Re: [dane] DANE WG Interim Virtual Meeting, December 2, 2014
Viktor Dukhovni <ietf-dane@dukhovni.org> Sun, 30 November 2014 18:56 UTC
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 62DC71A1A69 for <dane@ietfa.amsl.com>; Sun, 30 Nov 2014 10:56:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Juu16gSr5qur for <dane@ietfa.amsl.com>; Sun, 30 Nov 2014 10:56:38 -0800 (PST)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BD39C1A1A67 for <dane@ietf.org>; Sun, 30 Nov 2014 10:56:38 -0800 (PST)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id 1F75628494C; Sun, 30 Nov 2014 18:56:37 +0000 (UTC)
Date: Sun, 30 Nov 2014 18:56:37 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: dane@ietf.org
Message-ID: <20141130185636.GU285@mournblade.imrryr.org>
References: <20141113201512.7739.99780.idtracker@ietfa.amsl.com> <AC33AF6B-0DC5-4C05-9210-9F9802070787@ogud.com> <CAHw9_iJ5FqiPLVuE1j63Ns5sgKmppz0hv4nwZTh1HXgbuYdmAw@mail.gmail.com> <CAMaMmnnKbe4W-yhoM5dgzYJrkCqaWhvyjtMsnfJs1qFJJUDckw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CAMaMmnnKbe4W-yhoM5dgzYJrkCqaWhvyjtMsnfJs1qFJJUDckw@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: http://mailarchive.ietf.org/arch/msg/dane/du0gwiVhyN21v3bj_G1GsIct75Q
Subject: Re: [dane] DANE WG Interim Virtual Meeting, December 2, 2014
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: dane@ietf.org
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 30 Nov 2014 18:56:40 -0000
On Sun, Nov 30, 2014 at 01:26:57PM -0500, Doug Montgomery wrote: > > Also worth considering / discussing is the whole "Bob writes a mail on > > March 1st and then leaves the Acme, Inc. on March 2nd. Alice finally > > gets around to opening the mail on April 10th - should it validate?" The correct answer is "no, it should not validate". Business processes can be applied to send Alice a new email signed by Bob's successor if that's required. Bob's signing key is no longer published at the time that Alice reads the mail. Alice has no way to know whether Bob's email was sent before or after Bob left Acme. Bob's S/MIME signature is not securely timestamped, all Alice knows is that the message was signed in the past. Signed time-of-receipt by Alice's mail system would be needed to do better, and no standard specifies these at present. > > Not sure the notion of "to open" is well defined at a MUA. Given the > models of POP vs IMAP vs webmail vs ..... it is not even clear to me that > "delivered to MUA" is well defined. User agents that support encryption and signing need to be able to distinguish "new" mail from "old". Otherwise, they are too crippled to usefully support end-to-end encryption. > A good test is to substitute "10 years later" for "on April 10th" above and > see if it changes your thinking. Actually, 10 years later is different if the mail was originally read in a timely manner, and is being re-read 10 years later. > > "Bob gets fired on March 2nd and is understandably disgruntled. He has > > his laptop at home and sends mail on March 3rd. Can Acme, Inc prevent > > this / invalidate the keys?" Just the same as the first case. Depublish Bob's keys. > Store your inbox on an encrypted file store if > you wish, but the idea that I should maintain an infinite historical key > store to read the email you encrypted to me 10 years ago seems the wrong > model ... but yet I know large IDM systems that do this. Secure local storage of decrypted email (with any signature verification status at time it was first read) is a local requirement for an MUA that adequately supports email encryption and signing. Out of scope for DANE, but inescapable for MUA usability. -- Viktor.
- [dane] DANE WG Interim Virtual Meeting, December … IESG Secretary
- Re: [dane] DANE WG Interim Virtual Meeting, Decem… Olafur Gudmundsson
- Re: [dane] DANE WG Interim Virtual Meeting, Decem… Warren Kumari
- Re: [dane] DANE WG Interim Virtual Meeting, Decem… Doug Montgomery
- Re: [dane] DANE WG Interim Virtual Meeting, Decem… Viktor Dukhovni