On Jun 15, 2012, at 8:53 AM, Warren Kumari wrote: > We have made some great progress now (although it has taken much longer than > we had hoped, apologies for that), and can now start focusing on: > A: deployment and > B: the "How to do DANE with $foo" series.
+1 to (B). (Of course, +1 to (A) as well, but I'm not in a position got do anything about that.) There are two types of drafts that might be part of (B): - Ones that use the TLSA RRtype but specify how a particular protocol uses TLS and DANE. draft-fanf-dane-smtp covers interesting bits about SMTP and DANE such as how to deal with traversing MX records, now to get the right host name, and how to deal with STARTTLS. draft-miller-xmpp-dnssec-prooftype covers interesting bits about XMPP, such as how to traverse SRV records and how to get the right host name. - Ones that don't use the TLSA RRtype but do DANE-style things with non-TLS security protocols. draft-hoffman-dane-smime will parallel TLSA but for CMS. To date, there has be zero interest in the IPsec community for doing something DANE-style for IPsec. Both of these paths seem interesting, at least to me. --Paul Hoffman _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
