Re: [dane] Start of WGLC for draft-ietf-dane-openpgpkey - *please* review.
"Jim Schaad" <ietf@augustcellars.com> Mon, 23 February 2015 20:40 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3540E1A6F04 for <dane@ietfa.amsl.com>; Mon, 23 Feb 2015 12:40:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FhPobx5HUKB2 for <dane@ietfa.amsl.com>; Mon, 23 Feb 2015 12:40:17 -0800 (PST)
Received: from smtp3.pacifier.net (smtp3.pacifier.net [64.255.237.177]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 10D241A6F03 for <dane@ietf.org>; Mon, 23 Feb 2015 12:40:17 -0800 (PST)
Received: from Philemon (winery.augustcellars.com [206.212.239.129]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: jimsch@nwlink.com) by smtp3.pacifier.net (Postfix) with ESMTPSA id 85CF938EA5; Mon, 23 Feb 2015 12:40:16 -0800 (PST)
From: Jim Schaad <ietf@augustcellars.com>
To: 'Warren Kumari' <warren@kumari.net>, dane@ietf.org
References: <CAHw9_iJPuG23Aok7V_wcAMirua_DPDLHy01tnd+DaUqEeK3NZA@mail.gmail.com> <001a01d04f19$b0292e90$107b8bb0$@augustcellars.com> <20150223035230.GD1260@mournblade.imrryr.org> <001b01d04f1c$f626c940$e2745bc0$@augustcellars.com> <20150223040833.GF1260@mournblade.imrryr.org> <CAHw9_iJ167aCbpW=Fni0h_vsWLcWQVLC1P7vkr6X0cmAV9zG=g@mail.gmail.com>
In-Reply-To: <CAHw9_iJ167aCbpW=Fni0h_vsWLcWQVLC1P7vkr6X0cmAV9zG=g@mail.gmail.com>
Date: Mon, 23 Feb 2015 12:39:24 -0800
Message-ID: <001501d04fa8$cffdef50$6ff9cdf0$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQGZrEAk8fO9l7kPFCFwPwE9DoqVVgHou59QAh//qxkCbLzqVwI4KR+7AojFI5CdEkDvMA==
Content-Language: en-us
Archived-At: <http://mailarchive.ietf.org/arch/msg/dane/MZv5WPCI5pv_75FTV6U3sBuvkGI>
Subject: Re: [dane] Start of WGLC for draft-ietf-dane-openpgpkey - *please* review.
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Feb 2015 20:40:19 -0000
> -----Original Message----- > From: dane [mailto:dane-bounces@ietf.org] On Behalf Of Warren Kumari > Sent: Monday, February 23, 2015 9:31 AM > To: <dane@ietf.org> > Subject: Re: [dane] Start of WGLC for draft-ietf-dane-openpgpkey - *please* > review. > > [ Meta top post ] > > I'd like to also draw attention to the "companion" document draft-ietf-dane- > openpgpkey-usage ( http://datatracker.ietf.org/doc/draft-ietf-dane- > openpgpkey-usage/ ), which describes usage of openpgpkey records, and > following CNAMES. > > On Sun, Feb 22, 2015 at 11:08 PM, Viktor Dukhovni <ietf- > dane@dukhovni.org> wrote: > > On Sun, Feb 22, 2015 at 07:58:19PM -0800, Jim Schaad wrote: > > > >> I am on a case sensitive receiving domain. > >> There are two recipients - JimSch and jimsch on the domain. > >> jimsch has a record but JimSch does not. > >> I now try and send mail to JimSch but get a key for jimsch. > > > > You forgot to hash the tag with the case-folded name. > > > > Speaking of which, IIRC neither the OPENPGPKEY nor the SMIMEA draft > > explicitly mentions what to do about quoted localparts: > > > > "Sam.Jr."@example.com > > > > The localpart is not a dot-atom, and thus requires double-quotes. > > My contention is that in this case the input to SHA2-224 MUST include > > the quotes: > > > > SHA2-224("Sam.Jr.") > > > > not > > > > SHA2-224("Sam.Jr.") > > > > In this case the simplest tagging scheme is: > > > > JimSch - unfolded hash input > > jimsch@lowercase - folded hash input > > > > any email address of the form: > > > > "jimsch@lowercase"@example.com > > > > would be hashed together with the quotes! > > > > I don't have a pointer to my original proposal handy, check the > > archives. It is something along these lines. > > I *think* that the proposal is in this email: > http://www.ietf.org/mail-archive/web/dane/current/msg07163.html > (Viktor, 11 Dec 2014) > > This seemed to be mostly met with acceptance (or, at least closer than many > of the other options!), but didn't address the user+tag@ or > johnsmith=john.smith=jo.hn.sm.th special hanging the gMail does. > A potential, but icky solution to those could be synthesized records. If we are going to deal with these cases then there are number of other problems that need to be addressed. Specifically the fact that there is going to be a problem matching of email addresses found in the PGP key ring and those that are on the to/from line of a mail message. MUAs have traditionally just done simple comparisons of names, they are not going to be able to handle the type of thing where google starts removing periods from the name. A person is going to say - send me that and here is my address. If it has funny things in it, that is going to need to be matched in the PGP key ring. I don't know how common that is for PGP, but it was rare in the S/MIME world when I was doing work there. Even case folding is not a requirement for S/MIME clients on doing name comparisons of the address in the headers as compared with the address in the certificate. There are two different names that needs to be dealt with: 1. The name the owner of the mail box thinks that is being used. 2. The name that mail system thinks is being used for the mail box. If these names differ by more than case, then there are going to be a great number of failures in comparisons between from and to fields and the email address in either a certificate or a key ring. While there are stupid folding rules that have been implemented by different systems. They are going to lead to problems if they are not recognized by the owner of the mail box. If I think the address is John.Doe@google.com and put that into a key ring and the From address is JohnDoe@google.com then there is never going to a successful match by an MUA to begin with. Jim > > I'd just like to note that having a single rule for mapping ascii addresses (e.g > lowercase, s/\.//g, s/\+.*// ) sure would have been nice. Next time > someone has access to a time machine... > > W > > > > > -- > > Viktor. > > > > _______________________________________________ > > dane mailing list > > dane@ietf.org > > https://www.ietf.org/mailman/listinfo/dane > > > > -- > I don't think the execution is relevant when it was obviously a bad idea in the > first place. > This is like putting rabid weasels in your pants, and later expressing regret at > having chosen those particular rabid weasels and that pair of pants. > ---maf > > _______________________________________________ > dane mailing list > dane@ietf.org > https://www.ietf.org/mailman/listinfo/dane
- Re: [dane] Start of WGLC for draft-ietf-dane-open… Warren Kumari
- Re: [dane] Start of WGLC for draft-ietf-dane-open… Alexey Melnikov
- Re: [dane] Start of WGLC for draft-ietf-dane-open… Warren Kumari
- Re: [dane] Start of WGLC for draft-ietf-dane-open… Paul Wouters
- Re: [dane] Start of WGLC for draft-ietf-dane-open… John Levine
- Re: [dane] Start of WGLC for draft-ietf-dane-open… Viktor Dukhovni
- Re: [dane] Start of WGLC for draft-ietf-dane-open… Brian Dickson
- Re: [dane] Start of WGLC for draft-ietf-dane-open… Petr Spacek
- [dane] Start of WGLC for draft-ietf-dane-openpgpk… Warren Kumari
- Re: [dane] Start of WGLC for draft-ietf-dane-open… James Cloos
- Re: [dane] Start of WGLC for draft-ietf-dane-open… Viktor Dukhovni
- Re: [dane] Start of WGLC for draft-ietf-dane-open… Paul Wouters
- Re: [dane] Start of WGLC for draft-ietf-dane-open… Viktor Dukhovni
- Re: [dane] Start of WGLC for draft-ietf-dane-open… Brian Dickson
- Re: [dane] Start of WGLC for draft-ietf-dane-open… Paul Wouters
- Re: [dane] Start of WGLC for draft-ietf-dane-open… Paul Wouters
- Re: [dane] Start of WGLC for draft-ietf-dane-open… Viktor Dukhovni
- Re: [dane] Start of WGLC for draft-ietf-dane-open… Brian Dickson
- Re: [dane] Start of WGLC for draft-ietf-dane-open… Viktor Dukhovni
- Re: [dane] Start of WGLC for draft-ietf-dane-open… Brian Dickson
- Re: [dane] Start of WGLC for draft-ietf-dane-open… Jim Schaad
- Re: [dane] Start of WGLC for draft-ietf-dane-open… Viktor Dukhovni
- Re: [dane] Start of WGLC for draft-ietf-dane-open… Jim Schaad
- Re: [dane] Start of WGLC for draft-ietf-dane-open… Viktor Dukhovni
- Re: [dane] Start of WGLC for draft-ietf-dane-open… Warren Kumari
- Re: [dane] Start of WGLC for draft-ietf-dane-open… Jim Schaad
- Re: [dane] Start of WGLC for draft-ietf-dane-open… Viktor Dukhovni
- Re: [dane] Start of WGLC for draft-ietf-dane-open… Jim Schaad
- Re: [dane] Start of WGLC for draft-ietf-dane-open… Brian Dickson
- Re: [dane] Start of WGLC for draft-ietf-dane-open… Viktor Dukhovni
- Re: [dane] Start of WGLC for draft-ietf-dane-open… Rose, Scott W.
- Re: [dane] Start of WGLC for draft-ietf-dane-open… Warren Kumari
- Re: [dane] Start of WGLC for draft-ietf-dane-open… Warren Kumari
- Re: [dane] Start of WGLC for draft-ietf-dane-open… Paul Wouters
- Re: [dane] Start of WGLC for draft-ietf-dane-open… Paul Wouters
- Re: [dane] Start of WGLC for draft-ietf-dane-open… Viktor Dukhovni
- Re: [dane] Start of WGLC for draft-ietf-dane-open… Paul Wouters
- Re: [dane] Start of WGLC for draft-ietf-dane-open… Viktor Dukhovni
- Re: [dane] Start of WGLC for draft-ietf-dane-open… Brian Dickson
- Re: [dane] Start of WGLC for draft-ietf-dane-open… Viktor Dukhovni
- Re: [dane] Start of WGLC for draft-ietf-dane-open… Brian Dickson
- Re: [dane] Start of WGLC for draft-ietf-dane-open… Coyo
- Re: [dane] Start of WGLC for draft-ietf-dane-open… Petr Spacek
- Re: [dane] Start of WGLC for draft-ietf-dane-open… Paul Wouters
- Re: [dane] Start of WGLC for draft-ietf-dane-open… Petr Spacek
- Re: [dane] Start of WGLC for draft-ietf-dane-open… Paul Hoffman
- Re: [dane] Start of WGLC for draft-ietf-dane-open… Paul Hoffman
- Re: [dane] Start of WGLC for draft-ietf-dane-open… Lyndon Nerenberg
- Re: [dane] Start of WGLC for draft-ietf-dane-open… Paul Wouters
- Re: [dane] Start of WGLC for draft-ietf-dane-open… Jon Callas
- Re: [dane] Start of WGLC for draft-ietf-dane-open… Warren Kumari
- Re: [dane] Start of WGLC for draft-ietf-dane-open… Paul Wouters
- Re: [dane] Start of WGLC for draft-ietf-dane-open… Paul Hoffman
- Re: [dane] Start of WGLC for draft-ietf-dane-open… Alexey Melnikov
- Re: [dane] Start of WGLC for draft-ietf-dane-open… Paul Wouters
- Re: [dane] Start of WGLC for draft-ietf-dane-open… James Cloos
- Re: [dane] Start of WGLC for draft-ietf-dane-open… Rose, Scott W.
- Re: [dane] Start of WGLC for draft-ietf-dane-open… Pieter Lexis
- Re: [dane] Start of WGLC for draft-ietf-dane-open… Paul Wouters