ietf
[Top] [All Lists]

Re: [dane] Last Call: <draft-ietf-dane-protocol-19.txt> (The DNS-Based Authentication of Named Entities (DANE) Protocol for Transport Layer Security (TLS)) to Proposed Standard

2012-04-12 16:09:16
On 12. 4. 2012, at 9:11, SM wrote:
At 18:41 11-04-2012, The IESG wrote:
The IESG has received a request from the DNS-based Authentication of
Named Entities WG (dane) to consider the following document:
- 'The DNS-Based Authentication of Named Entities (DANE) Protocol for
  Transport Layer Security (TLS)'
 <draft-ietf-dane-protocol-19.txt> as a Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf(_at_)ietf(_dot_)org mailing lists by 2012-04-25. Exceptionally, 
comments may be

In Section 1.2:

"This document applies to both TLS [RFC5246]"

Does this mean that DANE is not applicable for TLS 1.1?

RFC4346 (TLS 1.1) has been obsoleted by RFC5246.  We cannot make references
to obsoleted documents.  As a side note, we don't say "to both TLS 1.2", but
just TLS.

I have no involvement with DANE or the rest of this debate, but I wanted to
point out that this simply isn't true. IDNits warnings to the contrary
notwithstanding, references to obsoleted specifications are not only allowed,
but in some cases absolutely required. 

It all depends on what the reference is for. If you're making a normative
reference to some protocol element that's supposed to interoperate with
current versions, you need to reference the latest version.

If, however, as in this case, you're talking about interoperating with multiple
versions of TLS, you really need to reference the specifications you intend to
support. Because otherwise readers are going to assume that you only mean TLS
1.2 here, irrespective of whether or not you omit the specific version in
prose.

                                Ned

<Prev in Thread] Current Thread [Next in Thread>