Re: [dane] Second WGLC draft-ietf-dane-smime
Olafur Gudmundsson <ogud@ogud.com> Thu, 17 November 2016 08:29 UTC
Return-Path: <ogud@ogud.com>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B16B1296A2 for <dane@ietfa.amsl.com>; Thu, 17 Nov 2016 00:29:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hKV8_rBT3TQj for <dane@ietfa.amsl.com>; Thu, 17 Nov 2016 00:29:15 -0800 (PST)
Received: from smtp92.iad3a.emailsrvr.com (smtp92.iad3a.emailsrvr.com [173.203.187.92]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7C8BF1296F8 for <dane@ietf.org>; Thu, 17 Nov 2016 00:28:58 -0800 (PST)
Received: from smtp4.relay.iad3a.emailsrvr.com (localhost [127.0.0.1]) by smtp4.relay.iad3a.emailsrvr.com (SMTP Server) with ESMTP id 9A0C656BF; Thu, 17 Nov 2016 03:28:47 -0500 (EST)
X-Auth-ID: ogud@ogud.com
Received: by smtp4.relay.iad3a.emailsrvr.com (Authenticated sender: ogud-AT-ogud.com) with ESMTPSA id E711155EB; Thu, 17 Nov 2016 03:28:45 -0500 (EST)
X-Sender-Id: ogud@ogud.com
Received: from [192.168.102.252] ([UNAVAILABLE]. [58.120.104.2]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by 0.0.0.0:587 (trex/5.7.12); Thu, 17 Nov 2016 03:28:47 -0500
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 10.1 \(3251\))
From: Olafur Gudmundsson <ogud@ogud.com>
In-Reply-To: <20161109113201.21235.qmail@ary.lan>
Date: Thu, 17 Nov 2016 17:28:46 +0900
Content-Transfer-Encoding: 7bit
Message-Id: <4E3AC181-F289-4145-A868-74EAF4C49DC6@ogud.com>
References: <20161109113201.21235.qmail@ary.lan>
To: John Levine <johnl@taugh.com>
X-Mailer: Apple Mail (2.3251)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dane/g7Sl2FLGkJattLkLpla0gyS8giA>
Cc: dane@ietf.org
Subject: Re: [dane] Second WGLC draft-ietf-dane-smime
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Nov 2016 08:29:16 -0000
John, Thank you for your input we will take your textual suggestion under advisement, Thanks Olafur > On Nov 9, 2016, at 8:32 PM, John Levine <johnl@taugh.com> wrote: > > This draft is still a bad idea for all the reasons I described the > last time it came around. Nothing has changed. > > If you do publish it, I'd suggest much stronger language in the first > sentence of section 9 on security considerations. The security model > for S/MIME certs has always been that the trust flows from the CA to > the user without involving the user's mail operator. Now the domain > is the trust source for all of its users. Sometimes that's > reasonable, sometimes not, and there's no way you can tell without > knowing information about the domain that's not in the DNS. > > The fifth paragraph, on mail operator MITM attacks on user mail, is > also much too weak. If the domain is a bank that is required by law > to archive its employee communications, MITM is reasonable. If it's a > public mail operator that uses MITM to compile dossiers of user info > to sell to marketers, and to edit ads and web bugs into the messages > into mail before re-encrypting them, all without user permission, it's > not. If the mail is from another user on the same system, it'll > re-sign the mail, too. Of course, the mail operator will assure you > it's "required to be able to read everyone's encrypted email" by its > business plan. > > R's, > John
- [dane] Second WGLC draft-ietf-dane-smime Olafur Gudmundsson
- Re: [dane] Second WGLC draft-ietf-dane-smime Doug Montgomery
- Re: [dane] Second WGLC draft-ietf-dane-smime Edward Lewis
- Re: [dane] Second WGLC draft-ietf-dane-smime John Levine
- Re: [dane] Second WGLC draft-ietf-dane-smime Olafur Gudmundsson
- Re: [dane] Second WGLC draft-ietf-dane-smime Paul Wouters
- Re: [dane] Second WGLC draft-ietf-dane-smime Paul Wouters
- Re: [dane] Second WGLC draft-ietf-dane-smime John Levine
- Re: [dane] Second WGLC draft-ietf-dane-smime Garfinkel, Simson L. (Fed)
- Re: [dane] Second WGLC draft-ietf-dane-smime John R Levine
- Re: [dane] Second WGLC draft-ietf-dane-smime Jim Reid
- Re: [dane] Second WGLC draft-ietf-dane-smime tjw ietf
- Re: [dane] Second WGLC draft-ietf-dane-smime Garfinkel, Simson L. (Fed)
- [dane] direction of effort (was: Re: Second WGLC … Stephen Farrell
- Re: [dane] Second WGLC draft-ietf-dane-smime John Levine
- Re: [dane] Second WGLC draft-ietf-dane-smime Garfinkel, Simson L. (Fed)
- Re: [dane] Second WGLC draft-ietf-dane-smime John R Levine
- Re: [dane] Second WGLC draft-ietf-dane-smime Garfinkel, Simson L. (Fed)
- Re: [dane] Second WGLC draft-ietf-dane-smime John R Levine
- Re: [dane] Second WGLC draft-ietf-dane-smime Matt Miller
- Re: [dane] direction of effort (was: Re: Second W… Peter Gutmann
- Re: [dane] direction of effort Stephen Farrell
- Re: [dane] direction of effort Paul Hoffman
- Re: [dane] direction of effort Stephen Farrell
- [dane] Fwd: Second WGLC draft-ietf-dane-smime Olafur Gudmundsson
- Re: [dane] Fwd: Second WGLC draft-ietf-dane-smime Shumon Huque
- Re: [dane] Fwd: Second WGLC draft-ietf-dane-smime Garfinkel, Simson L. (Fed)
- Re: [dane] direction of effort Martin Rex
- [dane] S/MIME (was: Re: direction of effort) Garfinkel, Simson L. (Fed)
- Re: [dane] direction of effort (was: Re: Second W… Garfinkel, Simson L. (Fed)
- Re: [dane] direction of effort (was: Re: Second W… Viktor Dukhovni