On Wed, Feb 05, 2014 at 04:34:41PM -0800, Paul Hoffman wrote:
> On Feb 5, 2014, at 3:50 PM, Viktor Dukhovni <[email protected]> wrote:
>
> > Since I am relatively new here, I'll ask: What is the distinction?
>
> Well, that's a hard one because different people slice and dice differently.
> The summary I often use is:
>
> Delivery: tell me how to use X at domain name Y
> Discovery: tell me whether there is service X at domain name Y
>
> Another way to do this is:
>
> Delivery: I'm pretty sure domain name Y does X: tell me what I need to know
> Discovery: I want to findo out if domain name Y does X
Hmm, ... neither of these formulations talk about future behaviour.
The SMTP draft I've been working on for most of the past year (with
Wes) is in essence doing downgrade-resistant discovery of STARTTLS
support and getting usable authentication parameters in the process.
This "discovery" is performed for each and every SMTP connection.
So it is "delivery" per my guess at a definition, but seemingly
"discovery" under yours.
So I am at a bit of a loss how the above definition of the dichotomy
bears on the question of certificate revocation. If "discovery"
means locate once and cache indefinitely, then revocation rears
its ugly head.
Otherwise, it is just about whether some bit of policy or behaviour
is a-priori or based on DNS lookup and I don't see why revocation
support or non-support is related to "discovery" vs. "delivery".
Or is the request for CU 4 not the reason for this tangent? Are we
talking about discovery vs. delivery because of the request to
separate signing vs. encryption certs? If so, how does the request
cross the line from "delivery" to "discovery"?
--
Viktor.
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
