[dane] Comments on draft-wouters-dane-openpgp-02
Rene Bartsch <ml@bartschnet.de> Mon, 28 July 2014 11:39 UTC
Return-Path: <ml@bartschnet.de>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C6C21A014F for <dane@ietfa.amsl.com>; Mon, 28 Jul 2014 04:39:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.149
X-Spam-Level: *
X-Spam-Status: No, score=1.149 tagged_above=-999 required=5 tests=[BAYES_50=0.8, HELO_EQ_DE=0.35, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7huA0VD4JrIx for <dane@ietfa.amsl.com>; Mon, 28 Jul 2014 04:39:33 -0700 (PDT)
Received: from triangulum.uberspace.de (triangulum.uberspace.de [95.143.172.227]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F13C21A014C for <dane@ietf.org>; Mon, 28 Jul 2014 04:39:32 -0700 (PDT)
Received: (qmail 24192 invoked from network); 28 Jul 2014 11:39:31 -0000
Received: from localhost (HELO www.bartschnet.de) (127.0.0.1) by triangulum.uberspace.de with SMTP; 28 Jul 2014 11:39:31 -0000
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Content-Transfer-Encoding: 7bit
Date: Mon, 28 Jul 2014 13:39:30 +0200
From: Rene Bartsch <ml@bartschnet.de>
To: dane@ietf.org
Message-ID: <1d002b9795bf8f9946f1375fef78abd6@triangulum.uberspace.de>
X-Sender: ml@bartschnet.de
User-Agent: Roundcube Webmail/1.0.1
Archived-At: http://mailarchive.ietf.org/arch/msg/dane/R9CRaoLet8AtfTL3eEfFH9-dJo0
Subject: [dane] Comments on draft-wouters-dane-openpgp-02
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Jul 2014 11:41:28 -0000
Hello, I've three suggestions on draft-wouters-dane-openpgp-02: 1. email domain providers MUST provide a secure API/interface to customers to provide a personal OpenPGP public key 2. MTAs/SPAM detection systems MUST check if the tupel "sender email address" <-> "sender OpenPGP public key" matches and MUST reject the email in case it does not match with signed messages to prevent address forgery and SPAM. 3. Security considerations: The IANA has control over the DNSSEC root keys. As the IANA is bound to US law, US government agencies probably have access to the DNSSEC root keys and are capable to manipulate the OpenPGP keys signed with DNSSEC. -- Best regards, Renne Rene Bartsch, B. Sc. Informatics
- [dane] Comments on draft-wouters-dane-openpgp-02 Rene Bartsch
- Re: [dane] Comments on draft-wouters-dane-openpgp… Paul Wouters
- Re: [dane] Comments on draft-wouters-dane-openpgp… Paul Wouters
- Re: [dane] Comments on draft-wouters-dane-openpgp… Martin Rex
- [dane] Manipulation of DNSSEC by US government po… Rene Bartsch
- Re: [dane] Comments on draft-wouters-dane-openpgp… Viktor Dukhovni
- Re: [dane] Manipulation of DNSSEC by US governmen… Paul Wouters
- Re: [dane] Manipulation of DNSSEC by US governmen… Nico Williams
- Re: [dane] Manipulation of DNSSEC by US governmen… Olafur Gudmundsson
- Re: [dane] Manipulation of DNSSEC by US governmen… Rene Bartsch
- Re: [dane] Manipulation of DNSSEC by US governmen… Wiley, Glen
- Re: [dane] Manipulation of DNSSEC by US governmen… Mark Andrews
- Re: [dane] Manipulation of DNSSEC by US governmen… Rene Bartsch
- Re: [dane] Manipulation of DNSSEC by US governmen… Mark Andrews
- Re: [dane] Manipulation of DNSSEC by US governmen… Paul Wouters
- Re: [dane] Manipulation of DNSSEC by US governmen… Rene Bartsch
- Re: [dane] Manipulation of DNSSEC by US governmen… John Gilmore
- Re: [dane] Manipulation of DNSSEC by US governmen… Paul Wouters
- Re: [dane] Manipulation of DNSSEC by US governmen… Stephen Kent
- Re: [dane] Manipulation of DNSSEC by US governmen… Nico Williams