On Oct 20, 2014, at 8:23 AM, Osterweil, Eric <[email protected]> wrote:
> TLS and S/MIME use pretty different security models (session vs. object > security) Sure, but how is that difference relevant here? DANE is about distributing certificates and keying information through DNS: it is agnostic to the security model. > , so necessarily coupling the RRs doesn’t seem to make sense. It has so far in the WG. The WG asked us early on to make as few changes as possible to the TLSA definition. > In addition, to echo what others have already said on the list, I really > don’t think it is reasonable to gate updates to the SMIMEA proposal on > updating TLSA. Fully agree, and that's not what I was proposing. The two changes that you have proposed (revocation indication and alternate sources for getting the information) can be done as new values to the existing RR subfields. Doing so would make what you want usable for both SMIMEA and TLSA. Proposals to make those changes can trivially be done as stand-alone Internet Drafts. >> A better process would be for the proponents to offer a standalone draft for >> the idea that will be an extension that would be usable to both TLSA and >> SMIMEA and any other documents that come later. > > Just by looking at the list, it seems like there are a number of voices that > disagree with you on this. Where "a number" means "two", and even they didn't actually disagree about creating standalone drafts, simply that the assumption that the use cases might be different. > Also, isn’t the SMIMEA work still an evolving draft? Yes, of course. > What else does one need besides: articulated rationale, proposed > requirements, operational data, suggested text, and running code from > multiple people in order to support suggested revisions? Consensus in the WG. That may seem anathema to you, but it's the way that the IETF works. --Paul Hoffman _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
