Re: [dane] Feature creep for draft-ietf-dane-smime
Viktor Dukhovni <viktor1dane@dukhovni.org> Thu, 13 February 2014 18:24 UTC
Return-Path: <viktor1dane@dukhovni.org>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B80C1A03AB for <dane@ietfa.amsl.com>; Thu, 13 Feb 2014 10:24:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fIAf7PPbROxx for <dane@ietfa.amsl.com>; Thu, 13 Feb 2014 10:24:55 -0800 (PST)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) by ietfa.amsl.com (Postfix) with ESMTP id 0762B1A03A7 for <dane@ietf.org>; Thu, 13 Feb 2014 10:24:54 -0800 (PST)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id 7445D2AB22D; Thu, 13 Feb 2014 18:24:53 +0000 (UTC)
Date: Thu, 13 Feb 2014 18:24:53 +0000
From: Viktor Dukhovni <viktor1dane@dukhovni.org>
To: "<dane@ietf.org>" <dane@ietf.org>
Message-ID: <20140213182453.GP278@mournblade.imrryr.org>
References: <11698F58-B554-4CC8-872F-D2A3BF08986C@kirei.se> <20140206215742.GF278@mournblade.imrryr.org> <07a801cf23a1$a5b62c00$f1228400$@augustcellars.com> <E52467C0-3B6A-45D6-AFAB-6A103E587350@vpnc.org> <20140207020201.GJ278@mournblade.imrryr.org> <alpine.LFD.2.10.1402071258500.21252@bofh.nohats.ca> <20140207184155.GQ278@mournblade.imrryr.org> <66FEEA7D-D815-4536-A141-189F2CB705B9@vpnc.org> <20140207194933.GS278@mournblade.imrryr.org> <0DCAEFBA-E9A6-4CC8-9D9D-DB03F309C0BC@verisign.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <0DCAEFBA-E9A6-4CC8-9D9D-DB03F309C0BC@verisign.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: http://mailarchive.ietf.org/arch/msg/dane/WANGS1IX6s77ZpsyXSAIMxfCQPc
Subject: Re: [dane] Feature creep for draft-ietf-dane-smime
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: dane@ietf.org
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Feb 2014 18:24:57 -0000
On Thu, Feb 13, 2014 at 06:19:15PM +0000, Osterweil, Eric wrote: > > Either way of computing the hash of the full address, rather than > > just the local part adds no complexity, and makes off-line attacks > > more difficult (per site dictionaries, rather than global dictionaries). > > This is a free win. There's simply no reason not to. > > I have to say that I agree with Paul here. I think the epsilon > increase in security is nice, but not at the cost of the additional > operational complexity. However, the hashing-only approach has > the nice side effect of fixing the label length. That _does_ seem > to solve a problem w/o some of the additional complexity. My vote > would be hashing-only approach over Base32 and HMAC. In an off-list IM discussion, Paul H. and I reached consensus on local-part only hashing. His argument is based on the introduction of root zone DNAME RRs that create equivalence between large subtrees of the DNS namespace. Users will likely expect these to result in equivalence of email addresses, ... so having SMIMEA lookup labels that work relative to multiple equivalent domain FQDNs is then a requirement. So I withdraw the suggestion to salt the lookup key with the domain. -- Viktor.
- [dane] I-D Action: draft-ietf-dane-smime-03.txt internet-drafts
- Re: [dane] I-D Action: draft-ietf-dane-smime-03.t… Scott Rose
- Re: [dane] I-D Action: draft-ietf-dane-smime-03.t… Paul Hoffman
- Re: [dane] I-D Action: draft-ietf-dane-smime-03.t… Scott Rose
- Re: [dane] I-D Action: draft-ietf-dane-smime-03.t… Scott Rose
- Re: [dane] I-D Action: draft-ietf-dane-smime-03.t… Osterweil, Eric
- Re: [dane] I-D Action: draft-ietf-dane-smime-03.t… Jakob Schlyter
- Re: [dane] I-D Action: draft-ietf-dane-smime-03.t… Osterweil, Eric
- Re: [dane] I-D Action: draft-ietf-dane-smime-03.t… Viktor Dukhovni
- [dane] draft-ietf-dane-smime and certificate disc… Paul Hoffman
- Re: [dane] draft-ietf-dane-smime and certificate … Osterweil, Eric
- Re: [dane] I-D Action: draft-ietf-dane-smime-03.t… Osterweil, Eric
- Re: [dane] I-D Action: draft-ietf-dane-smime-03.t… Viktor Dukhovni
- Re: [dane] draft-ietf-dane-smime and certificate … Paul Hoffman
- Re: [dane] draft-ietf-dane-smime and certificate … Viktor Dukhovni
- Re: [dane] draft-ietf-dane-smime and certificate … Paul Hoffman
- Re: [dane] draft-ietf-dane-smime and certificate … Viktor Dukhovni
- Re: [dane] draft-ietf-dane-smime and certificate … Paul Hoffman
- Re: [dane] draft-ietf-dane-smime and certificate … Osterweil, Eric
- Re: [dane] draft-ietf-dane-smime and certificate … Osterweil, Eric
- Re: [dane] I-D Action: draft-ietf-dane-smime-03.t… Osterweil, Eric
- Re: [dane] I-D Action: draft-ietf-dane-smime-03.t… Viktor Dukhovni
- Re: [dane] I-D Action: draft-ietf-dane-smime-03.t… Paul Wouters
- Re: [dane] I-D Action: draft-ietf-dane-smime-03.t… Andrew Sullivan
- Re: [dane] I-D Action: draft-ietf-dane-smime-03.t… Viktor Dukhovni
- Re: [dane] I-D Action: draft-ietf-dane-smime-03.t… Andrew Sullivan
- Re: [dane] I-D Action: draft-ietf-dane-smime-03.t… Viktor Dukhovni
- Re: [dane] I-D Action: draft-ietf-dane-smime-03.t… Mark Andrews
- Re: [dane] I-D Action: draft-ietf-dane-smime-03.t… Mark Andrews
- Re: [dane] I-D Action: draft-ietf-dane-smime-03.t… Viktor Dukhovni
- Re: [dane] I-D Action: draft-ietf-dane-smime-03.t… Larsen, Todd
- Re: [dane] I-D Action: draft-ietf-dane-smime-03.t… Viktor Dukhovni
- Re: [dane] I-D Action: draft-ietf-dane-smime-03.t… Osterweil, Eric
- Re: [dane] I-D Action: draft-ietf-dane-smime-03.t… Larsen, Todd
- Re: [dane] I-D Action: draft-ietf-dane-smime-03.t… Viktor Dukhovni
- Re: [dane] I-D Action: draft-ietf-dane-smime-03.t… Osterweil, Eric
- Re: [dane] I-D Action: draft-ietf-dane-smime-03.t… Viktor Dukhovni
- Re: [dane] I-D Action: draft-ietf-dane-smime-03.t… Jakob Schlyter
- Re: [dane] I-D Action: draft-ietf-dane-smime-03.t… Viktor Dukhovni
- Re: [dane] I-D Action: draft-ietf-dane-smime-03.t… Jim Schaad
- [dane] Feature creep for draft-ietf-dane-smime Paul Hoffman
- Re: [dane] I-D Action: draft-ietf-dane-smime-03.t… Viktor Dukhovni
- Re: [dane] Feature creep for draft-ietf-dane-smime Viktor Dukhovni
- Re: [dane] I-D Action: draft-ietf-dane-smime-03.t… Wiley, Glen
- Re: [dane] Feature creep for draft-ietf-dane-smime Tom Ritter
- Re: [dane] I-D Action: draft-ietf-dane-smime-03.t… Paul Wouters
- Re: [dane] Feature creep for draft-ietf-dane-smime Paul Wouters
- Re: [dane] I-D Action: draft-ietf-dane-smime-03.t… Viktor Dukhovni
- Re: [dane] Feature creep for draft-ietf-dane-smime Viktor Dukhovni
- Re: [dane] Feature creep for draft-ietf-dane-smime Paul Hoffman
- Re: [dane] Feature creep for draft-ietf-dane-smime Viktor Dukhovni
- Re: [dane] Feature creep for draft-ietf-dane-smime John Levine
- Re: [dane] I-D Action: draft-ietf-dane-smime-03.t… Paul Wouters
- Re: [dane] I-D Action: draft-ietf-dane-smime-03.t… Viktor Dukhovni
- Re: [dane] I-D Action: draft-ietf-dane-smime-03.t… Viktor Dukhovni
- Re: [dane] Feature creep for draft-ietf-dane-smime Osterweil, Eric
- Re: [dane] Feature creep for draft-ietf-dane-smime Viktor Dukhovni
- Re: [dane] Feature creep for draft-ietf-dane-smime Warren Kumari
- Re: [dane] draft-ietf-dane-smime and certificate … Wes Hardaker