On 25 Jul 2016, at 6:33, Paul Wouters wrote:
I have reviewed the document. I think it is ready for IETF LC but it
could see a few small changes:
It should probably update its reference in the introduction to list
soon to be RFC-7929 (openpgpkey) and wait on that doc (in AUTH48 now)
to go out first.
There is no need for that. The IESG can correlate them just fine.
The SMIMEA resource record has no special TTL requirements.
During openpgpkey discussion, it was decided it was better to remove
this line. I would think the same applies to smime.
Sorry, I missed that in my review of the openpgpkey document. I'll
remove it for the next draft.
During openpgpkey discussion, people insisted on specifying the
"experimental goal" of the Experimental RFC. That section is missing
in this document.
<sigh> Added.
Section 3's title is a bit long. In openpgpkey we used a shorter
title. I suggest "Location of the SMIMEA record".
Done.
The openpgpkey had updated the "tcp only" phrasing to make it more
layer agnostic and mentions DNS-COOKIES as a defense and method to
allow UDP. You might want to consider using the same approach instead
of banning UDP altogether.
Done.
I also wanted to make sure people (including the authors) had seen:
https://www.ietf.org/mail-archive/web/dane/current/msg08382.html
This has come up in the past when discussing SMIME. One suggestion was
to use a different prefix (like _encrypt. and _sign). When this was
brought up, the patent status of this was not entirely clear, and
there
were privacy discussions raised on exposing queries to the purpose of
the query. Perhaps the document can state that if the certificate is
obtained via SMIMEA, it should be checked whether it is suitable for
the task to perform. And that publishers are encouraged to publish
SMIMEA records for certificates that allow both signing and
encryption.
But this latter approach did not have a clear consensus.
See the following message.
--Paul Hoffman
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
