Re: [dane] OPENPGP --- Privacy considerations
Viktor Dukhovni <ietf-dane@dukhovni.org> Sat, 01 August 2015 16:37 UTC
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C31A21A0025 for <dane@ietfa.amsl.com>; Sat, 1 Aug 2015 09:37:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NHonx7b48raa for <dane@ietfa.amsl.com>; Sat, 1 Aug 2015 09:37:20 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DA8D51A0011 for <dane@ietf.org>; Sat, 1 Aug 2015 09:37:19 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id 8FE3A284D64; Sat, 1 Aug 2015 16:37:18 +0000 (UTC)
Date: Sat, 01 Aug 2015 16:37:18 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: dane@ietf.org
Message-ID: <20150801163718.GC4347@mournblade.imrryr.org>
References: <1437580854.052529954@apps.rackspace.com> <814D0BFB77D95844A01CA29B44CBF8A7015D2DD4@lhreml504-mbs> <4FEE7B8C-F482-4FB8-824E-26B26D30BAD7@powerdns.com> <20150731182209.GB18811@sys4.de> <000601d0cc2d$3c8c80e0$b5a582a0$@rozanak.com> <20150801131604.GC18811@sys4.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20150801131604.GC18811@sys4.de>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/dane/IJlWg73R4phqdUhj_NRQSMt4E88>
Subject: Re: [dane] OPENPGP --- Privacy considerations
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: dane@ietf.org
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 01 Aug 2015 16:37:21 -0000
On Sat, Aug 01, 2015 at 03:16:04PM +0200, Florian Kirstein wrote: > Did you read my full email? Thats EXACTLY what I wrote in a later > paragraph. And it's the reason I wrote I vote for sha. And even would > prefer iterations there %) And see the risk of rainbow tables used > to reverse those. My original proposal that introduced hashes for the local part suggested hashing the full email address to help thwart rainbow tables. That was not accepted, because it does not support domain equivalence via DNAME aliases. And we've failed to reach consensus on even a single layer of hashing just the local part. There is, however reluctant, some consensus around base32. No matter what storage encoding of the localpart is used, a passive wiretap will reveal the domain of each correspondent's key lookup, and whether that correspondent is new or one that was looked up previously. This is inherent in using a cleartext DNS query protocol. How important is support for such equivalent domains, relative to potential privacy gains? There is no privacy for lookups of DNS data, until the transmission channel is somehow encrypted, but even then, unless your local resolver avoids forwarding all queries to the ISP, the ISP resolver has the plaintext of all DNS queries. There was some recent discussion of https://tools.ietf.org/html/draft-moore-email-addrquery-01 on the IETF UTA list. As written in that draft the MSA learns the plaintext of all key lookups, but this is not a data leak, because in short order the MSA will see the envelope of the final outbound message. With STARTTLS on increasingly more SMTP hops, localpart data is modestly well protected (passive wiretaps may be able to distinguish between long and short envelope recipient addresses based on the sizes of TLS packets unless random padding is used to extend such packets to hide the plaintext length). Protection from traffic analysis requires Tor (or better). So trade-offs are inevitable, and evidently make reaching consensus difficult. In the UTA discussion, I am running into irrational fear of DNSSEC, and I think an unreasonable goal of eliminating the MSA as a trusted party. Always using the MSA as a proxy would I believe significantly improve the scalability and abuse resistane of the protocol. Without the complexity of end-to-end payload signing, the MSA would need to be trusted. It may be possible to add end-to-end signing, but not clear how without DANE publishing the signing keys, and stapled DANE responses between MUA and MSA. Given the clear DNSSEC animus of at least some of the parties, I don't see a way forward that avoids compromising at least one of the objectives. Time will tell... These are not easy to solve problems. If someone thinks they have a simple solution that does not compromise on any of the design goals, they're probably not thinking hard enough. -- Viktor.
- [dane] OPENPGP and SMIME local part question Olafur Gudmundsson
- Re: [dane] OPENPGP and SMIME local part question Wiley, Glen
- Re: [dane] OPENPGP and SMIME local part question George Michaelson
- Re: [dane] OPENPGP and SMIME local part question James Cloos
- Re: [dane] OPENPGP and SMIME local part question Paul Wouters
- Re: [dane] OPENPGP and SMIME local part question James Cloos
- Re: [dane] OPENPGP and SMIME local part question Osterweil, Eric
- Re: [dane] OPENPGP and SMIME local part question Paul Wouters
- Re: [dane] OPENPGP and SMIME local part question Paul Wouters
- [dane] OPENPGP --- Review draft: draft-ietf-dane-… Hosnieh Rafiee
- [dane] followup: OPENPGP --- Review draft: draft-… Hosnieh Rafiee
- Re: [dane] OPENPGP --- Review draft: draft-ietf-d… Peter van Dijk
- Re: [dane] OPENPGP --- Review draft: draft-ietf-d… Hosnieh Rafiee
- [dane] OPENPGP --- Privacy considerations Florian Kirstein
- Re: [dane] OPENPGP --- Privacy considerations Hosnieh Rafiee
- Re: [dane] OPENPGP --- Privacy considerations Florian Kirstein
- Re: [dane] OPENPGP --- Privacy considerations Viktor Dukhovni
- Re: [dane] OPENPGP and SMIME local part question Florian Kirstein
- Re: [dane] OPENPGP and SMIME local part question Patrik Löhr
- Re: [dane] OPENPGP and SMIME local part question Florian Kirstein
- Re: [dane] OPENPGP and SMIME local part question Christian Huitema
- Re: [dane] followup: OPENPGP --- Review draft: dr… Mark Andrews