Re: [TLS] Consensus Call on draft-ietf-tls-dnssec-chain-extension

Melinda Shore <melinda.shore@nomountain.net> Fri, 13 April 2018 04:08 UTC

To: tls@ietf.org
References: <CAOgPGoAhzEtxpW5mzmkf2kv3AcugNy0dAzhvpaqrTSuMSqWqfw@mail.gmail.com> <CAHPuVdXfVQ5ZYL+dTvFeTfOaz2NNPrqxvnWuqJkxu0aaKDF_Sg@mail.gmail.com> <20180410235321.GR25259@localhost> <20180411173348.GP17433@akamai.com> <alpine.LRH.2.21.1804120438460.24369@bofh.nohats.ca> <CAL02cgSuTOaT_NwnpXaa8DPhNJhzqZwepRL+J29BzcBfCTDtHw@mail.gmail.com> <CAHbuEH78KNyk8fnHThRkCERKPjZzYppi1uhkDx6kL_t448q0_g@mail.gmail.com> <20180412175441.GD20782@akamai.com> <6db83a59-1f0f-f552-0d48-6e2a8d43f602@nomountain.net> <CABkgnnUwOjkY1_KejV-YOw3YRqjFfzaYurEY1OpZ8phQVhcWLg@mail.gmail.com> <114FE78D-F340-4752-BEF0-459FE1548A80@dukhovni.org> <aa7ca33a-4acd-c770-a43c-df7a1f66c782@nlnetlabs.nl> <E3918F11-9AD7-4C06-9173-5175ECACD16B@dukhovni.org> <CABcZeBP6-7_NNmC+7iVnNXbQw7p3jJH4eC1-EjY4C4CwdWWNcg@mail.gmail.com> <702DDD4B-4609-476C-9BAA-6AA05978135F@dukhovni.org> <CABcZeBPJY1tsnCTYFbLoFSUX8pdVE7ZCi-+7kWsZkx8vwR_0YA@mail.gmail.com> <57382E5B-3562-426F-8E1D-58E140296DBC@dukhovni.org>
From: Melinda Shore <melinda.shore@nomountain.net>
Openpgp: preference=signencrypt
Autocrypt: addr=melinda.shore@nomountain.net; prefer-encrypt=mutual; keydata= xsFNBFppZ0gBEADFwxAi5szDOsM/6+CH4pbYTX7D+2gjLY4xEE7ydQcAF1WVLvcWXrpZM0GO /eA4N1PJ+OT5o8o9zVr7izMJkiLwcnQmxHdlYgZ9E+Cm8hDtMyEPBQwsYTkE5kpbGCmBAZ+W rHNHjvDg366uZQHzJejenB1/V4+rxMZs1Ak34Az2MVOz9Doecaiadpw3NpH3+1VXY/qilqnM lznINSANqD0ktxB/CVKjxl3/K5JnVnLp0h2kiUqt19hQPX2JmLcgaHzu+Ceb34/HZWhs0CiF c4auhQ3A9PcccOprQh6IGW1xo6RP3OEbeRFqeovgBWS+DIWzMIM0a3G2LDid0889QYwEv0zZ RPDCcF3g15mlkeUUmwKQ6eAagPyTqLtTiOKULqy9bQahyX2eqlySrF+HqlwGeNoG+A4l1Z2Y S7NCBLPIzUk2RuSKMBaKw86ORzvg2Advrw4bdv7kbDkArGzywky61SEB/q+GqR466mekXx2F O+m8RuoSnWrBsKvD/bhELHcneorIBleGz+VL7i5adU0rIydG3jPTfUeXoCZIeNx1LannxnAR ihKdh5+FE26WiiK6VmZWkvFjaPFwWGjvAsi82Pd9QgHhnG/XzINpXw/3HF4wtBTU5nIExMzC +FbJxCPq1kXpqSxJqg7hgUFvD5jUD9lpN5Br/S2dUgJj95bbPQARAQABzSxNZWxpbmRhIFNo b3JlIDxtZWxpbmRhLnNob3JlQG5vbW91bnRhaW4ubmV0PsLBlwQTAQoAQQIbAwUJCWdTAAUL CQgHAwUVCgkICwUWAgMBAAIeAQIXgBYhBE9oLZMqF5b4IPI0wN+4kXKadtuPBQJaaWd0AhkB AAoJEN+4kXKadtuPmvIQAJvVNnT0qhltq35AQ9Z1Ipx1IkEcQ8+yyMNLgyV9ZYhn9wn9JS/C TSb7HDSyTRiIz8CnaiCIOn2ZpT3sgYFw3cijT6YfRiifCeu4z3ea+XXOA/VyqXo42ARWOvq3 XdY3uj/j1c39PvhbopUwhulHzFJL7cMJCLEws588HdLwT8GVe+aTFPP4buJRqpOM0kSr/gkN 1IYKI0x1w6NgsgrYjCnv/VUwThjcVWPwMvZStvBnGquE6tvEmlnY+5cRktKSFw4X1ijxKzJD m0iqg7P7gNjC0r5uR2fF6BC0OPo9txPnabYph1wZ7V/5gnDwtWimD0ER77EO5Mr3zZHzva5v EwDpEbKXI43XAfpbxz3uc2fmXE2cvOCFgY/fTpX4kjVaxyFvjf1zrsac/7qFzwvgotYrYSc+ E1Ts+n1hWwsDA+qw/9reE1z9w+sn7SKL7zlS9sV54rfcd1AT0aMwlhAkEOaXRutriQ9BWWOv TOZBtRuV5RO/ZieY7lLX2+na2LjxLyak9k6wYwQwKvzvovBrr8zwDfJQDQujdVhk/lrlngAw Qh/U9dOg2hTUNiFHbKe1N+4vNCW/aLqm33LEV/vK/KepGsTl1ezQotOr0d05h2QySsdAgLCX Gv7bb+wTl/8Yx8hZfZO68KoRk8Zy4Yz8kE5LWJir+QQC7m7oo/4wZZcIzsFNBFppZ0gBEACg ZuM18ghzSuhuv+n0kWyWCeEWrx9Ey03EgFj5alBt55+OLv3dOsdyBHJxjtd0cZS1XaKZlgr1 YZ0OpQNv/Wyy8uSW2BZ6hyG1SKN9/1MmfJLNnjjxaBQP4yaMwDdS3wX7hoWY19IpVPZHYDR3 5FAgSnG/s6we+IOITM1TJoOJs4+ygeK5dC7LfRoj+lkEHYrTcglYVuwsyK2FNz/sF8kJW1fE ZHM66phSbhCvwbECWbb4eDGXbKZY92W1RTQ5U5td8DMLXyYipQphrcoeRXpb18DbOnE0WwIQ V0yBgc/rTiUt/wVjasd1RrsCPBQC/uJ+ZHknvr2MoxIWBBsRtKYHG66aOL+nDV8X1miuF6j4 cztvgmdqrwPHpAKVxhfwd/G4suNBunYw4/kAV9b2+eidX5em3NtPPNl/qNjsmEHQGn/5JKRH RvQs0yuigXDhN2N0keoHrbGCE8kyA/d83L7E9d95hsf3JxpRzmeaTze+NpcIaX5uXdKOaCBj Ltx1tOrDA4XX7Y3nY+waKZYa3RvC7yulFJiKfYWDSriWeQXcXj06p8H6vF6sy9LeX9xRRjTI 7qDHFxwuMQIKGqgufXtxu0pxxcMqXTEUPZnxUWUvuFjjYvEmtO92+Ot/NuotV8JvRPwg2OnY jMJodU1X7hzEs8djtgZG+t3FEGK3i1EJUQARAQABwsF8BBgBCgAmFiEET2gtkyoXlvgg8jTA 37iRcpp2248FAlppZ0gCGwwFCQlnUwAACgkQ37iRcpp2248krg/9H896KtAQCAV0RcV3QqZ7 5iY5pCxpRyxAaR0PjE5jiYV5gUHPCKtr9UPZt4Bi+bzNLQ2KJK6Rx4XNf5lQWopEo1IxtOiF PjkrQIpNkYmFWyOGpKpSIDhgsJpswZqxPDLpo+59GNlSUG6v3sMAnx+Gvtvqczkvg6UPDN/J YK75BIGoCGZMyor1B0EmRYj98LdwjT95dQZXjZvWBDeIx+NxUZKoA7AlR/xgsN3PHGq4SApM LL0R/qbiLIzUPnTPt5sBs0peflVvMrtgIMiZ9FdYPE+VWy5+X2AmeFg6Zl5W76HQUP6eYZQV 5abZ+iiW9lY1TmqsqpTIDu/ZMy7pLknxV5E1vQy+wsihluDYydaQ4HWoNaY7QFb+x7TsvjJR i+cH7By4jxohTWUuaukuMmT0eEaesWJSraAmxsffqJwDpsi0chZskuXjEm9gX6rY7MhzOZl7 Vz9F+6MYTtTmT1mpkLAMWf1/JuKUCfnSAHRlDxUOAG6QSJoHWAGqYy3XiF9bN63yQ6xllloS bbMvP9VW0e/iFKMKEIvfIvAg0IrlPcfKAGuuT1axwIU7da/N7LOcXyDDSEUuSzvXL/BkWyjx uLzdLY6eTvC6ZT/fA5iS/PAUj0WbrWNrHQtQ5OY2+al2v6JdLu/w6IZJCBpTosOAOzzmre+3 1fk1HKwqd9xRxC8=
Message-ID: <a1e1258b-f002-f162-ba05-fd8b728ac2cd@nomountain.net>
Date: Thu, 12 Apr 2018 20:07:55 -0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.7.0
MIME-Version: 1.0
In-Reply-To: <57382E5B-3562-426F-8E1D-58E140296DBC@dukhovni.org>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/sCWxDKkJXNVrs4YrEvSpXxztkNc>
Subject: Re: [TLS] Consensus Call on draft-ietf-tls-dnssec-chain-extension
Precedence: list

On 4/12/18 6:55 PM, Viktor Dukhovni wrote:
> If you'd like me to craft revised option (A) text, that includes a suitable
> caveat, I can try.  

I'm okay with putting denial-of-existence in there as a should,
but I do feel strongly that pinning belongs in a separate document.
As I  said earlier, I have a problem with putting features in protocols
that  nobody intends to use.  It's bad enough when it happens by
circumstance but doing it deliberately strikes me as a bad idea.

And while this may not be your problem, it's very much mine: this
kind of thing is bad for the IETF.  It discourages participation
(and, ironically, implementation) and it slows the process down
further, with no clear benefit (getting back to the implementation
question).  I've gotten an earful from several implementers about
this, and it concerns me.

Melinda

-- 
Software longa, hardware brevis

PGP fingerprint: 4F68 2D93 2A17 96F8 20F2
                 34C0 DFB8 9172 9A76 DB8F

[TLS] Consensus Call on draft-ietf-tls-dnssec-cha… Joseph Salowey
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Paul Wouters
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Richard Barnes
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Melinda Shore
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Viktor Dukhovni
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Viktor Dukhovni
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Martin Thomson
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Viktor Dukhovni
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Eric Rescorla
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Nico Williams
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Nico Williams
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Nico Williams
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Richard Barnes
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Nico Williams
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Eric Rescorla
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Nico Williams
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Nico Williams
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Eric Rescorla
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Richard Barnes
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Eric Rescorla
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Nico Williams
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Nico Williams
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Viktor Dukhovni
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Nico Williams
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Eric Rescorla
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Martin Thomson
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Viktor Dukhovni
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Ilari Liusvaara
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Paul Wouters
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Paul Wouters
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Paul Wouters
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Paul Wouters
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Eric Rescorla
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Eric Rescorla
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Viktor Dukhovni
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Eric Rescorla
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Viktor Dukhovni
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Nico Williams
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Nico Williams
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Viktor Dukhovni
[TLS] DPRIV has the downgrade too (Re: Consensus … Nico Williams
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Tim Hollebeek
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Shumon Huque
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Willem Toorop
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Viktor Dukhovni
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Paul Wouters
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Viktor Dukhovni
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Benjamin Kaduk
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Shumon Huque
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Benjamin Kaduk
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Shumon Huque
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… James Cloos
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Nico Williams
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Melinda Shore
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Nico Williams
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Nico Williams
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Viktor Dukhovni
[TLS] A new argument (Re: Consensus Call on draft… Nico Williams
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Benjamin Kaduk
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Viktor Dukhovni
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Paul Wouters
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Richard Barnes
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Paul Wouters
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Richard Barnes
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Kathleen Moriarty
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Benjamin Kaduk
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Willem Toorop
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Viktor Dukhovni
Re: [TLS] [dane] Consensus Call on draft-ietf-tls… John Gilmore
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Viktor Dukhovni
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Ilari Liusvaara
Re: [TLS] [dane] Consensus Call on draft-ietf-tls… Viktor Dukhovni
Re: [TLS] [dane] Consensus Call on draft-ietf-tls… Viktor Dukhovni
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Melinda Shore
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Martin Thomson
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Richard Barnes
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Melinda Shore
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Viktor Dukhovni
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Shumon Huque
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Martin Thomson
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Willem Toorop
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… James Cloos
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Viktor Dukhovni
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Eric Rescorla
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Eric Rescorla
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Viktor Dukhovni
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Viktor Dukhovni
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Eric Rescorla
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Viktor Dukhovni
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Viktor Dukhovni
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Melinda Shore
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Viktor Dukhovni
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Eric Rescorla
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Viktor Dukhovni
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Sam Hartman
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Nico Williams
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Jim Fenton
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Nico Williams
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Nico Williams
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Richard Barnes
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Nico Williams
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Nico Williams
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Viktor Dukhovni
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Bill Frantz
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Paul Wouters
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Viktor Dukhovni
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Nico Williams
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Joseph Salowey
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Richard Barnes
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Melinda Shore
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Paul Wouters
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Richard Barnes
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Viktor Dukhovni
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Richard Barnes
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Viktor Dukhovni
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Viktor Dukhovni
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Nico Williams
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Richard Barnes
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Richard Barnes
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Nico Williams
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Viktor Dukhovni
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Shumon Huque
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Peter Gutmann
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Viktor Dukhovni
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Nico Williams
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Joseph Salowey
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Viktor Dukhovni
Re: [TLS] Consensus Call on draft-ietf-tls-dnssec… Joseph Salowey