IETF Logo Mail Archive

Re: [dane] Second WGLC draft-ietf-dane-smime

"John Levine" <johnl@taugh.com> Thu, 17 November 2016 13:34 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C715712958D for <dane@ietfa.amsl.com>; Thu, 17 Nov 2016 05:34:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.504
X-Spam-Level: *
X-Spam-Status: No, score=1.504 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DATE_IN_PAST_96_XX=3.405, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CI78wUoqkcPY for <dane@ietfa.amsl.com>; Thu, 17 Nov 2016 05:34:34 -0800 (PST)
Received: from miucha.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E981C12960B for <dane@ietf.org>; Thu, 17 Nov 2016 05:34:33 -0800 (PST)
Received: (qmail 14464 invoked from network); 17 Nov 2016 13:34:34 -0000
Received: from unknown (64.57.183.18) by mail1.iecc.com with QMQP; 17 Nov 2016 13:34:34 -0000
Date: Wed, 09 Nov 2016 16:07:54 -0000
Message-ID: <20161109160754.21962.qmail@ary.lan>
From: John Levine <johnl@taugh.com>
To: dane@ietf.org
In-Reply-To: <alpine.LRH.2.20.1611170404130.28374@bofh.nohats.ca>
Organization:
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dane/dz_TCefpGGzc7wjPc6s4XZSTUsk>
Cc: paul@nohats.ca
Subject: Re: [dane] Second WGLC draft-ietf-dane-smime
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Nov 2016 13:34:35 -0000

>If you use gmail.com, you are at the mercy of google - whether encrypted
>or not. those users have already given control away to google. This
>document is not the right place to warn them about that.

As it stands now, your first sentence is just wrong.  Currently, if I
publish a S/MIME certificate for my gmail address, and people encrypt
mail using it, Google can't read my mail.  They can throw it away of
course, but if it shows up in my mailbox, only I can read it.  In the
other direction, only I can sign mail with my cert, and Google can't
pretend to be me in an S/MIME context.  This assumes that CAs that
sign S/MIME certs are competent enough to check that it's me asking
them to sign, which I realize is kind of optimistic, but what I've
laid out is the way that S/MIME is supposed to work.

This document flips that situation around so now gmail can publish
MITM certs for all its users whether they like it or not.  That is a
big change.

R's,
John

v2.23.0 | Report a Bug | By Email