Re: [dane] provisioning assumptions, was PGP security models, was Summary
Paul Wouters <paul@nohats.ca> Tue, 22 September 2015 20:47 UTC
Return-Path: <paul@nohats.ca>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A2E2B1B2DDA for <dane@ietfa.amsl.com>; Tue, 22 Sep 2015 13:47:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.01
X-Spam-Level:
X-Spam-Status: No, score=-2.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hsH_tMoXo03k for <dane@ietfa.amsl.com>; Tue, 22 Sep 2015 13:47:24 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 965591B2DD9 for <dane@ietf.org>; Tue, 22 Sep 2015 13:47:24 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3nLF7X50YZz3QZ for <dane@ietf.org>; Tue, 22 Sep 2015 22:47:20 +0200 (CEST)
Authentication-Results: mx.nohats.ca; dkim=pass (1024-bit key) header.d=nohats.ca header.i=@nohats.ca header.b=XD4bXteS
X-OPENPGPKEY: Message passed unmodified
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id BTyyoG5PB9ZF for <dane@ietf.org>; Tue, 22 Sep 2015 22:47:19 +0200 (CEST)
Received: from bofh.nohats.ca (206-248-139-105.dsl.teksavvy.com [206.248.139.105]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS for <dane@ietf.org>; Tue, 22 Sep 2015 22:47:19 +0200 (CEST)
Received: from bofh.nohats.ca (bofh.nohats.ca [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 97719800AD for <dane@ietf.org>; Tue, 22 Sep 2015 16:47:18 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1442954838; bh=o9UP9LH5lwavLR7txjN3hEs20nnwF4qNv93pc9F2iok=; h=Date:From:To:Subject:In-Reply-To:References; b=XD4bXteS/8zFGelyv15jA00wP0FZd1IQ18oVJiOMJlAnEnDzAE3cpandcL/RLZXN2 jpE88YOZgQOjXO5oP3LGOIpiJ08ej88FCBmSgvbpRvkPnTe0mEKtnHiyfX+rTp+DY7 UieUo0psRkFMyWrdGld3DPS1LUeSHUuMlKgE60Dk=
Received: from localhost (paul@localhost) by bofh.nohats.ca (8.15.2/8.15.2/Submit) with ESMTP id t8MKlIBv030834 for <dane@ietf.org>; Tue, 22 Sep 2015 16:47:18 -0400
X-Authentication-Warning: bofh.nohats.ca: paul owned process doing -bs
Date: Tue, 22 Sep 2015 16:47:18 -0400
From: Paul Wouters <paul@nohats.ca>
To: dane WG list <dane@ietf.org>
In-Reply-To: <20150922201124.4334.qmail@ary.lan>
Message-ID: <alpine.LFD.2.20.1509221642410.30047@bofh.nohats.ca>
References: <20150922201124.4334.qmail@ary.lan>
User-Agent: Alpine 2.20 (LFD 67 2015-01-07)
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Archived-At: <http://mailarchive.ietf.org/arch/msg/dane/qYRh4ls7HnqcTAuBDHnKs3vyyuE>
Subject: Re: [dane] provisioning assumptions, was PGP security models, was Summary
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Sep 2015 20:47:26 -0000
On Tue, 22 Sep 2015, John Levine wrote: > Also, this introduces a downgrade attack. User creates a key, gets > lots of WoT signatures, publishes it through key servers and DANE. > Bad guy takes over the account, publishes a new key with no > signatures. According to sec 5.2 of the draft, a mail sender looks up > the key, finds they disagree, and the verification fails. Now what? > The draft suggests dumping the question on the MUA user, which we know > is never a good idea. As likely as not a naive user would pick the > newer key, the one that says "USE THIS KEY OLD ONE WAS STOLEN." The attacker already receives all email to the stolen account. And can reset all services that require only email verification for a password reset. This is pretty identical to the situation where you do not use DNS and the attacker takes over the email account and mails all address book entries a new PGP key. If encryption is required for life saving, and you are confronted with a new key, then you better check either with the person or at the minimum check it was signed with the old known key. The fact that you pull a new key from DNS versus a new key from a keyserver is irrelevant to this. > Finally, if the problem with existing key servers is that they won't > delete dead keys, that does not strike me as an insoluble problem. > Talk to the people who run them Please do. But it is out of scope for this draft that is specifying a different method of publishing your openpgp keys. > and we're all done. That's your goal, not the goal of the dane working group when they adopted this draft. Paul
- Re: [dane] Summary of IETF LC for draft-ietf-dane… Viktor Dukhovni
- Re: [dane] PGP security models, was Summary of IE… John Levine
- Re: [dane] PGP security models, was Summary of IE… Paul Wouters
- Re: [dane] PGP security models, was Summary of IE… manning
- Re: [dane] PGP security models, was Summary of IE… manning
- Re: [dane] PGP security models, was Summary of IE… Scott Kitterman
- Re: [dane] PGP security models, was Summary of IE… John C Klensin
- Re: [dane] PGP security models, was Summary of IE… Joe Abley
- Re: [dane] PGP security models, was Summary of IE… Paul Wouters
- Re: [dane] provisioning assumptions, was PGP secu… John Levine
- Re: [dane] provisioning assumptions, was PGP secu… Paul Wouters
- Re: [dane] PGP security models, was Summary of IE… Randy Bush
- Re: [dane] PGP security models, was Summary of IE… Viktor Dukhovni
- Re: [dane] PGP security models, was Summary of IE… Randy Bush
- Re: [dane] PGP security models, was Summary of IE… Sam Hartman
- Re: [dane] PGP security models, was Summary of IE… Dave Crocker
- Re: [dane] PGP security models, was Summary of IE… Paul Wouters
- Re: [dane] PGP security models, was Summary of IE… Sam Hartman
- Re: [dane] PGP security models, was Summary of IE… Dave Crocker