IETF Logo Mail Archive

Re: [dane] Start of WGLC for draft-ietf-dane-openpgpkey - *please* review.

Viktor Dukhovni <ietf-dane@dukhovni.org> Sat, 21 February 2015 02:23 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A72BF1A19E3 for <dane@ietfa.amsl.com>; Fri, 20 Feb 2015 18:23:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HB5X8Je6jI5l for <dane@ietfa.amsl.com>; Fri, 20 Feb 2015 18:23:32 -0800 (PST)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7CF0A1A005D for <dane@ietf.org>; Fri, 20 Feb 2015 18:23:32 -0800 (PST)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id 023FE282D5F; Sat, 21 Feb 2015 02:23:31 +0000 (UTC)
Date: Sat, 21 Feb 2015 02:23:30 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: dane@ietf.org
Message-ID: <20150221022330.GN1260@mournblade.imrryr.org>
References: <CAHw9_iJPuG23Aok7V_wcAMirua_DPDLHy01tnd+DaUqEeK3NZA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CAHw9_iJPuG23Aok7V_wcAMirua_DPDLHy01tnd+DaUqEeK3NZA@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/dane/62OF3IDunCZcSeCAb5MXXD1LeRE>
Subject: Re: [dane] Start of WGLC for draft-ietf-dane-openpgpkey - *please* review.
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: dane@ietf.org
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 21 Feb 2015 02:23:34 -0000

On Fri, Feb 20, 2015 at 03:30:05PM -0500, Warren Kumari wrote:

> Please review this draft to see if you think it is ready for
> publication and send comments to the list, clearly stating your view.

Comments:

* The below does not mention the hex encoding of the digest.  Compare with SMIMEA:

   OPENPGPKEY:

    3.  Location of the OpenPGPKEY record

       Email addresses are mapped into DNS using the following method:

       1.  The user name (the "left-hand side" of the email address, called
	   the "local-part" in the mail message format definition [RFC2822]
	   and the "local part" in the specification for internationalized
	   email [RFC6530]), is hashed using the SHA2-224 [RFC5754]
	   algorithm to become the left-most label in the prepared domain
	   name.  This does not include the at symbol ("@") that separates
	   the left and right sides of the email address.

   SMIMEA:

	   The user name (the "left-hand side" of the email address, called
	   the "local-part" in the mail message format definition [RFC2822]
	   and the "local part" in the specification for internationalized
	   email [RFC6530]), is hashed using the SHA2-224 [RFC5754]
	   algorithm (with the hash being represented in its hexadecimal
	   representation, to become the left-most label in the prepared
	   domain name.  This does not include the "@" character that
	   separates the left and right sides of the email address.  The
	   string that is used for the local part is a Unicode string
	   encoded in UTF-8.

* Grammar nit replace "its" with "their" or rephrase:

    5.1.  Email address information leak

       Email addresses are not secret.  Using them causes its publication.

* Forward security vouching for long-term keys

    There's a typo in the first word of the highlighted paragraph:

	5.2.  Forward security of OpenPGP versus DNSSEC

	   [...]

	   Therefor, an OpenPGP key obtained via an OPENPGPKEY
	   record can only be trusted as much as the DNS domain
	   can be trusted, and are no substitute for in-person key
	   verification of the "Web of Trust".  See [OPENPGPKEY-USAGE]
	   for more in-depth information on safe usage of OPENPGPKEY
	   based OpenPGP keys.

    An complementary approach is to not use the retrieved OpenPGP
    key beyond the signature lifetime of the OPENPGPKEY RRset RRSIG
    record.  Keys obtained from DNS should be refreshed as often
    as is practical (ideally before encrypting each message) and
    never used beyond the RRSIG lifetime.  Were the RRSIG in question
    signed by an attacker, only messages signed before the key is
    refreshed are compromised.  Of course this requires that PGP
    user agent software track the provenance and cache lifetime of
    keys obtained via DNS.

* Encoding tools:

	Appendix A.  Generating OPENPGPKEY records

	   gpg --export --export-options export-minimal \
	       hugh@example.com | base64

  the "openssl base64" command is an alternative on many other platforms.
  Later the examples don't yet use the newly allocated TYPE61:

       These values can then be used to generate a generic record (line
       break has been added for formatting):

       <SHA2-224(hugh)>._openpgpkey.example.com. IN TYPE65280 \# \
	   <numOctets> <keydata in hex>

       ...

       ~> openpgpkey --output generic hugh@example.com
       8d[...]b7._openpgpkey.example.com. IN TYPE65280 \# 2313 99008d03[...]

  the type should of course now be TYPE61.  May as well give a
  recipe for generating "SHA2-224(hugh)":

       printf "%s" hugh |
	   openssl dgst -sha224 -binary |
	   hexdump -ve '/1 "%.2x"' -e '/28 "\n"'

-- 
	Viktor.

v2.23.0 | Report a Bug | By Email