IETF Logo Mail Archive

Re: [dane] PGP security models, was Summary of IETF LC for draft-ietf-dane-openpgpkey

Dave Crocker <dhc@dcrocker.net> Wed, 23 September 2015 15:36 UTC

Return-Path: <dhc@dcrocker.net>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 54A611A6FD1; Wed, 23 Sep 2015 08:36:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p6KBx8IFR7gh; Wed, 23 Sep 2015 08:36:21 -0700 (PDT)
Received: from sbh17.songbird.com (sbh17.songbird.com [72.52.113.17]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 792CC1A700F; Wed, 23 Sep 2015 08:35:47 -0700 (PDT)
Received: from [192.168.1.87] (76-218-10-206.lightspeed.sntcca.sbcglobal.net [76.218.10.206]) (authenticated bits=0) by sbh17.songbird.com (8.13.8/8.13.8) with ESMTP id t8NFZkGB015898 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NOT); Wed, 23 Sep 2015 08:35:47 -0700
To: Sam Hartman <hartmans-ietf@mit.edu>, Randy Bush <randy@psg.com>
References: <20150921172109.19893.qmail@ary.lan> <alpine.LFD.2.20.1509211455150.420@bofh.nohats.ca> <m2pp19ztmu.wl%randy@psg.com> <20150923035731.GZ21942@mournblade.imrryr.org> <m21tdpy2oa.wl%randy@psg.com> <tslk2rhgnni.fsf@mit.edu>
From: Dave Crocker <dhc@dcrocker.net>
Organization: Brandenburg InternetWorking
Message-ID: <5602C6CD.2050200@dcrocker.net>
Date: Wed, 23 Sep 2015 08:35:41 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0
MIME-Version: 1.0
In-Reply-To: <tslk2rhgnni.fsf@mit.edu>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 (sbh17.songbird.com [72.52.113.17]); Wed, 23 Sep 2015 08:35:47 -0700 (PDT)
Archived-At: <http://mailarchive.ietf.org/arch/msg/dane/3YEV36nrkCoeewelm21ISnRMbSk>
Cc: ietf@ietf.org, dane@ietf.org
Subject: Re: [dane] PGP security models, was Summary of IETF LC for draft-ietf-dane-openpgpkey
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: dcrocker@bbiw.net
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Sep 2015 15:36:22 -0000

On 9/23/2015 8:29 AM, Sam Hartman wrote:
> I tend to agree with John and others who have
> suggested the document should be more clear about its assumptions.


Assumptions, models, details, etc., with operational and risk implications.

The document has a number of places that need considerable elaboration
of these.

In the case of the trust model, the document is, apparently, introducing
an entirely new 'model'.

As has been noted, the challenge of local-part handling is another,
surprisingly-basic component to the mechanism that needs careful -- and
complete -- handling in the spec, if the spec is to be a full protocol
specification.

And so on.

d/

-- 
Dave Crocker
Brandenburg InternetWorking
bbiw.net

v2.23.0 | Report a Bug | By Email