Re: [dane] Review of draft-ietf-dane-smime-15
Paul Wouters <paul@nohats.ca> Tue, 07 March 2017 16:26 UTC
Return-Path: <paul@nohats.ca>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 65320129513 for <dane@ietfa.amsl.com>; Tue, 7 Mar 2017 08:26:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 62marq2iVNec for <dane@ietfa.amsl.com>; Tue, 7 Mar 2017 08:26:52 -0800 (PST)
Received: from mx.nohats.ca (mx.nohats.ca [IPv6:2a03:6000:1004:1::68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 028B81294EF for <dane@ietf.org>; Tue, 7 Mar 2017 08:26:52 -0800 (PST)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3vd29P1hfSz3Gd for <dane@ietf.org>; Tue, 7 Mar 2017 17:26:49 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1488904009; bh=0oLjVSQeB9gtoiIMAOL3o6AWicI6jeOq6SsqqXKPjiU=; h=Date:From:To:Subject:In-Reply-To:References; b=BK3BgC6jXSEuFlC4DqCXkl40e/f2T6M/3bzADnBBeoedgy9XULhnxJoKCvoU7TAEU /Vr6D2DF5N6MqqCeYtEwhjpTL/XBDzI4R2eVNEtN+YuJEZxg/48Jb1HUc5gHyoQ8co b/lhiawuE8bts1M+emVwsxsFjJ5lvhli1BlB3PRo=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id gheWCL4Ti5Ci for <dane@ietf.org>; Tue, 7 Mar 2017 17:26:47 +0100 (CET)
Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS for <dane@ietf.org>; Tue, 7 Mar 2017 17:26:46 +0100 (CET)
Received: by bofh.nohats.ca (Postfix, from userid 1000) id 8AA833943A3; Tue, 7 Mar 2017 11:26:45 -0500 (EST)
DKIM-Filter: OpenDKIM Filter v2.11.0 bofh.nohats.ca 8AA833943A3
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 7585340D80EE for <dane@ietf.org>; Tue, 7 Mar 2017 11:26:45 -0500 (EST)
Date: Tue, 07 Mar 2017 11:26:45 -0500
From: Paul Wouters <paul@nohats.ca>
To: dane WG list <dane@ietf.org>
In-Reply-To: <20170301050524.1063.qmail@ary.lan>
Message-ID: <alpine.LRH.2.20.999.1703071120450.8510@bofh.nohats.ca>
References: <20170301050524.1063.qmail@ary.lan>
User-Agent: Alpine 2.20.999 (LRH 202 2017-01-01)
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dane/REdHU7t8S-CB4fDDF6Nq_qB8Clo>
Subject: Re: [dane] Review of draft-ietf-dane-smime-15
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Mar 2017 16:26:57 -0000
On Wed, 1 Mar 2017, John Levine wrote: > They're experiments. I'd think it'd be useful for the experiments to > see whether salted or unsalted hashes work better (or worse.) The experimental RFC for OPENPGPKEY is out already, and it does not support salting. So I don't know how you would experiment with that. If you are saying, since OPENPGPKEY uses unsalted, so let's pick salted for the SMIMEA experiment, I'd say that's unwise and goes against the wishes of the authors of both documents to use the same lookup method. It would also be mostly tested the operator, and no anything that goes over the wire, so it would be pretty subjective and non-statistical relevant. And I would predict the following outcome: Experiment with 1 zone: both work great! Experiment with many zones: Really happy using DNAME, so did not use salted. With fedorahosted.org, fedorapeople.org, fedoraproject.org, I was already in the latter category. Paul
- [dane] Review of draft-ietf-dane-smime-15 Dale Worley
- Re: [dane] [Gen-art] Review of draft-ietf-dane-sm… Dale R. Worley
- Re: [dane] Review of draft-ietf-dane-smime-15 Paul Wouters
- Re: [dane] Review of draft-ietf-dane-smime-15 Dale R. Worley
- Re: [dane] [Gen-art] Review of draft-ietf-dane-sm… Dale R. Worley
- Re: [dane] Review of draft-ietf-dane-smime-15 Paul Wouters
- Re: [dane] Review of draft-ietf-dane-smime-15 John Levine
- Re: [dane] Review of draft-ietf-dane-smime-15 Paul Wouters
- Re: [dane] Review of draft-ietf-dane-smime-15 John Levine
- Re: [dane] Review of draft-ietf-dane-smime-15 Stephen Farrell
- Re: [dane] Review of draft-ietf-dane-smime-15 Paul Hoffman
- Re: [dane] Review of draft-ietf-dane-smime-15 Dale R. Worley