IETF Logo Mail Archive

Re: [dane] [openpgp] The DANE draft

Stephen Farrell <stephen.farrell@cs.tcd.ie> Thu, 06 August 2015 11:29 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 91DE61B2D68 for <dane@ietfa.amsl.com>; Thu, 6 Aug 2015 04:29:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.711
X-Spam-Level:
X-Spam-Status: No, score=-5.711 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, GB_I_LETTER=-2, J_CHICKENPOX_46=0.6, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pcleRrLReTfF for <dane@ietfa.amsl.com>; Thu, 6 Aug 2015 04:29:40 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DEB5B1B2D5C for <dane@ietf.org>; Thu, 6 Aug 2015 04:29:39 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 062C6BDD8; Thu, 6 Aug 2015 12:29:38 +0100 (IST)
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3xDpnn_S45Ce; Thu, 6 Aug 2015 12:29:37 +0100 (IST)
Received: from [134.226.36.180] (stephen-think.dsg.cs.tcd.ie [134.226.36.180]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id BC774BE7D; Thu, 6 Aug 2015 12:29:37 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1438860577; bh=8Czp2CTkRk9JJkI8Z+ioeNNKNg+9xMv/a9A1RmEkwS8=; h=Date:From:To:Subject:References:In-Reply-To:From; b=SozYo8DzrT535fKcd4JisW5l7ll3tf9oJjKOU1wC0n5v/g1MTI6ENgobNNXV6031O waHhZVI28+rReb0KWdGHug130cS6FJFH6642PE1biJ0lwc6E7XqhOdhYPz6He5JNKd iwGTvzLpUqvJK5Xi5x3dZSFG4JhvwplXKUeUx6NY=
Message-ID: <55C34521.60205@cs.tcd.ie>
Date: Thu, 06 Aug 2015 12:29:37 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.8.0
MIME-Version: 1.0
To: Carsten Strotmann <carsten@strotmann.de>, dane@ietf.org
References: <CAMm+LwhYdBLXM8Td8q8SCnzgwywRgMx3wNKeS_Q0JSN4Lh7rZQ@mail.gmail.com> <87bnf1hair.fsf@alice.fifthhorseman.net> <alpine.LFD.2.11.1507250832510.854@bofh.nohats.ca> <87bnem2xjq.fsf@alice.fifthhorseman.net> <alpine.LFD.2.11.1508050331340.1451@bofh.nohats.ca> <55C1F35A.5070904@cs.tcd.ie> <B7419740-25C9-4F8D-85AE-FC6E11BCC038@vpnc.org> <55C22D64.9080507@strotmann.de> <alpine.LFD.2.11.1508060417450.16408@bofh.nohats.ca> <55C32FBA.8080604@cs.tcd.ie> <55C3310C.9050601@strotmann.de>
In-Reply-To: <55C3310C.9050601@strotmann.de>
OpenPGP: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/dane/gcJ3q65ooCDtAOzwK8Bym_xMOR8>
Subject: Re: [dane] [openpgp] The DANE draft
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Aug 2015 11:29:45 -0000


On 06/08/15 11:03, Carsten Strotmann wrote:
> Hi Stephen,
> 
> On 06/08/15 11:58 PM, Stephen Farrell wrote:
>>>> I might agree but I think the gain for this is so incredibly small, that
>>>> I think the gain for use of online signers plus email address
>>>> corrections by the smtp+dnssec combined server is actually a more likely
>>>> and minorly useful thing to have.
>> Can you point me at a DNS server (or real specification for one)
>> that generates responses in any similar fashion? I'm not aware of
>> any that actually do, (even if they could do), but that my just be
>> my ignorance.
> 
> PowerDNS with a remote backend could do this, but it would require some
> glue code to be written by the admin to be able to talk to the smtp-server.
> 
> I can evision such an installation for a few large mail providers, but
> not for the majority of mail server installations.

Thanks. So that implies that b32 can only in practice offer
advantage to the large mail providers who want to do PGP
like this and fuzzy stuff with "AccountName+JustMadeUp@domain"
type addresses. (For other kinds of fuzziness, e.g. upper/lower
case initial letters, I think anyone can prepare a few hashes
in advance and do almost as well.)

I think what you say above also implies that b32 will offer
no benefit to the long tail as they'll have zonefiles or the
moral equivalent.

Seems to me like more reason to not do b32. I would guess that
the large mail providers won't do this since we've not heard
from them that they would, and in fact we're heard 2nd hand that
the won't (iirc, I'm open to correction) and those large mail
providers tend to not be shy about saying what it is they would
like when they're interested in something;-)

Cheers,
S.


> 
> Carsten
> 
> _______________________________________________
> dane mailing list
> dane@ietf.org
> https://www.ietf.org/mailman/listinfo/dane
> 
>

v2.23.0 | Report a Bug | By Email