IETF Logo Mail Archive

Re: [dane] Start of WGLC for draft-ietf-dane-openpgpkey: objection about keyring format documentation

Petr Spacek <pspacek@redhat.com> Thu, 26 February 2015 15:23 UTC

Return-Path: <pspacek@redhat.com>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3413A1A0362 for <dane@ietfa.amsl.com>; Thu, 26 Feb 2015 07:23:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.912
X-Spam-Level:
X-Spam-Status: No, score=-6.912 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i4_-l12_Ad5N for <dane@ietfa.amsl.com>; Thu, 26 Feb 2015 07:23:47 -0800 (PST)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6FC111A0158 for <dane@ietf.org>; Thu, 26 Feb 2015 07:23:45 -0800 (PST)
Received: from int-mx09.intmail.prod.int.phx2.redhat.com (int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id t1QFNh4H021348 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for <dane@ietf.org>; Thu, 26 Feb 2015 10:23:44 -0500
Received: from pspacek.brq.redhat.com (unused [10.34.128.7] (may be forged)) by int-mx09.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id t1QFNfen024051 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NO) for <dane@ietf.org>; Thu, 26 Feb 2015 10:23:43 -0500
Message-ID: <54EF3A7D.6070809@redhat.com>
Date: Thu, 26 Feb 2015 16:23:41 +0100
From: Petr Spacek <pspacek@redhat.com>
Organization: Red Hat
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0
MIME-Version: 1.0
To: dane@ietf.org
References: <CAHw9_iJPuG23Aok7V_wcAMirua_DPDLHy01tnd+DaUqEeK3NZA@mail.gmail.com>
In-Reply-To: <CAHw9_iJPuG23Aok7V_wcAMirua_DPDLHy01tnd+DaUqEeK3NZA@mail.gmail.com>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.22
Archived-At: <http://mailarchive.ietf.org/arch/msg/dane/sCpW6AGFHyiNngRgXDhauspo45U>
Subject: Re: [dane] Start of WGLC for draft-ietf-dane-openpgpkey: objection about keyring format documentation
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Feb 2015 15:23:50 -0000

On 20.2.2015 21:30, Warren Kumari wrote:
> Please review this draft to see if you think it is ready for
> publication and send comments to the list, clearly stating your view.

IMHO current version *should be rejected* because further clarification to
keyring format is needed.

See previous discussion on
http://www.ietf.org/mail-archive/web/dane/current/msg07227.html

As I already said, I believe that -01 version does not define an interoperable
standard.

The main problem is that
http://tools.ietf.org/html/draft-ietf-dane-openpgpkey-01#section-2.1
2.1. The OPENPGPKEY RDATA component
  The RDATA (or RHS) of an OPENPGPKEY Resource Record contains a single
  value consisting of a [RFC4880] formatted OpenPGP public keyring.

references

http://tools.ietf.org/html/rfc4880#section-3.6
3.6. Keyrings
  A keyring is a collection of one or more keys in a file or database.
  Traditionally, a keyring is simply a sequential list of keys, but may
  be any suitable database.  It is beyond the scope of this standard to
  discuss the details of keyrings or other databases.

and this definitely is not a definition you could use for implementation.
	
Current format of records can stay as is but it has to be clearly documented
so we do not rely on current GPG implementation.

'It is beyond the scope of this standard to discuss the details of keyrings or
other databases.' is simply not sufficient.

-- 
Petr Spacek  @  Red Hat

v2.23.0 | Report a Bug | By Email