Re: [dane] PGP security models, was Summary of IETF LC for draft-ietf-dane-openpgpkey
manning <bmanning@karoshi.com> Mon, 21 September 2015 23:25 UTC
Return-Path: <bmanning@karoshi.com>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6F6D61ACF60; Mon, 21 Sep 2015 16:25:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.809
X-Spam-Level:
X-Spam-Status: No, score=-2.809 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, NO_DNS_FOR_FROM=0.001, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i4cJ6EAyxbwj; Mon, 21 Sep 2015 16:24:53 -0700 (PDT)
Received: from vacation.karoshi.com (vacation.karoshi.com [198.32.6.68]) by ietfa.amsl.com (Postfix) with ESMTP id 279D71ACF56; Mon, 21 Sep 2015 16:24:21 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by vacation.karoshi.com (Postfix) with ESMTP id F0C07BFCC08; Mon, 21 Sep 2015 16:24:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at karoshi.com
Received: from vacation.karoshi.com ([127.0.0.1]) by localhost (vacation.karoshi.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YLSYmu97ChoD; Mon, 21 Sep 2015 16:23:58 -0700 (PDT)
Received: from [198.32.4.206] (unknown [198.32.4.206]) by vacation.karoshi.com (Postfix) with ESMTPSA id 02F09BFCBFE; Mon, 21 Sep 2015 16:23:57 -0700 (PDT)
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
Content-Type: text/plain; charset="us-ascii"
From: manning <bmanning@karoshi.com>
In-Reply-To: <alpine.LFD.2.20.1509211455150.420@bofh.nohats.ca>
Date: Mon, 21 Sep 2015 16:24:10 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <BF1BD782-A76E-48B0-94B9-184431FE2B80@karoshi.com>
References: <20150921172109.19893.qmail@ary.lan> <alpine.LFD.2.20.1509211455150.420@bofh.nohats.ca>
To: Paul Wouters <paul@nohats.ca>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: <http://mailarchive.ietf.org/arch/msg/dane/mPDTzkWr-2HUMC-EDIytySs0glw>
Cc: ietf@ietf.org, dane WG list <dane@ietf.org>
Subject: Re: [dane] PGP security models, was Summary of IETF LC for draft-ietf-dane-openpgpkey
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Sep 2015 23:25:28 -0000
I think Paul nails it, at least for the more aware folks around. Using the WoT to gauge anything other than confidence in choice of friends/associates is asking for trouble. See Also: Robin Sage : en.wikipedia.org/wiki/Robin_Sage manning bmanning@karoshi.com PO Box 6151 Playa del Rey, CA 90296 310.322.8102 On 21September2015Monday, at 12:14, Paul Wouters <paul@nohats.ca> wrote: > On Mon, 21 Sep 2015, John Levine wrote: > >>> OPENPGP is a data format, WoT is one way to employ that format to >>> exchange messages. It is not a *required* way to use OPENPGP. >> >> Sure, but it's the way that everyone has used PGP for 20 years, >> and it's the security model that everyone I know expects when they >> use PGP keys. > > Actually, nmost people I know never use the WoT. They only use keys > obtained directly from the person they want to exchange encrypted email > with. > >> This draft uses a model in which the key is bound to a mailbox > > openpgp keys are bound to ID's, which can ultimately end up in a > mailbox but is not required to do so. > > For instance, the gpg key used to sign fedora21 packages with an openpgp > key ID containing "fedora21@fedoraproject.org" might not have any mailbox > associated with it. It is merely shared in the DNS under an email address, > without a mailbox or valid local-part. > >> any stronger identity, and you have to trust that the domain's >> management fairly represents its users > > Correct, the domain's management that controls either DNS or SMTP servers, > can steal a users email. > >> That's not a ridiculous model, but if >> that's the model, the draft and draft-ietf-dane-openpgpkey-usage need >> to say so. At this point, neither does. > >> From the Introduction: > > This document specifies a method for publishing and > locating OpenPGP public keys in DNS for a specific email address > using a new OPENPGPKEY DNS Resource Record. Security is provided via > DNSSEC. > > So your point is made already pretty clear in the introduction > already. Security comes from DNSSEC, so whoever controls the domain, > controls the publishing of openpgp keys. > > Section 5.2 also contains some advise. Section 7.4 also mentions this, > but not under a section title that makes that very clear. > > Some clarifications will be made, especially in the security > considerations section, to clarify this, based on the IETF LC comments. > > Thank you, > > Paul >
- Re: [dane] Summary of IETF LC for draft-ietf-dane… Viktor Dukhovni
- Re: [dane] PGP security models, was Summary of IE… John Levine
- Re: [dane] PGP security models, was Summary of IE… Paul Wouters
- Re: [dane] PGP security models, was Summary of IE… manning
- Re: [dane] PGP security models, was Summary of IE… manning
- Re: [dane] PGP security models, was Summary of IE… Scott Kitterman
- Re: [dane] PGP security models, was Summary of IE… John C Klensin
- Re: [dane] PGP security models, was Summary of IE… Joe Abley
- Re: [dane] PGP security models, was Summary of IE… Paul Wouters
- Re: [dane] provisioning assumptions, was PGP secu… John Levine
- Re: [dane] provisioning assumptions, was PGP secu… Paul Wouters
- Re: [dane] PGP security models, was Summary of IE… Randy Bush
- Re: [dane] PGP security models, was Summary of IE… Viktor Dukhovni
- Re: [dane] PGP security models, was Summary of IE… Randy Bush
- Re: [dane] PGP security models, was Summary of IE… Sam Hartman
- Re: [dane] PGP security models, was Summary of IE… Dave Crocker
- Re: [dane] PGP security models, was Summary of IE… Paul Wouters
- Re: [dane] PGP security models, was Summary of IE… Sam Hartman
- Re: [dane] PGP security models, was Summary of IE… Dave Crocker