@nohats.ca>, "<tls@ietf.org>" <tls@ietf.org>, Benjamin Kaduk <bkaduk=40akamai.com@dmarc.ietf.org>
X-Priority: 3
In-Reply-To: <CAOgPGoBPfL46ogCGa4tSA2q9dikuTwrY766R5y3U-DD1k+XudQ@mail.gmail.com>
Message-ID: <r480Ps-10135i-DADB51FBC94C4C19B752BE611A8202AA@Williams-MacBook-Pro.local>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Mailsmith 2.4.3 (480)
X-ELNK-Trace: 3a5e54fa03f1b3e21aa676d7e74259b7b3291a7d08dfec7932a390ecf431d571ac95634dff1a823d350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 47.143.125.3
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/WUgYj-ZEeWKPUzgbO8bqTIuGl-M>
Subject: Re: [TLS] draft-ietf-tls-dnssec-chain-extensions security considerations
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Jul 2018 21:17:30 -0000

On 6/25/18 at 9:20 PM, joe@salowey.net (Joseph Salowey) wrote:

>Hi Folks,
>
>There has been some discussion with a small group of folks on github -
>https://github.com/tlswg/dnssec-chain-extension/pull/19.   I want to make
>sure there is consensus in the working group to take on the pinning work
>and see if there is consensus for modifications in the revision.  Please
>respond to the following questions on the list by July 10, 2018.
>
>1.  Do you support the working group taking on future work on a pinning
>mechanism (based on the modifications or another approach)?

I would like to see a pinning mechanism, and think this Working 
Group is the right place to move the idea forward.


>2.  Do you support the reserved bytes in the revision for a future pinning
>mechanism?

Yes.


>3.  Do you support the proof of denial of existence text in the revision?

I had difficulty reading the GitHub thread.


>4.  Do you support the new and improved security considerations?

ditto

Cheers - Bill

-----------------------------------------------------------------------
Bill Frantz        | Concurrency is hard. 12 out  | Periwinkle
(408)356-8506      | 10 programmers get it wrong. | 16345 
Englewood Ave
www.pwpconsult.com |                - Jeff Frantz | Los Gatos, 
CA 95032

v2.23.0 | Report a Bug | By Email