Re: [TLS] Consensus Call on draft-ietf-tls-dnssec-chain-extension

Shumon Huque <> Wed, 18 April 2018 22:35 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 9E6AE126CE8 for <>; Wed, 18 Apr 2018 15:35:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id jVFfsDQJ73Nw for <>; Wed, 18 Apr 2018 15:35:45 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4001:c06::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 1E89D124D37 for <>; Wed, 18 Apr 2018 15:35:45 -0700 (PDT)
Received: by with SMTP id f3-v6so4349201iob.13 for <>; Wed, 18 Apr 2018 15:35:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=DRjLe0kA58d2fFMplfNB6OPB2mjzt/TgSt1qHA/qt8U=; b=IyZyuYdgYSb/UH21GneQtqB9kSJx6YzIBnhWv3Gu1iFa3Fph1v661tplOxPub5VoKf 3M+BmRrnbumu73HAhRo5thmeb7LcnsBL4sa2Gt4yB2otOWv+ccgrWdqCkPulH4qaPAAO lpkh6VWCI5VcaE0tSTrRVZyN7lMwvTncY+MIU96VnPTsFcSN5sQr2gESRxddJV879pZN XeF6tq2v6dlOG5ud2I2WX2slhDv2ECD3GyLTyKoZXdHdY7D4DMtYBZqtYFwlxdqJxPwZ xhMXpBnb5mS5BFYZo2kafWdCtNrZAlqWvDKifEhjF8gauleI9yQdJQ5QPqzOKHf+NSO0 esKA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=DRjLe0kA58d2fFMplfNB6OPB2mjzt/TgSt1qHA/qt8U=; b=L0JrB2kYRT2rr287KmbjVaZ7EvdkA83HQu8crXQh1JD5dt3us9iKgTYIXRSI8UZKV2 4ZIFjG2/w0YwomOpdDEOEj6AWMgS3vYdwghkwP93j19/nzkhaOeIFQseCuCIzDxMSlId c7E4IgKoW0jssNbB4YViDDrwWipHQeKDEahsmwi/tuhQnYAJr1hdNHKk7eJDuTe2sQlT Hc/x3xjdYf88LEUIGhba5Luoj+HLENhOMpBEBSgIwFtekub1rwbssgnZs44usaF87sDg Go/y8OHZl/LxV0dv0KepN0zify/r62SpCphFdY2jiTS8AuBv8XzO2pqRrH3fp0kW9oyw n/dQ==
X-Gm-Message-State: ALQs6tBOYvV44rfFgn1mZKbMkIdOel8NJ+f8zcH8ZYipSSmpvFtVkNnP /fiP3DpiTjn3UpEJNTtn0eVsG7yAT0jKGXaWMvQ=
X-Google-Smtp-Source: AB8JxZpVdnyL9FFMKG1u3pWQU9sZIMMm8xrdmu7cczxG91IygzYDFLNIw3cVsApcrZDu79yNA3g1jnLwa3lXKOAnd0o=
X-Received: by 2002:a6b:9b15:: with SMTP id d21-v6mr4154660ioe.243.1524090944363; Wed, 18 Apr 2018 15:35:44 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a4f:7c91:0:0:0:0:0 with HTTP; Wed, 18 Apr 2018 15:35:43 -0700 (PDT)
In-Reply-To: <>
References: <> <> <>
From: Shumon Huque <>
Date: Wed, 18 Apr 2018 18:35:43 -0400
Message-ID: <>
To: Paul Wouters <>
Cc: Joseph Salowey <>, "<>" <>
Content-Type: multipart/alternative; boundary="0000000000005823bd056a27131d"
Archived-At: <>
Subject: Re: [TLS] Consensus Call on draft-ietf-tls-dnssec-chain-extension
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 18 Apr 2018 22:35:47 -0000

On Wed, Apr 18, 2018 at 4:42 PM, Paul Wouters <> wrote:

>  2. Explicitly allow (but do not require) DoE be included
> The document does not currently allow the extension to be empty. So if
> there is no TLSA record and the extension would be present, it therefore
> can only contain a DoE chain. So what do you mean with item 2? Possibly
> you mean to say "if there is no TLSA record, the extension can be omited
> or the extension can be included with a DoE chain" ? That would be okay
> with us.

Yes, my understanding is that's what it means.

Note that Section 8 ("Mandating Use") already did hint at the future
possibility of
this extension carrying a DoE chain that could be deployed in a TLS
ecosystem where all servers understood and were prepared to respond to this
extension. The plan is to now add text that allows DoE chains more
with details of use defined in subsequent documents.