IETF Logo Mail Archive

Re: [dane] AD review of draft-ietf-dane-openpgpkey-03

Alexey Melnikov <alexey.melnikov@isode.com> Thu, 25 June 2015 14:29 UTC

Return-Path: <alexey.melnikov@isode.com>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9795F1A8984 for <dane@ietfa.amsl.com>; Thu, 25 Jun 2015 07:29:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.011
X-Spam-Level:
X-Spam-Status: No, score=-4.011 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, GB_I_LETTER=-2, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cDiEgOjUmsvn for <dane@ietfa.amsl.com>; Thu, 25 Jun 2015 07:29:00 -0700 (PDT)
Received: from statler.isode.com (statler.isode.com [217.34.220.151]) by ietfa.amsl.com (Postfix) with ESMTP id 472B01A895D for <dane@ietf.org>; Thu, 25 Jun 2015 07:28:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1435242536; d=isode.com; s=selector; i=@isode.com; bh=D6jMnbcsGpengE8FEmPgRBjz3e78jypkDt1dvYJ3jp0=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=iueaEB9T/CQsNP8m7XmZme1qL5HJPaSoov1pUGrEVqiimDubquZsxZdKbjP+atCANkJRGF 7yq8NQocZP49fSnWlcCVUF8vW51v8FK7wG8rWP+/CZh4KTrJzbxUQ69OXXxByKYy2mNe+9 IdKGLZB9wqa3qjVPhzv3xuXs70Gu2Hw=;
Received: from [172.20.1.215] (dhcp-215.isode.net [172.20.1.215]) by statler.isode.com (submission channel) via TCP with ESMTPSA id <VYwQJgBxrIBv@statler.isode.com>; Thu, 25 Jun 2015 15:28:55 +0100
Message-ID: <558C1016.7030109@isode.com>
Date: Thu, 25 Jun 2015 15:28:38 +0100
From: Alexey Melnikov <alexey.melnikov@isode.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
To: Paul Wouters <paul@nohats.ca>, dane WG list <dane@ietf.org>
References: <20150625022147.91282.qmail@ary.lan> <alpine.LFD.2.11.1506250932250.21537@bofh.nohats.ca>
In-Reply-To: <alpine.LFD.2.11.1506250932250.21537@bofh.nohats.ca>
MIME-Version: 1.0
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/dane/p6Jrt5fshTbVwrnyau3bzJ0GtAA>
Subject: Re: [dane] AD review of draft-ietf-dane-openpgpkey-03
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Jun 2015 14:29:01 -0000

Hi Paul,

On 25/06/2015 14:53, Paul Wouters wrote:
> On Wed, 25 Jun 2015, John Levine wrote:
>> In hashes, you might want to do some back of the envelope calcuations
>> about how many CNAMEs you'd need to cover even a modest number of dots
>> and case variations.
>>
>> Speaking of case folding, I note that nobody here seems to understand
>> UTF-8 and EAI.
>
>     "This sort of misrepresentation of what other people [have said] is
>       extremely unhelpful."
>
>> Really, it matters.  If you think it doesn't, please
>> add a sentence saying "This specification MUST NOT be implemented in
>> any country where languages other than English and Hawaiian are in
>> use" since those are the only ones that can be written in ASCII.
>
> I'm at ICANN53 and talked to some of the people that are well versed
> in EAI, such as Asmus Freytag, Hirofumi Hotta and Wil Tan.
>
> There is apparently only one language where lowercasing can change the
> meaning of a letter and that is Turkish (with the letter I)
>
> Their recommendation was to only lowercase for ascii and to normalize
> everything else, then hash (or base32/split)
>
> Normalization seems to be a proper way of doing things. Some references:
>
> https://tools.ietf.org/html/draft-dainow-eai-email-clients-00#section-5
> https://tools.ietf.org/html/draft-ietf-eai-rfc5335bis-08#section-2.2
> https://tools.ietf.org/html/draft-klensin-net-utf8-09
>
> So my suggestion is to recommend normalization and refer to
> draft-dainow-eai-email-clients

This draft has expired in 2008... I don't think it will ever be 
completed. So make the reference informative ("as specified in ...") and 
copy the text from it.

> and draft-klensin-net-utf8
>
> I still feel that using this ruleset, using a hash seems fine, but if
> people really feel that live signing DNSSEC servers talking to live mail
> servers is a thing that must be supported instead of that use case being
> handed of to a separate webfinger document, I could go with base32/split
> as well.
>
> I'll try to run into Warren again here at ICAN and see how and when he
> would like me to update the document.

v2.23.0 | Report a Bug | By Email