Re: [dane] draft-ietf-dane-smime-11.txt
Florian Kirstein <fk@sys4.de> Mon, 25 July 2016 18:42 UTC
Return-Path: <fk@sys4.de>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 17A9612D591 for <dane@ietfa.amsl.com>; Mon, 25 Jul 2016 11:42:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.588
X-Spam-Level:
X-Spam-Status: No, score=-5.588 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-1.287, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sys4.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3kyReDcvHNTc for <dane@ietfa.amsl.com>; Mon, 25 Jul 2016 11:42:31 -0700 (PDT)
Received: from mail.sys4.de (mail.sys4.de [194.126.158.132]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BD81212B042 for <dane@ietf.org>; Mon, 25 Jul 2016 11:42:31 -0700 (PDT)
Received: from localhost (echo.sys4.de [127.0.0.1]) by mail.sys4.de (Postfix) with ESMTP id 3ryqqn1m4Qz1LKD for <dane@ietf.org>; Mon, 25 Jul 2016 20:42:29 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=sys4.de; s=fk-sys4-de-201501; t=1469472149; bh=+RwnKAm3+w1r7JlA8s3mzMdOtCgd2y4s24qWFKMjjvY=; h=Date:From:To:Subject:References:In-Reply-To; b=EDNsMcFzpEPs2E1Lyf2pyETjai4tMPrEjR0unLDvWbsPXRnYbC/Ix3soizUhmCJrE TRrXYuMn91LYa1/0WWYq9khF+MFV5nYueu9Bcjt3KOBycLEcbz8APK1cyf5Cm54usP zqzhABijNNaqSJEXenGb52douCRaVVPNbCSXMGyzaLOrlDezGEo34+U9LWb49HxqUQ 8cS4SIG9kjpZVWcxK+YqMQr+LvPtDlvvqzcIoaUZ00PRVW1t1XtljSZALefzEJiR6X hj5i8LE47j1coC6mo6CsL3KyAfkrESL4pqc5unFM78grPNUbLMqBpJcSx24OLL2bQT arHjXPy+yLQjg==
X-Virus-Scanned: amavisd-new at sys4.de
Received: from sys4.de (mail.sys4.de [IPv6:2001:1578:400:111::7]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.sys4.de (Postfix) with ESMTPSA id 3ryqqn0JxZz1HKJ for <dane@ietf.org>; Mon, 25 Jul 2016 20:42:29 +0200 (CEST)
Date: Mon, 25 Jul 2016 20:42:27 +0200
From: Florian Kirstein <fk@sys4.de>
To: dane@ietf.org
Message-ID: <20160725184227.GA24027@sys4.de>
References: <F0A8D915-CE88-4A8B-BA66-D8163158A90C@vpnc.org> <01af01d1d950$a0dfaf00$e29f0d00$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <01af01d1d950$a0dfaf00$e29f0d00$@augustcellars.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dane/-prrVPCgpVvjMC7DHd9RZ0OFOnM>
Subject: Re: [dane] draft-ietf-dane-smime-11.txt
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jul 2016 18:42:34 -0000
Hello, > Since I have never been in the camp of believing that the email matching > problem has been solved Time will tell, but I think we are on a good path. Regarding S/MIME: looks like Mozilla "fixed" it (after some RFC discussions) to case insensitive matching in 2002: https://bugzilla.mozilla.org/show_bug.cgi?id=130692 But regarding your actual concern: > capabilities of an S/MIME client for encryption to be obtained as part of > this query? This is out of the scope of this proposal. Even without DANE you could want to send a mail to someone without having received a signed mail from him before. As well as you can and would and should use DANE key lookup also WHEN replying to a signed mail. > it is possible to put them into a certificate (RFC 4262) but this has > problems when they change (you need to get a new certificate) Still RFC4262 is the RFC to address this problem. Not our key lookup. Of course it would be possible to add some information about that also into the DNS - but that would be a third way to publish this information without any need. Publishing a new cert in DNS isn't a real problem and CAs (if you for some reason want your cert signed) might even offer free resigning if only RFC4262 info is changed in the future. It's good you brought this up but I don't see a real problem here to be solved in the draft... Greetings, Florian -- [*] sys4 AG https://sys4.de, +49 (89) 30 90 46 64 Schleissheimer Strasse 26/MG, 80333 Muenchen Sitz der Gesellschaft: Muenchen, Amtsgericht Muenchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
- Re: [dane] draft-ietf-dane-smime-11.txt Jim Schaad
- [dane] draft-ietf-dane-smime-11.txt Paul Hoffman
- Re: [dane] draft-ietf-dane-smime-11.txt Florian Kirstein