From david.waltermire@nist.gov Thu Aug 2 10:45:47 2012 Return-Path: X-Original-To: dane@ietfa.amsl.com Delivered-To: dane@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0AA2811E80D3 for ; Thu, 2 Aug 2012 10:45:47 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -7.389 X-Spam-Level: X-Spam-Status: No, score=-7.389 tagged_above=-999 required=5 tests=[AWL=1.210, BAYES_00=-2.599, GB_I_INVITATION=-2, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PUtULsb0TD+R for ; Thu, 2 Aug 2012 10:45:46 -0700 (PDT) Received: from wsget1.nist.gov (wsget1.nist.gov [129.6.13.150]) by ietfa.amsl.com (Postfix) with ESMTP id 9F69611E81A6 for ; Thu, 2 Aug 2012 10:45:45 -0700 (PDT) Received: from WSXGHUB1.xchange.nist.gov (129.6.18.96) by wsget1.nist.gov (129.6.13.150) with Microsoft SMTP Server (TLS) id 14.1.355.2; Thu, 2 Aug 2012 13:45:37 -0400 Received: from MBCLUSTER.xchange.nist.gov ([fe80::d479:3188:aec0:cb66]) by WSXGHUB1.xchange.nist.gov ([129.6.18.96]) with mapi; Thu, 2 Aug 2012 13:45:43 -0400 From: "Waltermire, David A." To: "dane@ietf.org" Date: Thu, 2 Aug 2012 13:42:38 -0400 Thread-Topic: Agenda and Remote Participation Info for the SACM Side Meeting Thread-Index: AQHNbzVHl+Yt/9lBHk+d+SUIJcqGfpdGzf+k Message-ID: References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: Re: [dane] Agenda and Remote Participation Info for the SACM Side Meeting X-BeenThere: dane@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: DNS-based Authentication of Named Entities List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Aug 2012 17:45:47 -0000 It looks like the SACM side meeting has been moved to Georgia A at the same= scheduled time. Dave ________________________________________ From: Waltermire, David A. Sent: Tuesday, July 31, 2012 5:58 PM To: dane@ietf.org Subject: FW: Agenda and Remote Participation Info for the SACM Side Meeting I attended the DANE working group meeting this week and quickly saw the app= licability of your work to another effort in the IETF which could be anothe= r use case for DANE. We are hosting a side meeting on Thursday (details be= low) to discuss ideas around forming a working group to address security au= tomation standards. Security automation is focused on the exchange of conf= iguration, vulnerability, digital event, and relevant supporting informatio= n that can be used to make security processes more efficient and responsive= to current and emerging threats. Dane could provide a means to establish = secure communications between organizations sharing security automation inf= ormation. If this topic sounds interesting to you, we would be glad to have you atten= d the side meeting on Thursday at 6:30p in Plaza C. Sincerely, Dave Waltermire ________________________________________ From: Waltermire, David A. Sent: Tuesday, July 31, 2012 3:15 AM To: sacm@ietf.org Subject: Agenda and Remote Participation Info for the SACM Side Meeting As a reminder, the Security Automation and Continuous Monitoring (SACM) eff= ort is going to have a side meeting at the IETF 84 meeting in Vancouver lat= er this week. A description of the meeting, the date/time, web meeting det= ails, and the agenda for the meeting follow. SACM Side Meeting IETF 84 Security Automation and Continuous Monitoring =96 SACM (pronounced as Sack-= em) Description: A side meeting to continue the discussions around security aut= omation and continuous monitoring working group development efforts. In thi= s meeting we will be reviewing the Use Case document and then focusing on a= draft charter for the potential working group. Here are the meeting specifics: Date: Thursday, August 2, 2012 Time: 18:30 =96 20:00 PDT Room: Plaza C Thanks to Nancy Cam-Winget for organizing the webex. See conference call an= d web meeting details below. Agenda: * Agenda Bashing * Status of work since last IETF meeting * Internet Draft Discussions to: - support the charter/use cases - other potential future drafts * Discuss draft WG Charter Current Drafts: - http://www.ietf.org/id/draft-waltermire-sacm-use-cases-01.txt - draft-wa= ltermire-sacm-use-cases-01 - Analysis of Security Automation and Continuous= Monitoring (SACM) Use Cases - http://www.ietf.org/id/draft-waltermire-content-repository-00.txt - draf= t-waltermire-content-repository-00 - Automated XML Content Data Exchange an= d Management ________________________________________ From: Nancy Cam-Winget (ncamwing) [ncamwing@cisco.com] Sent: Monday, July 30, 2012 8:05 PM To: Moriarty, Kathleen Subject: FW: (Forward to attendees) Meeting invitation: SACM Side Meeting From: Nancy Cam-Winget > Reply-To: "ncamwing@cisco.com" > Date: Monday, July 30, 2012 5:04 PM To: "ncamwing@cisco.com" > Subject: (Forward to attendees) Meeting invitation: SACM Side Meeting **** You can forward this email invitation to attendees **** Hello , Nancy Cam-Winget invites you to attend this online meeting. Topic: SACM BOF Date: Thursday, August 2, 2012 Time: 6:30 pm, Pacific Daylight Time (San Francisco, GMT-07:00) Meeting Number: 205 870 492 Meeting Password: sacm ------------------------------------------------------- To join the online meeting (Now from mobile devices!) ------------------------------------------------------- 1. Go to https://cisco.webex.com/ciscosales/j.php?ED=3D201187757&UID=3D0&PW= =3DNZWYyNWU2YWY3&RT=3DMiM0 2. Enter your name and email address. 3. Enter the meeting password: sacm 4. Click "Join Now". To view in other time zones or languages, please click the link: https://cisco.webex.com/ciscosales/j.php?ED=3D201187757&UID=3D0&PW=3DNZWYyN= WU2YWY3&ORT=3DMiM0 ---------------------------------------------------------------- ALERT:Toll-Free Dial Restrictions for (408) and (919) Area Codes ---------------------------------------------------------------- The affected toll free numbers are: (866) 432-9903 for the San Jose/Milpita= s area and (866) 349-3520 for the RTP area. Please dial the local access number for your area from the list below: - San Jose/Milpitas (408) area: 525-6800 - RTP (919) area: 392-3330 ------------------------------------------------------- To join the teleconference only ------------------------------------------------------- 1. Dial into Cisco WebEx (view all Global Access Numbers at http://cisco.com/en/US/about/doing_business/conferencing/index.html 2. Follow the prompts to enter the Meeting Number (listed above) or Access = Code followed by the # sign. San Jose, CA: +1.408.525.6800 RTP: +1.919.392.3330 US/Canada: +1.866.432.9903 United Kingdom: +44.20.8824.0117 India: +91.80.4350.1111 Germany: +49.619.6773.9002 Japan: +81.3.5763.9394 China: +86.10.8515.5666 ------------------------------------------------------- For assistance ------------------------------------------------------- 1. Go to https://cisco.webex.com/ciscosales/mc 2. On the left navigation bar, click "Support". You can contact me at: ncamwing@cisco.com 1-408-853 0532 To add this meeting to your calendar program (for example Microsoft Outlook= ), click this link: https://cisco.webex.com/ciscosales/j.php?ED=3D201187757&UID=3D0&ICS=3DMI&LD= =3D1&RD=3D2&ST=3D1&SHA2=3DTkz-bhelFlmrhUuPkK7v2d/0gsYehkMU1WW8szSvQnM=3D&RT= =3DMiM0 The playback of UCF (Universal Communications Format) rich media files requ= ires appropriate players. To view this type of rich media files in the meet= ing, please check whether you have the players installed on your computer b= y going to https://cisco.webex.com/ciscosales/systemdiagnosis.php. http://www.webex.com CCP:+14085256800x205870492# IMPORTANT NOTICE: This WebEx service includes a feature that allows audio a= nd any documents and other materials exchanged or viewed during the session= to be recorded. By joining this session, you automatically consent to such= recordings. If you do not consent to the recording, discuss your concerns = with the meeting host prior to the start of the recording or do not join th= e session. Please note that any such recordings may be subject to discovery= in the event of litigation.= From wwwrun@rfc-editor.org Mon Aug 6 22:44:21 2012 Return-Path: X-Original-To: dane@ietfa.amsl.com Delivered-To: dane@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA39D21F86D3; Mon, 6 Aug 2012 22:44:21 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -101.986 X-Spam-Level: X-Spam-Status: No, score=-101.986 tagged_above=-999 required=5 tests=[AWL=0.014, BAYES_00=-2.599, J_CHICKENPOX_93=0.6, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ry9cL0IfJAYu; Mon, 6 Aug 2012 22:44:20 -0700 (PDT) Received: from rfc-editor.org (rfc-editor.org [IPv6:2001:1890:123a::1:2f]) by ietfa.amsl.com (Postfix) with ESMTP id 7E7DF21F86D1; Mon, 6 Aug 2012 22:44:20 -0700 (PDT) Received: by rfc-editor.org (Postfix, from userid 30) id BF789B1E002; Mon, 6 Aug 2012 22:43:22 -0700 (PDT) To: ietf-announce@ietf.org, rfc-dist@rfc-editor.org From: rfc-editor@rfc-editor.org Message-Id: <20120807054322.BF789B1E002@rfc-editor.org> Date: Mon, 6 Aug 2012 22:43:22 -0700 (PDT) Cc: dane@ietf.org, rfc-editor@rfc-editor.org Subject: [dane] RFC 6698 on The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA X-BeenThere: dane@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: DNS-based Authentication of Named Entities List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Aug 2012 05:44:22 -0000 A new Request for Comments is now available in online RFC libraries. RFC 6698 Title: The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA Author: P. Hoffman, J. Schlyter Status: Standards Track Stream: IETF Date: August 2012 Mailbox: paul.hoffman@vpnc.org, jakob@kirei.se Pages: 37 Characters: 84034 Updates/Obsoletes/SeeAlso: None I-D Tag: draft-ietf-dane-protocol-23.txt URL: http://www.rfc-editor.org/rfc/rfc6698.txt Encrypted communication on the Internet often uses Transport Layer Security (TLS), which depends on third parties to certify the keys used. This document improves on that situation by enabling the administrators of domain names to specify the keys used in that domain's TLS servers. This requires matching improvements in TLS client software, but no change in TLS server software. [STANDARDS-TRACK] This document is a product of the DNS-based Authentication of Named Entities Working Group of the IETF. This is now a Proposed Standard Protocol. STANDARDS TRACK: This document specifies an Internet standards track protocol for the Internet community,and requests discussion and suggestions for improvements. Please refer to the current edition of the Internet Official Protocol Standards (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. This announcement is sent to the IETF-Announce and rfc-dist lists. To subscribe or unsubscribe, see http://www.ietf.org/mailman/listinfo/ietf-announce http://mailman.rfc-editor.org/mailman/listinfo/rfc-dist For searching the RFC series, see http://www.rfc-editor.org/rfcsearch.html. For downloading RFCs, see http://www.rfc-editor.org/rfc.html. Requests for special distribution should be addressed to either the author of the RFC in question, or to rfc-editor@rfc-editor.org. Unless specifically noted otherwise on the RFC itself, all RFCs are for unlimited distribution. The RFC Editor Team Association Management Solutions, LLC From fanf2@hermes.cam.ac.uk Tue Aug 14 04:05:36 2012 Return-Path: X-Original-To: dane@ietfa.amsl.com Delivered-To: dane@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E64D21F86AF for ; Tue, 14 Aug 2012 04:05:36 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.281 X-Spam-Level: X-Spam-Status: No, score=-6.281 tagged_above=-999 required=5 tests=[AWL=0.318, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id grlrE+mqjVqg for ; Tue, 14 Aug 2012 04:05:35 -0700 (PDT) Received: from ppsw-50.csi.cam.ac.uk (ppsw-50.csi.cam.ac.uk [131.111.8.150]) by ietfa.amsl.com (Postfix) with ESMTP id AC24921F8690 for ; Tue, 14 Aug 2012 04:05:34 -0700 (PDT) X-Cam-AntiVirus: no malware found X-Cam-SpamDetails: not scanned X-Cam-ScannerInfo: http://www.cam.ac.uk/cs/email/scanner/ Received: from hermes-2.csi.cam.ac.uk ([131.111.8.54]:46261) by ppsw-50.csi.cam.ac.uk (smtp.hermes.cam.ac.uk [131.111.8.157]:25) with esmtpa (EXTERNAL:fanf2) id 1T1EwB-0008Es-pk (Exim 4.72) for dane@ietf.org (return-path ); Tue, 14 Aug 2012 12:05:27 +0100 Received: from fanf2 (helo=localhost) by hermes-2.csi.cam.ac.uk (hermes.cam.ac.uk) with local-esmtp id 1T1EwA-0001jS-WE (Exim 4.67) for dane@ietf.org (return-path ); Tue, 14 Aug 2012 12:05:27 +0100 Date: Tue, 14 Aug 2012 12:05:26 +0100 From: Tony Finch X-X-Sender: fanf2@hermes-2.csi.cam.ac.uk To: dane@ietf.org Message-ID: User-Agent: Alpine 2.00 (LSU 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: Tony Finch Subject: [dane] checking names in certificates X-BeenThere: dane@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: DNS-based Authentication of Named Entities List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Aug 2012 11:05:36 -0000 RFC 6698 sextion 4 says: Some specifications for applications that run over TLS, such as [RFC2818] for HTTP, require that the server's certificate have a domain name that matches the host name expected by the client. Some specifications, such as [RFC6125], detail how to match the identity given in a PKIX certificate with those expected by the user. In draft-fanf-dane-smtp and draft-fanf-dane-mua I said that clients must check that the name in the certificate matches the server host name. This was based on the fairly vague reasoning that this is the normal thing to do in current code and that it would be simpler to keep this logic in all cases. However there is a stronger reason. I'm adding this to my security considerations section: Section 4 of the TLSA specification [RFC6698] leaves the details of checking names in certificates to higher level application protocols, though it suggests the use of [RFC6125]. Name checking might appear to be unnecessary, since DNSSEC provides a secure binding between the server name and the TLSA record, which in turn authenticates the certificate. However this latter step can be indirect, via a chain of certificates. A usage=0 TLSA record only authenticates the CA that issued the certificate, and third parties can obtain certificates from the same CA. So this specification says that SMTP clients check that the server's certificate matches the server host name, to ensure that the certificate was issued by the CA to the server that the client is connecting to. The client always performs this check regardless of the TLSA usage, because the implementation is simpler and so that this specification is less likely to need updating when new TLSA usages are added. Tony. -- f.anthony.n.finch http://dotat.at/ Rockall, Malin, Hebrides, Bailey: Southeast 4 or 5, occasionally 6 at first, decreasing 3 for a time later. Slight or moderate, occasionally rough at first. Thundery showers. Good, occasionally poor. From paul@nohats.ca Tue Aug 14 08:55:34 2012 Return-Path: X-Original-To: dane@ietfa.amsl.com Delivered-To: dane@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 972DD21F86D8 for ; Tue, 14 Aug 2012 08:55:34 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.441 X-Spam-Level: X-Spam-Status: No, score=-2.441 tagged_above=-999 required=5 tests=[AWL=0.159, BAYES_00=-2.599] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q3Jl6PhfYtTB for ; Tue, 14 Aug 2012 08:55:34 -0700 (PDT) Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) by ietfa.amsl.com (Postfix) with ESMTP id 1A41321F86C7 for ; Tue, 14 Aug 2012 08:55:33 -0700 (PDT) Received: by bofh.nohats.ca (Postfix, from userid 500) id 853718050D; Tue, 14 Aug 2012 11:55:01 -0400 (EDT) Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 7C949804BD; Tue, 14 Aug 2012 11:55:01 -0400 (EDT) Date: Tue, 14 Aug 2012 11:55:01 -0400 (EDT) From: Paul Wouters To: Tony Finch In-Reply-To: Message-ID: References: User-Agent: Alpine 2.02 (LFD 1266 2009-07-14) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII Cc: dane@ietf.org Subject: Re: [dane] checking names in certificates X-BeenThere: dane@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: DNS-based Authentication of Named Entities List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Aug 2012 15:55:34 -0000 On Tue, 14 Aug 2012, Tony Finch wrote: > In draft-fanf-dane-smtp and draft-fanf-dane-mua I said that clients must > check that the name in the certificate matches the server host name. Prepare for a lot of non-FQDN CN's such as "Exchange" to cause failures. I agree that both skipping the name check and using a TLSA type based on a CA is dangerous and should not be done. (and I also believe you should only be using some intermediary CA that you control if you put the CA in a TLSA record. Reducing the strength of your TLSA to the weakest customer of a certain CA indeed seems dangerous, and we should probably have talked about that in 6698. Paul From fanf2@hermes.cam.ac.uk Tue Aug 14 09:05:58 2012 Return-Path: X-Original-To: dane@ietfa.amsl.com Delivered-To: dane@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 463EA21F8575 for ; Tue, 14 Aug 2012 09:05:58 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.302 X-Spam-Level: X-Spam-Status: No, score=-6.302 tagged_above=-999 required=5 tests=[AWL=0.297, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Qa7qmswDYUir for ; Tue, 14 Aug 2012 09:05:57 -0700 (PDT) Received: from ppsw-41.csi.cam.ac.uk (ppsw-41.csi.cam.ac.uk [131.111.8.141]) by ietfa.amsl.com (Postfix) with ESMTP id 5EFF521F8564 for ; Tue, 14 Aug 2012 09:05:57 -0700 (PDT) X-Cam-AntiVirus: no malware found X-Cam-SpamDetails: not scanned X-Cam-ScannerInfo: http://www.cam.ac.uk/cs/email/scanner/ Received: from hermes-2.csi.cam.ac.uk ([131.111.8.54]:48445) by ppsw-41.csi.cam.ac.uk (smtp.hermes.cam.ac.uk [131.111.8.156]:25) with esmtpa (EXTERNAL:fanf2) id 1T1Jcx-0006rf-S1 (Exim 4.72) (return-path ); Tue, 14 Aug 2012 17:05:55 +0100 Received: from fanf2 (helo=localhost) by hermes-2.csi.cam.ac.uk (hermes.cam.ac.uk) with local-esmtp id 1T1Jcx-0002ut-L7 (Exim 4.67) (return-path ); Tue, 14 Aug 2012 17:05:55 +0100 Date: Tue, 14 Aug 2012 17:05:55 +0100 From: Tony Finch X-X-Sender: fanf2@hermes-2.csi.cam.ac.uk To: Paul Wouters In-Reply-To: Message-ID: References: User-Agent: Alpine 2.00 (LSU 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: Tony Finch Cc: dane@ietf.org Subject: Re: [dane] checking names in certificates X-BeenThere: dane@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: DNS-based Authentication of Named Entities List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Aug 2012 16:05:58 -0000 Paul Wouters wrote: > > Prepare for a lot of non-FQDN CN's such as "Exchange" to cause failures. This problem is why the draft uses the existence of TLSA records to signal that the server is competently configured. Tony. -- f.anthony.n.finch http://dotat.at/ Forties, Cromarty, Forth, Tyne, Dogger: Southeast 4 or 5, occasionally 6 except in Forth and Tyne. Slight or moderate, occasionally rough at first in Forties. Rain or showers, fog patches. Moderate or good, occasionally very poor. From hallam@gmail.com Fri Aug 17 10:34:25 2012 Return-Path: X-Original-To: dane@ietfa.amsl.com Delivered-To: dane@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4343211E80E2; Fri, 17 Aug 2012 10:34:25 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.482 X-Spam-Level: X-Spam-Status: No, score=-5.482 tagged_above=-999 required=5 tests=[AWL=-1.883, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MdkwKHB3UY-b; Fri, 17 Aug 2012 10:34:24 -0700 (PDT) Received: from mail-yx0-f172.google.com (mail-yx0-f172.google.com [209.85.213.172]) by ietfa.amsl.com (Postfix) with ESMTP id 6A17711E80E1; Fri, 17 Aug 2012 10:34:24 -0700 (PDT) Received: by yenm5 with SMTP id m5so4649227yen.31 for ; Fri, 17 Aug 2012 10:34:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=pyz+h07eJ2JjkrztKv3mXFDJGz0JVVJvc6ne06eCt6s=; b=AT+HonX+n3ELhMtcfQRVwHoJ5i8NANeLvSYSdaDFt/M4ki2ugLjf6nBHFxgGDJlS81 zhtQkMY1Wvexmhf3OEeg9yxZ67gMux140fzbLKw6t9HPYDnKVcGOEELIMDcIl1C89L2T 7/HOjZm3O5drIS3arvdhjRR6jb/YNC7WbQth/Br3l6XGSivKpVZf079NDT5GLgETouEq EWR/brBwDghkwsmEgp0n7RPR2xqbVlJPB/hOQRa598L0Mr6Tiw62Vc+EcN/EsgGpOSQC 5SjwQEF0yBXYcjjnqenmDXvylYIWPELUN79pKUJq/2eNlZDv2wy9ll3Dy+CP1VjuMcE2 MFWQ== MIME-Version: 1.0 Received: by 10.60.170.229 with SMTP id ap5mr4386894oec.101.1345224863810; Fri, 17 Aug 2012 10:34:23 -0700 (PDT) Received: by 10.76.80.10 with HTTP; Fri, 17 Aug 2012 10:34:23 -0700 (PDT) In-Reply-To: <25977.1343775649@obiwan.sandelman.ca> References: <4896.1343757791@obiwan.sandelman.ca> <25977.1343775649@obiwan.sandelman.ca> Date: Fri, 17 Aug 2012 13:34:23 -0400 Message-ID: From: Phillip Hallam-Baker To: Michael Richardson Content-Type: text/plain; charset=ISO-8859-1 Cc: "ipsec@ietf.org WG" , dane WG list Subject: Re: [dane] [IPsec] IPSEC & DANE (RFC4025) X-BeenThere: dane@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: DNS-based Authentication of Named Entities List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Aug 2012 17:34:25 -0000 Is the answer to this problem possibly that DNS records to configure IPSEC should go in the reverse DNS? On Tue, Jul 31, 2012 at 7:00 PM, Michael Richardson wrote: > >>>>>> "Paul" == Paul Wouters writes: > Paul> So what happens in my case? Either google is blocked, or google is > Paul> downgraded to plaintext. Or the application could distinguish between > Paul> my suggested boguspublic-key versus the real google > > Google is plaintext, you never had the right to speak for it. > > Paul> Yes, and what I'm saying is that current methods for tying DANE to IPSEC > Paul> fail, because there is no binding to the legitimacy of the proclaimed > Paul> gateway. > > I assume by "current methods", you mean RFC4322? > Or is there another proposal that I've missed? > > -- > Michael Richardson , Sandelman Software Works > > > > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec > -- Website: http://hallambaker.com/ From bortzmeyer@nic.fr Sat Aug 18 09:40:32 2012 Return-Path: X-Original-To: dane@ietfa.amsl.com Delivered-To: dane@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BE80221F84B2 for ; Sat, 18 Aug 2012 09:40:32 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -100.472 X-Spam-Level: X-Spam-Status: No, score=-100.472 tagged_above=-999 required=5 tests=[AWL=0.269, BAYES_20=-0.74, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q7FCwPpPFTGv for ; Sat, 18 Aug 2012 09:40:32 -0700 (PDT) Received: from mail.bortzmeyer.org (aetius.bortzmeyer.org [IPv6:2001:4b98:dc0:41:216:3eff:fece:1902]) by ietfa.amsl.com (Postfix) with ESMTP id 00DAE21F84A6 for ; Sat, 18 Aug 2012 09:40:28 -0700 (PDT) Received: by mail.bortzmeyer.org (Postfix, from userid 10) id 35BE43B41D; Sat, 18 Aug 2012 16:40:26 +0000 (UTC) Received: by tyrion (Postfix, from userid 1000) id 98176F02098; Sat, 18 Aug 2012 18:26:03 +0200 (CEST) Date: Sat, 18 Aug 2012 18:26:03 +0200 From: Stephane Bortzmeyer To: dane@ietf.org Message-ID: <20120818162603.GA7499@laperouse.bortzmeyer.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Transport: UUCP rules X-Operating-System: Ubuntu 12.04 (precise) User-Agent: Mutt/1.5.21 (2010-09-15) Subject: [dane] IANA registry not linked to? X-BeenThere: dane@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: DNS-based Authentication of Named Entities List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Aug 2012 16:40:32 -0000 I cannot find, on the IANA Web site, a link to the new registry . For instance, it is not listed in . As a result, IANA's search engine (which is subcontracted to Google) does not find it, probably because the crawler was not able to fetch it. Is it worth a bug report to IANA? From paul.hoffman@vpnc.org Sat Aug 18 11:02:53 2012 Return-Path: X-Original-To: dane@ietfa.amsl.com Delivered-To: dane@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A78ED21F846F for ; Sat, 18 Aug 2012 11:02:53 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.579 X-Spam-Level: X-Spam-Status: No, score=-102.579 tagged_above=-999 required=5 tests=[AWL=0.020, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N475DPui6dSv for ; Sat, 18 Aug 2012 11:02:53 -0700 (PDT) Received: from hoffman.proper.com (IPv6.Hoffman.Proper.COM [IPv6:2605:8e00:100:41::81]) by ietfa.amsl.com (Postfix) with ESMTP id C381121F845A for ; Sat, 18 Aug 2012 11:02:52 -0700 (PDT) Received: from [10.20.30.108] (50-1-50-97.dsl.dynamic.fusionbroadband.com [50.1.50.97]) (authenticated bits=0) by hoffman.proper.com (8.14.5/8.14.5) with ESMTP id q7II2mYm082754 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Sat, 18 Aug 2012 11:02:48 -0700 (MST) (envelope-from paul.hoffman@vpnc.org) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 6.0 \(1485\)) From: Paul Hoffman In-Reply-To: <20120818162603.GA7499@laperouse.bortzmeyer.org> Date: Sat, 18 Aug 2012 11:02:48 -0700 Content-Transfer-Encoding: 7bit Message-Id: <8F52F419-AEF4-41F3-9692-5ED92FFB42C4@vpnc.org> References: <20120818162603.GA7499@laperouse.bortzmeyer.org> To: Stephane Bortzmeyer X-Mailer: Apple Mail (2.1485) Cc: dane@ietf.org Subject: Re: [dane] IANA registry not linked to? X-BeenThere: dane@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: DNS-based Authentication of Named Entities List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Aug 2012 18:02:53 -0000 On Aug 18, 2012, at 9:26 AM, Stephane Bortzmeyer wrote: > I cannot find, on the IANA Web site, a link to the new registry > . For > instance, it is not listed in . As a > result, IANA's search engine (which is subcontracted to Google) does > not find it, probably because the crawler was not able to fetch it. > > Is it worth a bug report to IANA? Yes, it definitely is. From paul@cypherpunks.ca Mon Aug 20 10:34:25 2012 Return-Path: X-Original-To: dane@ietfa.amsl.com Delivered-To: dane@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 83C4521F8678; Mon, 20 Aug 2012 10:34:25 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.375 X-Spam-Level: X-Spam-Status: No, score=-2.375 tagged_above=-999 required=5 tests=[AWL=0.224, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6l6RB+ma+7qV; Mon, 20 Aug 2012 10:34:25 -0700 (PDT) Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) by ietfa.amsl.com (Postfix) with ESMTP id 0BCE721F8667; Mon, 20 Aug 2012 10:34:25 -0700 (PDT) Received: by bofh.nohats.ca (Postfix, from userid 500) id B847580555; Mon, 20 Aug 2012 13:33:47 -0400 (EDT) Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id AAD65804D0; Mon, 20 Aug 2012 13:33:47 -0400 (EDT) Date: Mon, 20 Aug 2012 13:33:47 -0400 (EDT) From: Paul Wouters X-X-Sender: paul@bofh.nohats.ca To: Phillip Hallam-Baker In-Reply-To: Message-ID: References: <4896.1343757791@obiwan.sandelman.ca> <25977.1343775649@obiwan.sandelman.ca> User-Agent: Alpine 2.02 (LFD 1266 2009-07-14) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: "ipsec@ietf.org WG" , dane WG list Subject: Re: [dane] [IPsec] IPSEC & DANE (RFC4025) X-BeenThere: dane@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: DNS-based Authentication of Named Entities List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Aug 2012 17:34:25 -0000 On Fri, 17 Aug 2012, Phillip Hallam-Baker wrote: > Is the answer to this problem possibly that DNS records to configure > IPSEC should go in the reverse DNS? Been there, done that in 1995, did not work. Paul From hallam@gmail.com Tue Aug 21 17:13:15 2012 Return-Path: X-Original-To: dane@ietfa.amsl.com Delivered-To: dane@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B52B21F855D; Tue, 21 Aug 2012 17:13:15 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.499 X-Spam-Level: X-Spam-Status: No, score=-5.499 tagged_above=-999 required=5 tests=[AWL=-1.900, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tlrdLUg8Y17o; Tue, 21 Aug 2012 17:13:15 -0700 (PDT) Received: from mail-ob0-f172.google.com (mail-ob0-f172.google.com [209.85.214.172]) by ietfa.amsl.com (Postfix) with ESMTP id E7AB821F8555; Tue, 21 Aug 2012 17:13:14 -0700 (PDT) Received: by obbwc20 with SMTP id wc20so534676obb.31 for ; Tue, 21 Aug 2012 17:13:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=DmRX5bxh+I5elS97TOY9xZWdn3eWz2/O/eieYbMaBNI=; b=Ccss5I0NONyFjvWDeIzPO+EI4NB1dbkqOoeNk045OsZz4brZw07jeMfSJR4B/aaltn W3fqq3p416VWlZqS1Z626kJMTtDjjw2LrLCiT99q3Ip2kC2zGdPhAfBY1zL3+6BMVKxP M9MZkhTieB7yThfGLBs0FeTTV/f2ypMKVWUwFBYOEJCkUcl1lMwb7htgUyw74eKlv6Uw Qi/ZDLhiYXwPWxpTsGtTlKu7fYI4+BDNie5DiXhviUlCcz0foMR9XrAOoS+hEBbriGrR 2f1vOGtUjbOA6b8rlOQt1iECtERLrIbRarkkOmzjiw+QVjYmRUbdjKULCHxgC9xPPxBC fPXQ== MIME-Version: 1.0 Received: by 10.182.118.71 with SMTP id kk7mr14103401obb.81.1345594394582; Tue, 21 Aug 2012 17:13:14 -0700 (PDT) Received: by 10.76.80.10 with HTTP; Tue, 21 Aug 2012 17:13:14 -0700 (PDT) In-Reply-To: References: <4896.1343757791@obiwan.sandelman.ca> <25977.1343775649@obiwan.sandelman.ca> Date: Tue, 21 Aug 2012 20:13:14 -0400 Message-ID: From: Phillip Hallam-Baker To: Paul Wouters Content-Type: text/plain; charset=ISO-8859-1 Cc: "ipsec@ietf.org WG" , dane WG list Subject: Re: [dane] [IPsec] IPSEC & DANE (RFC4025) X-BeenThere: dane@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: DNS-based Authentication of Named Entities List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Aug 2012 00:13:15 -0000 On Mon, Aug 20, 2012 at 1:33 PM, Paul Wouters wrote: > On Fri, 17 Aug 2012, Phillip Hallam-Baker wrote: > >> Is the answer to this problem possibly that DNS records to configure >> IPSEC should go in the reverse DNS? > > > Been there, done that in 1995, did not work. When people make claims like that, I prefer to see a reason. Or are we meant to take the fact that you could not make it work to mean that it is impossible? -- Website: http://hallambaker.com/ From paul@cypherpunks.ca Tue Aug 21 17:27:00 2012 Return-Path: X-Original-To: dane@ietfa.amsl.com Delivered-To: dane@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C823D11E808D; Tue, 21 Aug 2012 17:27:00 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.4 X-Spam-Level: X-Spam-Status: No, score=-2.4 tagged_above=-999 required=5 tests=[AWL=0.199, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V14Qk60hG+lO; Tue, 21 Aug 2012 17:27:00 -0700 (PDT) Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) by ietfa.amsl.com (Postfix) with ESMTP id 59F0711E808A; Tue, 21 Aug 2012 17:27:00 -0700 (PDT) Received: by bofh.nohats.ca (Postfix, from userid 500) id 33ABB80555; Tue, 21 Aug 2012 20:26:23 -0400 (EDT) Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 266AB804B7; Tue, 21 Aug 2012 20:26:23 -0400 (EDT) Date: Tue, 21 Aug 2012 20:26:23 -0400 (EDT) From: Paul Wouters X-X-Sender: paul@bofh.nohats.ca To: Phillip Hallam-Baker In-Reply-To: Message-ID: References: <4896.1343757791@obiwan.sandelman.ca> <25977.1343775649@obiwan.sandelman.ca> User-Agent: Alpine 2.02 (LFD 1266 2009-07-14) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: "ipsec@ietf.org WG" , dane WG list Subject: Re: [dane] [IPsec] IPSEC & DANE (RFC4025) X-BeenThere: dane@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: DNS-based Authentication of Named Entities List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Aug 2012 00:27:00 -0000 On Tue, 21 Aug 2012, Phillip Hallam-Baker wrote: >>> Is the answer to this problem possibly that DNS records to configure >>> IPSEC should go in the reverse DNS? >> >> >> Been there, done that in 1995, did not work. > > When people make claims like that, I prefer to see a reason. Or are we > meant to take the fact that you could not make it work to mean that it > is impossible? It was called The FreeS/WAN Project and was founded by John Gilmore. It's Opportuistic Encryption used TXT records in the reverse. The two main problems were no one could add anything in their "own" reverse, and massive deployment of NAT meant people couldn't make their machines visible and reachable. Additionally, I see lots of signs the reverse for IPv6 is going to be even worse - even ISPs aren't really caring about it. Paul From bortzmeyer@nic.fr Mon Aug 27 03:25:15 2012 Return-Path: X-Original-To: dane@ietfa.amsl.com Delivered-To: dane@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 00AC521F8619 for ; Mon, 27 Aug 2012 03:25:15 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -101.954 X-Spam-Level: X-Spam-Status: No, score=-101.954 tagged_above=-999 required=5 tests=[AWL=0.295, BAYES_00=-2.599, HELO_EQ_FR=0.35, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d8O+bMojuJXB for ; Mon, 27 Aug 2012 03:25:14 -0700 (PDT) Received: from mx4.nic.fr (mx4.nic.fr [192.134.4.12]) by ietfa.amsl.com (Postfix) with ESMTP id 18A0421F85F4 for ; Mon, 27 Aug 2012 03:25:14 -0700 (PDT) Received: from mx4.nic.fr (localhost [127.0.0.1]) by mx4.nic.fr (Postfix) with SMTP id 39F732801B0; Mon, 27 Aug 2012 12:24:40 +0200 (CEST) Received: from relay1.nic.fr (relay1.nic.fr [192.134.4.162]) by mx4.nic.fr (Postfix) with ESMTP id 354332801A7; Mon, 27 Aug 2012 12:24:40 +0200 (CEST) Received: from bortzmeyer.nic.fr (batilda.nic.fr [IPv6:2001:67c:2219:8::6:69]) by relay1.nic.fr (Postfix) with ESMTP id 29D3E4C0053; Mon, 27 Aug 2012 12:24:10 +0200 (CEST) Date: Mon, 27 Aug 2012 12:24:10 +0200 From: Stephane Bortzmeyer To: Paul Hoffman Message-ID: <20120827102410.GA1460@nic.fr> References: <20120818162603.GA7499@laperouse.bortzmeyer.org> <8F52F419-AEF4-41F3-9692-5ED92FFB42C4@vpnc.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <8F52F419-AEF4-41F3-9692-5ED92FFB42C4@vpnc.org> X-Operating-System: Debian GNU/Linux wheezy/sid X-Kernel: Linux 3.2.0-3-686-pae i686 Organization: NIC France X-URL: http://www.nic.fr/ User-Agent: Mutt/1.5.21 (2010-09-15) Cc: dane@ietf.org Subject: Re: [dane] IANA registry not linked to? X-BeenThere: dane@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: DNS-based Authentication of Named Entities List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Aug 2012 10:25:15 -0000 On Sat, Aug 18, 2012 at 11:02:48AM -0700, Paul Hoffman wrote a message of 11 lines which said: > Yes, it definitely is. Done and fixed by IANA. From warren@kumari.net Tue Aug 28 07:15:40 2012 Return-Path: X-Original-To: dane@ietfa.amsl.com Delivered-To: dane@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7CCF121F84F6 for ; Tue, 28 Aug 2012 07:15:40 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -106.599 X-Spam-Level: X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MM1y2F9N8Fn6 for ; Tue, 28 Aug 2012 07:15:39 -0700 (PDT) Received: from vimes.kumari.net (vimes.kumari.net [198.186.192.250]) by ietfa.amsl.com (Postfix) with ESMTP id 0081521F84F2 for ; Tue, 28 Aug 2012 07:15:38 -0700 (PDT) Received: from dhcp-172-16-21-99.lon.corp.google.com (unknown [74.125.57.57]) by vimes.kumari.net (Postfix) with ESMTPSA id C37571B4067A; Tue, 28 Aug 2012 10:15:37 -0400 (EDT) Mime-Version: 1.0 (Apple Message framework v1278) Content-Type: text/plain; charset=us-ascii From: Warren Kumari In-Reply-To: <20120827102410.GA1460@nic.fr> Date: Tue, 28 Aug 2012 10:15:39 -0400 Content-Transfer-Encoding: quoted-printable Message-Id: <00C41D73-F64F-405F-93F9-97A9A44BDFBF@kumari.net> References: <20120818162603.GA7499@laperouse.bortzmeyer.org> <8F52F419-AEF4-41F3-9692-5ED92FFB42C4@vpnc.org> <20120827102410.GA1460@nic.fr> To: Stephane Bortzmeyer X-Mailer: Apple Mail (2.1278) Cc: Paul Hoffman , dane@ietf.org Subject: Re: [dane] IANA registry not linked to? X-BeenThere: dane@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: DNS-based Authentication of Named Entities List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Aug 2012 14:15:40 -0000 On Aug 27, 2012, at 6:24 AM, Stephane Bortzmeyer wrote: > On Sat, Aug 18, 2012 at 11:02:48AM -0700, > Paul Hoffman wrote=20 > a message of 11 lines which said: >=20 >> Yes, it definitely is. >=20 > Done and fixed by IANA. Excellent, thank you (and the IANA). W > _______________________________________________ > dane mailing list > dane@ietf.org > https://www.ietf.org/mailman/listinfo/dane >=20 --=20 There are only 10 types of people in this world -- those who understand = binary arithmetic and those who don't.