On Wed, Oct 01, 2014 at 07:13:17PM -0700, Paul Hoffman wrote:
> On Oct 1, 2014, at 7:01 PM, Peter Saint-Andre - &yet <[email protected]> wrote:
>
> > Section 2.1 of draft-ietf-dane-smtp-with-dane has some thorough text on DNS
> > errors. Viktor suggested that draft-ietf-dane-srv needs the same text. I
> > would strongly prefer NOT to have the same text in two documents for
> > various reasons. When I mentioned this to the chairs, they suggested moving
> > the text from the SMTP document to the SRV document since it is more
> > generic. I don't really care where it lives, I just want it to be in one
> > place. What do WG participants think?
>
> As long as the SMTP document points to the SRV document for the
> errors, it's fine to have it live in the SRV document.
The main issue that comes to mind is that the SRV draft is at
present silent about whether DANE security is opportunistic or
mandatory. Some of the error text is IIRC specific to the
opportunistic mode of operation, because this comes more ways to
attempt to mount downgrade attacks.
I don't think the SRV draft should sit on the fence with respect
to opportunistic use. It probably needs to describe both modes of
operation explicitly.
Otherwise, yes I have no problem importing the DNS error handling
by referehce, but I also see little disadvantage to simply repeating
the text, one stop shopping is easier on the reader.
--
Viktor.
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
