Re: [dane] PGP security models, was Summary of IETF LC for draft-ietf-dane-openpgpkey
manning <bmanning@karoshi.com> Mon, 21 September 2015 23:56 UTC
Return-Path: <bmanning@karoshi.com>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0EC2C1A923E; Mon, 21 Sep 2015 16:56:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.209
X-Spam-Level:
X-Spam-Status: No, score=-4.209 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NO_DNS_FOR_FROM=0.001, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2BFHCgq-sqg0; Mon, 21 Sep 2015 16:56:19 -0700 (PDT)
Received: from vacation.karoshi.com (vacation.karoshi.com [198.32.6.68]) by ietfa.amsl.com (Postfix) with ESMTP id E62741A92A9; Mon, 21 Sep 2015 16:55:43 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by vacation.karoshi.com (Postfix) with ESMTP id 1CD5EBFCDAD; Mon, 21 Sep 2015 16:55:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at karoshi.com
Received: from vacation.karoshi.com ([127.0.0.1]) by localhost (vacation.karoshi.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r0pU36tbVgD2; Mon, 21 Sep 2015 16:55:28 -0700 (PDT)
Received: from [198.32.4.206] (unknown [198.32.4.206]) by vacation.karoshi.com (Postfix) with ESMTPSA id 2C375BFCDA3; Mon, 21 Sep 2015 16:55:28 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: manning <bmanning@karoshi.com>
In-Reply-To: <BF1BD782-A76E-48B0-94B9-184431FE2B80@karoshi.com>
Date: Mon, 21 Sep 2015 16:55:40 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <51D457C2-974C-4714-BB92-7B9BBA015304@karoshi.com>
References: <20150921172109.19893.qmail@ary.lan> <alpine.LFD.2.20.1509211455150.420@bofh.nohats.ca> <BF1BD782-A76E-48B0-94B9-184431FE2B80@karoshi.com>
To: Manning Bill <bmanning@karoshi.com>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: <http://mailarchive.ietf.org/arch/msg/dane/moo5HM30V31BnQxiZT7RRkYZ2Gg>
Cc: Paul Wouters <paul@nohats.ca>, ietf@ietf.org, dane WG list <dane@ietf.org>
Subject: Re: [dane] PGP security models, was Summary of IETF LC for draft-ietf-dane-openpgpkey
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Sep 2015 23:56:55 -0000
Or, if your just going to nail this to email, its a whole lot easier to just insert this header.. xkcd.com/1181/ no real need to be fancy and do the actual PGP verification. Takes far to long. manning bmanning@karoshi.com PO Box 6151 Playa del Rey, CA 90296 310.322.8102 On 21September2015Monday, at 16:24, manning <bmanning@karoshi.com> wrote: > I think Paul nails it, at least for the more aware folks around. Using the WoT to gauge anything other than confidence in choice of friends/associates is asking for trouble. > See Also: Robin Sage : en.wikipedia.org/wiki/Robin_Sage > > manning > bmanning@karoshi.com > PO Box 6151 > Playa del Rey, CA 90296 > 310.322.8102 > > > > > > > On 21September2015Monday, at 12:14, Paul Wouters <paul@nohats.ca> wrote: > >> On Mon, 21 Sep 2015, John Levine wrote: >> >>>> OPENPGP is a data format, WoT is one way to employ that format to >>>> exchange messages. It is not a *required* way to use OPENPGP. >>> >>> Sure, but it's the way that everyone has used PGP for 20 years, >>> and it's the security model that everyone I know expects when they >>> use PGP keys. >> >> Actually, nmost people I know never use the WoT. They only use keys >> obtained directly from the person they want to exchange encrypted email >> with. >> >>> This draft uses a model in which the key is bound to a mailbox >> >> openpgp keys are bound to ID's, which can ultimately end up in a >> mailbox but is not required to do so. >> >> For instance, the gpg key used to sign fedora21 packages with an openpgp >> key ID containing "fedora21@fedoraproject.org" might not have any mailbox >> associated with it. It is merely shared in the DNS under an email address, >> without a mailbox or valid local-part. >> >>> any stronger identity, and you have to trust that the domain's >>> management fairly represents its users >> >> Correct, the domain's management that controls either DNS or SMTP servers, >> can steal a users email. >> >>> That's not a ridiculous model, but if >>> that's the model, the draft and draft-ietf-dane-openpgpkey-usage need >>> to say so. At this point, neither does. >> >>> From the Introduction: >> >> This document specifies a method for publishing and >> locating OpenPGP public keys in DNS for a specific email address >> using a new OPENPGPKEY DNS Resource Record. Security is provided via >> DNSSEC. >> >> So your point is made already pretty clear in the introduction >> already. Security comes from DNSSEC, so whoever controls the domain, >> controls the publishing of openpgp keys. >> >> Section 5.2 also contains some advise. Section 7.4 also mentions this, >> but not under a section title that makes that very clear. >> >> Some clarifications will be made, especially in the security >> considerations section, to clarify this, based on the IETF LC comments. >> >> Thank you, >> >> Paul >> >
- Re: [dane] Summary of IETF LC for draft-ietf-dane… Viktor Dukhovni
- Re: [dane] PGP security models, was Summary of IE… John Levine
- Re: [dane] PGP security models, was Summary of IE… Paul Wouters
- Re: [dane] PGP security models, was Summary of IE… manning
- Re: [dane] PGP security models, was Summary of IE… manning
- Re: [dane] PGP security models, was Summary of IE… Scott Kitterman
- Re: [dane] PGP security models, was Summary of IE… John C Klensin
- Re: [dane] PGP security models, was Summary of IE… Joe Abley
- Re: [dane] PGP security models, was Summary of IE… Paul Wouters
- Re: [dane] provisioning assumptions, was PGP secu… John Levine
- Re: [dane] provisioning assumptions, was PGP secu… Paul Wouters
- Re: [dane] PGP security models, was Summary of IE… Randy Bush
- Re: [dane] PGP security models, was Summary of IE… Viktor Dukhovni
- Re: [dane] PGP security models, was Summary of IE… Randy Bush
- Re: [dane] PGP security models, was Summary of IE… Sam Hartman
- Re: [dane] PGP security models, was Summary of IE… Dave Crocker
- Re: [dane] PGP security models, was Summary of IE… Paul Wouters
- Re: [dane] PGP security models, was Summary of IE… Sam Hartman
- Re: [dane] PGP security models, was Summary of IE… Dave Crocker