Re: [dane] Improving DANE S/MIME Privacy
Paul Wouters <paul@nohats.ca> Wed, 12 April 2017 16:19 UTC
Return-Path: <paul@nohats.ca>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 90A04131752 for <dane@ietfa.amsl.com>; Wed, 12 Apr 2017 09:19:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.102
X-Spam-Level:
X-Spam-Status: No, score=-0.102 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WHGTCEtnKlIK for <dane@ietfa.amsl.com>; Wed, 12 Apr 2017 09:19:23 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [IPv6:2a03:6000:1004:1::68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 41586131774 for <dane@ietf.org>; Wed, 12 Apr 2017 09:19:23 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3w38J875NCz3Nr; Wed, 12 Apr 2017 18:19:20 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1492013961; bh=qLzTVkqyrb7IHp4dKKTHVqFcsb8DXqlELWA8BexXtfM=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=EWjzLsX1sWDO905tHbcFYJR+BxzigWbnzpMxc0DP0E5KPYwoeVtFZwREoe8FnUvDn BPPoTzKmKMDs0BMoEwG7yJx2HKX34Jogynbsj9VCKYd8D98HuHGvAAwbRNlQz9L00q HmEkA57KtzrKqzmsToBkCuhnytq8UukjKb1zE3w8=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id jtFp6dMUugP1; Wed, 12 Apr 2017 18:19:17 +0200 (CEST)
Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Wed, 12 Apr 2017 18:19:17 +0200 (CEST)
Received: by bofh.nohats.ca (Postfix, from userid 1000) id 8236D37019; Wed, 12 Apr 2017 12:19:16 -0400 (EDT)
DKIM-Filter: OpenDKIM Filter v2.11.0 bofh.nohats.ca 8236D37019
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 703384161E1B; Wed, 12 Apr 2017 12:19:16 -0400 (EDT)
Date: Wed, 12 Apr 2017 12:19:16 -0400
From: Paul Wouters <paul@nohats.ca>
To: Alice Wonder <alice@domblogger.net>
cc: dane@ietf.org
In-Reply-To: <0d74ee85-fe33-f245-6702-ae0b67040cd8@domblogger.net>
Message-ID: <alpine.LRH.2.20.999.1704121215170.16615@bofh.nohats.ca>
References: <f7332bd5-f003-c828-8f4a-0d543099c872@domblogger.net> <alpine.LRH.2.20.999.1704111513480.15830@bofh.nohats.ca> <0d74ee85-fe33-f245-6702-ae0b67040cd8@domblogger.net>
User-Agent: Alpine 2.20.999 (LRH 202 2017-01-01)
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dane/dBeUr4NhWsIdTSpJAJV3L0jD2vM>
Subject: Re: [dane] Improving DANE S/MIME Privacy
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Apr 2017 16:19:25 -0000
On Tue, 11 Apr 2017, Alice Wonder wrote: > That being said, the suggestion of using 2 1 1 or even 2 0 0 entries may give > the privacy I seek. It will, but you will then have to come up with a lookup system to find the SMIME cert for a given user. If I want to email you without having prior contact, how do I find your SMIME cert? Sure, if you email me you can attach it, but then the problem moves from me to you on the first email message. And when you create some other lookup mechanism to find my key, you can use that lookup mechanism to harvest email addresses. In the end, email addresses are a point of contact and hard to keep secret. Paul
- [dane] Improving DANE S/MIME Privacy Alice Wonder
- Re: [dane] Improving DANE S/MIME Privacy Viktor Dukhovni
- Re: [dane] Improving DANE S/MIME Privacy Paul Wouters
- Re: [dane] Improving DANE S/MIME Privacy Viktor Dukhovni
- Re: [dane] Improving DANE S/MIME Privacy John Levine
- Re: [dane] Improving DANE S/MIME Privacy Alice Wonder
- Re: [dane] Improving DANE S/MIME Privacy Paul Wouters
- Re: [dane] Improving DANE S/MIME Privacy Viktor Dukhovni
- Re: [dane] Improving DANE S/MIME Privacy Viktor Dukhovni
- Re: [dane] Improving DANE S/MIME Privacy Phil Pennock