There's been a bunch of mail on this list about this so
here's my summary of the state of play just sent to the
Please feel free to correct me if I've gotten something
On 04/12/2012 02:41 AM, The IESG wrote:
The IESG has received a request from the DNS-based Authentication of
Named Entities WG (dane) to consider the following document:
- 'The DNS-Based Authentication of Named Entities (DANE) Protocol for
Transport Layer Security (TLS)'
<draft-ietf-dane-protocol-19.txt> as a Proposed Standard
The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf(_at_)ietf(_dot_)org mailing lists by 2012-04-25. Exceptionally, comments
sent to iesg(_at_)ietf(_dot_)org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.
Encrypted communication on the Internet often uses Transport Level
Security (TLS), which depends on third parties to certify the keys
used. This document improves on that situation by enabling the
administrators of domain names to specify the keys used in that
domain's TLS servers. This requires matching improvements in TLS
client software, but no change in TLS server software.
The file can be obtained via
IESG discussion can be tracked via
No IPR declarations have been submitted directly on this I-D.
dane mailing list
--- Begin Message ---
Well that's been a busy IETF LC. I think that shows that this is an
important spec and the editors and chairs have done a great job
so far on handling IETF LC comments, but I think there is a bit more
work to do to be sure we're done and we may as well get that done
now before the IESG are let loose on it:-)
I went through the DANE WG archive of all the IETF LC comments and
found the following ones where its not crystal clear from the archive
that they're sorted.
Notes: a) they might be just fine, e.g. if just one person comments
and nobody else thought it important, then doing nothing is probably
right. these just weren't clear from the archive so I wanna check;
b) I only had time to scan the WG archive, if there are mails that
were only to ietf(_at_)ietf(_dot_)org or apps-discsuss that resolved these
then I missed them, so just tell me about that, so I'll forward
this to the other lists to check as well.
So here's the list:
1) Jeff Hodges
I mailed Jeff to see if -20 is ok. Silence can be taken to mean
yes I think but since he had a bunch of things its hard to be
There are a few more small things still open in the last mail
from earlier today.
3) Dave Cridland
I think there are still some occurrences of "certificate type"
in section 8, (e.g. 3rd para, p18) so those weren't all fixed.
I think that's the only remaining thing from Dave's review.
4) John Gilmore,
A.1 only has CA examples, what about non CA uses? I didn't see
any reaction to that and it seems like a fair comment.
5) John Gilmore
John thinks there's a bias in sections 8/8.1, but I didn't see
any reaction to that (other than mine, which just said "please
do the right thing, whatever that is")
6) Mark Andrews
Again, not sure if there was follow-up.
Don't mandate client security policy (hardfail). I didn't see
an obvious conclusion reached to make a change or not make a
8) Various on SRV
I think this might need a tweak to the SRV language in 1.3 (and
just suggested one).
dane mailing list
--- End Message ---