Re: [dane] draft-wouters-dane-openpgp-01 review

Mark Andrews <marka@isc.org> Tue, 07 January 2014 06:31 UTC

Return-Path: <marka@isc.org>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 81C721AE44F for <dane@ietfa.amsl.com>; Mon, 6 Jan 2014 22:31:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.339
X-Spam-Level:
X-Spam-Status: No, score=-1.339 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, J_CHICKENPOX_44=0.6, J_CHICKENPOX_48=0.6, RP_MATCHES_RCVD=-0.538, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q8AllCD3tLrr for <dane@ietfa.amsl.com>; Mon, 6 Jan 2014 22:31:25 -0800 (PST)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) by ietfa.amsl.com (Postfix) with ESMTP id 5139B1AE44D for <dane@ietf.org>; Mon, 6 Jan 2014 22:31:25 -0800 (PST)
Received: from mx.pao1.isc.org (localhost [127.0.0.1]) by mx.pao1.isc.org (Postfix) with ESMTP id DD739C949D for <dane@ietf.org>; Tue, 7 Jan 2014 06:31:03 +0000 (UTC) (envelope-from marka@isc.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=isc.org; s=dkim2012; t=1389076276; bh=mET37LMUnvFPwS50lptHu67v+XjgJOdN5R4Lo027vXk=; h=To:From:References:Subject:In-reply-to:Date; b=NQL2rZ2VLmpMy+zhj5+wOG5wxbGljAmMoxYPpufgqR2ylGDYUNFZEJwRRLcbdDAfJ G8kYBPtGEgPySbz0VfHxoYZ5ojLZXZm9WuGpQ2C5YMhYyPRb4Whlsq/eqaZ0FD5maL 8PKm1grjIssKSJpOYkoslZSHVv1dR7vFgkKwSOeg=
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) by mx.pao1.isc.org (Postfix) with ESMTP for <dane@ietf.org>; Tue, 7 Jan 2014 06:31:03 +0000 (UTC) (envelope-from marka@isc.org)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 72410160446 for <dane@ietf.org>; Tue, 7 Jan 2014 06:41:21 +0000 (UTC)
Received: from rock.dv.isc.org (c211-30-183-50.carlnfd1.nsw.optusnet.com.au [211.30.183.50]) by zmx1.isc.org (Postfix) with ESMTPSA id 44E0416042E for <dane@ietf.org>; Tue, 7 Jan 2014 06:41:21 +0000 (UTC)
Received: from rock.dv.isc.org (localhost [IPv6:::1]) by rock.dv.isc.org (Postfix) with ESMTP id 82D61C7A081 for <dane@ietf.org>; Tue, 7 Jan 2014 17:32:13 +1100 (EST)
To: dane@ietf.org
From: Mark Andrews <marka@isc.org>
References: <E05CBC7F-1B37-49A0-9E27-D2B52BFA48A9@ogud.com> <20140107021142.A6C6BC772A3@rock.dv.isc.org> <alpine.LFD.2.10.1401062246300.5833@bofh.nohats.ca> <20140107052724.4EBA9C79C09@rock.dv.isc.org> <20140107054402.GW2317@mournblade.imrryr.org>
In-reply-to: Your message of "Tue, 07 Jan 2014 05:44:02 -0000." <20140107054402.GW2317@mournblade.imrryr.org>
Date: Tue, 07 Jan 2014 17:32:13 +1100
Message-Id: <20140107063213.82D61C7A081@rock.dv.isc.org>
X-DCC--Metrics: post.isc.org; whitelist
Subject: Re: [dane] draft-wouters-dane-openpgp-01 review
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Jan 2014 06:31:26 -0000

In message <20140107054402.GW2317@mournblade.imrryr.org>rg>, Viktor Dukhovni write
s:
> On Tue, Jan 07, 2014 at 04:27:24PM +1100, Mark Andrews wrote:
> 
> > > I don't think so? The "+" sign as magic "this is the same user as"
> > > is also not a feature supported by all SMTP servers or specified in
> > > a standard, correct? And people might want to use different keys for
> > > paul+personal versus paul+ietf.
> > 
> > And this is not a decision that needs to made by us.  This is a decision
> > that should be made by the publisher of the data.  One could even have
> > a rule which says "if *+* try as is and on nxdomain try /\(*\)+*/\1/"
> 
> Sorry, CMU-style address extensions are a local matter entirely
> outside the world of email standards.  On some domains "+" is
> special, on other domains "-", and others still some other convenient
> character not used in real email addresses.

All of which is irrelevent provided you can encode that into a policy
which can be transmitted.

> It is not possible to handle these without substantially complicating
> the logic.  One would have to query the domain for the domain's
> recipient delimiter first, and then for the address.

So.  One of the reasons to go with base32 and not raw binary is
that the DNS does normalisation which is potentially different to
the normalisation done by the SMTP server.

At a minimum we should be able to specifying "no normalisation" vs
"case fold" (and which direction) for ascii LHS.

Yes, it makes things more complicated but the real world is
complicated.

Remember that one is comparing this to a SRV record which points
to a key server that does all the normalisation required to return
the correct key 100% of the time.

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org