My reading is that there is a consensus to fix the name misspelling :-), but I could not quite read whether the PKI question got resolved. Markus, can you please comment whether the modification Ted worded would address your concern?
On Tue, Feb 3, 2015 at 10:26 AM, Ted Lemon <ted.le...@nominum.com> wrote: > On Feb 3, 2015, at 9:09 AM, Markus Stenberg <markus.stenb...@iki.fi> > wrote: > > Fair enough; I guess just splitting the dual stack PVDs if encountered > (IPv4+IPv6 -> NATted IPv4 + IPv6 as-is) is sufficient answer to that. As I > personally consider authentication mostly bogus, this is not really a > problem for me :) > > To be clear, the authentication we're talking about here, at least > generally, is not intended to assert that the node receiving it can trust > it without question. It merely asserts that the information came from a > particular source, which the node may or may not trust. That's what the > text you were commenting on was for, actually. > > > So final suggestion - get rid of DANE, get rid of TLS, and probably > rework the text in that paragraph a bit to make it simpler. As-is, both > DANE and TLS mention seem superfluous. > > I'm skeptical about this--I think it's good to mention DANE. DNSSEC is > in effect a PKI, but it's quite a bit different than the other common PKI > example. How about "a PKI, for example DNSSEC/DANE or X.509?" That way > we don't lose the mention of DNSSEC, but keep it open to other PKIs. > > _______________________________________________ > mif mailing list > mif@ietf.org > https://www.ietf.org/mailman/listinfo/mif >
_______________________________________________ mif mailing list mif@ietf.org https://www.ietf.org/mailman/listinfo/mif
