IETF Logo Mail Archive

Re: [dane] Second WGLC draft-ietf-dane-smime

"John R Levine" <johnl@taugh.com> Mon, 21 November 2016 16:17 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E4BEF129472 for <dane@ietfa.amsl.com>; Mon, 21 Nov 2016 08:17:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=UR8MYbo1; dkim=pass (1536-bit key) header.d=taugh.com header.b=ve4olIs/
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vtGBE43f00IK for <dane@ietfa.amsl.com>; Mon, 21 Nov 2016 08:17:18 -0800 (PST)
Received: from miucha.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 50AC8129627 for <dane@ietf.org>; Mon, 21 Nov 2016 08:17:18 -0800 (PST)
Received: (qmail 14736 invoked from network); 21 Nov 2016 16:17:20 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=398f.58331e10.k1611; bh=tITT30dlwXVbUC0hQGXjwNLOz2nw76eUWZozd1ULic0=; b=UR8MYbo1iLY7j3X3M1EGoHkKeh0065AUWFgM006pNl3eR8GByEw4NCAA11xvLy2ip90VYzjDhKBXJV2vxSejnSmWWfwJAhG0oc+2vlmtz65ZmA0wyfzK9vYaX0pa+kisb0F7ajsP5uvHgtRrQrY54/JO9c0vCyOPr+YAbJrBgifHamegMJtx/Hvo/b5T9X0LFXSF+jYU3BjFMg9Z5qU+ACS0SkfuFu28KMC+mY2ohcsJcvLI0ZXiEfERUAxQk6/1
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=398f.58331e10.k1611; bh=tITT30dlwXVbUC0hQGXjwNLOz2nw76eUWZozd1ULic0=; b=ve4olIs/QDlWviXMTXLj/2IW11nQIQXgTPx/yQSW5Pezqocc7K3ufwUVl4WdJLaD5bgvucXJyoX0gVxeenFZ32hLc+aCSnsO2t+22WyMoodGrBU8wUMu6ux+kD6b2YdV7FC24Te+sL9OxY0Ke+7xbRlNQA9/Z2pqd82suid/bXMb4MAyCKACRd43B5y51MfGR/Y96JdxbGOVq5AuzFh+UL8YNCztUP+RS46Eo0mTe8WaWo/VE2bQj/snVZ/aVgVs
Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.0/X.509/SHA1) via TCP6; 21 Nov 2016 16:17:20 -0000
Date: Mon, 21 Nov 2016 11:17:16 -0500
Message-ID: <alpine.OSX.2.11.1611211113570.18423@ary.qy>
From: John R Levine <johnl@taugh.com>
To: "Garfinkel, Simson L. \\(Fed\\)" <simson.garfinkel@nist.gov>
In-Reply-To: <C10FEAC0-E6F7-4216-A0FA-DE4893773D89@nist.gov>
References: <20161121145803.79462.qmail@ary.lan> <C10FEAC0-E6F7-4216-A0FA-DE4893773D89@nist.gov>
User-Agent: Alpine 2.11 (OSX 23 2013-08-11)
MIME-Version: 1.0
Content-Type: MULTIPART/MIXED; BOUNDARY="0-504509057-1479745037=:18423"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dane/1I6fLWPf_0IY7tvPuoZqa89OIwk>
Cc: "dane@ietf.org" <dane@ietf.org>
Subject: Re: [dane] Second WGLC draft-ietf-dane-smime
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Nov 2016 16:17:20 -0000

> I didn’t mean to misrepresent what you said. I was simply trying to 
> simplify the argument.  I’m sorry if I got it wrong. How would you 
> rephrase it?

There's all sorts of reasons you wouldn't want your mail provider to read 
your mail.  As I said in an example, Gmail is mostly reliable but we don't 
know what secret subpoenas they might get.

> I am in agreement with you that the document assumes that domains are the authorities of the identities of their users. I concur that the document should explicitly state this. Email addresses have become an identifier that is in many ways superior to other identifiers, such as SSNs and Driver License #s, because they can be proved by an individual’s ability to receive email at a specific address. For the same reason, mobile telephone numbers are also quickly becoming persistent identifiers.  Email addresses have an advantage over mobile telephone numbers in that there are more of them and they are easily changed as necessary.
>
> Would you support advancing the draft it is explicitly stated this assumption?

No.  It has other fatal flaws, discussed at length in the past. Better key 
distribution is a fine idea, but this isn't the way to do it.

Regards,
John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly

v2.23.0 | Report a Bug | By Email