Javascript disabled? Like other modern websites, the IETF Datatracker relies on Javascript. Please enable Javascript for full functionality.

Using DNS-Based Authentication of Named Entities (DANE) TLSA Records with SRV Records
draft-ietf-dane-srv-14

Yes

(Barry Leiba)

(Ben Campbell)

(Kathleen Moriarty)

(Stephen Farrell)

No Objection

(Alvaro Retana)

(Benoît Claise)

(Brian Haberman)

(Deborah Brungard)

(Jari Arkko)

(Joel Jaeggli)

(Martin Stiemerling)

(Spencer Dawkins)

(Terry Manderson)

Note: This ballot was opened for revision 13 and is now closed.

Barry Leiba Former IESG member

Yes

Yes (for -13) Unknown

Ben Campbell Former IESG member

Yes

Yes (2015-04-21 for -13) Unknown

Thanks for this.  Protocols using SRV have been left out of the DANE party for too long :-) But I still have a couple of comments:

3.1, 2nd paragraph (note)

I have mixed emotions about smtp-with-dane as an informational reference. Putting it in a "note" aside, can one safely implement and use dane-srv without reading that draft? (If the answer is really "yes", then I'm okay with it.)

3.2, first paragraph:

Is this meant to imply that one must resolve every SRV target? I would assume that it follows the normal SRV rules and application protocol rules, which may or may not result in queries for every SRV target in the set.

Kathleen Moriarty Former IESG member

Yes

Yes (for -13) Unknown

Stephen Farrell Former IESG member

Yes

Yes (for -13) Unknown

Alvaro Retana Former IESG member

No Objection

No Objection (2015-04-22 for -13) Unknown

Just a nit..

Every day I learn new things.  Today was the day that I learned that TLSA actually doesn't mean anything.  My first guess had been that it had something to do with TLS (TLS Authentication?) and spent some time trying to decipher in the context of the draft.  Eventually I did find the "definition" in rfc6698: "TLSA" does not stand for anything; it is just the name of the RRtype.

Maybe most/all of the readers of this document will already know what TLSA is, but just like we tend to expand non obvious (at least to me!) acronyms when they are first mentioned, it would be nice (specially for readers like me) to clear up front what it means (or doesn't mean).

Benoît Claise Former IESG member

No Objection

No Objection (for -13) Unknown

Brian Haberman Former IESG member

No Objection

No Objection (2015-04-20 for -13) Unknown

* The reference to Section 4 of draft-ietf-dane-smtp-with-dane in the Note within section 3.1 seems out-of-date.

* The intro to Section 3.2 says "A and/or AAAA", but the first two bullets in the list seems to assume that both A and AAAA lookups are performed.

Deborah Brungard Former IESG member

No Objection

No Objection (for -13) Unknown

Jari Arkko Former IESG member

No Objection

No Objection (for -13) Unknown

Joel Jaeggli Former IESG member

No Objection

No Objection (for -13) Unknown

Martin Stiemerling Former IESG member

No Objection

No Objection (for -13) Unknown

Spencer Dawkins Former IESG member

No Objection

No Objection (for -13) Unknown

Terry Manderson Former IESG member

No Objection

No Objection (for -13) Unknown

Using DNS-Based Authentication of Named Entities (DANE) TLSA Records with SRV Records draft-ietf-dane-srv-14

Using DNS-Based Authentication of Named Entities (DANE) TLSA Records with SRV Records
draft-ietf-dane-srv-14