IETF Logo Mail Archive

Re: [dane] AD review of draft-ietf-dane-openpgpkey-03

Paul Wouters <paul@nohats.ca> Thu, 25 June 2015 13:53 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6BFF51A88FD for <dane@ietfa.amsl.com>; Thu, 25 Jun 2015 06:53:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.01
X-Spam-Level:
X-Spam-Status: No, score=-4.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, GB_I_LETTER=-2, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9RmzOuLBrZBl for <dane@ietfa.amsl.com>; Thu, 25 Jun 2015 06:53:08 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [IPv6:2a03:6000:1004:1::68]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A1D0B1A88F6 for <dane@ietf.org>; Thu, 25 Jun 2015 06:53:08 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3mHN8f5RDXz7LY; Thu, 25 Jun 2015 15:53:06 +0200 (CEST)
Authentication-Results: mx.nohats.ca; dkim=pass (1024-bit key) header.d=nohats.ca header.i=@nohats.ca header.b=dlJisd3M
X-OPENPGPKEY: Message passed unmodified
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id AdvLb_GoQ46X; Thu, 25 Jun 2015 15:53:03 +0200 (CEST)
Received: from bofh.nohats.ca (206-248-139-105.dsl.teksavvy.com [206.248.139.105]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Thu, 25 Jun 2015 15:53:02 +0200 (CEST)
Received: from bofh.nohats.ca (bofh.nohats.ca [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id BEF4F80058; Thu, 25 Jun 2015 09:53:01 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1435240381; bh=8FwsSFfVAcr67kc2jgc5cr4ThKWZ9ejOzX280hbgkPo=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=dlJisd3M9uiTD4TBR+LrSkDMPe3yQl22nuT4IrtQp2LhJjksVc+Pt8xi9huKlPXJj NE52J300LLsoogE7kidcPSWmmPeSd6Fyl1LUXy153mbf22s6goBmq2RpFKg9Mcrts9 1hjY4czFWBF+RIiIC4EFU8YAaIysDae3yA7WhILU=
Received: from localhost (paul@localhost) by bofh.nohats.ca (8.15.1/8.15.1/Submit) with ESMTP id t5PDr1w3021733; Thu, 25 Jun 2015 09:53:01 -0400
X-Authentication-Warning: bofh.nohats.ca: paul owned process doing -bs
Date: Thu, 25 Jun 2015 09:53:01 -0400
From: Paul Wouters <paul@nohats.ca>
To: dane WG list <dane@ietf.org>
In-Reply-To: <20150625022147.91282.qmail@ary.lan>
Message-ID: <alpine.LFD.2.11.1506250932250.21537@bofh.nohats.ca>
References: <20150625022147.91282.qmail@ary.lan>
User-Agent: Alpine 2.11 (LFD 23 2013-08-11)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
Archived-At: <http://mailarchive.ietf.org/arch/msg/dane/SPp5RXtk4oYa1aQxYyD-AsePoZ8>
Subject: Re: [dane] AD review of draft-ietf-dane-openpgpkey-03
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Jun 2015 13:53:11 -0000

On Wed, 25 Jun 2015, John Levine wrote:


> In hashes, you might want to do some back of the envelope calcuations
> about how many CNAMEs you'd need to cover even a modest number of dots
> and case variations.
>
> Speaking of case folding, I note that nobody here seems to understand
> UTF-8 and EAI.

 	"This sort of misrepresentation of what other people [have said] is
  	 extremely unhelpful."

> Really, it matters.  If you think it doesn't, please
> add a sentence saying "This specification MUST NOT be implemented in
> any country where languages other than English and Hawaiian are in
> use" since those are the only ones that can be written in ASCII.

I'm at ICANN53 and talked to some of the people that are well versed
in EAI, such as Asmus Freytag, Hirofumi Hotta and Wil Tan.

There is apparently only one language where lowercasing can change the
meaning of a letter and that is Turkish (with the letter I)

Their recommendation was to only lowercase for ascii and to normalize
everything else, then hash (or base32/split)

Normalization seems to be a proper way of doing things. Some references:

https://tools.ietf.org/html/draft-dainow-eai-email-clients-00#section-5
https://tools.ietf.org/html/draft-ietf-eai-rfc5335bis-08#section-2.2
https://tools.ietf.org/html/draft-klensin-net-utf8-09

So my suggestion is to recommend normalization and refer to
draft-dainow-eai-email-clients and draft-klensin-net-utf8

I still feel that using this ruleset, using a hash seems fine, but if
people really feel that live signing DNSSEC servers talking to live mail
servers is a thing that must be supported instead of that use case being
handed of to a separate webfinger document, I could go with base32/split
as well.

I'll try to run into Warren again here at ICAN and see how and when he
would like me to update the document.

Paul

v2.23.0 | Report a Bug | By Email