IETF Logo Mail Archive

Re: [dane] hash truncated to 28 octets

Hosnieh Rafiee <hosnieh.rafiee@huawei.com> Tue, 04 August 2015 08:19 UTC

Return-Path: <hosnieh.rafiee@huawei.com>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0EB221B3710 for <dane@ietfa.amsl.com>; Tue, 4 Aug 2015 01:19:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.211
X-Spam-Level:
X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ku8F8XhoNk43 for <dane@ietfa.amsl.com>; Tue, 4 Aug 2015 01:19:51 -0700 (PDT)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6D2911B36FF for <dane@ietf.org>; Tue, 4 Aug 2015 01:19:47 -0700 (PDT)
Received: from 172.18.7.190 (EHLO lhreml405-hub.china.huawei.com) ([172.18.7.190]) by lhrrg02-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id BVV34635; Tue, 04 Aug 2015 08:13:37 +0000 (GMT)
Received: from LHREML504-MBS.china.huawei.com ([10.125.30.107]) by lhreml405-hub.china.huawei.com ([10.201.5.242]) with mapi id 14.03.0235.001; Tue, 4 Aug 2015 09:13:27 +0100
From: Hosnieh Rafiee <hosnieh.rafiee@huawei.com>
To: Paul Wouters <paul@nohats.ca>
Thread-Topic: [dane] hash truncated to 28 octets
Thread-Index: AQHQzlrMhdSAGdPWTkezS9Y3k/SzVp37ZwEAgAASuDA=
Date: Tue, 04 Aug 2015 08:13:27 +0000
Message-ID: <814D0BFB77D95844A01CA29B44CBF8A7015D3B80@lhreml504-mbs>
References: <2015080410094450139169@cnnic.cn> <alpine.LFD.2.11.1508040347480.9978@bofh.nohats.ca>
In-Reply-To: <alpine.LFD.2.11.1508040347480.9978@bofh.nohats.ca>
Accept-Language: en-US, zh-CN
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.221.82.162]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <http://mailarchive.ietf.org/arch/msg/dane/6yeG3oV0xmKsoXDdAm5AqtbL7FA>
Cc: dane <dane@ietf.org>
Subject: Re: [dane] hash truncated to 28 octets
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Aug 2015 08:19:53 -0000

> I think if you have 100.000 email addresses in one domain, the chance
> of collision would be pretty small. but non-zero.
> 
> anyway, we will use base32 split encoding in the next version of the
> draft.

What about the privacy? Leave it alone without thinking at all about privacy and say that other WGs are taking care of this so why we should bother outselves?
Is it a right way to do this!? We all know that, if we are so optimistic and say that Dprive can come up with a good solution very quickly, it takes time that all systems implement and support it (if we say there will be no problem at all or any new attacks), We have seen how fast a security system is deployed and supported , let's not go so far and back to the history of DNSSEC... .

 To be realistic, this will result in either no implementation of this approach in mail system until the privacy is clear or not enabling this approach, although, it is there because it has even no weak privacy protection. Therefore, the old way of key exchange is preferable over this one.

Best,
Hosnieh

v2.23.0 | Report a Bug | By Email