Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06
Viktor Dukhovni <ietf-dane@dukhovni.org> Mon, 27 June 2022 22:27 UTC
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 320FDC13CD97 for <uta@ietfa.amsl.com>; Mon, 27 Jun 2022 15:27:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l_6svtfMBGFB for <uta@ietfa.amsl.com>; Mon, 27 Jun 2022 15:27:38 -0700 (PDT)
Received: from straasha.imrryr.org (straasha.imrryr.org [100.2.39.101]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 69704C15D899 for <uta@ietf.org>; Mon, 27 Jun 2022 15:27:38 -0700 (PDT)
Received: by straasha.imrryr.org (Postfix, from userid 1001) id 2EC1E100429; Mon, 27 Jun 2022 18:27:37 -0400 (EDT)
Date: Mon, 27 Jun 2022 18:27:37 -0400
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: uta@ietf.org
Message-ID: <Yrou2Rx71cRq+5jT@straasha.imrryr.org>
Reply-To: uta@ietf.org
References: <002e01d87e9c$78a002e0$69e008a0$@smyslov.net> <032e01d8878f$c2e8f630$48bae290$@smyslov.net> <A7E6035E-7BCF-4BB3-BB87-D261ED98532D@gmail.com> <YrdXuGgMKMM+gKJn@straasha.imrryr.org> <DF17FC56-87DB-4002-B84F-A81B3AE99F83@gmail.com> <Yrdzc0bkQGMRXVGM@straasha.imrryr.org> <fb09d07d-57c3-aba3-f367-dc25a348a4cd@stpeter.im>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <fb09d07d-57c3-aba3-f367-dc25a348a4cd@stpeter.im>
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/66mMlUS_eCdv3DpB0Qv8dlcYCq8>
Subject: Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Jun 2022 22:27:40 -0000
On Mon, Jun 27, 2022 at 02:37:22PM -0600, Peter Saint-Andre wrote:
> > It does for the majority of the certificate usages, but in practice
> > today DANE is primarily used with SMTP, and predominantly with
> > DANE-EE(3) TLSA records, in which case identity questions are settleda
> > at the DNS layer, and the presented identifiers in the certificate are
> > irrelevant.
>
> Even in this case, doesn't the certificate include a service identifier?
Actually, no. A handful of DANE SMTP server operators configure
certificates that have empty Subject and Issuer DNs and no Subject
Alternative names. The certificate is (kind-of) self-signed and
essentially holds just the public key and its self-signature.
For example:
subject=
issuer=
notBefore=Jul 27 14:59:59 2014 GMT
notAfter=Nov 27 14:59:59 3013 GMT
-----BEGIN CERTIFICATE-----
MIIE1TCCAr2gAwIBAgIJAMMmKxPKsTZyMA0GCSqGSIb3DQEBCwUAMAAwIBcNMTQw
NzI3MTQ1OTU5WhgPMzAxMzExMjcxNDU5NTlaMAAwggIiMA0GCSqGSIb3DQEBAQUA
A4ICDwAwggIKAoICAQC200I1aOkqnrr48PS/MLULQM0QSyCUqvzo07G4Fcwkun+V
tYWS6dWXcNP9s8mRutWFXcZtmIvDs3l0p0HG9N8UU7uQIXJxuuJWAwoLqdvVktOQ
WE7rpItRgNtfVibPmyaoLkLfVBSGTh+tspxXVBZ6OSWjs5CX63CSBCcQtv2ecE+y
AuL6bZDrmgxkPDGGTJiZRwB1ttC7gAITx0OXJOwePrEc1se33vzou8bYIHQWCSct
FxelpEHQ9mDeooT65I3dHph+GXWkh1IYRdltOT4ssmQaEzcmP3KMff4u1ibXzDeq
Bkov6rwPAF/VMHnoESFkA7mR5dpHa31D5l4g6B0dHj24V2IBmBNbzKifa9I04G+G
uKydifHpJ7n4Vc6iijMrrDplwPsSuPdaR6bqg4CID8rU1dxiXAjZz+bK/jIAnuPA
U5kho8lPZgf8YeIgGAF/Yd3hcrX9w5cjKlG/QlhkDStOzIWgXgFSK3tG8GMZm6Ne
LHAjNqOpOrNgLq14aJbOpEzqE3cCl8RVgvP9O/P0ZU7dO/7S3dDaKeg+3anjxhbb
6/iQctxUNxcVyUMf3p1bAl4DqT54dRVNvIS/oH5KaH0rxsW12gmL80VugiuLvuld
t7Pw6A0EjOO4yiMd3BAJCS4evyNMZ75kwZD9YlcX1DPmHUxw11j2F17SS9UfmwID
AQABo1AwTjAdBgNVHQ4EFgQUmMab1SBcHagxOb14ETf/va1bvVkwHwYDVR0jBBgw
FoAUmMab1SBcHagxOb14ETf/va1bvVkwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0B
AQsFAAOCAgEAjUcd319j7Nt7o6OmUNB29RqG2iG/eE1Mq++vob7ppSkgawWjiIUO
Vxec5oz1h8cHo3vtffQDB1putL+c220zJK5NDjkGVJ5xaPZdWOkZ/+/i5Xypudoh
3RQZ2MFrq679L4YUuY+/d3W4B8wKYooAmMT7Duzv9xGICgUO75vAmOA5R8CDr1r2
qj2PLF2xlbSToYa/HbFFkeV/b2OrWc8DTsA3/s6fLc1koYFiAHkyTbBDLlhux3n3
tnS+yWXGL9DpuFZg1EZI2G3asoFZqfSUjMSf9qsWb/EE5+kquwQfTcXC4AuwYNgc
MVnaxjJsd4vb53eITRVFyeq4lVrT1l8Z7c1dhA0wdXCso5ptg/68YPq7K0jXEutK
40C/AVapDdT8SYhwawokNujC3epsZ89e0gp6MbiSk3z1jJGO6dk57B/ymAw91TMz
U72xY7YY4yDGUCrxCVBdiGl2kTihwUdxCRJ1baAXcq3meEAY0wQEcDq/dEUMSHp7
/gr9/8uu94VQ+uIjc4dU6oB+yV/agD+vBDpY2EskdVigxZQKuI5iFX4+2kGoooAb
xkMDriyM/MeD3zjfuBLSrMEQtGZ1d8ilb0kWxCcEwv5SpO9ihiUA584C501syGCD
H0y62RuD2sxdv4k3BKeFYt5NLE7QE8TNgVFKsAdTlW9Cni4yEnscwcM=
-----END CERTIFICATE-----
--
Viktor.
- [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Valery Smyslov
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Valery Smyslov
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Yaron Sheffer
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Salz, Rich
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Peter Saint-Andre
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Peter Saint-Andre
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Yaron Sheffer
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Yaron Sheffer
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Viktor Dukhovni
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Viktor Dukhovni
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Salz, Rich
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Viktor Dukhovni
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Peter Saint-Andre
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Salz, Rich
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Viktor Dukhovni
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Peter Saint-Andre
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Peter Saint-Andre
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Peter Saint-Andre
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Viktor Dukhovni
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Viktor Dukhovni
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Peter Saint-Andre
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Peter Saint-Andre
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Salz, Rich
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Viktor Dukhovni
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Peter Saint-Andre
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Peter Saint-Andre
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Salz, Rich
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Yaron Sheffer
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Peter Saint-Andre
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Martin Thomson
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Salz, Rich
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Salz, Rich
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Peter Saint-Andre
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Martin Thomson
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Salz, Rich
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Peter Saint-Andre
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Martin Thomson
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Valery Smyslov
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Valery Smyslov
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Alexey Melnikov
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Salz, Rich
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Peter Saint-Andre
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Martin Thomson
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Valery Smyslov
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Peter Saint-Andre
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Valery Smyslov
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Salz, Rich
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 tom petch
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Peter Saint-Andre