On Mon, 23 Jun 2014, Viktor Dukhovni wrote:
The new draft operates at two layers, on the one hand concretely extending 6698 to support raw public keys, and on the other hand generalizing the approach to arbitrary "key material" (conceptually beyond even raw public keys). My best guess is that were some other kind of "key material" to be used with TLS, that is not in SPKI format,
Please note that this is to support non-TLS scenarios where the public key might not be transfered in-band like in the TLS case. That is, the draft extends 6698 to support publishing any kind of public key in SPKI format for verification. It does not suggest non-SPKI formats.
the draft is trying to suggest that we'd use DANE-EE(3) anyway (but likely with a new selector value, though this is not stated).
Actually, the intend is to NOT introduce a new selector, especially for the TLS case to ease migration from PKIX certificate to raw public key.
I would for now not try to generalize beyond SPKI.
I don't think it is?
It is not clear what those generalizations will really entail or whether any are likely to happen in the near future.
Note that these kind of statements during 6698 discussion is what got us here to begin with. The reluctance of types not involving "PKIX certification". It would be very ironic to make that mistake twice.
Since I think "adoption" is not final approval of the content, but rather agreement that there is useful and relevant material to build on, while the draft is not done, I support adoption.
That's right. And for the record, I support WG adoption of this document as well. Paul _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
