[dane] SMIMEA, record locating as in OPENPGPKEY
"Wiley, Glen" <gwiley@verisign.com> Wed, 08 July 2015 21:29 UTC
Return-Path: <gwiley@verisign.com>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D3E61A8842 for <dane@ietfa.amsl.com>; Wed, 8 Jul 2015 14:29:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.289
X-Spam-Level:
X-Spam-Status: No, score=-0.289 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MANGLED_TEXT=2.3, RCVD_IN_DNSWL_LOW=-0.7, T_FILL_THIS_FORM_SHORT=0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4st_tzVrWamN for <dane@ietfa.amsl.com>; Wed, 8 Jul 2015 14:29:27 -0700 (PDT)
Received: from mail-qg0-f98.google.com (mail-qg0-f98.google.com [209.85.192.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5262E1A711A for <dane@ietf.org>; Wed, 8 Jul 2015 14:29:27 -0700 (PDT)
Received: by qgem67 with SMTP id m67so6671706qge.1 for <dane@ietf.org>; Wed, 08 Jul 2015 14:29:26 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:subject:thread-topic:thread-index:date :message-id:accept-language:content-language:user-agent:content-type :mime-version; bh=KRZN7EzU3iH3NobTvoO/DdS0HLXy7hopqATertvULv0=; b=caek036kgaaIfyHp21B5GPG7WzfNgAmdc+U5tcG4EDmcGEdcqjk4vzliXP9oo81kWX NCrPYrmsB0B08fln0uq08FVCeN7tNVp1JSsyRk1yWjqnfeaVTDJ5sYZpPtYFTfSCS9RY rtbybmL0NeVmShXzxXFNJW/CYbAUUe0c90TFd/sel70CVdRiZ13UZWDU9fYEz/3yZaNI EMQc1cyxbNxOgZiB3xX3Ldo+NNVpr3jbcxiy8k0NnjTkHAjOnmlelBkVuuWbS0NWcM8V pJyWvf9qxko4vqofovJKOfq7CCrW15C57CawK2gosHsl1TiqOLhYF/Gr26qQOI38d/CW Qwtw==
X-Gm-Message-State: ALoCoQmYCfqX1xjsZdgLZXWwqkO13LpBdnLdzXyDBBZ8TpclT3p7z7hGjhsdy/m34xj5KjW4HU80U4FcEAJUOjTT9b4g0hbODw==
X-Received: by 10.140.233.140 with SMTP id e134mr20767906qhc.63.1436390966400; Wed, 08 Jul 2015 14:29:26 -0700 (PDT)
Received: from brn1lxmailout01.verisign.com (brn1lxmailout01.verisign.com. [72.13.63.41]) by smtp-relay.gmail.com with ESMTPS id 66sm838679qky.3.2015.07.08.14.29.26 for <dane@ietf.org> (version=TLSv1 cipher=RC4-SHA bits=128/128); Wed, 08 Jul 2015 14:29:26 -0700 (PDT)
X-Relaying-Domain: verisign.com
Received: from BRN1WNEXCHM01.vcorp.ad.vrsn.com (brn1wnexchm01 [10.173.152.255]) by brn1lxmailout01.verisign.com (8.13.8/8.13.8) with ESMTP id t68LTPUT001433 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL) for <dane@ietf.org>; Wed, 8 Jul 2015 17:29:25 -0400
Received: from BRN1WNEXMBX01.vcorp.ad.vrsn.com ([::1]) by BRN1WNEXCHM01.vcorp.ad.vrsn.com ([::1]) with mapi id 14.03.0174.001; Wed, 8 Jul 2015 17:28:58 -0400
From: "Wiley, Glen" <gwiley@verisign.com>
To: "dane@ietf.org" <dane@ietf.org>
Thread-Topic: SMIMEA, record locating as in OPENPGPKEY
Thread-Index: AQHQucUZQLJ74gnFAE6Y0x714gmEew==
Date: Wed, 08 Jul 2015 21:28:58 +0000
Message-ID: <D1C30E78.12D99%gwiley@verisign.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.4.9.150325
x-originating-ip: [10.173.152.4]
Content-Type: multipart/alternative; boundary="_000_D1C30E7812D99gwileyverisigncom_"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/dane/0-NvPGZcwfGWMR0KhYL85Ge--zg>
Subject: [dane] SMIMEA, record locating as in OPENPGPKEY
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Jul 2015 21:29:29 -0000
How would folks feel about updating the SMIMEA draft to use language similar to section 3 in the OPENPGPKEY draft: Location of the OPENPGPKEY record The DNS does not allow the use of all characters that are supported in the "local-part" of email addresses as defined in [RFC2822<https://tools.ietf.org/html/rfc2822>] and [RFC6530<https://tools.ietf.org/html/rfc6530>]. Therefore, email addresses are mapped into DNS using the following method: o The user name (the "left-hand side" of the email address, called the "local-part" in the mail message format definition [RFC2822<https://tools.ietf.org/html/rfc2822>] and the "local part" in the specification for internationalized Wouters Expires October 03, 2015 [Page 4] ________________________________ <https://tools.ietf.org/html/draft-ietf-dane-openpgpkey-03#page-5> Internet-Draft DANE for OpenPGP public keys April 2015 email [RFC6530<https://tools.ietf.org/html/rfc6530>]) should already be encoded in UTF-8 (or its subset ASCII). If it is written in another encoding it should be converted to UTF-8. Next, it is turned into lowercase and hashed using the SHA2-256 [RFC5754<https://tools.ietf.org/html/rfc5754>] algorithm, with the hash truncated to 28 octets and represented in its hexadecimal representation, to become the left-most label in the prepared domain name. Truncation comes from the right-most octets. This does not include the at symbol ("@") that separates the left and right sides of the email address. o The string "_openpgpkey" becomes the second left-most label in the prepared domain name. o The domain name (the "right-hand side" of the email address, called the "domain" in RFC 2822<https://tools.ietf.org/html/rfc2822>) is appended to the result of step 2 to complete the prepared domain name. For example, to request an OPENPGPKEY resource record for a user whose email address is "hugh@example.com", an OPENPGPKEY query would be placed for the following QNAME: "c93f1e400f26708f98cb19d936620da35 eec8f72e57f9eec01c1afd6._openpgpkey.example.com". The corresponding RR in the example.com zone might look like (key shortened for formatting): c9[..]d6._openpgpkey.example.com. IN OPENPGPKEY <base64 public key> 3.1<https://tools.ietf.org/html/draft-ietf-dane-openpgpkey-03#section-3.1>. Email address variants Mail systems usually handle variant forms of local-parts. The most common variants are upper and lower case, which are now invariably treated as equivalent. But many other variants are possible. Some systems allow and ignore "noise" characters such as dots, so local parts johnsmith and John.Smith would be equivalent. Many systems allow "extensions" such as john-ext or mary+ext where john or mary is treated as the effective local-part, and the ext is passed to the recipient for further handling. This can complicate finding the OPENPGPKEY record associated with the dynamically created email address. [RFC5321] and its predecessors have always made it clear that only the recipient MTA is allowed to interpret the local-part of an address. A client supporting OPENPGPKEY therefor MUST NOT perform any kind of mapping rules based on the email address. As the local- part is converted to lowercase before hashing, case sensitivity will not cause problems for the OPENPGPKEY lookup. -- Glen Wiley Principal Engineer Verisign, Inc. (571) 230-7917 http://vbsdcon.com A5E5 E373 3C75 5B3E 2E24 6A0F DC65 2354 9946 C63A
- [dane] SMIMEA, record locating as in OPENPGPKEY Wiley, Glen
- Re: [dane] SMIMEA, record locating as in OPENPGPK… Peter van Dijk
- Re: [dane] SMIMEA, record locating as in OPENPGPK… Osterweil, Eric
- Re: [dane] SMIMEA, record locating as in OPENPGPK… Olafur Gudmundsson
- Re: [dane] SMIMEA, record locating as in OPENPGPK… Florian Kirstein
- Re: [dane] SMIMEA, record locating as in OPENPGPK… Wiley, Glen