Re: [dane] Last Call: <draft-ietf-dane-protocol-19.txt> (The DNS-Based Authentication of Named Entities (DANE) Protocol for Transport Layer Security (TLS)) to Proposed Standard

Stephen Farrell <stephen.farrell@xxxxxxxxx> · Tue, 01 May 2012 10:20:02 +0100

Hi,

There's been a bunch of mail on this list about this so
here's my summary of the state of play just sent to the
DANE list.

Please feel free to correct me if I've gotten something
wrong.

Cheers,
S.

On 04/12/2012 02:41 AM, The IESG wrote:
> 
> The IESG has received a request from the DNS-based Authentication of
> Named Entities WG (dane) to consider the following document:
> - 'The DNS-Based Authentication of Named Entities (DANE) Protocol for
>    Transport Layer Security (TLS)'
>   <draft-ietf-dane-protocol-19.txt> as a Proposed Standard
> 
> The IESG plans to make a decision in the next few weeks, and solicits
> final comments on this action. Please send substantive comments to the
> ietf@xxxxxxxx mailing lists by 2012-04-25. Exceptionally, comments may be
> sent to iesg@xxxxxxxx instead. In either case, please retain the
> beginning of the Subject line to allow automated sorting.
> 
> Abstract
> 
> 
>    Encrypted communication on the Internet often uses Transport Level
>    Security (TLS), which depends on third parties to certify the keys
>    used.  This document improves on that situation by enabling the
>    administrators of domain names to specify the keys used in that
>    domain's TLS servers.  This requires matching improvements in TLS
>    client software, but no change in TLS server software.
> 
> 
> 
> 
> The file can be obtained via
> http://datatracker.ietf.org/doc/draft-ietf-dane-protocol/
> 
> IESG discussion can be tracked via
> http://datatracker.ietf.org/doc/draft-ietf-dane-protocol/ballot/
> 
> 
> No IPR declarations have been submitted directly on this I-D.
> 
> 
> _______________________________________________
> dane mailing list
> dane@xxxxxxxx
> https://www.ietf.org/mailman/listinfo/dane
> 
--- Begin Message ---

To: dane <dane@xxxxxxxx>
Subject: [dane] DANE IETF LC state of play
From: Stephen Farrell <stephen.farrell@xxxxxxxxx>
Date: Tue, 01 May 2012 10:12:43 +0100
Delivered-to: stephen.farrell@xxxxxxxxx
Delivered-to: dane@xxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; Linux x86_64;	rv:12.0) Gecko/20120424 Thunderbird/12.0

Hi all,

Well that's been a busy IETF LC. I think that shows that this is an
important spec and the editors and chairs have done a great job
so far on handling IETF LC comments, but I think there is a bit more
work to do to be sure we're done and we may as well get that done
now before the IESG are let loose on it:-)

I went through the DANE WG archive of all the IETF LC comments and
found the following ones where its not crystal clear from the archive
that they're sorted.

Notes: a) they might be just fine, e.g. if just one person comments
and nobody else thought it important, then doing nothing is probably
right. these just weren't clear from the archive so I wanna check;
b) I only had time to scan the WG archive, if there are mails that
were only to ietf@xxxxxxxx or apps-discsuss that resolved these
then I missed them, so just tell me about that, so I'll forward
this to the other lists to check as well.

So here's the list:

1) Jeff Hodges
http://www.ietf.org/mail-archive/web/dane/current/msg04695.html
http://www.ietf.org/mail-archive/web/dane/current/msg04713.html

I mailed Jeff to see if -20 is ok. Silence can be taken to mean
yes I think but since he had a bunch of things its hard to be
sure.

2) PSA
http://www.ietf.org/mail-archive/web/dane/current/msg04702.html
http://www.ietf.org/mail-archive/web/dane/current/msg04790.html

There are a few more small things still open in the last mail
from earlier today.

3) Dave Cridland
http://www.ietf.org/mail-archive/web/dane/current/msg04624.html

I think there are still some occurrences of "certificate type"
in section 8, (e.g. 3rd para, p18) so those weren't all fixed.
I think that's the only remaining thing from Dave's review.

4) John Gilmore,
http://www.ietf.org/mail-archive/web/dane/current/msg04635.html

A.1 only has CA examples, what about non CA uses? I didn't see
any reaction to that and it seems like a fair comment.

5) John Gilmore
http://www.ietf.org/mail-archive/web/dane/current/msg04637.html

John thinks there's a bias in sections 8/8.1, but I didn't see
any reaction to that (other than mine, which just said "please
do the right thing, whatever that is")

6) Mark Andrews
http://www.ietf.org/mail-archive/web/dane/current/msg04657.html

Again, not sure if there was follow-up.

7) PHB
http://www.ietf.org/mail-archive/web/dane/current/msg04709.html

Don't mandate client security policy (hardfail). I didn't see
an obvious conclusion reached to make a change or not make a
change.

8) Various on SRV
http://www.ietf.org/mail-archive/web/dane/current/msg04793.html

I think this might need a tweak to the SRV language in 1.3 (and
just suggested one).

Cheers,
Stephen.

_______________________________________________
dane mailing list
dane@xxxxxxxx
https://www.ietf.org/mailman/listinfo/dane

--- End Message ---