IETF Logo Mail Archive

Re: [dane] Second WGLC draft-ietf-dane-smime

Olafur Gudmundsson <ogud@ogud.com> Thu, 17 November 2016 08:29 UTC

Return-Path: <ogud@ogud.com>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B16B1296A2 for <dane@ietfa.amsl.com>; Thu, 17 Nov 2016 00:29:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hKV8_rBT3TQj for <dane@ietfa.amsl.com>; Thu, 17 Nov 2016 00:29:15 -0800 (PST)
Received: from smtp92.iad3a.emailsrvr.com (smtp92.iad3a.emailsrvr.com [173.203.187.92]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7C8BF1296F8 for <dane@ietf.org>; Thu, 17 Nov 2016 00:28:58 -0800 (PST)
Received: from smtp4.relay.iad3a.emailsrvr.com (localhost [127.0.0.1]) by smtp4.relay.iad3a.emailsrvr.com (SMTP Server) with ESMTP id 9A0C656BF; Thu, 17 Nov 2016 03:28:47 -0500 (EST)
X-Auth-ID: ogud@ogud.com
Received: by smtp4.relay.iad3a.emailsrvr.com (Authenticated sender: ogud-AT-ogud.com) with ESMTPSA id E711155EB; Thu, 17 Nov 2016 03:28:45 -0500 (EST)
X-Sender-Id: ogud@ogud.com
Received: from [192.168.102.252] ([UNAVAILABLE]. [58.120.104.2]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by 0.0.0.0:587 (trex/5.7.12); Thu, 17 Nov 2016 03:28:47 -0500
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 10.1 \(3251\))
From: Olafur Gudmundsson <ogud@ogud.com>
In-Reply-To: <20161109113201.21235.qmail@ary.lan>
Date: Thu, 17 Nov 2016 17:28:46 +0900
Content-Transfer-Encoding: 7bit
Message-Id: <4E3AC181-F289-4145-A868-74EAF4C49DC6@ogud.com>
References: <20161109113201.21235.qmail@ary.lan>
To: John Levine <johnl@taugh.com>
X-Mailer: Apple Mail (2.3251)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dane/g7Sl2FLGkJattLkLpla0gyS8giA>
Cc: dane@ietf.org
Subject: Re: [dane] Second WGLC draft-ietf-dane-smime
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Nov 2016 08:29:16 -0000

John, 

Thank you for your input 
we will take your textual suggestion under advisement, 

Thanks 
Olafur 


> On Nov 9, 2016, at 8:32 PM, John Levine <johnl@taugh.com> wrote:
> 
> This draft is still a bad idea for all the reasons I described the
> last time it came around.  Nothing has changed.
> 
> If you do publish it, I'd suggest much stronger language in the first
> sentence of section 9 on security considerations.  The security model
> for S/MIME certs has always been that the trust flows from the CA to
> the user without involving the user's mail operator.  Now the domain
> is the trust source for all of its users.  Sometimes that's
> reasonable, sometimes not, and there's no way you can tell without
> knowing information about the domain that's not in the DNS.
> 
> The fifth paragraph, on mail operator MITM attacks on user mail, is
> also much too weak.  If the domain is a bank that is required by law
> to archive its employee communications, MITM is reasonable.  If it's a
> public mail operator that uses MITM to compile dossiers of user info
> to sell to marketers, and to edit ads and web bugs into the messages
> into mail before re-encrypting them, all without user permission, it's
> not.  If the mail is from another user on the same system, it'll
> re-sign the mail, too.  Of course, the mail operator will assure you
> it's "required to be able to read everyone's encrypted email" by its
> business plan.
> 
> R's,
> John

v2.23.0 | Report a Bug | By Email