Re: [TLS] Eric Rescorla's Discuss on draft-ietf-tls-dnssec-chain-extension-06: (with DISCUSS and COMMENT)
Shumon Huque <shuque@gmail.com> Thu, 01 March 2018 19:13 UTC
Return-Path: <shuque@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AE94612ECC4; Thu, 1 Mar 2018 11:13:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.698
X-Spam-Level:
X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2_fW3ypN2cZ6; Thu, 1 Mar 2018 11:13:41 -0800 (PST)
Received: from mail-it0-x230.google.com (mail-it0-x230.google.com [IPv6:2607:f8b0:4001:c0b::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 20F1B12ECEB; Thu, 1 Mar 2018 11:13:41 -0800 (PST)
Received: by mail-it0-x230.google.com with SMTP id c11so8864373ith.4; Thu, 01 Mar 2018 11:13:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=14HN2u+W5K9kUUG/UBEdhsTq/jBEKsCejIDRLTP/xvw=; b=JOeqmQSzNnjb2sDMBhcvjttEL7FzBZ7VM1KkV2/H+L0dSGXO7qQft5/tknLRbRa6f6 +fNo+Kx+JMoaTNr2k58sVcL10m+elTGiEtpYAxiUwHiurrLgzAxNOlyqY7P5AE1s8IPg MbJ0PtI7Mzpkdrh6zFjejmtGK7yaTlx3lKp7HVo8bzkBZLLFQKMkg0hKlJod+neNONLQ gvW4LXgNWmsNdEDwox4EPk1Kk/ryTk/19pTSU0WXcqZFDf7ziC82Lb49nukptmTmeNB+ PjnMH232Mb6oojgdc4g7yPjc7Gog+NIkj13EkoL9lvsv9OlnGl/hNc79O4ctHAFo4s83 YBbw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=14HN2u+W5K9kUUG/UBEdhsTq/jBEKsCejIDRLTP/xvw=; b=JWGFBiSoVqm1boIl5wKW56rxUIXDgmyBWVGAL/UqTmGr9Iq1w0z8HcIvwrKPSgRB0M ldMJpC1es3PRu6OZgKIBNPOkMcfJQIqORoxpMRf7PndPBx47jQj6WTLJp2WgkRvvvXPm qEW8wHAhVO3WKrzaYpmWqi/NkmpoXwZsehLJR9EZZpO8DrHISRg5+Oo9fK6Kt3iigE8H WB+W4pnELY+chxvgS/e22eNPRvMgEDsq+XgAgX0VGv9FQ4xhi0NSMww0h/7938MBQlut EwnswlQbiboqb5aerc+JY1CZQl1jEaXMrsgVJuaQsCaZhV/MCkYhhTGydr2c2DjsN/U2 2qPA==
X-Gm-Message-State: APf1xPABwwdMSc0EqaYJEh0HWFPS4fTOHKRo1eFZjUikQ/tPLDCFjcSs BKF6b9/NVSozGGXJ3RrpjvfFsYPVDAe2vUsaeWD4zg==
X-Google-Smtp-Source: AG47ELv7y9TsQeGFXbjNlpeQTRu5OBSVXcqgoD11XkU6VqDF0h8oYiTXTOiD4sijgBbBSFlb4SKENkipVui31kEv47s=
X-Received: by 10.36.43.80 with SMTP id h77mr3910801ita.103.1519931620457; Thu, 01 Mar 2018 11:13:40 -0800 (PST)
MIME-Version: 1.0
Received: by 10.79.203.9 with HTTP; Thu, 1 Mar 2018 11:13:39 -0800 (PST)
In-Reply-To: <20180228200707.GF8921@localhost>
References: <CABcZeBOST2X0-MH2hhzpPJaUkbY++udsUV1bMnMhH2V2wQRPmA@mail.gmail.com> <CAHPuVdUs7mUJiqZjFjLDCNmHHGR9AP-g5YaLLbJj-zkDKd=_-w@mail.gmail.com> <alpine.LRH.2.21.1802211425260.7767@bofh.nohats.ca> <CAHPuVdX=_6b5g572-T-9Ccwek-WwL11KdTVwV9oNC9LaO5=0=Q@mail.gmail.com> <alpine.LRH.2.21.1802260913290.9977@bofh.nohats.ca> <70D42B5C-7FF9-49C1-95D4-13FDC611FF96@dukhovni.org> <CAHPuVdU8boBpYO3QutJgawH-54fKD+R9PaaT-5yWE+y2t+BwwA@mail.gmail.com> <CAHPuVdWhEnYxcLUzs-zbnKiN0zj+WO-7_cK2EobS1Gipurk7CQ@mail.gmail.com> <20180227233610.GD8921@localhost> <20180227233854.GE8921@localhost> <20180228200707.GF8921@localhost>
From: Shumon Huque <shuque@gmail.com>
Date: Thu, 01 Mar 2018 14:13:39 -0500
Message-ID: <CAHPuVdUOZ1J+us4QfS+AedMvRzTGBRMGHvu5jpOdYr6mENGKXw@mail.gmail.com>
To: Nico Williams <nico@cryptonector.com>
Cc: Viktor Dukhovni <viktor@dukhovni.org>, The IESG <iesg@ietf.org>, draft-ietf-tls-dnssec-chain-extension@ietf.org, TLS WG <tls@ietf.org>, tls-chairs <tls-chairs@ietf.org>
Content-Type: multipart/alternative; boundary="001a114741385201ce05665ea8fa"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/jKeOKVbZ9tPzpIUw99dK1xeOgoU>
Subject: Re: [TLS] Eric Rescorla's Discuss on draft-ietf-tls-dnssec-chain-extension-06: (with DISCUSS and COMMENT)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Mar 2018 19:13:48 -0000
On Wed, Feb 28, 2018 at 3:07 PM, Nico Williams <nico@cryptonector.com> wrote: > IF there's an objection to modifying the extension in order to add a > pin-to-DANE TTL field, I would propose the following instead: > > Make the pin-to-DANE be "forever" but make it so it can easily be > cleared if DANE is undeployed for the service. > This option is already covered in the draft. It doesn't use the term pinning, but does mention caching the existence of DANE on first contact and requiring it subsequently (if clients want to do so). I do not know if the draft authors and/or WG have an appetite to do the much more major change suggested by Viktor (i.e in-protocol pinning TTL commitment and requiring subsequent denial of existence proof if DANE is removed). Shumon.
- [TLS] Eric Rescorla's Discuss on draft-ietf-tls-d… Eric Rescorla
- Re: [TLS] Eric Rescorla's Discuss on draft-ietf-t… Shumon Huque
- Re: [TLS] Eric Rescorla's Discuss on draft-ietf-t… Eric Rescorla
- Re: [TLS] Eric Rescorla's Discuss on draft-ietf-t… Viktor Dukhovni
- Re: [TLS] Eric Rescorla's Discuss on draft-ietf-t… Eric Rescorla
- Re: [TLS] Eric Rescorla's Discuss on draft-ietf-t… Shumon Huque
- Re: [TLS] Eric Rescorla's Discuss on draft-ietf-t… Shumon Huque
- Re: [TLS] Eric Rescorla's Discuss on draft-ietf-t… Viktor Dukhovni
- Re: [TLS] Eric Rescorla's Discuss on draft-ietf-t… Shumon Huque
- Re: [TLS] Eric Rescorla's Discuss on draft-ietf-t… Eric Rescorla
- Re: [TLS] Eric Rescorla's Discuss on draft-ietf-t… Paul Wouters
- Re: [TLS] Eric Rescorla's Discuss on draft-ietf-t… Paul Wouters
- Re: [TLS] Eric Rescorla's Discuss on draft-ietf-t… Viktor Dukhovni
- Re: [TLS] Eric Rescorla's Discuss on draft-ietf-t… Eric Rescorla
- Re: [TLS] Eric Rescorla's Discuss on draft-ietf-t… Shumon Huque
- Re: [TLS] Eric Rescorla's Discuss on draft-ietf-t… Shumon Huque
- Re: [TLS] Eric Rescorla's Discuss on draft-ietf-t… Willem Toorop
- Re: [TLS] Eric Rescorla's Discuss on draft-ietf-t… Paul Wouters
- Re: [TLS] Eric Rescorla's Discuss on draft-ietf-t… Viktor Dukhovni
- Re: [TLS] Eric Rescorla's Discuss on draft-ietf-t… Benjamin Kaduk
- Re: [TLS] Eric Rescorla's Discuss on draft-ietf-t… Viktor Dukhovni
- Re: [TLS] Eric Rescorla's Discuss on draft-ietf-t… Willem Toorop
- Re: [TLS] Eric Rescorla's Discuss on draft-ietf-t… Shumon Huque
- Re: [TLS] Eric Rescorla's Discuss on draft-ietf-t… Viktor Dukhovni
- Re: [TLS] Eric Rescorla's Discuss on draft-ietf-t… Shumon Huque
- Re: [TLS] Eric Rescorla's Discuss on draft-ietf-t… Nico Williams
- Re: [TLS] Eric Rescorla's Discuss on draft-ietf-t… Nico Williams
- Re: [TLS] Eric Rescorla's Discuss on draft-ietf-t… Nico Williams
- Re: [TLS] Eric Rescorla's Discuss on draft-ietf-t… Shumon Huque
- Re: [TLS] Eric Rescorla's Discuss on draft-ietf-t… Shumon Huque
- Re: [TLS] Eric Rescorla's Discuss on draft-ietf-t… Viktor Dukhovni
- Re: [TLS] Eric Rescorla's Discuss on draft-ietf-t… Paul Wouters
- Re: [TLS] Eric Rescorla's Discuss on draft-ietf-t… Eric Rescorla
- Re: [TLS] Eric Rescorla's Discuss on draft-ietf-t… Viktor Dukhovni
- Re: [TLS] Eric Rescorla's Discuss on draft-ietf-t… Willem Toorop
- Re: [TLS] Eric Rescorla's Discuss on draft-ietf-t… Willem Toorop
- Re: [TLS] Eric Rescorla's Discuss on draft-ietf-t… Viktor Dukhovni
- Re: [TLS] Eric Rescorla's Discuss on draft-ietf-t… Paul Wouters
- Re: [TLS] Eric Rescorla's Discuss on draft-ietf-t… Paul Wouters
- Re: [TLS] Eric Rescorla's Discuss on draft-ietf-t… Kathleen Moriarty
- Re: [TLS] Eric Rescorla's Discuss on draft-ietf-t… Ilari Liusvaara
- Re: [TLS] Eric Rescorla's Discuss on draft-ietf-t… Shumon Huque