Re: [dane] Improving DANE S/MIME Privacy
Alice Wonder <alice@domblogger.net> Tue, 11 April 2017 22:25 UTC
Return-Path: <alice@domblogger.net>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E7A0128796 for <dane@ietfa.amsl.com>; Tue, 11 Apr 2017 15:25:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=domblogger.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NpWBHTH9EJIP for <dane@ietfa.amsl.com>; Tue, 11 Apr 2017 15:25:18 -0700 (PDT)
Received: from mail.domblogger.net (mail.domblogger.net [104.200.18.67]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 33E001286B1 for <dane@ietf.org>; Tue, 11 Apr 2017 15:25:18 -0700 (PDT)
Received: from localhost.localdomain (68-189-44-253.dhcp.rdng.ca.charter.com [68.189.44.253]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.domblogger.net (Postfix) with ESMTPSA id 9FAD71A6; Tue, 11 Apr 2017 22:25:16 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=domblogger.net; s=default; t=1491949517; bh=JKbcsMizxT8RtQm/iprYa4niogbH3jE7YJdeQOF1oJI=; h=Subject:To:References:Cc:From:Date:In-Reply-To; b=Nv/WQ8W+FU6wcTlfFAj55faPuAfA+DeWsMrWvATAh+Smw4unhH5uYbpzJfs68DT2Q UACS5OUy4GpNGVVDbv0e+wfy34k7Lhw7u26MEuaZ6rYiTxOmS+jZbJnIGGO3alcky3 fRSs9cj/rMlv0io+znhbllQPE35TSgLlUiNN/qV4=
To: Paul Wouters <paul@nohats.ca>
References: <f7332bd5-f003-c828-8f4a-0d543099c872@domblogger.net> <alpine.LRH.2.20.999.1704111513480.15830@bofh.nohats.ca>
Cc: dane@ietf.org
From: Alice Wonder <alice@domblogger.net>
Message-ID: <0d74ee85-fe33-f245-6702-ae0b67040cd8@domblogger.net>
Date: Tue, 11 Apr 2017 15:25:15 -0700
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <alpine.LRH.2.20.999.1704111513480.15830@bofh.nohats.ca>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dane/oPulRy9-BeNj04Zw1zJlMeATqPg>
Subject: Re: [dane] Improving DANE S/MIME Privacy
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Apr 2017 22:25:19 -0000
On 04/11/2017 12:15 PM, Paul Wouters wrote: > On Tue, 11 Apr 2017, Alice Wonder wrote: > >> If the serial number for the x.509 certificate is a salt for the hash, >> then spammers can not determine the validity of an e-mail address from >> DNS but those who already have the certificate can use DNS to DANE >> validate the certificate. > > Except the whole point of this record is to publish that certificate, so > clearly the spammers have a copy of the serial number too :) > > Paul Okay I think my perspective on this is different. Due to epilepsy, I do not drive and require more sleep than most people and frequently must lie down. Not conductive to a good income, so I never used S/MIME simply because I did not want to pay for certs for my various e-mail addresses. I tried OpenPGP but found the web of trust to be too complex for most people I communicate with and found the procedure for revoking a private key that may have been compromised too awkward. I saw S/MIME with DANE as a way to use self-signed x.509 certs with confidence (more confidence than I personally have in the CA system where fraudulent certs are not uncommon, and where software like content filters and superfish often insert a root authority into user's trusted list) and saw S/MIME DANE as a way to validate those self-signed certificates, not as a way to distribute them. I am sorry, I misunderstood the purpose. That being said, the suggestion of using 2 1 1 or even 2 0 0 entries may give the privacy I seek. If a * wildcard works with DNSSEC (I've never tried personally tried them) then the e-mail domain could be the certificate authority for x.509 certificates on the domain and sign certificates for the users that could then be DANE validated without DNS giving positive confirmation to the existence of an address or revealing the public key needed for a spammer to bypass the content filtering when sending malware to random users. That is probably a better solution than using a serial number as a hash, and probably is easier to manage too as it only requires one DNS entry for every user on the system.
- [dane] Improving DANE S/MIME Privacy Alice Wonder
- Re: [dane] Improving DANE S/MIME Privacy Viktor Dukhovni
- Re: [dane] Improving DANE S/MIME Privacy Paul Wouters
- Re: [dane] Improving DANE S/MIME Privacy Viktor Dukhovni
- Re: [dane] Improving DANE S/MIME Privacy John Levine
- Re: [dane] Improving DANE S/MIME Privacy Alice Wonder
- Re: [dane] Improving DANE S/MIME Privacy Paul Wouters
- Re: [dane] Improving DANE S/MIME Privacy Viktor Dukhovni
- Re: [dane] Improving DANE S/MIME Privacy Viktor Dukhovni
- Re: [dane] Improving DANE S/MIME Privacy Phil Pennock