[dane] draft-wouters-dane-openpgp-01 review

Olafur Gudmundsson <ogud@ogud.com> Mon, 06 January 2014 18:25 UTC

Return-Path: <ogud@ogud.com>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 22E581AE168 for <dane@ietfa.amsl.com>; Mon, 6 Jan 2014 10:25:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.499
X-Spam-Status: No, score=-0.499 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id lEYxPtiB6ROi for <dane@ietfa.amsl.com>; Mon, 6 Jan 2014 10:25:30 -0800 (PST)
Received: from smtp124.ord1c.emailsrvr.com (smtp124.ord1c.emailsrvr.com []) by ietfa.amsl.com (Postfix) with ESMTP id 69A6C1AE0F7 for <dane@ietf.org>; Mon, 6 Jan 2014 10:25:30 -0800 (PST)
Received: from localhost (localhost.localdomain []) by smtp8.relay.ord1c.emailsrvr.com (SMTP Server) with ESMTP id DF2961A0096 for <dane@ietf.org>; Mon, 6 Jan 2014 13:25:21 -0500 (EST)
X-Virus-Scanned: OK
Received: by smtp8.relay.ord1c.emailsrvr.com (Authenticated sender: ogud-AT-ogud.com) with ESMTPSA id 74C081A018E for <dane@ietf.org>; Mon, 6 Jan 2014 13:25:20 -0500 (EST)
From: Olafur Gudmundsson <ogud@ogud.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_1A8A55E5-D662-4D4A-B0B3-392BA70304A9"
Message-Id: <E05CBC7F-1B37-49A0-9E27-D2B52BFA48A9@ogud.com>
Date: Mon, 6 Jan 2014 13:25:24 -0500
To: "dane@ietf.org list" <dane@ietf.org>
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
X-Mailer: Apple Mail (2.1510)
Subject: [dane] draft-wouters-dane-openpgp-01 review
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Jan 2014 18:25:33 -0000

This is an interesting draft and looks like a  good idea, 

I just reviewed the draft with an eye if it is ready to be used as reference for DNS RRYTPE template submission. 

The draft specifies that Presentation Format for the RRTYPE is Base64 (good) 
The draft specifies that the WIRE Format for the RRTYPE is Base64 (bad) 

I suggest that the draft be expanded to talk about Presentation format and Wire Format separately. 
Making this change in the draft will require that Paul needs to update his tool that he released today. 

Nits and questions: 
Section 3 says: "If an an OPENPGPKEY RR contains an expired OpenPGP
   public key, it MUST NOT be used for encryption." 

Suggest: "SHOULD" instead 

Section 3.1 I propose that this section be moved into Section 4, leaving only 
3 and 3.2 in section 3. 
Section 3 then only defines the DNS RR 
Section 4 then deals with location of the records in zones and how to convert "email address" into
DNS labels. 

Section 4.4 (KEY size and record size issues) is orthogonal to section 4. and should (it you keep it) become a new section
on usage and operational guidance. 
In addition to talk about key size it should recommend that a user SHOULD only have one Active record, i.e. the key
it wants others to use to use for encryption. 

Section 7: should become an appendix (how to generate a record) 

Question: Transitioning trust from old key to new key is not covered in this draft, should it ?