Re: [dane] [openpgp] The DANE draft
Paul Wouters <paul@nohats.ca> Thu, 06 August 2015 08:54 UTC
Return-Path: <paul@nohats.ca>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 28E5B1B2A39; Thu, 6 Aug 2015 01:54:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.01
X-Spam-Level:
X-Spam-Status: No, score=-4.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, GB_I_LETTER=-2, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9fsidvjvlBV8; Thu, 6 Aug 2015 01:54:31 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8E7201B2A33; Thu, 6 Aug 2015 01:54:31 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3mn3Xh5LW7z3Nf; Thu, 6 Aug 2015 10:54:28 +0200 (CEST)
Authentication-Results: mx.nohats.ca; dkim=pass (1024-bit key) header.d=nohats.ca header.i=@nohats.ca header.b=eK4Ar0JS
X-OPENPGPKEY: Message passed unmodified
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id 2wWNJ-tdCu39; Thu, 6 Aug 2015 10:54:27 +0200 (CEST)
Received: from bofh.nohats.ca (206-248-139-105.dsl.teksavvy.com [206.248.139.105]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Thu, 6 Aug 2015 10:54:27 +0200 (CEST)
Received: from bofh.nohats.ca (bofh.nohats.ca [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id CBC29800B3; Thu, 6 Aug 2015 04:54:26 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1438851266; bh=Rjn9sNIKouiZpqO92bzNP403chbcNLexIH13TprNeA0=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=eK4Ar0JSqhQOx2wEtADUievWWmOrmrkuvWdv+nmAzf6Vm1C8eIHhvElpOdKKMQTpg Qny8KklALgCdnpyXnY6bBauCRls23G7S8ySuOLjZVNx92v9ZI8shW8YYM9n4kxeKx3 CmT0i45LZf06bF8MZO1U0i7svAbrfGnatrUoQWjg=
Received: from localhost (paul@localhost) by bofh.nohats.ca (8.15.1/8.15.1/Submit) with ESMTP id t768sOQr025801; Thu, 6 Aug 2015 04:54:26 -0400
X-Authentication-Warning: bofh.nohats.ca: paul owned process doing -bs
Date: Thu, 06 Aug 2015 04:54:24 -0400
From: Paul Wouters <paul@nohats.ca>
To: Jiankang Yao <yaojk@cnnic.cn>
In-Reply-To: <20150806163914546863148@cnnic.cn>
Message-ID: <alpine.LFD.2.11.1508060447180.16408@bofh.nohats.ca>
References: <CAMm+LwhYdBLXM8Td8q8SCnzgwywRgMx3wNKeS_Q0JSN4Lh7rZQ@mail.gmail.com> <87bnf1hair.fsf@alice.fifthhorseman.net> <alpine.LFD.2.11.1507250832510.854@bofh.nohats.ca> <87bnem2xjq.fsf@alice.fifthhorseman.net> <alpine.LFD.2.11.1508050331340.1451@bofh.nohats.ca> <55C1F35A.5070904@cs.tcd.ie> <B7419740-25C9-4F8D-85AE-FC6E11BCC038@vpnc.org> <55C22D64.9080507@strotmann.de>, <alpine.LFD.2.11.1508060417450.16408@bofh.nohats.ca> <20150806163914546863148@cnnic.cn>
User-Agent: Alpine 2.11 (LFD 23 2013-08-11)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="ISO-8859-15"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/dane/93cREC0S9inNloYyqx7xcO4z-ZU>
Cc: IETF OpenPGP <openpgp@ietf.org>, dane <dane@ietf.org>
Subject: Re: [dane] [openpgp] The DANE draft
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Aug 2015 08:54:33 -0000
On Thu, 6 Aug 2015, Jiankang Yao wrote: > if there is a "email zone walking", the email spammer can use this feature to get the valid addrees easily and send trash emails. > If we hope to prevent the spammer from getting the email address easily, the email address should be regarded as secret. So if you use NSEC3 and base32, they need to break the NSEC3 hashing, which has various parameters to make it easier or harder, but all are basically in the range of a few days of GPU cracking. If you use NSEC3 and sha256(LHS) then the work increase is basically making a table for every 8 letter combination and dictionary names which should be far less computations than the NSEC3 breaking. And to defend your email address against this, you have to make it so it is not easilly guessable with known names and that makes it harder to convey your email address verbally to other people - the exact opposite of what you want. Also, the only current alternative for people is to push their email address plaintext to a keyserver. So even with base32, we are increasing the privacy of email addresses of openpgp users. I really do believe that the hashing is not an affective security meassure. Paul
- Re: [dane] [openpgp] The DANE draft Paul Wouters
- Re: [dane] [openpgp] The DANE draft Olafur Gudmundsson
- Re: [dane] [openpgp] The DANE draft Phillip Hallam-Baker
- Re: [dane] [openpgp] The DANE draft Paul Wouters
- Re: [dane] [openpgp] The DANE draft Paul Wouters
- [dane] Is running a DANE nameserver for a TLD as … Coyo
- Re: [dane] Is running a DANE nameserver for a TLD… Viktor Dukhovni
- Re: [dane] Is running a DANE nameserver for a TLD… Coyo
- Re: [dane] [openpgp] The DANE draft Werner Koch
- Re: [dane] Is running a DANE nameserver for a TLD… Wiley, Glen
- Re: [dane] Is running a DANE nameserver for a TLD… Nico Williams
- Re: [dane] The DANE draft Simon Josefsson
- Re: [dane] [openpgp] The DANE draft Paul Wouters
- Re: [dane] [openpgp] The DANE draft Stephen Farrell
- Re: [dane] [openpgp] The DANE draft Patrick Ben Koetter
- Re: [dane] [openpgp] The DANE draft Paul Hoffman
- Re: [dane] [openpgp] The DANE draft Stephen Farrell
- Re: [dane] [openpgp] The DANE draft Carsten Strotmann
- Re: [dane] [openpgp] The DANE draft Paul Hoffman
- Re: [dane] [openpgp] The DANE draft Patrik Löhr
- Re: [dane] [openpgp] The DANE draft Viktor Dukhovni
- Re: [dane] [openpgp] The DANE draft Stephen Farrell
- Re: [dane] [openpgp] The DANE draft Daniel Kahn Gillmor
- Re: [dane] [openpgp] The DANE draft Daniel Kahn Gillmor
- Re: [dane] [openpgp] The DANE draft Paul Wouters
- Re: [dane] [openpgp] The DANE draft Jiankang Yao
- Re: [dane] [openpgp] The DANE draft Hosnieh Rafiee
- Re: [dane] [openpgp] The DANE draft Paul Wouters
- Re: [dane] [openpgp] The DANE draft Hosnieh Rafiee
- Re: [dane] [openpgp] The DANE draft Hosnieh Rafiee
- Re: [dane] [openpgp] The DANE draft Vincent Breitmoser
- Re: [dane] [openpgp] The DANE draft Stephen Farrell
- Re: [dane] [openpgp] The DANE draft Carsten Strotmann
- Re: [dane] [openpgp] The DANE draft Paul Wouters
- Re: [dane] [openpgp] The DANE draft Stephen Farrell
- Re: [dane] [openpgp] The DANE draft Viktor Dukhovni
- Re: [dane] [openpgp] The DANE draft Hosnieh Rafiee
- Re: [dane] [openpgp] The DANE draft Warren Kumari
- Re: [dane] [openpgp] The DANE draft Daniel Kahn Gillmor