Re: [Uta] "webby" STS and DANE/DNSSEC co-existence
Stephen Farrell <stephen.farrell@cs.tcd.ie> Thu, 28 April 2016 11:05 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 66A7A12D544 for <uta@ietfa.amsl.com>; Thu, 28 Apr 2016 04:05:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.297
X-Spam-Level:
X-Spam-Status: No, score=-5.297 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a298BB2v84rq for <uta@ietfa.amsl.com>; Thu, 28 Apr 2016 04:05:08 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B375112D66F for <uta@ietf.org>; Thu, 28 Apr 2016 04:05:06 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 7355ABE75; Thu, 28 Apr 2016 12:05:05 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1sn0HTqUPa9x; Thu, 28 Apr 2016 12:05:03 +0100 (IST)
Received: from [10.87.49.100] (unknown [86.46.24.231]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id B6ADBBE5D; Thu, 28 Apr 2016 12:05:02 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1461841503; bh=0HZaD/KuSgPJN/e9gHlJlUEHDrVLpDw6ZDZUn8SuoPw=; h=Subject:To:References:From:Date:In-Reply-To:From; b=q0tpBwuP0EUG7i1lAsvVZWxAQdGskyryfzoV/8XD7suXUFsy8CcPTeSawaICmEhDv d1jvDqSae+oSoXmEVr3fVvleLQOEcOAD1Bgi22HW0jQNQQ6j7njx9LTLa9VOmpzsYt YmWwX/JXCyd3wNvJjbtGHj9lOEIontD2I9UnNVjM=
To: =JeffH <Jeff.Hodges@KingsMountain.com>, IETF Using TLS in Apps WG <uta@ietf.org>
References: <571FFAC8.6090706@KingsMountain.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <5721EE5D.3090507@cs.tcd.ie>
Date: Thu, 28 Apr 2016 12:05:01 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.7.2
MIME-Version: 1.0
In-Reply-To: <571FFAC8.6090706@KingsMountain.com>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="------------ms020504040102060000040800"
Archived-At: <http://mailarchive.ietf.org/arch/msg/uta/wNhuBJK1Ir6cuJKpDuEU9MlSlSw>
Subject: Re: [Uta] "webby" STS and DANE/DNSSEC co-existence
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Apr 2016 11:05:15 -0000
Hi Jeff, On 27/04/16 00:33, =JeffH wrote: > On 4/11/16, 1:45 PM, "Stephen Farrell" <stephen.farrell@cs.tcd.ie> wrote: > > > > With no hats, I'd like to argue that the WG should pursue > > the "webby" STS proposal, ... > > just to ensure this thread is pedantically clear, when you said the > above, you were referring to.. > > https://datatracker.ietf.org/doc/draft-margolis-smtp-sts > (which has now morphed in to two separate I-Ds) Well not particularly those drafts but yes I was referring to the ideas embodied therein. (But yeah, those are the drafts we have with those ideas in:-) > > ..and possibly also.. > > https://tools.ietf.org/html/draft-ietf-uta-email-deep To the extent we want deep to be consistent with the above drafts, yes, the same discussion should be relevant. And in case it helps, I think we do need the webby approach in addition to the DNSSEC based approach because DNSSEC, while being the correct solution here, doesn't yet have sufficient deployment. I also hope that the webby approach will not further damage DNSSEC deployment in this case - I figure DANE/DNSSEC will have enough advantages over the webby approach that it'll continue to be used, and hence that at least some of the biggest mail providers will need to at least be able to verify DANE/DNSSEC stuff so the webby thing will I hope end up as a stopgap. Cheers, S. > > ..yes? > > thx, hth, > > =JeffH > > _______________________________________________ > Uta mailing list > Uta@ietf.org > https://www.ietf.org/mailman/listinfo/uta >
- Re: [Uta] "webby" STS and DANE/DNSSEC co-existence Jim Fenton
- Re: [Uta] "webby" STS and DANE/DNSSEC co-existence Viktor Dukhovni
- [Uta] "webby" STS and DANE/DNSSEC co-existence Stephen Farrell
- Re: [Uta] "webby" STS and DANE/DNSSEC co-existence Mark Risher
- Re: [Uta] "webby" STS and DANE/DNSSEC co-existence Neil Cook
- Re: [Uta] "webby" STS and DANE/DNSSEC co-existence Daniel Margolis
- Re: [Uta] "webby" STS and DANE/DNSSEC co-existence Viktor Dukhovni
- Re: [Uta] "webby" STS and DANE/DNSSEC co-existence Daniel Margolis
- Re: [Uta] "webby" STS and DANE/DNSSEC co-existence Aaron Zauner
- Re: [Uta] "webby" STS and DANE/DNSSEC co-existence Neil Cook
- Re: [Uta] "webby" STS and DANE/DNSSEC co-existence Daniel Margolis
- Re: [Uta] "webby" STS and DANE/DNSSEC co-existence Neil Cook
- Re: [Uta] "webby" STS and DANE/DNSSEC co-existence Daniel Margolis
- Re: [Uta] "webby" STS and DANE/DNSSEC co-existence Neil Cook
- Re: [Uta] "webby" STS and DANE/DNSSEC co-existence Chris Newman
- Re: [Uta] "webby" STS and DANE/DNSSEC co-existence Viktor Dukhovni
- Re: [Uta] "webby" STS and DANE/DNSSEC co-existence Viktor Dukhovni
- Re: [Uta] "webby" STS and DANE/DNSSEC co-existence Binu Ramakrishnan
- Re: [Uta] "webby" STS and DANE/DNSSEC co-existence Viktor Dukhovni
- Re: [Uta] "webby" STS and DANE/DNSSEC co-existence Viktor Dukhovni
- Re: [Uta] "webby" STS and DANE/DNSSEC co-existence Daniel Margolis
- Re: [Uta] "webby" STS and DANE/DNSSEC co-existence Aaron Zauner
- Re: [Uta] "webby" STS and DANE/DNSSEC co-existence Aaron Zauner
- Re: [Uta] "webby" STS and DANE/DNSSEC co-existence Jim Fenton
- Re: [Uta] "webby" STS and DANE/DNSSEC co-existence Aaron Zauner
- Re: [Uta] "webby" STS and DANE/DNSSEC co-existence Aaron Zauner
- Re: [Uta] "webby" STS and DANE/DNSSEC co-existence Eric Rescorla
- Re: [Uta] "webby" STS and DANE/DNSSEC co-existence Jim Fenton
- Re: [Uta] "webby" STS and DANE/DNSSEC co-existence Chris Newman
- Re: [Uta] "webby" STS and DANE/DNSSEC co-existence Jim Fenton
- Re: [Uta] "webby" STS and DANE/DNSSEC co-existence Viktor Dukhovni
- Re: [Uta] "webby" STS and DANE/DNSSEC co-existence Chris Newman
- Re: [Uta] "webby" STS and DANE/DNSSEC co-existence =JeffH
- Re: [Uta] "webby" STS and DANE/DNSSEC co-existence Stephen Farrell
- Re: [Uta] "webby" STS and DANE/DNSSEC co-existence Leif Johansson