ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [dane] Last Call: <draft-ietf-dane-protocol-19.txt> (The DNS-Based Authentication of Named Entities (DANE) Protocol for Transport Layer Security (TLS)) to Proposed Standard

2012-05-01 04:20:36
from [Stephen Farrell] [Permanent Link] 

Hi,

There's been a bunch of mail on this list about this so
here's my summary of the state of play just sent to the
DANE list.

Please feel free to correct me if I've gotten something
wrong.

Cheers,
S.

On 04/12/2012 02:41 AM, The IESG wrote:


The IESG has received a request from the DNS-based Authentication of
Named Entities WG (dane) to consider the following document:
- 'The DNS-Based Authentication of Named Entities (DANE) Protocol for
   Transport Layer Security (TLS)'
  <draft-ietf-dane-protocol-19.txt> as a Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf(_at_)ietf(_dot_)org mailing lists by 2012-04-25. Exceptionally, comments 
may be
sent to iesg(_at_)ietf(_dot_)org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.

Abstract


   Encrypted communication on the Internet often uses Transport Level
   Security (TLS), which depends on third parties to certify the keys
   used.  This document improves on that situation by enabling the
   administrators of domain names to specify the keys used in that
   domain's TLS servers.  This requires matching improvements in TLS
   client software, but no change in TLS server software.




The file can be obtained via
http://datatracker.ietf.org/doc/draft-ietf-dane-protocol/

IESG discussion can be tracked via
http://datatracker.ietf.org/doc/draft-ietf-dane-protocol/ballot/


No IPR declarations have been submitted directly on this I-D.


_______________________________________________
dane mailing list
dane(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/dane
--- Begin Message --- 

Hi all,

Well that's been a busy IETF LC. I think that shows that this is an
important spec and the editors and chairs have done a great job
so far on handling IETF LC comments, but I think there is a bit more
work to do to be sure we're done and we may as well get that done
now before the IESG are let loose on it:-)

I went through the DANE WG archive of all the IETF LC comments and
found the following ones where its not crystal clear from the archive
that they're sorted.

Notes: a) they might be just fine, e.g. if just one person comments
and nobody else thought it important, then doing nothing is probably
right. these just weren't clear from the archive so I wanna check;
b) I only had time to scan the WG archive, if there are mails that
were only to ietf(_at_)ietf(_dot_)org or apps-discsuss that resolved these
then I missed them, so just tell me about that, so I'll forward
this to the other lists to check as well.

So here's the list:

1) Jeff Hodges
http://www.ietf.org/mail-archive/web/dane/current/msg04695.html
http://www.ietf.org/mail-archive/web/dane/current/msg04713.html

I mailed Jeff to see if -20 is ok. Silence can be taken to mean
yes I think but since he had a bunch of things its hard to be
sure.

2) PSA
http://www.ietf.org/mail-archive/web/dane/current/msg04702.html
http://www.ietf.org/mail-archive/web/dane/current/msg04790.html

There are a few more small things still open in the last mail
from earlier today.

3) Dave Cridland
http://www.ietf.org/mail-archive/web/dane/current/msg04624.html

I think there are still some occurrences of "certificate type"
in section 8, (e.g. 3rd para, p18) so those weren't all fixed.
I think that's the only remaining thing from Dave's review.

4) John Gilmore,
http://www.ietf.org/mail-archive/web/dane/current/msg04635.html

A.1 only has CA examples, what about non CA uses? I didn't see
any reaction to that and it seems like a fair comment.

5) John Gilmore
http://www.ietf.org/mail-archive/web/dane/current/msg04637.html

John thinks there's a bias in sections 8/8.1, but I didn't see
any reaction to that (other than mine, which just said "please
do the right thing, whatever that is")

6) Mark Andrews
http://www.ietf.org/mail-archive/web/dane/current/msg04657.html

Again, not sure if there was follow-up.

7) PHB
http://www.ietf.org/mail-archive/web/dane/current/msg04709.html

Don't mandate client security policy (hardfail). I didn't see
an obvious conclusion reached to make a change or not make a
change.

8) Various on SRV
http://www.ietf.org/mail-archive/web/dane/current/msg04793.html

I think this might need a tweak to the SRV language in 1.3 (and
just suggested one).

Cheers,
Stephen.

_______________________________________________
dane mailing list
dane(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/dane

--- End Message ---
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • Re: [dane] Last Call: <draft-ietf-dane-protocol-19.txt> (The DNS-Based Authentication of Named Entities (DANE) Protocol for Transport Layer Security (TLS)) to Proposed Standard, Stephen Farrell <=
Previous by Date:  Re: 'Geek' image scares women away from tech industry ? The Register, Riccardo Bernardini
Next by Date:  RE: 'Geek' image scares women away from tech industry ? The Register, Yaakov Stein
Previous by Thread:  Re: Last Call: <draft-ietf-codec-opus-12.txt> (Definition of the Opus Audio Codec) to Proposed Standard, SM
Next by Thread:  Re: [IETF] Re: 'Geek' image scares women away from tech industry ? The Register, Warren Kumari
Indexes:  [Date] [Thread] [Top] [All Lists]