[dane] AD review of draft-ietf-dane-openpgpkey-03
Stephen Farrell <stephen.farrell@cs.tcd.ie> Wed, 03 June 2015 20:41 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F005A1A8958 for <dane@ietfa.amsl.com>; Wed, 3 Jun 2015 13:41:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.21
X-Spam-Level:
X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FIbF7NZ10wq9 for <dane@ietfa.amsl.com>; Wed, 3 Jun 2015 13:41:11 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5D15C1A8860 for <dane@ietf.org>; Wed, 3 Jun 2015 13:41:11 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 2736BBF09 for <dane@ietf.org>; Wed, 3 Jun 2015 21:41:10 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qWCGUQadPSGd for <dane@ietf.org>; Wed, 3 Jun 2015 21:41:08 +0100 (IST)
Received: from [10.87.48.73] (unknown [86.46.31.250]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id C0BA3BF08 for <dane@ietf.org>; Wed, 3 Jun 2015 21:41:08 +0100 (IST)
Message-ID: <556F6664.8020800@cs.tcd.ie>
Date: Wed, 03 Jun 2015 21:41:08 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: dane <dane@ietf.org>
OpenPGP: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/dane/-BVzGER4tA2IqFVNXMg8YRVdWZ0>
Subject: [dane] AD review of draft-ietf-dane-openpgpkey-03
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Jun 2015 20:41:13 -0000
Hiya, I've done my AD review of this one too. In this case I do have a few questions I'd like to chat about before starting IETF LC, four of 'em actually;-) But they should be quickly dealt with. And of course I've a bunch of nitty comments too, below, but those can just be handled as last call comments. Cheers, S. Stuff I'd like to chat about before starting IETF LC: (1) Given the email-addr-in-DNS issues with this, would this not be better as experimental? I think the WG did consider that, but I forget, and in any case even if you did, I want to ask again, to be sure to be sure:-) My concern is that we not end up arguing against other folks who may want to standardise some form(s) of key server on the basis that this is *the* standard way to do it. One way to handle that would be for this to be experimental and for us to see if it gets deployed or not. Another could be to just say in the text that this proposed standard is one way of distributing keys, but that others can be equally valid. (2) The intro is very wordy. It could really lose the editorialising generally. (Various examples below.) Is that fair comment? Are the opinionated bits really needed in the RFC? (3) Can you briefly convince me that sections 2.1 and 2.2 are sufficient to write interoperable code. Section 5.5.1.1 of 4880 does not seem to be the right place at which to point for that, to me. But I've not implemented PGP so I may be wrong. (4) 6.2 still refers to sha-224, which is wrong now isn't it? ---- detailed comments/nits/etc. - intro: HKP needs a reference - intro: "Worse, ..." the value judgement isn't needed. Say (exactly) why it's worse or say nothing. And the IETF does not have consensus that TOFU is "worse" unless you say what it is "worse" than. - intro: "have no method" - how do you know? It could be they make no claims of validating things but that they do internal stuff, who knows. - intro: lack of secure lookup does not "prevent" encryption, that's just wrong. I send encrypted mail all the time without that. - intro: "forcing...unencrypted" is also wrong given S/MIME - while this is about PGP, please don't deny reality. - intro: "This document describes..." - you could delete almost all the text before this para. And some after it;-) - intro: "Trust Signature model" needs a reference - intro: "otherwise have to be" is false (same as above) - Appendix A: This would be much better work a worked example, incl. a public key one could import to re-generate the outputs required. - section 3: do you really need 28 octets? wouldn't fewer be good enough and not risk collisions? Just wondering. - 4.2 - that MUST fail if local/DNS differ is a shame. Did the WG consider adding a label or key version to the RR that might allow for some update cases to work? - section 5: is "recommended" there meant as a 2119 thing? If so, it's usually better in uppercase. - 6.2 - in theory using the mail author's email address might not mean publishing that I guess. But your text is fine as-is, just noting that possibility. - 6.3 - what if an application has no user? Does this section apply then?
- [dane] AD review of draft-ietf-dane-openpgpkey-03 Stephen Farrell
- Re: [dane] AD review of draft-ietf-dane-openpgpke… Peter van Dijk
- Re: [dane] AD review of draft-ietf-dane-openpgpke… Paul Wouters
- Re: [dane] AD review of draft-ietf-dane-openpgpke… John Levine
- Re: [dane] AD review of draft-ietf-dane-openpgpke… Olafur Gudmundsson
- Re: [dane] AD review of draft-ietf-dane-openpgpke… John Levine
- Re: [dane] AD review of draft-ietf-dane-openpgpke… Paul Wouters
- Re: [dane] AD review of draft-ietf-dane-openpgpke… Viktor Dukhovni
- Re: [dane] AD review of draft-ietf-dane-openpgpke… John Levine
- Re: [dane] AD review of draft-ietf-dane-openpgpke… John Levine
- Re: [dane] AD review of draft-ietf-dane-openpgpke… John Levine
- Re: [dane] AD review of draft-ietf-dane-openpgpke… Paul Wouters
- Re: [dane] AD review of draft-ietf-dane-openpgpke… Paul Wouters
- Re: [dane] AD review of draft-ietf-dane-openpgpke… Paul Wouters
- Re: [dane] AD review of draft-ietf-dane-openpgpke… Viktor Dukhovni
- Re: [dane] AD review of draft-ietf-dane-openpgpke… John R Levine
- Re: [dane] AD review of draft-ietf-dane-openpgpke… Paul Wouters
- Re: [dane] AD review of draft-ietf-dane-openpgpke… Viktor Dukhovni
- Re: [dane] AD review of draft-ietf-dane-openpgpke… John Levine
- Re: [dane] AD review of draft-ietf-dane-openpgpke… John Levine
- Re: [dane] AD review of draft-ietf-dane-openpgpke… Peter van Dijk
- Re: [dane] AD review of draft-ietf-dane-openpgpke… Jeremy Harris
- Re: [dane] AD review of draft-ietf-dane-openpgpke… John Levine
- Re: [dane] AD review of draft-ietf-dane-openpgpke… Paul Wouters
- Re: [dane] AD review of draft-ietf-dane-openpgpke… Richard Clayton
- Re: [dane] AD review of draft-ietf-dane-openpgpke… Paul Wouters
- Re: [dane] AD review of draft-ietf-dane-openpgpke… Florian Kirstein
- Re: [dane] AD review of draft-ietf-dane-openpgpke… Christian Rößner
- Re: [dane] AD review of draft-ietf-dane-openpgpke… John Levine
- Re: [dane] AD review of draft-ietf-dane-openpgpke… Florian Kirstein
- Re: [dane] AD review of draft-ietf-dane-openpgpke… John Levine
- Re: [dane] AD review of draft-ietf-dane-openpgpke… Christian Rößner
- Re: [dane] AD review of draft-ietf-dane-openpgpke… Jacques Latour
- Re: [dane] AD review of draft-ietf-dane-openpgpke… A. Schulze
- Re: [dane] AD review of draft-ietf-dane-openpgpke… Paul Wouters
- Re: [dane] AD review of draft-ietf-dane-openpgpke… James Cloos
- Re: [dane] AD review of draft-ietf-dane-openpgpke… John Levine
- Re: [dane] AD review of draft-ietf-dane-openpgpke… Carsten Strotmann
- Re: [dane] AD review of draft-ietf-dane-openpgpke… John Levine
- Re: [dane] AD review of draft-ietf-dane-openpgpke… Viktor Dukhovni
- Re: [dane] AD review of draft-ietf-dane-openpgpke… Paul Wouters
- Re: [dane] AD review of draft-ietf-dane-openpgpke… Florian Kirstein
- Re: [dane] adoption chances, was AD review of dra… John Levine
- Re: [dane] AD review of draft-ietf-dane-openpgpke… Florian Kirstein
- Re: [dane] AD review of draft-ietf-dane-openpgpke… John Levine
- Re: [dane] AD review of draft-ietf-dane-openpgpke… Viktor Dukhovni
- Re: [dane] AD review of draft-ietf-dane-openpgpke… Paul Wouters
- Re: [dane] AD review of draft-ietf-dane-openpgpke… Alexey Melnikov