IETF Logo Mail Archive

Re: [dane] Payment association records

Warren Kumari <warren@kumari.net> Wed, 11 March 2015 10:46 UTC

Return-Path: <warren@kumari.net>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 043551A8714 for <dane@ietfa.amsl.com>; Wed, 11 Mar 2015 03:46:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level:
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JgRv3YRTKXK7 for <dane@ietfa.amsl.com>; Wed, 11 Mar 2015 03:46:36 -0700 (PDT)
Received: from mail-wi0-f178.google.com (mail-wi0-f178.google.com [209.85.212.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 277791ACDE6 for <dane@ietf.org>; Wed, 11 Mar 2015 03:46:35 -0700 (PDT)
Received: by wiwl15 with SMTP id l15so10583328wiw.0 for <dane@ietf.org>; Wed, 11 Mar 2015 03:46:33 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=3F4KS+tfMpnHiiRNIdb8Zsm84FfSP/37c0JEHPlU1zQ=; b=areKzDMrRoNpCYEmQdpKaDL5SIBD7Dy8fSwpw3eMicdB6NWuInC4BaNt9yL/jkTb95 QJ1REEPSxlWs/u67WPxz2mbT/v3nHehDRBi/BRwRPDo9zrPwWCljD3kQNMfWHMjaAo74 XnYb7UjCEyBcT4gsNGqWA9ofJgtpH6TotQmFHbXCbND2A320HUZ+cK6yxRNZsMx9886P Sf6MA3z/IJ2XPR396dn686fJH7jL/mMssVh754z+08FURWQUrqHZVba4YstFZ1Cv4hI2 wPcD3UUzzfbuz2QTFVBQg5YE047ln3e6mD1iX9BNrYtOQkC7m556PxWVrxI4bVRFkl6o wavw==
X-Gm-Message-State: ALoCoQkyb3F7ql5zlNlYfeQrUbW9NvadOCVx/CsMyiivuM3zwU2HbYuVQZuhwqcNE0ecDRsw/c8E
MIME-Version: 1.0
X-Received: by 10.180.85.70 with SMTP id f6mr65588861wiz.22.1426070793743; Wed, 11 Mar 2015 03:46:33 -0700 (PDT)
Received: by 10.194.110.97 with HTTP; Wed, 11 Mar 2015 03:46:33 -0700 (PDT)
In-Reply-To: <D124E6D8.72BF%gwiley@verisign.com>
References: <D124E6D8.72BF%gwiley@verisign.com>
Date: Wed, 11 Mar 2015 06:46:33 -0400
Message-ID: <CAHw9_i+gUnKhZPjokHtqpnuWzG+=RsZnfr=juCpkjsdJtfUsYg@mail.gmail.com>
From: Warren Kumari <warren@kumari.net>
To: "Wiley, Glen" <gwiley@verisign.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/dane/Ex2BFUBmWKYJ6dUDdtCLLn527Tg>
Cc: "dane@ietf.org" <dane@ietf.org>
Subject: Re: [dane] Payment association records
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Mar 2015 10:46:42 -0000

On Tue, Mar 10, 2015 at 6:21 PM, Wiley, Glen <gwiley@verisign.com> wrote:
> A few of us have put some work into an 00 draft describing a DANE like RR
> that would provide an association for payment information via the DNS. The
> abstract from the draft reads:
>
> There is no standard, interoperable method for associating Internet service
> identifiers with payment information.  This document  specifies a means for
> retrieving information sufficient for a party to render payment using
> various payment networks given the recipient's email address by leveraging
> the DNS to securely publish payment information in a payment association
> record.  A payment association record associates an Internet service
> identifier such as an email address with payment information such as an
> account number or Bitcoin address.
>
> Our draft is in the tracker:
>   https://tools.ietf.org/html/draft-wiley-paymentassoc-00
> And I’d like to get some feedback from folks on this to see what we can do
> to make this an effective tool.
>
> There are a number of elements that need to be fleshed out and we have more
> content in the works to address specific use cases.
>
> Looking forward to hearing from folks.

<no hats>
Personally I really like the idea -- I'm not quite sure about all the
details though.
I've had a few instances where people have wanted to send me money and
I've had to explain that I use PayPal and my email address is
warren@kumari.net (BTW, this is accurate, if anyone feels the need to
test it, feel free to send me some dosh :-)). Having a way to make
that easier / more automated would be nice...

I'm a little confused about a few aspects though.
I happen to run my own domain, and so am in control of the DNS for
that, but I'm in the tiny minority. Let's say that I use my ISP's
provided email address, so I'm bob@example.com. Unfortunately
example.com is slightly sketchy, and has been going through some rough
times financially.
What's to stop example.com creating hash(224, bob)._pmta.example.com.
IN PMTA <ACH_routing_for_example.com> or
*._pmta.example.com. IN PMTA <ACH_routing_for_example.com> ?
They could even claim that they are being helpful and collecting the
money on your behalf, and if you simply send them a notarized,
triplicated request, along with a $19.99 handling fee they will
release this these funds to you...

Yes, this is a somewhat related issue to publishing SMIMEA or
OPENPGPKEY record, but this deals directly with money, and so I have
more concerns about it being used abusively.
-openpgpkey- also says:
"Therefore, an OpenPGP key obtained via an OPENPGPKEY record can only
be trusted as much as the DNS domain can be trusted, and is no
substitute for in-person key verification of the "Web of Trust""
I don't really see this could be extended to verifying payment info.
</no hats>

<chair hat>
This (unfortunately) doesn't really seem to fit within the DANE
charter, which sates:
The WG will specify the use of DANE
for protocols that use SRV to express service location. The WG will
specify DANE use for SMTP, SMIME, OPENPGP, IPSEC and
other base electronic mail protocols such as (IMAP or POP). The
DANE WG shall also produce a set of implementation guidance
for operators and tool developers.
...
DANE is not intended to be a long-lived catch-all WG for all
public key distribution in DNS issues and so will generally not
adopt new work items without re-chartering.


I'm in no way opposed to discussing the draft here, but we'd need to
first finish some other work, and then discuss if DANE wants to
recharter before we could take this on as a WG item (I note that you
haven't proposed it be a WG item, but wanted to head off the "DANE
cannot do this because..." discussion).

</ chair hat>



> --
> Glen Wiley
> Principal Engineer
> Verisign, Inc.
> (571) 230-7917
>
> A5E5 E373 3C75 5B3E 2E24
> 6A0F DC65 2354 9946 C63A
>
> _______________________________________________
> dane mailing list
> dane@ietf.org
> https://www.ietf.org/mailman/listinfo/dane
>



-- 
I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.
   ---maf

v2.23.0 | Report a Bug | By Email