Re: [dane] Review of draft-ietf-dane-smime-15
Paul Wouters <paul@nohats.ca> Tue, 28 February 2017 22:03 UTC
Return-Path: <paul@nohats.ca>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 511061293D8 for <dane@ietfa.amsl.com>; Tue, 28 Feb 2017 14:03:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BZf4ozULubSU for <dane@ietfa.amsl.com>; Tue, 28 Feb 2017 14:03:37 -0800 (PST)
Received: from mx.nohats.ca (mx.nohats.ca [IPv6:2a03:6000:1004:1::68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 40531128874 for <dane@ietf.org>; Tue, 28 Feb 2017 14:03:37 -0800 (PST)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3vXszB4pbvz95; Tue, 28 Feb 2017 23:03:34 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1488319414; bh=AWbhUoLgfrwqKNoUM93pHTzvYbnUnySzBqh8+UQp+Ug=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=ewm6opafj/EzI1iR4gB1tY+7Gd6yWsNLFHwtz7eSDuOdyCTRKpr/uj82WK14lQZ4Z UZxTa1BNw7xVEptvE1pQbkAbQ8FbKudlYkJtjXbCwJiF4j9ALpmzuIuI8ncEp6bCuX sX1e5Ud1PV39QWTdttvnmlJOX5dBP3Cr16kuxRGs=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id LoSzkOg0DMqA; Tue, 28 Feb 2017 23:03:31 +0100 (CET)
Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Tue, 28 Feb 2017 23:03:31 +0100 (CET)
Received: by bofh.nohats.ca (Postfix, from userid 1000) id C07BD36A2; Tue, 28 Feb 2017 17:03:30 -0500 (EST)
DKIM-Filter: OpenDKIM Filter v2.11.0 bofh.nohats.ca C07BD36A2
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id A8BC84168D46; Tue, 28 Feb 2017 17:03:30 -0500 (EST)
Date: Tue, 28 Feb 2017 17:03:30 -0500
From: Paul Wouters <paul@nohats.ca>
To: "Dale R. Worley" <worley@ariadne.com>
In-Reply-To: <87r32ijbrt.fsf@hobgoblin.ariadne.com>
Message-ID: <alpine.LRH.2.20.1702281659010.24877@bofh.nohats.ca>
References: <87r32ijbrt.fsf@hobgoblin.ariadne.com>
User-Agent: Alpine 2.20 (LRH 67 2015-01-07)
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dane/cUJkzPGpbzki8ZPDXhZ7lFSWu4Q>
Cc: dane@ietf.org
Subject: Re: [dane] Review of draft-ietf-dane-smime-15
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Feb 2017 22:03:38 -0000
On Tue, 28 Feb 2017, Dale R. Worley wrote: > Well enough. Actually, I thought about this issue some more, and that > led to my followup e-mail. I think there is a real desire to not have > the DNS provide a direct catalog of valid e-mail addresses, but it > conflicts with the weak security of non-salted hashes. As I said in > that e-mail, I think this could be improved by providing a hash in a DNS > record, which would mean that hashes would be well-justified as > providing substantially more privacy/security than direct UTF-8 (or > base64 or anything reversible). I don't think that justifies differentiating the lookups of OPENPGPKEY versus SMIMEA records. So even if I agreed with you, I think it is too late to change this. But I also do not agree :) Email addresses are not secrets. The only difference between publishing or not publishing OPENPGPKEY or SMIMEA records is that the spammer can do an offline versus an online attack. And with easilly available botnets these days, I don't think that makes any meaningful difference. Paul
- [dane] Review of draft-ietf-dane-smime-15 Dale Worley
- Re: [dane] [Gen-art] Review of draft-ietf-dane-sm… Dale R. Worley
- Re: [dane] Review of draft-ietf-dane-smime-15 Paul Wouters
- Re: [dane] Review of draft-ietf-dane-smime-15 Dale R. Worley
- Re: [dane] [Gen-art] Review of draft-ietf-dane-sm… Dale R. Worley
- Re: [dane] Review of draft-ietf-dane-smime-15 Paul Wouters
- Re: [dane] Review of draft-ietf-dane-smime-15 John Levine
- Re: [dane] Review of draft-ietf-dane-smime-15 Paul Wouters
- Re: [dane] Review of draft-ietf-dane-smime-15 John Levine
- Re: [dane] Review of draft-ietf-dane-smime-15 Stephen Farrell
- Re: [dane] Review of draft-ietf-dane-smime-15 Paul Hoffman
- Re: [dane] Review of draft-ietf-dane-smime-15 Dale R. Worley