Re: [dane] Comments on draft-ietf-dane-smime-04

James Cloos <cloos@jhcloos.com> Thu, 13 February 2014 23:27 UTC

Return-Path: <cloos@jhcloos.com>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EC74E1A0037 for <dane@ietfa.amsl.com>; Thu, 13 Feb 2014 15:27:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.549
X-Spam-Level:
X-Spam-Status: No, score=-2.549 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.548, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tckdw5lQ5onr for <dane@ietfa.amsl.com>; Thu, 13 Feb 2014 15:27:42 -0800 (PST)
Received: from ore.jhcloos.com (ore.jhcloos.com [198.147.23.85]) by ietfa.amsl.com (Postfix) with ESMTP id 2A68E1A0023 for <dane@ietf.org>; Thu, 13 Feb 2014 15:27:42 -0800 (PST)
Received: by ore.jhcloos.com (Postfix, from userid 10) id 8EE761DFF4; Thu, 13 Feb 2014 23:27:38 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jhcloos.com; s=ore13; t=1392334058; bh=SP46fwbso/qJiqS5Be4hN0QnePiH/Z+uTk2ZwLcrrRM=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=QQnrvUT7TzuxjAFTn1sZK+xuMvnachr6kTPXytDzR0zXLTJvrDMYxaeGN56Z9C0V3 lR9Tdb2irQIJry178xt3KKPW2f7yUegU2IFqWlGav4Yu7BTEbx6jEEZPKvaikpianK 2BG4bfJ+9H6stpZ6Ie9RdxIVVajfSfnBfYZuPBHSOPQ==
Received: by carbon.jhcloos.org (Postfix, from userid 500) id 9E4A260021; Thu, 13 Feb 2014 23:05:20 +0000 (UTC)
From: James Cloos <cloos@jhcloos.com>
To: <dane@ietf.org>
In-Reply-To: <D84E4FB1-8B9F-4C16-80F6-A307B2E0B0AD@verisign.com> (Eric Osterweil's message of "Thu, 13 Feb 2014 18:19:10 +0000")
References: <07ba01cf23b9$4b4e0540$e1ea0fc0$@augustcellars.com> <D84E4FB1-8B9F-4C16-80F6-A307B2E0B0AD@verisign.com>
User-Agent: Gnus/5.13001 (Ma Gnus v0.10) Emacs/24.3.50 (gnu/linux)
Face: iVBORw0KGgoAAAANSUhEUgAAABAAAAAQAgMAAABinRfyAAAACVBMVEX///8ZGXBQKKnCrDQ3 AAAAJElEQVQImWNgQAAXzwQg4SKASgAlXIEEiwsSIYBEcLaAtMEAADJnB+kKcKioAAAAAElFTkSu QmCC
Copyright: Copyright 2014 James Cloos
OpenPGP: ED7DAEA6; url=http://jhcloos.com/public_key/0xED7DAEA6.asc
OpenPGP-Fingerprint: E9E9 F828 61A4 6EA9 0F2B 63E7 997A 9F17 ED7D AEA6
Date: Thu, 13 Feb 2014 18:05:20 -0500
Message-ID: <m3ob2a396e.fsf@carbon.jhcloos.org>
Lines: 19
MIME-Version: 1.0
Content-Type: text/plain
X-Hashcash: 1:30:140213:dane@ietf.org::ZnkeC1KF5uYtCKLS:000Q41lJ
X-Hashcash: 1:30:140213:eosterweil@verisign.com::YadfFe+opV2otP4b:0000000000000000000000000000000000000b/Sgv
X-Hashcash: 1:30:140213:ietf@augustcellars.com::HhGm0GXaqI3f4kje:00000000000000000000000000000000000000tZ6ly
X-Hashcash: 1:30:140213:draft-ietf-dane-smime\@tools.ietf.org\::dNwr7zePZPPrkKkE:0000000000000000000000V5KWK
X-Hashcash: 1:30:140213:draft-ietf-dane-smime@tools.ietf.org::rlxwRp8Dgeov6mw8:000000000000000000000000j4Ku9
Archived-At: http://mailarchive.ietf.org/arch/msg/dane/rHBZTpI_3SOA9yALWwPxOHe5efE
Cc: "<draft-ietf-dane-smime@tools.ietf.org>" <draft-ietf-dane-smime@tools.ietf.org>
Subject: Re: [dane] Comments on draft-ietf-dane-smime-04
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Feb 2014 23:27:44 -0000

>>>>> "OE" == Osterweil, Eric <eosterweil@verisign.com> writes:

OE> With PGP, I can use a key with a diff email than the account from
OE> which I send it (for ex, I can use my spam account and rely on my
OE> full name and friends who know me to make the logical leap), do we
OE> all want DANE to outlaw this for S/MIME?

Absolutely not.

There is no value in forcing the sending email address to match the info
in any signature over the message (or over any part of the message).

(With emphasis on /forcing/.)

Those details may be used as *part* of the trust equation, but only as part.

-JimC
--
James Cloos <cloos@jhcloos.com>         OpenPGP: 1024D/ED7DAEA6