[dane] Improving DANE S/MIME Privacy
Alice Wonder <alice@domblogger.net> Tue, 11 April 2017 17:16 UTC
Return-Path: <alice@domblogger.net>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8FE3712704A for <dane@ietfa.amsl.com>; Tue, 11 Apr 2017 10:16:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=domblogger.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1T9FUIUnlfmt for <dane@ietfa.amsl.com>; Tue, 11 Apr 2017 10:16:05 -0700 (PDT)
Received: from mail.domblogger.net (mail.domblogger.net [IPv6:2600:3c00::f03c:91ff:fe56:d6a2]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9D92A12EB29 for <dane@ietf.org>; Tue, 11 Apr 2017 10:16:05 -0700 (PDT)
Received: from localhost.localdomain (68-189-44-253.dhcp.rdng.ca.charter.com [68.189.44.253]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.domblogger.net (Postfix) with ESMTPSA id 0F9E55F1 for <dane@ietf.org>; Tue, 11 Apr 2017 17:16:04 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=domblogger.net; s=default; t=1491930965; bh=xXnKtSNwoStCjcp9EshF4Fr4/0+pOW8RG0ZWGxabQNw=; h=To:From:Subject:Date; b=WobcM0XSrvV2Qidaudo54+FXV1D5y0otp2rXMJ0C6IorHdxYDqF3nLWSCGfrUmkLB AN6Ec8h0VPQE3xlBys1h4gx7yxp77+FlNJO3Jv0EZQcEpOVMU/kaZoukdaKGT6CTrt b8in1BoCwRqNvRnZO4Kp3oxcmGdNbKxb4CmXI2h0=
To: dane@ietf.org
From: Alice Wonder <alice@domblogger.net>
Message-ID: <f7332bd5-f003-c828-8f4a-0d543099c872@domblogger.net>
Date: Tue, 11 Apr 2017 10:16:04 -0700
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dane/g7LRMj3rkVWrG6qDfLtBIfCKLn8>
Subject: [dane] Improving DANE S/MIME Privacy
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Apr 2017 17:16:07 -0000
Hello, This is respect to DNSSEC validation for S/MIME When generating a hash for use in DNS, the draft for DANE/SMIME currently only uses the username portion of the address. The obvious (and noted) privacy implications are that someone could discover e-mail addresses by rainbow table DNS queries and/or zone walking. I believe this can be mitigated. S/MIME makes use of x.509 certificates, so I suggest using the serial number from the x.509 certificate as a salt with the username before taking the hash. This could be done optionally rather than mandatory, though I certainly would want to do it on mail systems I administer. One of the things I worry about is spammers discovering valid e-mail addresses through the DANE S/MIME and then using the public key of that user to send encrypted malware that can not be filtered on the SMTP servers because it is hidden. If the serial number for the x.509 certificate is a salt for the hash, then spammers can not determine the validity of an e-mail address from DNS but those who already have the certificate can use DNS to DANE validate the certificate. Thank you for your time, Michael A. Peters (aka Alice Wonder)
- [dane] Improving DANE S/MIME Privacy Alice Wonder
- Re: [dane] Improving DANE S/MIME Privacy Viktor Dukhovni
- Re: [dane] Improving DANE S/MIME Privacy Paul Wouters
- Re: [dane] Improving DANE S/MIME Privacy Viktor Dukhovni
- Re: [dane] Improving DANE S/MIME Privacy John Levine
- Re: [dane] Improving DANE S/MIME Privacy Alice Wonder
- Re: [dane] Improving DANE S/MIME Privacy Paul Wouters
- Re: [dane] Improving DANE S/MIME Privacy Viktor Dukhovni
- Re: [dane] Improving DANE S/MIME Privacy Viktor Dukhovni
- Re: [dane] Improving DANE S/MIME Privacy Phil Pennock