IETF Logo Mail Archive

Re: [dane] PGP security models, was Summary of IETF LC for draft-ietf-dane-openpgpkey

manning <bmanning@karoshi.com> Mon, 21 September 2015 23:56 UTC

Return-Path: <bmanning@karoshi.com>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0EC2C1A923E; Mon, 21 Sep 2015 16:56:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.209
X-Spam-Level:
X-Spam-Status: No, score=-4.209 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NO_DNS_FOR_FROM=0.001, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2BFHCgq-sqg0; Mon, 21 Sep 2015 16:56:19 -0700 (PDT)
Received: from vacation.karoshi.com (vacation.karoshi.com [198.32.6.68]) by ietfa.amsl.com (Postfix) with ESMTP id E62741A92A9; Mon, 21 Sep 2015 16:55:43 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by vacation.karoshi.com (Postfix) with ESMTP id 1CD5EBFCDAD; Mon, 21 Sep 2015 16:55:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at karoshi.com
Received: from vacation.karoshi.com ([127.0.0.1]) by localhost (vacation.karoshi.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r0pU36tbVgD2; Mon, 21 Sep 2015 16:55:28 -0700 (PDT)
Received: from [198.32.4.206] (unknown [198.32.4.206]) by vacation.karoshi.com (Postfix) with ESMTPSA id 2C375BFCDA3; Mon, 21 Sep 2015 16:55:28 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: manning <bmanning@karoshi.com>
In-Reply-To: <BF1BD782-A76E-48B0-94B9-184431FE2B80@karoshi.com>
Date: Mon, 21 Sep 2015 16:55:40 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <51D457C2-974C-4714-BB92-7B9BBA015304@karoshi.com>
References: <20150921172109.19893.qmail@ary.lan> <alpine.LFD.2.20.1509211455150.420@bofh.nohats.ca> <BF1BD782-A76E-48B0-94B9-184431FE2B80@karoshi.com>
To: Manning Bill <bmanning@karoshi.com>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: <http://mailarchive.ietf.org/arch/msg/dane/moo5HM30V31BnQxiZT7RRkYZ2Gg>
Cc: Paul Wouters <paul@nohats.ca>, ietf@ietf.org, dane WG list <dane@ietf.org>
Subject: Re: [dane] PGP security models, was Summary of IETF LC for draft-ietf-dane-openpgpkey
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Sep 2015 23:56:55 -0000

Or, if your just going to nail this to email, its a whole lot easier to just insert this header..

xkcd.com/1181/

no real need to be fancy and do the actual PGP verification. Takes far to long.

manning
bmanning@karoshi.com
PO Box 6151
Playa del Rey, CA 90296
310.322.8102






On 21September2015Monday, at 16:24, manning <bmanning@karoshi.com> wrote:

> I think Paul nails it, at least for the more aware folks around.  Using the WoT to gauge anything other than confidence in choice of friends/associates is asking for trouble.
> See Also:  Robin Sage :  en.wikipedia.org/wiki/Robin_Sage
> 
> manning
> bmanning@karoshi.com
> PO Box 6151
> Playa del Rey, CA 90296
> 310.322.8102
> 
> 
> 
> 
> 
> 
> On 21September2015Monday, at 12:14, Paul Wouters <paul@nohats.ca> wrote:
> 
>> On Mon, 21 Sep 2015, John Levine wrote:
>> 
>>>> OPENPGP is a data format, WoT is one way to employ that format to
>>>> exchange messages.   It is not a *required* way to use OPENPGP.
>>> 
>>> Sure, but it's the way that everyone has used PGP for 20 years,
>>> and it's the security model that everyone I know expects when they
>>> use PGP keys.
>> 
>> Actually, nmost people I know never use the WoT. They only use keys
>> obtained directly from the person they want to exchange encrypted email
>> with.
>> 
>>> This draft uses a model in which the key is bound to a mailbox
>> 
>> openpgp keys are bound to ID's, which can ultimately end up in a
>> mailbox but is not required to do so.
>> 
>> For instance, the gpg key used to sign fedora21 packages with an openpgp
>> key ID containing "fedora21@fedoraproject.org" might not have any mailbox
>> associated with it. It is merely shared in the DNS under an email address,
>> without a mailbox or valid local-part.
>> 
>>> any stronger identity, and you have to trust that the domain's
>>> management fairly represents its users
>> 
>> Correct, the domain's management that controls either DNS or SMTP servers,
>> can steal a users email.
>> 
>>> That's not a ridiculous model, but if
>>> that's the model, the draft and draft-ietf-dane-openpgpkey-usage need
>>> to say so.  At this point, neither does.
>> 
>>> From the Introduction:
>> 
>>  This document specifies a method for publishing and
>>  locating OpenPGP public keys in DNS for a specific email address
>>  using a new OPENPGPKEY DNS Resource Record.  Security is provided via
>>  DNSSEC.
>> 
>> So your point is made already pretty clear in the introduction
>> already. Security comes from DNSSEC, so whoever controls the domain,
>> controls the publishing of openpgp keys.
>> 
>> Section 5.2 also contains some advise. Section 7.4 also mentions this,
>> but not under a section title that makes that very clear.
>> 
>> Some clarifications will be made, especially in the security
>> considerations section, to clarify this, based on the IETF LC comments.
>> 
>> Thank you,
>> 
>> Paul
>> 
>

v2.23.0 | Report a Bug | By Email