On Thu, Aug 27, 2015 at 12:46:29PM -0700, Alice Wonder wrote:
> Maybe 0 and 1 for Certificate Usage field should be deprecated in DANE
> altogether, especially if there ever are plans to move away from Certificate
> Authorities in the future.
First win the user base, then win the standards war.
On 08/26/2015 09:52 PM, Viktor Dukhovni wrote:
On Wed, Aug 26, 2015 at 09:43:39PM -0700, Alice Wonder wrote:
Furthermore, support for 1->3 mappings might lead users to erroneously
expect 0->2 mappings, but the latter are in fact problematic. So
supporting neither of the potential mappings is
On Wed, Aug 26, 2015 at 09:43:39PM -0700, Alice Wonder wrote:
> >Furthermore, support for 1->3 mappings might lead users to erroneously
> >expect 0->2 mappings, but the latter are in fact problematic. So
> >supporting neither of the potential mappings is simpler and cleaner.
>
> Okay, thank you.
On 08/26/2015 09:03 PM, Viktor Dukhovni wrote:
Postfix implements a PKIX-EE(1) to DANE-EE(3) mapping that is ad-hoc
and not standardized by any IETF document. That mapping has been
mostly harmless, but should perhaps be withdrawn in a future release.
The mapping predates the finalization of
On Wed, Aug 26, 2015 at 07:32:58PM -0700, Alice Wonder wrote:
> LSA record was not usable, I have been confused, because that conformed to
> the DANE / TLSA RFC.
The DANE TLSA RFC has a pending update in the form of draft-ietf-dane-ops
which is sitting in the RFC editor queue for imminent publica
Nevermind further down the README reads
Support for certificate usage "1" is an experiment, it may be
withdrawn in the future. Server operators SHOULD NOT publish TLSA
records with usage "1".
So one part of the README says that 1 is treated as 3 and another part
says that may be withdrawn i
Ever since I got that automated e-mail telling me my
1 0 1 hash
LSA record was not usable, I have been confused, because that conformed
to the DANE / TLSA RFC.
I suggested that maybe SMTP servers, which are only doing hostname
validation and can't be expected to CA validate, should treat a 1
