Re: [Uta] I-D Action: draft-ietf-uta-rfc7525bis-07.txt
Viktor Dukhovni <ietf-dane@dukhovni.org> Thu, 23 June 2022 20:47 UTC
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 18C64C15A734 for <uta@ietfa.amsl.com>; Thu, 23 Jun 2022 13:47:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.908
X-Spam-Level:
X-Spam-Status: No, score=-1.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ATnWwVKVV5ZG for <uta@ietfa.amsl.com>; Thu, 23 Jun 2022 13:47:43 -0700 (PDT)
Received: from straasha.imrryr.org (straasha.imrryr.org [100.2.39.101]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5AE18C15A730 for <uta@ietf.org>; Thu, 23 Jun 2022 13:47:42 -0700 (PDT)
Received: by straasha.imrryr.org (Postfix, from userid 1001) id 1B850FE418; Thu, 23 Jun 2022 16:47:40 -0400 (EDT)
Date: Thu, 23 Jun 2022 16:47:40 -0400
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: uta@ietf.org
Message-ID: <YrTRbIMW2OatWZYO@straasha.imrryr.org>
Reply-To: uta@ietf.org
References: <20220623164409.E3244442721A@ary.qy> <0d44d21b-671d-d916-e0ac-29013fbd3f65@stpeter.im> <93ea21b8-f62c-1196-1587-7a5a97a81da2@taugh.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <93ea21b8-f62c-1196-1587-7a5a97a81da2@taugh.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/x5DLyxUk2_-rwlnzWqMKXv99BHs>
Subject: Re: [Uta] I-D Action: draft-ietf-uta-rfc7525bis-07.txt
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jun 2022 20:47:48 -0000
On Thu, Jun 23, 2022 at 01:42:46PM -0400, John R Levine wrote: > Among the reasons that DANE in e-mail is less common is that it is tricky. DANE is only "tricky" when you're trying to integrate TLSA record updates with ACME cert rollovers and don't configure key reuse. Otherwise the same "3 1 1" record continues to work across cert rollovers for multiple domains, regardless of the MX hostname used. For example: digitalehuisbaas.be. IN MX 10 mail.digitalehuisbaas.be. mail.digitalehuisbaas.be. IN A 141.138.169.203 mail.digitalehuisbaas.be. IN AAAA 2a03:3c00:a002:203::1001 _25._tcp.mail.digitalehuisbaas.be. IN TLSA 3 1 1 e415b82b2e85867110f488617b98c9492cadf727b405eabea7d96e97744dfafb mail.digitalehuisbaas.be[141.138.169.203]: pass: TLSA match: depth = 0 name = webhostingserver.nl pkey sha256 [matched] <- 3 1 1 e415b82b2e85867110f488617b98c9492cadf727b405eabea7d96e97744dfafb mail.digitalehuisbaas.be[2a03:3c00:a002:203::1001]: pass: TLSA match: depth = 0 name = webhostingserver.nl pkey sha256 [matched] <- 3 1 1 e415b82b2e85867110f488617b98c9492cadf727b405eabea7d96e97744dfafb headshot.amsterdam. IN MX 10 mail.headshot.amsterdam. mail.headshot.amsterdam. IN A 141.138.169.226 mail.headshot.amsterdam. IN AAAA 2a03:3c00:a002:226::1000 _25._tcp.mail.headshot.amsterdam. IN TLSA 3 1 1 e415b82b2e85867110f488617b98c9492cadf727b405eabea7d96e97744dfafb mail.headshot.amsterdam[141.138.169.226]: pass: TLSA match: depth = 0 name = webhostingserver.nl pkey sha256 [matched] <- 3 1 1 e415b82b2e85867110f488617b98c9492cadf727b405eabea7d96e97744dfafb mail.headshot.amsterdam[2a03:3c00:a002:226::1000]: pass: TLSA match: depth = 0 name = webhostingserver.nl pkey sha256 [matched] <- 3 1 1 e415b82b2e85867110f488617b98c9492cadf727b405eabea7d96e97744dfafb creatievestudio.be. IN MX 10 mail.creatievestudio.be. mail.creatievestudio.be. IN A 141.138.169.210 mail.creatievestudio.be. IN AAAA 2a03:3c00:a002:210::100d _25._tcp.mail.creatievestudio.be. IN TLSA 3 1 1 e415b82b2e85867110f488617b98c9492cadf727b405eabea7d96e97744dfafb mail.creatievestudio.be[141.138.169.210]: pass: TLSA match: depth = 0 name = webhostingserver.nl pkey sha256 [matched] <- 3 1 1 e415b82b2e85867110f488617b98c9492cadf727b405eabea7d96e97744dfafb mail.creatievestudio.be[2a03:3c00:a002:210::100d]: pass: TLSA match: depth = 0 name = webhostingserver.nl pkey sha256 [matched] <- 3 1 1 e415b82b2e85867110f488617b98c9492cadf727b405eabea7d96e97744dfafb ... ~95 thousand more ... -- Viktor.
- [Uta] I-D Action: draft-ietf-uta-rfc7525bis-07.txt internet-drafts
- Re: [Uta] I-D Action: draft-ietf-uta-rfc7525bis-0… Yaron Sheffer
- Re: [Uta] I-D Action: draft-ietf-uta-rfc7525bis-0… Martin Thomson
- Re: [Uta] I-D Action: draft-ietf-uta-rfc7525bis-0… Yaron Sheffer
- Re: [Uta] I-D Action: draft-ietf-uta-rfc7525bis-0… Stephen Farrell
- Re: [Uta] I-D Action: draft-ietf-uta-rfc7525bis-0… Yaron Sheffer
- Re: [Uta] I-D Action: draft-ietf-uta-rfc7525bis-0… John Mattsson
- Re: [Uta] I-D Action: draft-ietf-uta-rfc7525bis-0… Thomas Fossati
- Re: [Uta] I-D Action: draft-ietf-uta-rfc7525bis-0… Peter Saint-Andre
- Re: [Uta] I-D Action: draft-ietf-uta-rfc7525bis-0… John Levine
- Re: [Uta] I-D Action: draft-ietf-uta-rfc7525bis-0… Viktor Dukhovni
- Re: [Uta] I-D Action: draft-ietf-uta-rfc7525bis-0… Peter Saint-Andre
- Re: [Uta] I-D Action: draft-ietf-uta-rfc7525bis-0… Viktor Dukhovni
- Re: [Uta] I-D Action: draft-ietf-uta-rfc7525bis-0… John R Levine
- Re: [Uta] I-D Action: draft-ietf-uta-rfc7525bis-0… John Levine
- Re: [Uta] I-D Action: draft-ietf-uta-rfc7525bis-0… Peter Saint-Andre
- Re: [Uta] I-D Action: draft-ietf-uta-rfc7525bis-0… Viktor Dukhovni
- [Uta] Multi-Server Deployments (was: Re: I-D Acti… Peter Saint-Andre
- Re: [Uta] I-D Action: draft-ietf-uta-rfc7525bis-0… John Levine
- Re: [Uta] Multi-Server Deployments (was: Re: I-D … Martin Thomson
- Re: [Uta] Multi-Server Deployments (was: Re: I-D … Peter Saint-Andre
- Re: [Uta] I-D Action: draft-ietf-uta-rfc7525bis-0… Viktor Dukhovni