IETF Logo Mail Archive

Re: [dane] [openpgp] The DANE draft

Viktor Dukhovni <ietf-dane@dukhovni.org> Thu, 06 August 2015 15:47 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 702221B3A88 for <dane@ietfa.amsl.com>; Thu, 6 Aug 2015 08:47:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sIECbEnfph2B for <dane@ietfa.amsl.com>; Thu, 6 Aug 2015 08:47:44 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4A5E71B3AA7 for <dane@ietf.org>; Thu, 6 Aug 2015 08:47:26 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id F3FE5284D85; Thu, 6 Aug 2015 15:47:24 +0000 (UTC)
Date: Thu, 06 Aug 2015 15:47:24 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: dane@ietf.org
Message-ID: <20150806154724.GG9139@mournblade.imrryr.org>
References: <87bnf1hair.fsf@alice.fifthhorseman.net> <alpine.LFD.2.11.1507250832510.854@bofh.nohats.ca> <87bnem2xjq.fsf@alice.fifthhorseman.net> <alpine.LFD.2.11.1508050331340.1451@bofh.nohats.ca> <55C1F35A.5070904@cs.tcd.ie> <B7419740-25C9-4F8D-85AE-FC6E11BCC038@vpnc.org> <55C22D64.9080507@strotmann.de> <alpine.LFD.2.11.1508060417450.16408@bofh.nohats.ca> <20150806163914546863148@cnnic.cn> <alpine.LFD.2.11.1508060447180.16408@bofh.nohats.ca>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <alpine.LFD.2.11.1508060447180.16408@bofh.nohats.ca>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/dane/8yMNbLLSIJo7bn2mHpW-ZzLlo3o>
Subject: Re: [dane] [openpgp] The DANE draft
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: dane@ietf.org
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Aug 2015 15:47:45 -0000

On Thu, Aug 06, 2015 at 04:54:24AM -0400, Paul Wouters wrote:

> I really do believe that the hashing is not an affective security
> meassure.

Agreed.  Wishful thinking does not make it true.  Just because we'd
like to sprinkle crypto pixie dust to make magic happen, does not
mean it will happen.

Hashes may sound more secure, but they're not really more secure,
no matter how much we'd like them to be.

-- 
	Viktor.

v2.23.0 | Report a Bug | By Email