IETF Logo Mail Archive

Re: [TLS] A few comments on draft-ietf-tls-dnssec-chain-extension-02.txt

Melinda Shore <melinda.shore@nomountain.net> Thu, 23 March 2017 16:31 UTC

Return-Path: <melinda.shore@nomountain.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 85A2F1299AF for <tls@ietfa.amsl.com>; Thu, 23 Mar 2017 09:31:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nomountain-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U5MdoVBNnRP7 for <tls@ietfa.amsl.com>; Thu, 23 Mar 2017 09:31:32 -0700 (PDT)
Received: from mail-pg0-x22e.google.com (mail-pg0-x22e.google.com [IPv6:2607:f8b0:400e:c05::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 47B7E1299B2 for <tls@ietf.org>; Thu, 23 Mar 2017 09:31:28 -0700 (PDT)
Received: by mail-pg0-x22e.google.com with SMTP id t143so60479255pgb.2 for <tls@ietf.org>; Thu, 23 Mar 2017 09:31:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nomountain-net.20150623.gappssmtp.com; s=20150623; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to; bh=ynUuBIgW/vX2wmhY2uX7b1sR+xpHOSmjaBC3qr1ww50=; b=eNKd+fGI5OgXvIUedQuacooP61W524wPuCDrSC+oq0FkioPgj0ZfkSlmiiGmfAO5P6 ynIyuqBp7P4+82qmzDn78ScNWjnsz0NQVmeIw8DR3Fok/l1OBCCgd6efDCucGgihMhKE ONqdewMxDa++d/1Tb05KEKLBq1/FuHRXUJS1EwbOW7+lQySi9XHpJnXnybhCprZydvm6 d31togk99BaOSLpHLNp0q1nDZ64/GHb8TNuK+kBrLVzQcnNDJb3qXYZjs+AjMd3Bn1hx LuQ+mOHNEcBHeN3mgnNWY3r9FSJ3r0aH7syHDT6ZpvhWtC/X/9uLD+Jfy+/vUzwyq9cq iaBw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to; bh=ynUuBIgW/vX2wmhY2uX7b1sR+xpHOSmjaBC3qr1ww50=; b=G7ysb1q5rUBWSk3wY3leLCD6kds3+8gR9FpoL2tqbgcyQpl22T6DUrcRchJK+FP2p6 c4+9PmTuXoOfCBTwfxTRKsn9r4JGxslJnI3lI3rfNRcGg4n6jNc+HHKD3gLPAkjEBYmH FzVAckSoj6B8uJlGwqpzWo4m8AXFJm1RjZ0kNN62T4WGIU0F96eReYCDbg5IKb6n5A++ /qBxRIRFowCSq3MpHAJ2GDC+czR1HFIif6fQzQtxosZXZ6mFzTZ4nviSvEW8FJTtO7va 1BdOTymZvFyT6BjgRnI2AAweqsxwZNvjZ+Z2qWDuldfwMB+JNQ2cw5JyfSq4ds28chcy X0Lg==
X-Gm-Message-State: AFeK/H0H2bcSCPxuF2/nYx2fNijQWE+5Wqm0MaFY1QH+bnYcXSV65X+jzDftbKPqi3bpyw==
X-Received: by 10.99.127.76 with SMTP id p12mr3959915pgn.42.1490286687622; Thu, 23 Mar 2017 09:31:27 -0700 (PDT)
Received: from Melindas-MacBook-Pro.local (74-124-98-225-radius.dynamic.acsalaska.net. [74.124.98.225]) by smtp.gmail.com with ESMTPSA id 189sm7735192pgd.30.2017.03.23.09.31.26 for <tls@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 23 Mar 2017 09:31:26 -0700 (PDT)
To: tls@ietf.org
References: <CABcZeBMM-67C5KQx1pcd=phBkd7htJB7QSR4VGp+kXpq6gbCFg@mail.gmail.com> <1362c5bd-99c6-c806-ce2a-b51f86a31f38@nomountain.net> <54343047-7620-4A96-BD39-6E60AE7EA5A2@sn3rd.com> <5f39565c-5417-b94f-f1e6-32261c473455@nomountain.net> <BE38E78E-86ED-40B6-B179-FE2A1967BB86@dukhovni.org> <27455360-f4ee-4918-ee08-5ccf99a94ec9@nomountain.net> <F22BF712-162E-4716-962A-4C5B7516D187@dukhovni.org>
From: Melinda Shore <melinda.shore@nomountain.net>
Message-ID: <896987d1-4bb4-3f04-a34e-c09b245d038b@nomountain.net>
Date: Thu, 23 Mar 2017 08:31:24 -0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:45.0) Gecko/20100101 Thunderbird/45.7.1
MIME-Version: 1.0
In-Reply-To: <F22BF712-162E-4716-962A-4C5B7516D187@dukhovni.org>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="ox3xteVJ1L6hmxHf6qF5qKtIOrfxxdAhq"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/e64glZiELed6lO1-Sdud3TZKfrc>
Subject: Re: [TLS] A few comments on draft-ietf-tls-dnssec-chain-extension-02.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Mar 2017 16:31:34 -0000

On 3/23/17 8:14 AM, Viktor Dukhovni wrote:
> I don't know how many other folks on the TLS WG list are prepared
> to do a thorough review the DNSSEC aspects of this draft...
> Perhaps the TLS and DNS communities overlap sufficiently that my
> concern is not warranted?

I think it's quite warranted, and we're sending requests
for review to both the dane mailing list (still open even
though the wg shut down) and to dnsop.  The DNS parts are
more complicated than the actual extension mechanism and
need expert review.  We'll be requesting review once the
new version is posted.

Melinda

v2.23.0 | Report a Bug | By Email