Re: [dane] Improving DANE S/MIME Privacy

"John Levine" <johnl@taugh.com> Tue, 11 April 2017 20:02 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D975131444 for <dane@ietfa.amsl.com>; Tue, 11 Apr 2017 13:02:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SYYBlDHvptLt for <dane@ietfa.amsl.com>; Tue, 11 Apr 2017 13:02:16 -0700 (PDT)
Received: from miucha.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7F078130A93 for <dane@ietf.org>; Tue, 11 Apr 2017 13:02:14 -0700 (PDT)
Received: (qmail 7531 invoked from network); 11 Apr 2017 20:02:13 -0000
Received: from unknown (64.57.183.18) by mail1.iecc.com with QMQP; 11 Apr 2017 20:02:13 -0000
Date: Tue, 11 Apr 2017 20:01:51 -0000
Message-ID: <20170411200151.72185.qmail@ary.lan>
From: John Levine <johnl@taugh.com>
To: dane@ietf.org
Cc: alice@domblogger.net
In-Reply-To: <f7332bd5-f003-c828-8f4a-0d543099c872@domblogger.net>
Organization:
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dane/PjhsU9ErTu6voasU2D9WCJqAIis>
Subject: Re: [dane] Improving DANE S/MIME Privacy
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Apr 2017 20:02:17 -0000

In article <f7332bd5-f003-c828-8f4a-0d543099c872@domblogger.net> you write:
>The obvious (and noted) privacy implications are that someone could 
>discover e-mail addresses by rainbow table DNS queries and/or zone walking.

There are a lot easier ways to find e-mail addresses, and the problem
of probing servers to see if addresses are valid has been around for
20 years.  To the extent that we worry about it at all, the mail
community has a lot of countermeasures that we needn't rehash here.

>S/MIME makes use of x.509 certificates, so I suggest using the serial 
>number from the x.509 certificate as a salt with the username before 
>taking the hash.

Uh, what?  If you already have the cert, why do you need to do the
lookup?  And if you don't have the cert, where do you get the salt?

>One of the things I worry about is spammers discovering valid e-mail 
>addresses through the DANE S/MIME and then using the public key of that 
>user to send encrypted malware that can not be filtered on the SMTP 
>servers because it is hidden.

This is not a new or particularly interesting concern.  Many people
have noted that with encrypted mail, all of the spam body checks have
to happen after it's decrypted.  Malware signatures are just one
example of that.

R's,
John