Re: [dane] case sensitivity and draft-ietf-dane-smime / draft-wouters-dane-openpgp
"Dickson, Brian" <bdickson@verisign.com> Tue, 10 September 2013 21:14 UTC
Return-Path: <bdickson@verisign.com>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6F27521F9D33 for <dane@ietfa.amsl.com>; Tue, 10 Sep 2013 14:14:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.599
X-Spam-Level:
X-Spam-Status: No, score=-8.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, GB_I_LETTER=-2, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J1f6+Esda+lh for <dane@ietfa.amsl.com>; Tue, 10 Sep 2013 14:13:58 -0700 (PDT)
Received: from exprod6og102.obsmtp.com (exprod6og102.obsmtp.com [64.18.1.183]) by ietfa.amsl.com (Postfix) with ESMTP id 659C521F9D2E for <dane@ietf.org>; Tue, 10 Sep 2013 14:13:50 -0700 (PDT)
Received: from osprey.verisign.com ([216.168.239.75]) (using TLSv1) by exprod6ob102.postini.com ([64.18.5.12]) with SMTP ID DSNKUi+LianbHMaSk5BzoUM1PSjhwgdGVNIZ@postini.com; Tue, 10 Sep 2013 14:13:55 PDT
Received: from brn1wnexcas02.vcorp.ad.vrsn.com (brn1wnexcas02.vcorp.ad.vrsn.com [10.173.152.206]) by osprey.verisign.com (8.13.6/8.13.4) with ESMTP id r8ALDeST009084 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Tue, 10 Sep 2013 17:13:40 -0400
Received: from BRN1WNEXMBX01.vcorp.ad.vrsn.com ([::1]) by brn1wnexcas02.vcorp.ad.vrsn.com ([::1]) with mapi id 14.02.0342.003; Tue, 10 Sep 2013 17:13:39 -0400
From: "Dickson, Brian" <bdickson@verisign.com>
To: Paul Wouters <paul@cypherpunks.ca>, dane WG list <dane@ietf.org>
Thread-Topic: [dane] case sensitivity and draft-ietf-dane-smime / draft-wouters-dane-openpgp
Thread-Index: AQHOrW1wzENLlclRTEGSy2w5EcElEpm/emEA
Date: Tue, 10 Sep 2013 21:13:39 +0000
Message-ID: <CE5501FD.D284%bdickson@verisign.com>
In-Reply-To: <alpine.LFD.2.10.1309091040120.14065@bofh.nohats.ca>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.3.5.130515
x-originating-ip: [10.173.152.4]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <F2F8AD6AA6869142BA0FC219E5B114D6@verisign.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: Paul Hoffman <paul.hoffman@vpnc.org>
Subject: Re: [dane] case sensitivity and draft-ietf-dane-smime / draft-wouters-dane-openpgp
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Sep 2013 21:14:03 -0000
Jumping in a bit late, but hopefully without having missed any of the fun. The smime draft is silent on the whole MTA thing, probably because it presumes that both processing received signed messages, and sending/signing messages, is being done by the MUA. As such, (finding the key and encrypting on its basis) is not a "protocol" issue (case mismatch on input by the user), but an application thing. Selecting the recipient through any UI interaction, rather than explicit entry of the RFC 822-style address, is not a protocol issue. If the UI and/or the user makes an error, that is not a protocol thing. BTW - in case it isn't clear, my opinion of the inclusion of the letters "M", "T", and "A" together in the PGP draft, is that it does not belong. Encrypting contents falls clearly in the MUA space, and does NOT belong in the MTA space. DANE has excellent use cases in the MTA space, but only on use of TLS for transport, not for message content. That's my opinion, at least, and I'd be surprised if that doesn't reflect consensus. Brian On 9/9/13 10:52 AM, "Paul Wouters" <paul@cypherpunks.ca> wrote: > >It was brought to my attention by Matthias Wimmer that we overlooked >an important issue with respect to the base32 generation of the base32 >encoded left hand side of the email address. > >Mail servers and mail clients do not treat email addresses as >case-insensitive. When encoding an LHS with base32, the case matters. >Using the wrong case will cause you to not find the SMIMEA / OPENPGPKEY >record. > >paul@bofh:$ python >Python 2.7.3 (default, Aug 9 2012, 17:23:57) >[GCC 4.7.1 20120720 (Red Hat 4.7.1-5)] on linux2 >Type "help", "copyright", "credits" or "license" for more information. >>>> import base64 >>>> base64.b32encode("paul") >'OBQXK3A=' >>>> base64.b32encode("Paul") >'KBQXK3A=' >>>> > >We should probably add a section explaining this, and perhaps suggest to >lowercase before base32'ing the LHS for the lookup. > >Paul >_______________________________________________ >dane mailing list >dane@ietf.org >https://www.ietf.org/mailman/listinfo/dane
- [dane] case sensitivity and draft-ietf-dane-smime… Paul Wouters
- Re: [dane] case sensitivity and draft-ietf-dane-s… Viktor Dukhovni
- Re: [dane] case sensitivity and draft-ietf-dane-s… Francis Dupont
- Re: [dane] case sensitivity and draft-ietf-dane-s… Jakob Schlyter
- Re: [dane] case sensitivity and draft-ietf-dane-s… Paul Wouters
- Re: [dane] case sensitivity and draft-ietf-dane-s… Peter Saint-Andre
- Re: [dane] case sensitivity and draft-ietf-dane-s… Olle E. Johansson
- Re: [dane] case sensitivity and draft-ietf-dane-s… Paul Hoffman
- Re: [dane] case sensitivity and draft-ietf-dane-s… Paul Wouters
- Re: [dane] case sensitivity and draft-ietf-dane-s… Dickson, Brian
- Re: [dane] case sensitivity and draft-ietf-dane-s… Paul Hoffman
- Re: [dane] case sensitivity and draft-ietf-dane-s… Martin Rex