> I've still not heard anything from Paul Wouters or John Gilmore
> about any additional text they might want to see in support of Raw
> Public Keys (RFC 7250). Perhaps the present text is sufficient.
I took a brief look at the draft, and I don't think the present
text is sufficient.
It doesn't explicitly repeal the requirement that TLSA records can
only be used with X.509 certificates. When there's a bald statement
to that effect prominently in RFC 6698, it's not sufficient for a
minor paragraph halfway through minor section 5.1 in the middle of a
subsequent document to show a counterexample. As courts are fond of
saying, Congress does not hide elephants in mouseholes. Standards
committees shouldn't either. The X.509 requirement needs to be
plainly, succinctly and obviously repealed.
I think the same is true of the RFC 6698 requirement that TLSA only be
used with TLS and https. The port number prefix avoids confusion and
overhead when authenticating multiple protocols that are used with the
same host.
There seems to be an entire section of the draft that says it does not
represent the consensus of the WG and that maybe it belongs in a
separate document. Section 9 is pointed out as not-conensus by
Section 12. Why is such a section still sitting in a draft that's
supposedly in last call?
Section 9 also seems to say that if you have two valid TLSA records,
one of which specifies a full key and the other of which uses a
digest, a client can't use the one with a full key even if it is
identical to the key used in the TLS negotiation? It also seems to
say that if the server doesn't publish any TLSA records that use the
client's favorite BetterAlg, then the client should not authenticate
the server, even if the client supports WorseAlg and the server
publishes WorseAlg TLSA records. In general the description in
Section 9 seems very muddled. No wonder there is no consensus on it.
John
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
