IETF Logo Mail Archive

Re: [dane] Start of WGLC for draft-ietf-dane-openpgpkey - *please* review.

Viktor Dukhovni <ietf-dane@dukhovni.org> Mon, 23 February 2015 04:08 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3ACDE1A0174 for <dane@ietfa.amsl.com>; Sun, 22 Feb 2015 20:08:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.5
X-Spam-Level:
X-Spam-Status: No, score=-0.5 tagged_above=-999 required=5 tests=[BAYES_05=-0.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rkc04_MphchL for <dane@ietfa.amsl.com>; Sun, 22 Feb 2015 20:08:35 -0800 (PST)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 09F8E1A0167 for <dane@ietf.org>; Sun, 22 Feb 2015 20:08:35 -0800 (PST)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id E26F1282FC0; Mon, 23 Feb 2015 04:08:33 +0000 (UTC)
Date: Mon, 23 Feb 2015 04:08:33 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: dane@ietf.org
Message-ID: <20150223040833.GF1260@mournblade.imrryr.org>
References: <CAHw9_iJPuG23Aok7V_wcAMirua_DPDLHy01tnd+DaUqEeK3NZA@mail.gmail.com> <001a01d04f19$b0292e90$107b8bb0$@augustcellars.com> <20150223035230.GD1260@mournblade.imrryr.org> <001b01d04f1c$f626c940$e2745bc0$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <001b01d04f1c$f626c940$e2745bc0$@augustcellars.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/dane/_cAaLfMgn05-VYrg8SVpy68e2js>
Subject: Re: [dane] Start of WGLC for draft-ietf-dane-openpgpkey - *please* review.
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: dane@ietf.org
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Feb 2015 04:08:36 -0000

On Sun, Feb 22, 2015 at 07:58:19PM -0800, Jim Schaad wrote:

> I am on a case sensitive receiving domain.
> There are two recipients - JimSch and jimsch on the domain.
> jimsch has a record but JimSch does not.
> I now try and send mail to JimSch but get a key for jimsch.

You forgot to hash the tag with the case-folded name.

Speaking of which, IIRC neither the OPENPGPKEY nor the SMIMEA draft
explicitly mentions what to do about quoted localparts:

	"Sam.Jr."@example.com

The localpart is not a dot-atom, and thus requires double-quotes.
My contention is that in this case the input to SHA2-224 MUST
include the quotes:

	SHA2-224("Sam.Jr.")

not

	SHA2-224("Sam.Jr.")

In this case the simplest tagging scheme is:

	JimSch			- unfolded hash input
	jimsch@lowercase	- folded hash input

any email address of the form:

	"jimsch@lowercase"@example.com

would be hashed together with the quotes!

I don't have a pointer to my original proposal handy,
check the archives.  It is something along these lines.

-- 
	Viktor.

v2.23.0 | Report a Bug | By Email