Re: [dane] Payment association records
Warren Kumari <warren@kumari.net> Wed, 11 March 2015 10:46 UTC
Return-Path: <warren@kumari.net>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 043551A8714 for <dane@ietfa.amsl.com>; Wed, 11 Mar 2015 03:46:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level:
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JgRv3YRTKXK7 for <dane@ietfa.amsl.com>; Wed, 11 Mar 2015 03:46:36 -0700 (PDT)
Received: from mail-wi0-f178.google.com (mail-wi0-f178.google.com [209.85.212.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 277791ACDE6 for <dane@ietf.org>; Wed, 11 Mar 2015 03:46:35 -0700 (PDT)
Received: by wiwl15 with SMTP id l15so10583328wiw.0 for <dane@ietf.org>; Wed, 11 Mar 2015 03:46:33 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=3F4KS+tfMpnHiiRNIdb8Zsm84FfSP/37c0JEHPlU1zQ=; b=areKzDMrRoNpCYEmQdpKaDL5SIBD7Dy8fSwpw3eMicdB6NWuInC4BaNt9yL/jkTb95 QJ1REEPSxlWs/u67WPxz2mbT/v3nHehDRBi/BRwRPDo9zrPwWCljD3kQNMfWHMjaAo74 XnYb7UjCEyBcT4gsNGqWA9ofJgtpH6TotQmFHbXCbND2A320HUZ+cK6yxRNZsMx9886P Sf6MA3z/IJ2XPR396dn686fJH7jL/mMssVh754z+08FURWQUrqHZVba4YstFZ1Cv4hI2 wPcD3UUzzfbuz2QTFVBQg5YE047ln3e6mD1iX9BNrYtOQkC7m556PxWVrxI4bVRFkl6o wavw==
X-Gm-Message-State: ALoCoQkyb3F7ql5zlNlYfeQrUbW9NvadOCVx/CsMyiivuM3zwU2HbYuVQZuhwqcNE0ecDRsw/c8E
MIME-Version: 1.0
X-Received: by 10.180.85.70 with SMTP id f6mr65588861wiz.22.1426070793743; Wed, 11 Mar 2015 03:46:33 -0700 (PDT)
Received: by 10.194.110.97 with HTTP; Wed, 11 Mar 2015 03:46:33 -0700 (PDT)
In-Reply-To: <D124E6D8.72BF%gwiley@verisign.com>
References: <D124E6D8.72BF%gwiley@verisign.com>
Date: Wed, 11 Mar 2015 06:46:33 -0400
Message-ID: <CAHw9_i+gUnKhZPjokHtqpnuWzG+=RsZnfr=juCpkjsdJtfUsYg@mail.gmail.com>
From: Warren Kumari <warren@kumari.net>
To: "Wiley, Glen" <gwiley@verisign.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/dane/Ex2BFUBmWKYJ6dUDdtCLLn527Tg>
Cc: "dane@ietf.org" <dane@ietf.org>
Subject: Re: [dane] Payment association records
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Mar 2015 10:46:42 -0000
On Tue, Mar 10, 2015 at 6:21 PM, Wiley, Glen <gwiley@verisign.com> wrote: > A few of us have put some work into an 00 draft describing a DANE like RR > that would provide an association for payment information via the DNS. The > abstract from the draft reads: > > There is no standard, interoperable method for associating Internet service > identifiers with payment information. This document specifies a means for > retrieving information sufficient for a party to render payment using > various payment networks given the recipient's email address by leveraging > the DNS to securely publish payment information in a payment association > record. A payment association record associates an Internet service > identifier such as an email address with payment information such as an > account number or Bitcoin address. > > Our draft is in the tracker: > https://tools.ietf.org/html/draft-wiley-paymentassoc-00 > And I’d like to get some feedback from folks on this to see what we can do > to make this an effective tool. > > There are a number of elements that need to be fleshed out and we have more > content in the works to address specific use cases. > > Looking forward to hearing from folks. <no hats> Personally I really like the idea -- I'm not quite sure about all the details though. I've had a few instances where people have wanted to send me money and I've had to explain that I use PayPal and my email address is warren@kumari.net (BTW, this is accurate, if anyone feels the need to test it, feel free to send me some dosh :-)). Having a way to make that easier / more automated would be nice... I'm a little confused about a few aspects though. I happen to run my own domain, and so am in control of the DNS for that, but I'm in the tiny minority. Let's say that I use my ISP's provided email address, so I'm bob@example.com. Unfortunately example.com is slightly sketchy, and has been going through some rough times financially. What's to stop example.com creating hash(224, bob)._pmta.example.com. IN PMTA <ACH_routing_for_example.com> or *._pmta.example.com. IN PMTA <ACH_routing_for_example.com> ? They could even claim that they are being helpful and collecting the money on your behalf, and if you simply send them a notarized, triplicated request, along with a $19.99 handling fee they will release this these funds to you... Yes, this is a somewhat related issue to publishing SMIMEA or OPENPGPKEY record, but this deals directly with money, and so I have more concerns about it being used abusively. -openpgpkey- also says: "Therefore, an OpenPGP key obtained via an OPENPGPKEY record can only be trusted as much as the DNS domain can be trusted, and is no substitute for in-person key verification of the "Web of Trust"" I don't really see this could be extended to verifying payment info. </no hats> <chair hat> This (unfortunately) doesn't really seem to fit within the DANE charter, which sates: The WG will specify the use of DANE for protocols that use SRV to express service location. The WG will specify DANE use for SMTP, SMIME, OPENPGP, IPSEC and other base electronic mail protocols such as (IMAP or POP). The DANE WG shall also produce a set of implementation guidance for operators and tool developers. ... DANE is not intended to be a long-lived catch-all WG for all public key distribution in DNS issues and so will generally not adopt new work items without re-chartering. I'm in no way opposed to discussing the draft here, but we'd need to first finish some other work, and then discuss if DANE wants to recharter before we could take this on as a WG item (I note that you haven't proposed it be a WG item, but wanted to head off the "DANE cannot do this because..." discussion). </ chair hat> > -- > Glen Wiley > Principal Engineer > Verisign, Inc. > (571) 230-7917 > > A5E5 E373 3C75 5B3E 2E24 > 6A0F DC65 2354 9946 C63A > > _______________________________________________ > dane mailing list > dane@ietf.org > https://www.ietf.org/mailman/listinfo/dane > -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf
- Re: [dane] Payment association records Wiley, Glen
- Re: [dane] Payment association records John R Levine
- Re: [dane] Payment association records Wiley, Glen
- [dane] Payment association records Wiley, Glen
- Re: [dane] Payment association records Falcon Darkstar Momot
- Re: [dane] Payment association records Warren Kumari
- Re: [dane] Payment association records John Levine
- Re: [dane] Payment association records Mark Andrews
- Re: [dane] Payment association records Wiley, Glen
- Re: [dane] Payment association records Wiley, Glen
- Re: [dane] Payment association records Wiley, Glen
- Re: [dane] Payment association records John R Levine