IETF Logo Mail Archive

Re: [dane] PGP security models, was Summary of IETF LC for draft-ietf-dane-openpgpkey

manning <bmanning@karoshi.com> Mon, 21 September 2015 23:25 UTC

Return-Path: <bmanning@karoshi.com>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6F6D61ACF60; Mon, 21 Sep 2015 16:25:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.809
X-Spam-Level:
X-Spam-Status: No, score=-2.809 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, NO_DNS_FOR_FROM=0.001, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i4cJ6EAyxbwj; Mon, 21 Sep 2015 16:24:53 -0700 (PDT)
Received: from vacation.karoshi.com (vacation.karoshi.com [198.32.6.68]) by ietfa.amsl.com (Postfix) with ESMTP id 279D71ACF56; Mon, 21 Sep 2015 16:24:21 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by vacation.karoshi.com (Postfix) with ESMTP id F0C07BFCC08; Mon, 21 Sep 2015 16:24:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at karoshi.com
Received: from vacation.karoshi.com ([127.0.0.1]) by localhost (vacation.karoshi.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YLSYmu97ChoD; Mon, 21 Sep 2015 16:23:58 -0700 (PDT)
Received: from [198.32.4.206] (unknown [198.32.4.206]) by vacation.karoshi.com (Postfix) with ESMTPSA id 02F09BFCBFE; Mon, 21 Sep 2015 16:23:57 -0700 (PDT)
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
Content-Type: text/plain; charset="us-ascii"
From: manning <bmanning@karoshi.com>
In-Reply-To: <alpine.LFD.2.20.1509211455150.420@bofh.nohats.ca>
Date: Mon, 21 Sep 2015 16:24:10 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <BF1BD782-A76E-48B0-94B9-184431FE2B80@karoshi.com>
References: <20150921172109.19893.qmail@ary.lan> <alpine.LFD.2.20.1509211455150.420@bofh.nohats.ca>
To: Paul Wouters <paul@nohats.ca>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: <http://mailarchive.ietf.org/arch/msg/dane/mPDTzkWr-2HUMC-EDIytySs0glw>
Cc: ietf@ietf.org, dane WG list <dane@ietf.org>
Subject: Re: [dane] PGP security models, was Summary of IETF LC for draft-ietf-dane-openpgpkey
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Sep 2015 23:25:28 -0000

I think Paul nails it, at least for the more aware folks around.  Using the WoT to gauge anything other than confidence in choice of friends/associates is asking for trouble.
See Also:  Robin Sage :  en.wikipedia.org/wiki/Robin_Sage

manning
bmanning@karoshi.com
PO Box 6151
Playa del Rey, CA 90296
310.322.8102






On 21September2015Monday, at 12:14, Paul Wouters <paul@nohats.ca> wrote:

> On Mon, 21 Sep 2015, John Levine wrote:
> 
>>> OPENPGP is a data format, WoT is one way to employ that format to
>>> exchange messages.   It is not a *required* way to use OPENPGP.
>> 
>> Sure, but it's the way that everyone has used PGP for 20 years,
>> and it's the security model that everyone I know expects when they
>> use PGP keys.
> 
> Actually, nmost people I know never use the WoT. They only use keys
> obtained directly from the person they want to exchange encrypted email
> with.
> 
>> This draft uses a model in which the key is bound to a mailbox
> 
> openpgp keys are bound to ID's, which can ultimately end up in a
> mailbox but is not required to do so.
> 
> For instance, the gpg key used to sign fedora21 packages with an openpgp
> key ID containing "fedora21@fedoraproject.org" might not have any mailbox
> associated with it. It is merely shared in the DNS under an email address,
> without a mailbox or valid local-part.
> 
>> any stronger identity, and you have to trust that the domain's
>> management fairly represents its users
> 
> Correct, the domain's management that controls either DNS or SMTP servers,
> can steal a users email.
> 
>> That's not a ridiculous model, but if
>> that's the model, the draft and draft-ietf-dane-openpgpkey-usage need
>> to say so.  At this point, neither does.
> 
>> From the Introduction:
> 
>   This document specifies a method for publishing and
>   locating OpenPGP public keys in DNS for a specific email address
>   using a new OPENPGPKEY DNS Resource Record.  Security is provided via
>   DNSSEC.
> 
> So your point is made already pretty clear in the introduction
> already. Security comes from DNSSEC, so whoever controls the domain,
> controls the publishing of openpgp keys.
> 
> Section 5.2 also contains some advise. Section 7.4 also mentions this,
> but not under a section title that makes that very clear.
> 
> Some clarifications will be made, especially in the security
> considerations section, to clarify this, based on the IETF LC comments.
> 
> Thank you,
> 
> Paul
>

v2.23.0 | Report a Bug | By Email