___
dane mailing list
dane@ietf.org
https://www.ietf.org/mailman/listinfo/dane
On Sun, Apr 26, 2015 at 09:16:28PM -0400, Paul Wouters wrote:
> >Given https://tools.ietf.org/html/rfc7435 I don't see where there's ambiguity
> >about what opportunistic is.
>
> In Viktor's wording of "not already committed to using TLS" being equal
> to opportunistic.
Sorry, "not initially/a-p
On Sun, 26 Apr 2015, Scott Kitterman wrote:
There is nothing left to harden. The presence of TLSA means, never go
to the insecure port.
Yes, when the client is not already committed to using TLS, i.e. it is
opportunistic.
The opportune part is "hey, they are publishing a key to use for
cryp
On Mon, Apr 27, 2015 at 12:23:40AM +0100, Chris Monteiro wrote:
> Right, so reading up on TLSA, I can see how the port, certificate and
> certificate metadata are defined together and obviously I think this
> is a great implementation to kill of CAs as we know them.
This is the DANE working group
Right, so reading up on TLSA, I can see how the port, certificate and
certificate metadata are defined together and obviously I think this
is a great implementation to kill of CAs as we know them.
However, I don't see why the TLSA syntax must require the preferred
port AND the certificate hash as
On Sun, Apr 26, 2015 at 11:51:34PM +0100, Chris Monteiro wrote:
> Reading up on HASTLS, it appears at first glance that the ins-port /
> sec-port etc combinations covers my use-case of advertising and
> preferring a secure connection.
>
> Is there any activity with HASTLS that I could contribute
Reading up on HASTLS, it appears at first glance that the ins-port /
sec-port etc combinations covers my use-case of advertising and
preferring a secure connection.
Is there any activity with HASTLS that I could contribute to?
On Sun, Apr 26, 2015 at 9:59 PM, Paul Wouters wrote:
> On Sun, 26 Apr
On Sunday, April 26, 2015 06:41:58 PM Paul Wouters wrote:
> On Sun, 26 Apr 2015, Viktor Dukhovni wrote:
> > On Sun, Apr 26, 2015 at 04:59:12PM -0400, Paul Wouters wrote:
> >>> Great, it looks like the proposed standard for hardening SMTP/TLS
> >>> could be repurposed for either http(s) or arbitrary
On Sun, 26 Apr 2015, Viktor Dukhovni wrote:
On Sun, Apr 26, 2015 at 04:59:12PM -0400, Paul Wouters wrote:
Great, it looks like the proposed standard for hardening SMTP/TLS
could be repurposed for either http(s) or arbitrary ports as per my
proposal no?
There is nothing left to harden. The pr
On Sun, Apr 26, 2015 at 04:59:12PM -0400, Paul Wouters wrote:
> >Great, it looks like the proposed standard for hardening SMTP/TLS
> >could be repurposed for either http(s) or arbitrary ports as per my
> >proposal no?
>
> There is nothing left to harden. The presence of TLSA means, never go
> to
On Sun, 26 Apr 2015, Chris Monteiro wrote:
Great, it looks like the proposed standard for hardening SMTP/TLS
could be repurposed for either http(s) or arbitrary ports as per my
proposal no?
There is nothing left to harden. The presence of TLSA means, never go
to the insecure port.
I tried to
Great, it looks like the proposed standard for hardening SMTP/TLS
could be repurposed for either http(s) or arbitrary ports as per my
proposal no?
Separate email thread for my alternate names suggestions?
On Sun, Apr 26, 2015 at 8:41 PM, Viktor Dukhovni wrote:
> On Sun, Apr 26, 2015 at 02:37:08P
On Sun, Apr 26, 2015 at 02:37:08PM -0400, Paul Wouters wrote:
> >I've blogged a proposal for a couple of DNS/ DNSSEC extensions that I would
> >be interested in taking forward to the next stage.
> >
> >Would anyone be able to direct me to the correct channel for my proposal?
> >http://pirate.lond
On Sun, 26 Apr 2015, Chris Monteiro wrote:
Apologies is this in an inappropriate list, but I'm unfamiliar with the
channels for opening discussions about new web standards and this list seemed
least inappropriate. :)
I've blogged a proposal for a couple of DNS/ DNSSEC extensions that I would b
Hi all
Apologies is this in an inappropriate list, but I'm unfamiliar with the
channels for opening discussions about new web standards and this list
seemed least inappropriate. :)
I've blogged a proposal for a couple of DNS/ DNSSEC extensions that I would
be interested in taking forward to the n
15 matches
Mail list logo