IETF Logo Mail Archive

[dane] Comments on draft-wouters-dane-openpgp-02

Rene Bartsch <ml@bartschnet.de> Mon, 28 July 2014 11:39 UTC

Return-Path: <ml@bartschnet.de>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C6C21A014F for <dane@ietfa.amsl.com>; Mon, 28 Jul 2014 04:39:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.149
X-Spam-Level: *
X-Spam-Status: No, score=1.149 tagged_above=-999 required=5 tests=[BAYES_50=0.8, HELO_EQ_DE=0.35, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7huA0VD4JrIx for <dane@ietfa.amsl.com>; Mon, 28 Jul 2014 04:39:33 -0700 (PDT)
Received: from triangulum.uberspace.de (triangulum.uberspace.de [95.143.172.227]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F13C21A014C for <dane@ietf.org>; Mon, 28 Jul 2014 04:39:32 -0700 (PDT)
Received: (qmail 24192 invoked from network); 28 Jul 2014 11:39:31 -0000
Received: from localhost (HELO www.bartschnet.de) (127.0.0.1) by triangulum.uberspace.de with SMTP; 28 Jul 2014 11:39:31 -0000
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Content-Transfer-Encoding: 7bit
Date: Mon, 28 Jul 2014 13:39:30 +0200
From: Rene Bartsch <ml@bartschnet.de>
To: dane@ietf.org
Message-ID: <1d002b9795bf8f9946f1375fef78abd6@triangulum.uberspace.de>
X-Sender: ml@bartschnet.de
User-Agent: Roundcube Webmail/1.0.1
Archived-At: http://mailarchive.ietf.org/arch/msg/dane/R9CRaoLet8AtfTL3eEfFH9-dJo0
Subject: [dane] Comments on draft-wouters-dane-openpgp-02
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Jul 2014 11:41:28 -0000

Hello,

I've three suggestions on draft-wouters-dane-openpgp-02:

1. email domain providers MUST provide a secure API/interface to 
customers to provide a personal OpenPGP public key

2. MTAs/SPAM detection systems MUST check if the tupel "sender email 
address" <-> "sender OpenPGP public key" matches and MUST reject the 
email in case it does not match with signed messages to prevent address 
forgery and SPAM.

3. Security considerations: The IANA has control over the DNSSEC root 
keys. As the IANA is bound to US law, US government agencies probably 
have access to the DNSSEC root keys and are capable to manipulate the 
OpenPGP keys signed with DNSSEC.

-- 
Best regards,

Renne


Rene Bartsch, B. Sc. Informatics

v2.23.0 | Report a Bug | By Email