On 2 Sep 2015, at 10:30, Paul Hoffman wrote:
On 1 Sep 2015, at 11:44, Olafur Gudmundsson wrote:
Dear Colleagues
We received some questions about the selection.
In the discussions on the different ways to represent the left hand
sides as DNS names there are number of ways the three ways we have
been discussing are:
a) HEX( SHA256( LHS) [:28])) i.e. 28 left most bytes of SHA256 hash
hexified
b) HEX( SHA256( str2lower(LHS))[:28]) i.e. the same as before but the
email name is lower cased before digesting, this will help mainly
email addresses written in Latin-1
The difference between a) and b) is the lower casing. While this may
be a win in some cases that is unproven, as we do not know if more
people will know or guess the LHS they want to send to.
In addition the DNS contains a simple facility to equate names i.e.
CNAME.
Olafur & Warren
All of the options have operational plusses and minuses that we can't
actually measure until after we deploy. (a) seems most in line with
the mail standards we are using. That is a strong argument for (a).
--Paul Hoffman
Another ‘+1’ for (a). I kind of feel (b), may make discovery
easier, but not sure and we will never know unless we deploy. (a) is
simpler and after some deployment we may find out that cert discovery is
not that difficult, not desired, or easily done another way.
Scott
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
==================================
Scott Rose, NIST
[email protected]
ph: +1-301-975-8439
Google Voice: +1-571-249-3671
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
