Re: [dane] PGP security models, was Summary of IETF LC for draft-ietf-dane-openpgpkey
Paul Wouters <paul@nohats.ca> Wed, 23 September 2015 16:01 UTC
Return-Path: <paul@nohats.ca>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D4C11A8716; Wed, 23 Sep 2015 09:01:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.01
X-Spam-Level:
X-Spam-Status: No, score=-2.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Yp2jXXdjSbfU; Wed, 23 Sep 2015 09:01:22 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 67F071A8712; Wed, 23 Sep 2015 09:01:22 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3nLkl36W6jz3Qk; Wed, 23 Sep 2015 18:01:19 +0200 (CEST)
Authentication-Results: mx.nohats.ca; dkim=pass (1024-bit key) header.d=nohats.ca header.i=@nohats.ca header.b=E2pUecaH
X-OPENPGPKEY: Message passed unmodified
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id tIXwOlYoLrLJ; Wed, 23 Sep 2015 18:01:18 +0200 (CEST)
Received: from bofh.nohats.ca (206-248-139-105.dsl.teksavvy.com [206.248.139.105]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Wed, 23 Sep 2015 18:01:18 +0200 (CEST)
Received: from bofh.nohats.ca (bofh.nohats.ca [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 7D2878009F; Wed, 23 Sep 2015 12:01:17 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1443024077; bh=AVFVmEiRdqGOsuY6M9hVPZeKVOAJgVvXamHoRpmtAPI=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=E2pUecaH2peIL2ttkIo3hUE9+iGAfH4NRHMoRbAdDumbOHtaZuDkwiX3FgnG+/rHf o338wyKJEY6Eh/YP09gEQ9xNVbngD6wDqdpsx0u75kZc+PxJ0Fs2nOvp/stMxvfNxs 28ymWvWydalHmKWQRX7Fichm+MG7+hXqXZ43/JWI=
Received: from localhost (paul@localhost) by bofh.nohats.ca (8.15.2/8.15.2/Submit) with ESMTP id t8NG1Gu4009735; Wed, 23 Sep 2015 12:01:17 -0400
X-Authentication-Warning: bofh.nohats.ca: paul owned process doing -bs
Date: Wed, 23 Sep 2015 12:01:16 -0400
From: Paul Wouters <paul@nohats.ca>
To: Randy Bush <randy@psg.com>
In-Reply-To: <m21tdpy2oa.wl%randy@psg.com>
Message-ID: <alpine.LFD.2.20.1509231159210.5645@bofh.nohats.ca>
References: <20150921172109.19893.qmail@ary.lan> <alpine.LFD.2.20.1509211455150.420@bofh.nohats.ca> <m2pp19ztmu.wl%randy@psg.com> <20150923035731.GZ21942@mournblade.imrryr.org> <m21tdpy2oa.wl%randy@psg.com>
User-Agent: Alpine 2.20 (LFD 67 2015-01-07)
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Archived-At: <http://mailarchive.ietf.org/arch/msg/dane/X9oBtoVGdkildzeAc7YP8EbxgZY>
Cc: ietf@ietf.org, dane WG list <dane@ietf.org>
Subject: Re: [dane] PGP security models, was Summary of IETF LC for draft-ietf-dane-openpgpkey
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Sep 2015 16:01:24 -0000
On Wed, 23 Sep 2015, Randy Bush wrote: > if i think of it as a form of opportunistic encryption with very weak > authentication it seems useful. right. > but when i want strong authentication i want strong introduction. So pull the key from DNSSEC, check for sigs. If not good enough, you could also pull the same key from the keyservers (now that you know that's the key you are looking for in the pile of garbage keys on the keyservers) and possibly get more signatures on it. Still not good enough, don't send the email and find some humans. Paul
- Re: [dane] Summary of IETF LC for draft-ietf-dane… Viktor Dukhovni
- Re: [dane] PGP security models, was Summary of IE… John Levine
- Re: [dane] PGP security models, was Summary of IE… Paul Wouters
- Re: [dane] PGP security models, was Summary of IE… manning
- Re: [dane] PGP security models, was Summary of IE… manning
- Re: [dane] PGP security models, was Summary of IE… Scott Kitterman
- Re: [dane] PGP security models, was Summary of IE… John C Klensin
- Re: [dane] PGP security models, was Summary of IE… Joe Abley
- Re: [dane] PGP security models, was Summary of IE… Paul Wouters
- Re: [dane] provisioning assumptions, was PGP secu… John Levine
- Re: [dane] provisioning assumptions, was PGP secu… Paul Wouters
- Re: [dane] PGP security models, was Summary of IE… Randy Bush
- Re: [dane] PGP security models, was Summary of IE… Viktor Dukhovni
- Re: [dane] PGP security models, was Summary of IE… Randy Bush
- Re: [dane] PGP security models, was Summary of IE… Sam Hartman
- Re: [dane] PGP security models, was Summary of IE… Dave Crocker
- Re: [dane] PGP security models, was Summary of IE… Paul Wouters
- Re: [dane] PGP security models, was Summary of IE… Sam Hartman
- Re: [dane] PGP security models, was Summary of IE… Dave Crocker