Re: [dane] Storing public keys in DNS or LDAP, or elsewhere
Paul Wouters <paul@cypherpunks.ca> Thu, 08 August 2013 19:45 UTC
Return-Path: <paul@cypherpunks.ca>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 38E1511E820C; Thu, 8 Aug 2013 12:45:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.67
X-Spam-Level:
X-Spam-Status: No, score=-1.67 tagged_above=-999 required=5 tests=[AWL=-0.930, BAYES_20=-0.74]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BK-lrVSUOY7a; Thu, 8 Aug 2013 12:44:55 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) by ietfa.amsl.com (Postfix) with ESMTP id 56A4711E820D; Thu, 8 Aug 2013 12:44:54 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3cB0R65FYlz47F; Thu, 8 Aug 2013 15:44:50 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id UnGSUa1YaXQK; Thu, 8 Aug 2013 15:44:49 -0400 (EDT)
Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) by mx.nohats.ca (Postfix) with ESMTP; Thu, 8 Aug 2013 15:44:48 -0400 (EDT)
Received: by bofh.nohats.ca (Postfix, from userid 500) id E3F2E80EC9; Thu, 8 Aug 2013 15:44:49 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id D686380E8F; Thu, 8 Aug 2013 15:44:49 -0400 (EDT)
Date: Thu, 08 Aug 2013 15:44:49 -0400
From: Paul Wouters <paul@cypherpunks.ca>
X-X-Sender: paul@bofh.nohats.ca
To: John Gilmore <gnu@toad.com>
In-Reply-To: <201308070106.r7716UgN004651@new.toad.com>
Message-ID: <alpine.LFD.2.10.1308081542460.28351@bofh.nohats.ca>
References: <030F2A8C-1C25-4C91-88FD-C81AF44FA98E@openfortress.nl> <A2FA963F-FB8F-4CEE-9001-464A128F1EAD@openfortress.nl> <CAMm+LwjFBhQD+fzQyWbhyWwBNqAXUwC5u4EFivw+US1uCbBccQ@mail.gmail.com> <201308070106.r7716UgN004651@new.toad.com>
User-Agent: Alpine 2.10 (LFD 1266 2009-07-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format="flowed"; charset="US-ASCII"
Cc: openpgp@ietf.org, "Rick van Rein (OpenFortress)" <rick@openfortress.nl>, "dane@ietf.org" <dane@ietf.org>
Subject: Re: [dane] Storing public keys in DNS or LDAP, or elsewhere
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Aug 2013 19:45:01 -0000
On Tue, 6 Aug 2013, John Gilmore wrote: >>> * draft-wouters-dane-openpgp-00 >>> * draft-wouters-dane-otrfp-00 > > These actually specify how to get authenticated key material from the > DNS. (However, they don't encrypt the DNS transaction, so the > identity of the user being communicated with is leaked to NSA and > any other wiretappers...) I would suggest we address DNS query privacy in a generic way for all DNS, although even if you just encrypt, it might not be enough when the adversary has so many listening points, and the user immediately uses the DNS information for another action (eg an IM message or sending an email) Paul
- [dane] Storing public keys in DNS… or LDAP Rick van Rein (OpenFortress)
- Re: [dane] Storing public keys in DNS… or LDAP Phillip Hallam-Baker
- Re: [dane] Storing public keys in DNS or LDAP, or… John Gilmore
- Re: [dane] Storing public keys in DNS or LDAP, or… Michael Richardson
- Re: [dane] Storing public keys in DNS or LDAP, or… Mark Andrews
- Re: [dane] Storing public keys in DNS or LDAP, or… Rick van Rein (OpenFortress)
- Re: [dane] Storing public keys in DNS or LDAP, or… Paul Wouters
- Re: [dane] Storing public keys in DNS or LDAP, or… Rick van Rein (OpenFortress)
- Re: [dane] [openpgp] Storing public keys in DNS o… Ben Laurie
- Re: [dane] [openpgp] Storing public keys in DNS o… Paul Wouters