Re: [dane] I-D Action: draft-ietf-dane-smime-03.txt

> -----Original Message-----
> From: dane [mailto:dane-bounces@ietf.org] On Behalf Of Viktor Dukhovni
> Sent: Thursday, February 06, 2014 1:58 PM
> To: dane@ietf.org
> Subject: Re: [dane] I-D Action: draft-ietf-dane-smime-03.txt
> 
> On Thu, Feb 06, 2014 at 10:51:28PM +0100, Jakob Schlyter wrote:
> 
> > On 6 feb 2014, at 20:53, Viktor Dukhovni <viktor1dane@dukhovni.org>
> wrote:
> >
> > > Switching gears, was any consensus reached on the endoing of the
> > > query label?  A truncated HMAC seems to offer better usability than
> > > base32.  I think that the specification is in good shape, modulo the
> > > query label encoding.
> >
> > Yes, we're looking at doing a plain sha224 for the LHS lookup instead
> > of base32. Paul Wouters will provide some draft text for both
> > documents (S/MIME & PGP). I would [not] say we have consensus for
> > HMAC-sha224 yet, but that's something we can discuss further.
> 
> I think that HMAC-sha224 would be wiser, since otherwise a single
dictionary
> works for all domains.  The key should be the domain name.  The question
is I
> think not whether HMAC is necessary, but rather whether it is sufficient,
one
> might argue for iterated HMAC with a reasonably high iteration count
> (unfortunately fixed, but Moore's law will end any day now, ... promise! )

A trivial way to avoid the global dictionary is to simply hash the email
address - that is both the local part and the domain.  This would make it
unique for each domain.

Jim

> 
> --
> 	Viktor.
> _______________________________________________
> dane mailing list
> dane@ietf.org
> https://www.ietf.org/mailman/listinfo/dane