Re: [dane] draft-ietf-dane-smime

Paul Hoffman <> Thu, 02 October 2014 22:12 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 0D20A1A03D0 for <>; Thu, 2 Oct 2014 15:12:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -3.647
X-Spam-Status: No, score=-3.647 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_MISMATCH_COM=0.553, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id OmSLGGe-rCjI for <>; Thu, 2 Oct 2014 15:12:16 -0700 (PDT)
Received: from (Hoffman.Proper.COM []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 051C91A023E for <>; Thu, 2 Oct 2014 15:12:15 -0700 (PDT)
Received: from [] ( []) (authenticated bits=0) by (8.14.9/8.14.7) with ESMTP id s92MCBcc011960 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Thu, 2 Oct 2014 15:12:13 -0700 (MST) (envelope-from
X-Authentication-Warning: Host [] claimed to be []
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Paul Hoffman <>
In-Reply-To: <>
Date: Thu, 2 Oct 2014 15:12:09 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <> <> <>
To: Doug Montgomery <>
X-Mailer: Apple Mail (2.1878.6)
Cc: dane WG list <>
Subject: Re: [dane] draft-ietf-dane-smime
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 02 Oct 2014 22:12:21 -0000

On Oct 2, 2014, at 1:56 PM, Doug Montgomery <> wrote:

> I am a little confused as to why we seem to couple the use case of key discovery and distribution in TLS to the use case for email/network-identity.   These seem to be very different use cases to me.
> I looked back at two years of data.   My own, mid-size (3K staff) organization revokes on average 165 net-identities a month.

This is literally the first data I have seen that indicated that email certs were revoked for other than far edge cases. (I'm assuming that you are equating "net-identities" and email certs...)  Thanks for the data.

But, having said that, NIST isn't a typical organization. The fact that you revoke more than half of your S/MIME certs per year is surprising to me, but that may be because I am not familiar with the policies you used.

> As far as I know we have never revoked our TLS cert ... 

Right: TLS certs are rarely revoked. This can be seen by looking at the CRLs from major CAs. However, looking in those same CRLs shows nearly no S/MIME certs revoked either.

> I know of other industry sectors attempting to develop rather complex pub/sub architectures to signal changes in status of email identities from large mailbox providers to other users/uses of the ID. 

This seems different from what you said above. In a pub/sub architecture, there is no reason to revoke the old cert when an individual gets a new identity because the individual still controls the private key of the earlier identity. In other pub/sub systems I have seen, they use short-lived (~1 month) certs and issue new ones for "continuing" usage, so no revocation is needed.

> Overly coupling the use cases and requirements between these uses seems to be a red herring to me.    Maybe we should turn the question around and ask for an explanation why the use cases for TLS should impact the requirements for SMIMEA?

Or, based on what Jakob and I suggested, why shouldn't features that are needed for either use case be shared?

> On Thu, Oct 2, 2014 at 5:00 PM, Jakob Schlyter <> wrote:
> On 2 okt 2014, at 22:56, Doug Montgomery <> wrote:
> If you trust in DANE, and the certificate is no longer published in DNS, it is not valid - no revocation is needed. If you do not trust in DANE, normal/legacy revocation procedures (OCSP/CRL) applies.

On Oct 2, 2014, at 2:05 PM, Doug Montgomery <> wrote:

> And how is that definitively distinguishable from that email identity never having a CERT in DANE in the first place?

It completely depends on whether the enterprise is using SMIMEA for certificate discovery or key distribution. Our draft explicitly states that it is aimed at the latter, but allows the former. Given that the use case in the introduction is for keys, not certificates, the lack of presence in the DNS makes the key invisible.

This is not to say that TLSA/SMIME should not have the feature of carrying "this certificate was revoked" information; the WG may want that. But it seems weird, at least to me, that this feature could be considered only for S/MIME.

--Paul Hoffman