On Thu, Jan 21, 2016 at 1:32 PM, Olafur Gudmundsson <[email protected]> wrote: > > > Melinda, > I hear you but the question is do we need a general DANE group for that or > if a new more > focused group(s) take over ? > The issue as Warren and I see is that the “energy” of the group has > decreased a lot indicating to us there is limited > interest in the work. We are happy to see more energy in the group and to > take on new work. > > Everyone, > > The chairs and AD want to see discussion on the future of the working > group. > Please bring to the table what you see the group can/should do. > It is up to the participants to set the direction for the group. > If the group continues we will recharter to reflect the direction. > > To facilitate f2f discussion on this topic, the chairs have requested a 1 > hour slot in BA, BUT PLEASE start the conversation here. >
Here's an overview of work that I'm aware of, that would benefit from a continued working group: * TLS Client Authentication with DANE TLSA records, which has generated recent discussion on this list. Viktor Dukhovni and I were planning to ask for working group adoption of that draft once we'd got it into decent shape (which is close). But beyond IETF participants, there are some active communities of folks that are planning to implement and deploy this protocol. Too often the IETF develops protocol specifications that don't get deployed much, so if there is evidence of real interest in the work outside of the core IETF participants, that should be given additional weight. * New application uses of the existing server TLSA spec. There is a proposal to do DANE authentication in SIP, which hasn't received much traction in the IETF to date. The author of that work has lamented to me that there is interest in that work in several sections of the SIP operator community, but he has been unable to generate any interest in doing that work in the IETF (specifically SIPCORE). I've suggested to him that he approach the DANE working group. There is also a proposal to do cross realm authentication in Kerberos with DANE. That work could happen in KITTEN, but if they don't have energy to take it on, again DANE could offer a venue. * TLS extension for DANE/DNSSEC Authentication Chain. That is targeted for adoption in the TLS working group once TLS1.3 work winds down there, but the substantive details of the spec are very largely about DNSSEC and DANE, so having a DANE focussed venue where we can discuss the design and topic generally is important. * The SMIMEA and OPENPGPKEY specs seem to be on track for publication as experimental RFCs. It would good to continue to have a venue to discuss deployment experiences with them, and also to discuss plans to recharter the group to revise them as standards track docs in the future if we come to that point. Relatedly, there are two proposals to specify email address local-part canonicalization rules in the DNS. Those might end up being important for the success of SMIMEA and OPENPGPKEY and deserve a venue. Lastly, new protocols take a long time to get deployed. Look at IPv6 - I'm speaking from experience, having first deployed it in production in 2002. And it's still largely undeployed. Shutting down the DANE working group while the protocol is still in its infancy, and while there is still potential work in the queue, sends the wrong message in my opinion. -- Shumon Huque
_______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
