On Thu, May 14, 2015 at 05:56:46PM -0700, John Gilmore wrote:
>
> INTERNET-DRAFT J. Gilmore
> DANE Working Group Electronic Frontier Foundation
> Intended status: Proposed Standard July 3, 2014
> Expires: December 31, 2014
> Updates: 6698 (if approved)
>
>
> Authenticating Raw Public Keys with DANE TLSA
> draft-ietf-dane-rawkeys-00
I have read the draft, thanks. I think that RFC 7250 raw public
keys are covered in the same way in draft-ietf-dane-ops via
usage DANE-EE(3) selector SPKI(1).
For other potential use-cases (i.e. neither TLS nor DTLS), it is
not clear how to interpret the TLSA record selector, and what the
meanings of the existing certificate usages might be.
I'd like to see some success with RFC 7250 + DANE, before we further
extend the TLSA RRtype into virgin territory. At the very least
there should be a practical use-case against which to measure the
soundness of the proposal.
RFC7260 is a sound extension, if additional sound extensions come
along, I think they can be accomodated at that time.
So, I'd like to ask that at this time, we come to closure on whether
RFC7250 is adequately supported by the language in draft-ietf-dane-ops.
If so, let's get that out the door, and open the floor for discussion
of further extensions after that.
--
Viktor.
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
