Re: [dane] I-D Action: draft-ietf-dane-smime-04.txt

Paul Wouters <paul@cypherpunks.ca> Wed, 08 January 2014 21:02 UTC

Return-Path: <paul@cypherpunks.ca>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 114741AE5D3 for <dane@ietfa.amsl.com>; Wed, 8 Jan 2014 13:02:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CwGKKNXILRIW for <dane@ietfa.amsl.com>; Wed, 8 Jan 2014 13:02:08 -0800 (PST)
Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) by ietfa.amsl.com (Postfix) with ESMTP id D82CC1AE5C8 for <dane@ietf.org>; Wed, 8 Jan 2014 13:02:07 -0800 (PST)
Received: from bofh.nohats.ca (bofh.nohats.ca [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id D115A80055; Wed, 8 Jan 2014 16:01:56 -0500 (EST)
Received: from localhost (paul@localhost) by bofh.nohats.ca (8.14.7/8.14.7/Submit) with ESMTP id s08L1u3E028796; Wed, 8 Jan 2014 16:01:56 -0500
X-Authentication-Warning: bofh.nohats.ca: paul owned process doing -bs
Date: Wed, 8 Jan 2014 16:01:56 -0500 (EST)
From: Paul Wouters <paul@cypherpunks.ca>
X-X-Sender: paul@bofh.nohats.ca
To: Paul Hoffman <paul.hoffman@vpnc.org>
In-Reply-To: <89AE05E1-BC6C-46BA-A4CC-A8F29070096D@vpnc.org>
Message-ID: <alpine.LFD.2.10.1401081551520.1805@bofh.nohats.ca>
References: <20140108152321.10496.88212.idtracker@ietfa.amsl.com> <20140108160156.GE2317@mournblade.imrryr.org> <89AE05E1-BC6C-46BA-A4CC-A8F29070096D@vpnc.org>
User-Agent: Alpine 2.10 (LFD 1266 2009-07-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII
Cc: "dane@ietf.org list" <dane@ietf.org>
Subject: Re: [dane] I-D Action: draft-ietf-dane-smime-04.txt
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Jan 2014 21:02:09 -0000

On Wed, 8 Jan 2014, Paul Hoffman wrote:

> In the real world, there are few users who have LHS user names that are more than 30 (or maybe even 20) characters long. What you are proposing is "base32 but not really base32" and that could introduce errors in libraries looking up the names.

It's not _that_ hard:

paul@thinkpad:~$ python
Python 2.7.5 (default, Nov 12 2013, 16:45:54) 
[GCC 4.8.2 20131017 (Red Hat 4.8.2-1)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import base64
>>> x = bas64.b32encode("PaulReallyIHaveNoMiddleNameAndThatOtherGuyIsNotMeAndIdontBowlEitherNorRunaNudeBeachInRotterdamWouters")
>>> [ x[i:i+60] for i in range(0, chunks, 60) ]
>>> ".".join([ x[i:i+60] for i in range(0, chunks, 60) ]).lower()
'kbqxk3csmvqwy3dzjfegc5tfjzxu22lemrwgkttbnvsuc3tekrugc5cporug.k4shov4us42on52e2zkbnzseszdpnz2ee33xnrcws5dimvze433skj2w4yko.ovsgkqtfmfrwqslokjxxi5dfojsgc3kxn52xizlsom======'

Similarly, it's easy to add a .strip("=")

>> Also, with say "6" octets of input, e.g. "viktor", we have 48 bits
>>
>> 	OZUWW5DPOI======
>>
>> This seems rather wasteful.
>
> Relative to, say, the size of a PKIX certificate? :-)

In some sense, I'm more interested in skipping the '=' symbols because
some GUI's won't allow "=" in DNS names. Size does not really matter
to me.

>> Allowing for significantly longer local parts (ultimately limited
>> by the total length of a DNS fqdn when combined with the relevant
>> suffix derived from the domain part).
>
> I think this is vast overkill for a rarely-needed use case, but I'm open to hear where people think LHS names longer than 35 characters are used in places where S/MIME or PGP are also used.

That I agree with. I'd rather not do it if it is not a "real thing".

Paul