IETF Logo Mail Archive

Re: [dane] email canonicalization for SMIMEA owner names

Ian Fette (イアンフェッティ) <ifette@google.com> Fri, 12 December 2014 01:22 UTC

Return-Path: <ifette@google.com>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D92381A90EB for <dane@ietfa.amsl.com>; Thu, 11 Dec 2014 17:22:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.088
X-Spam-Level:
X-Spam-Status: No, score=-1.088 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9I0_tQ2oS_2F for <dane@ietfa.amsl.com>; Thu, 11 Dec 2014 17:22:28 -0800 (PST)
Received: from mail-vc0-x22d.google.com (mail-vc0-x22d.google.com [IPv6:2607:f8b0:400c:c03::22d]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4E2001A90E0 for <dane@ietf.org>; Thu, 11 Dec 2014 17:22:04 -0800 (PST)
Received: by mail-vc0-f173.google.com with SMTP id kv19so1397188vcb.4 for <dane@ietf.org>; Thu, 11 Dec 2014 17:22:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:reply-to:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=O83CSevLqeAkcai2PPdrEmth74RHotfVG72Tg8N8+W0=; b=jW0It/UZuJA5cZMvQzpXwuSo8Bvt+nAw4SsdbQy09VeCiDDRSlIyToBeIQu0Rfup8k NBE4UDW9AcyYf5N+BsEv8rwCoP7gPTF9qXxj+UGtDrvlBTzy1GJZ/6Xts2U/sD/Jzb2v aG9CjMhCFPEZSzd+rf1Fs+TsOAseMtznjPYtvIaL6NFEUxUK5gFTvS/TVXkqeHiCK3sL 1PjamzjtyIdzlF4v1u6q1mU7gGKZ/eF95ysLmsGJ1KhFpbKS1yz2Z11B+Y8XTY85FUgJ nv0qsRf7JXgVRmTjSrflRk+0OyuiS3zqcmFWgAXS/Pmd3Y2ze++5wE+uLzUwKqFar6xZ lDog==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:reply-to:in-reply-to:references :date:message-id:subject:from:to:cc:content-type; bh=O83CSevLqeAkcai2PPdrEmth74RHotfVG72Tg8N8+W0=; b=lIkGCgm3KQHFVrhrPjHO/O678lpBc2e6E1/jtHtpJKIUOBEKkGvOY0zIlFfQ0/YOfR 96XO8bu7oyo2zE9W7GbJ9CbqU1hgEQmyQ6Cffbv9fau2hRVA7NuZ6YK6RmJMygLF1ttR b2+ChcBObEcyoe92zVPuZVBmq9lwhUg7atpdLAxRrdPB4OeF4dvymMhsyNfVOT+dB0uy Q7ssL2enATZSUHo1X0sptjc0X1yDL7T/FjRV3h4livFrXKtYlbLUxnyJ8KH+oU+n65XQ 5VgqvGPzu2RiD5SnNTfh0Mc9JTJ0oBiXOFUkos6VXDxuPYXTXYbNAsNYSeKT1ZgosZsG P+mw==
X-Gm-Message-State: ALoCoQnsAwd4DmfyM/VGvZR5NQ51hQN5E5AiVUsijN1UbWT91mdSxHxCRJBiIGRWC47zpGzZ/U8d
MIME-Version: 1.0
X-Received: by 10.52.29.84 with SMTP id i20mr8033314vdh.1.1418347323259; Thu, 11 Dec 2014 17:22:03 -0800 (PST)
Received: by 10.52.13.163 with HTTP; Thu, 11 Dec 2014 17:22:03 -0800 (PST)
In-Reply-To: <20141212010007.2F78C254FBF3@rock.dv.isc.org>
References: <95826148-4F06-4942-87A4-2F6601BA0F90@nist.gov> <20141211221456.GI3448@localhost> <20141211235519.GO25666@mournblade.imrryr.org> <20141212000953.B0FE5254EAE8@rock.dv.isc.org> <20141212003130.GQ25666@mournblade.imrryr.org> <20141212004131.09FDB254F4F4@rock.dv.isc.org> <20141212005550.GR25666@mournblade.imrryr.org> <20141212010007.2F78C254FBF3@rock.dv.isc.org>
Date: Thu, 11 Dec 2014 17:22:03 -0800
Message-ID: <CAF4kx8cXQYmfQ-3FVN64GFK_3mc0xt6ZYAXo9_NdFx0n1B+RXA@mail.gmail.com>
From: "Ian Fette (イアンフェッティ)" <ifette@google.com>
To: Mark Andrews <marka@isc.org>
Content-Type: multipart/alternative; boundary="20cf307cff105f29c10509fab8f5"
Archived-At: http://mailarchive.ietf.org/arch/msg/dane/0YRvyFvLBLMqiQXnYexrZOMBPI0
Cc: dane@ietf.org
Subject: Re: [dane] email canonicalization for SMIMEA owner names
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: ifette@google.com
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Dec 2014 01:22:30 -0000

Sorry, just reading the SMIMEA stuff for the first time, so apologies for
the basic question, but do I really have to publish a record for each
address? How would I say "this is a trusted intermediate CA for *@gmail.com
"?

2014-12-11 17:00 GMT-08:00 Mark Andrews <marka@isc.org>:
>
>
> In message <20141212005550.GR25666@mournblade.imrryr.org>, Viktor
> Dukhovni writ
> es:
> > On Fri, Dec 12, 2014 at 11:41:30AM +1100, Mark Andrews wrote:
> >
> > > > If we're really going to do this as a direct query to the remote
> > > > domain (and not a DNSSEC lookup), perhaps the right application
> > > > protocol is some sort of minimal SMTP over SSL on a port indicated
> > > > by the SRV record:
> > > >
> > > >     <tcp connect>
> > > >     C/S: <TLS handshake>
> > > >     C: SMIMEA "Frank.Jr."@example.com
> > > >     S: 250-3 1 1 <blob1>
> > > >     S: 250 3 1 2 <blob2>
> > > >     <TCP disconnect>
> > >
> > > But not port 25.  That is blocked too often.
> >
> > Absolutely, this would be an additional service on some other port,
> > indicated via SRV records, and authenticated via DANE TLSA records.
> >
> > The downside of something other than HTTPS or DNS, is that while
> > less likely to be blocked for anti-spam reasons, this is likely to
> > be inaccessible to MUAs inside various firewalled environments.
> >
> > Perhaps a sufficiently light-weight http encapsulation is right
> > after all, and MTA authors might be able to implement just enough
> > HTTPS to still support this as an MTA feature.
> >
> > In Postfix this would be a separate program that runs out of
> > "master.cf", but uses the Postfix table facilities to get the data
> > out of any supported datastore (including LDAP!).
> >
> > This however takes far away from any similarity to the SMIMEA draft
> > as it is today.  Is it really time to throw it all away and start
> > again?
>
> Yes.  It's just a pity it has taken so long for other to realise this.
>
> > --
> >       Viktor.
> >
> > _______________________________________________
> > dane mailing list
> > dane@ietf.org
> > https://www.ietf.org/mailman/listinfo/dane
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org
>
> _______________________________________________
> dane mailing list
> dane@ietf.org
> https://www.ietf.org/mailman/listinfo/dane
>

v2.23.0 | Report a Bug | By Email