Re: [dane] Second WGLC draft-ietf-dane-smime
"Garfinkel, Simson L. (Fed)" <simson.garfinkel@nist.gov> Mon, 21 November 2016 14:33 UTC
Return-Path: <simson.garfinkel@nist.gov>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 58EC6129684 for <dane@ietfa.amsl.com>; Mon, 21 Nov 2016 06:33:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nistgov.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q1c5SyjxvHub for <dane@ietfa.amsl.com>; Mon, 21 Nov 2016 06:33:47 -0800 (PST)
Received: from gcc01-CY1-obe.outbound.protection.outlook.com (mail-cy1gcc01on0119.outbound.protection.outlook.com [23.103.200.119]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5B6E9129677 for <dane@ietf.org>; Mon, 21 Nov 2016 06:33:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Rz4J3q/Y6bxnhDSDsUCSIRHkXj6jrGVdA7+NcU5RTho=; b=tOaxZhb0Z37XONM9JfkS60zjSkkm0NJCDr6CcB+I/1tU1i6eWqwn94FTweBEZR2HbOytT7naXAhKfUQfofIpyk8Gni9YgguS2d/77oOUEvGDtBQOLfmW1ELEGdBMsQ2EMF1rn5MQwyHkt4fOMPZ3sFt9ZCeaFo4Nr0Z2wMvN28I=
Received: from DM2PR09MB0576.namprd09.prod.outlook.com (10.161.252.22) by DM2PR09MB0574.namprd09.prod.outlook.com (10.161.252.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.734.8; Mon, 21 Nov 2016 14:33:46 +0000
Received: from DM2PR09MB0576.namprd09.prod.outlook.com ([10.161.252.22]) by DM2PR09MB0576.namprd09.prod.outlook.com ([10.161.252.22]) with mapi id 15.01.0734.007; Mon, 21 Nov 2016 14:33:46 +0000
From: "Garfinkel, Simson L. (Fed)" <simson.garfinkel@nist.gov>
To: Dane WG <dane@ietf.org>
Thread-Topic: [dane] Second WGLC draft-ietf-dane-smime
Thread-Index: AQHSPjq1S3DkWlbj20OswExOk6brCqDc6uoAgAD/Q4CABSV2AIAAfG6A
Date: Mon, 21 Nov 2016 14:33:45 +0000
Message-ID: <42510095-2182-422E-8A47-1EF3181B16F3@nist.gov>
References: <1479102464.995918272@apps.rackspace.com> <alpine.LRH.2.20.1611170410140.28374@bofh.nohats.ca> <D96EB1EE-A7C6-4C21-B1AC-1D0A5F8547E8@rfc1035.com> <CADyWQ+EC4v5U1tcw3OTd7j2D0KNWveNhsUSGc6c=NvX9VhtRLg@mail.gmail.com>
In-Reply-To: <CADyWQ+EC4v5U1tcw3OTd7j2D0KNWveNhsUSGc6c=NvX9VhtRLg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3124)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=simson.garfinkel@nist.gov;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [129.6.84.113]
x-microsoft-exchange-diagnostics: 1; DM2PR09MB0574; 7:auIYau5tjqc/QOKBOUMYNmWtixqVL3z2+In/h9IHN6dB7fc5Xtp/L25M7L02EfW6cRxEslhRF1WNUALHtbWy3uAp8XvxsiS8n5ADyfcjsDf6IaNMmz8x7AIX571EeVmPH8Iz6VgiEv8sGNtI6J+DV2KMWWbJw0b6GjlSox1I5+d3rLeEjUc75FIgwj1lVxwobRKv/FWGiuGmdLN7L36rEH5smbRQVVBPWImwzQoUMgP972JSuwnm8HufKZWIFy2UE9hiB0aGR+Ni6MwIR9nZOE5tjChIqjbORpYpQS9UeI5G4yRv+RbXLg98XBZgBF4r2bLsmapvg1DU9Dx8OaGgrD627H2gCIkH2ciLBw5RJlU=
x-ms-office365-filtering-correlation-id: 92506602-bbec-46ed-04f3-08d4121b66a1
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001);SRVR:DM2PR09MB0574;
x-microsoft-antispam-prvs: <DM2PR09MB05744F4943ECB1E43F720C20F6B50@DM2PR09MB0574.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(65766998875637);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040307)(6060326)(6045199)(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046)(6055026)(6041248)(6061324); SRVR:DM2PR09MB0574; BCL:0; PCL:0; RULEID:; SRVR:DM2PR09MB0574;
x-forefront-prvs: 01334458E5
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(7916002)(24454002)(377454003)(189002)(199003)(6506003)(2900100001)(6512003)(229853002)(66066001)(77096005)(606004)(76176999)(50986999)(8676002)(99286002)(450100001)(33656002)(38730400001)(7846002)(105586002)(106116001)(106356001)(81166006)(57306001)(50226002)(7736002)(3280700002)(8936002)(81156014)(7906003)(92566002)(189998001)(102836003)(3660700001)(3846002)(97736004)(82746002)(83716003)(101416001)(87936001)(6116002)(68736007)(230783001)(2950100002)(6916009)(93886004)(36756003)(107886002)(2906002)(122556002)(86362001)(110136003)(5660300001)(104396002); DIR:OUT; SFP:1102; SCL:1; SRVR:DM2PR09MB0574; H:DM2PR09MB0576.namprd09.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_425100952182422E8A471EF3181B16F3nistgov_"
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Nov 2016 14:33:45.8165 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR09MB0574
Archived-At: <https://mailarchive.ietf.org/arch/msg/dane/9KkVfeWGbORusRrJcZmPh1bwCyc>
Subject: Re: [dane] Second WGLC draft-ietf-dane-smime
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Nov 2016 14:33:50 -0000
Previously on this list I wrote this to a poster: On Nov 17, 2016, at 9:11 AM, Garfinkel, Simson L. (Fed) <simson.garfinkel@nist.gov<mailto:simson.garfinkel@nist.gov>> wrote: It’s clear that distributing public key certificates is a fundamental problem with the PKI concept. How would solve it such that individuals could obtain certificates for people with whom they have had no previous contact? To summarize the answer I received, there was concern that some email users might be using a legacy email account, not trust their mail provider, and want the assurance of a end-to-end encryption that is asserted by a trustworthy CA. I’ve thought about this response over the weekend and do not find it credible. This answer presupposes a CA system that is not the one that we have. Most CA S/MIME providers authenticate users based on their ability to receive email at a given address. So a hostile email provider intent on intercepting encrypted email could easily spoof even a trusted CA provider into issuing a bogus certificate. I am also concerned about the broad number of CAs that are trusted under the current model. DANE allows the scoping of CA trust. It allows an email provider to say “we only trust this specific CA to issue a certificate, because that’s the CA that we use in our organization.” With a CA-based system that does not use DANE, there is no mechanism for individuals to signal to people with whom they have had no previous contact that a specific CA is in use and another CA is not to be trusted. Given this, I support publication as an experimental RFC. We continue to pursue and support R&D efforts to develop SMIME-based approaches to enterprise email security. Having a stable reference will benefit those efforts. Simson Garfinkel =================== Simson Garfinkel Information Access Division National Institute of Standards and Technology simson.garfinkel@nist.gov<mailto:simson.garfinkel@nist.gov> 202-649-0029 On Nov 21, 2016, at 2:08 AM, tjw ietf <tjw.ietf@gmail.com<mailto:tjw.ietf@gmail.com>> wrote: I've read this document and I support publication. I'm more inclined to publish as Experimental, but I'm not beholden to the correct flavor. tim On Thu, Nov 17, 2016 at 7:33 PM, Jim Reid <jim@rfc1035.com<mailto:jim@rfc1035.com>> wrote: > On 17 Nov 2016, at 09:19, Paul Wouters <paul@nohats.ca<mailto:paul@nohats.ca>> wrote: > > I am in favour of publishing this document as an Experimental RFC. I support publication of this document too: don't care which flavour of RFC is chosen for it. _______________________________________________ dane mailing list dane@ietf.org<mailto:dane@ietf.org> https://www.ietf.org/mailman/listinfo/dane _______________________________________________ dane mailing list dane@ietf.org<mailto:dane@ietf.org> https://www.ietf.org/mailman/listinfo/dane
- [dane] Second WGLC draft-ietf-dane-smime Olafur Gudmundsson
- Re: [dane] Second WGLC draft-ietf-dane-smime Doug Montgomery
- Re: [dane] Second WGLC draft-ietf-dane-smime Edward Lewis
- Re: [dane] Second WGLC draft-ietf-dane-smime John Levine
- Re: [dane] Second WGLC draft-ietf-dane-smime Olafur Gudmundsson
- Re: [dane] Second WGLC draft-ietf-dane-smime Paul Wouters
- Re: [dane] Second WGLC draft-ietf-dane-smime Paul Wouters
- Re: [dane] Second WGLC draft-ietf-dane-smime John Levine
- Re: [dane] Second WGLC draft-ietf-dane-smime Garfinkel, Simson L. (Fed)
- Re: [dane] Second WGLC draft-ietf-dane-smime John R Levine
- Re: [dane] Second WGLC draft-ietf-dane-smime Jim Reid
- Re: [dane] Second WGLC draft-ietf-dane-smime tjw ietf
- Re: [dane] Second WGLC draft-ietf-dane-smime Garfinkel, Simson L. (Fed)
- [dane] direction of effort (was: Re: Second WGLC … Stephen Farrell
- Re: [dane] Second WGLC draft-ietf-dane-smime John Levine
- Re: [dane] Second WGLC draft-ietf-dane-smime Garfinkel, Simson L. (Fed)
- Re: [dane] Second WGLC draft-ietf-dane-smime John R Levine
- Re: [dane] Second WGLC draft-ietf-dane-smime Garfinkel, Simson L. (Fed)
- Re: [dane] Second WGLC draft-ietf-dane-smime John R Levine
- Re: [dane] Second WGLC draft-ietf-dane-smime Matt Miller
- Re: [dane] direction of effort (was: Re: Second W… Peter Gutmann
- Re: [dane] direction of effort Stephen Farrell
- Re: [dane] direction of effort Paul Hoffman
- Re: [dane] direction of effort Stephen Farrell
- [dane] Fwd: Second WGLC draft-ietf-dane-smime Olafur Gudmundsson
- Re: [dane] Fwd: Second WGLC draft-ietf-dane-smime Shumon Huque
- Re: [dane] Fwd: Second WGLC draft-ietf-dane-smime Garfinkel, Simson L. (Fed)
- Re: [dane] direction of effort Martin Rex
- [dane] S/MIME (was: Re: direction of effort) Garfinkel, Simson L. (Fed)
- Re: [dane] direction of effort (was: Re: Second W… Garfinkel, Simson L. (Fed)
- Re: [dane] direction of effort (was: Re: Second W… Viktor Dukhovni