IETF Logo Mail Archive

Re: [dane] Start of WGLC for draft-ietf-dane-openpgpkey - *please* review.

Paul Wouters <paul@nohats.ca> Wed, 25 February 2015 17:51 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 09B931A003A for <dane@ietfa.amsl.com>; Wed, 25 Feb 2015 09:51:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.01
X-Spam-Level:
X-Spam-Status: No, score=-2.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QXpjJJ5i7sYM for <dane@ietfa.amsl.com>; Wed, 25 Feb 2015 09:51:03 -0800 (PST)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0E2931A0027 for <dane@ietf.org>; Wed, 25 Feb 2015 09:51:03 -0800 (PST)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3ksl6Y5ryPz6T; Wed, 25 Feb 2015 18:51:01 +0100 (CET)
Authentication-Results: mx.nohats.ca; dkim=pass reason="1024-bit key; unprotected key" header.d=nohats.ca header.i=@nohats.ca header.b=lU57yOpq; dkim-adsp=pass
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id LrmjM5Z507oB; Wed, 25 Feb 2015 18:51:00 +0100 (CET)
Received: from bofh.nohats.ca (206-248-139-105.dsl.teksavvy.com [206.248.139.105]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Wed, 25 Feb 2015 18:51:00 +0100 (CET)
Received: from bofh.nohats.ca (bofh.nohats.ca [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id ECE28803E0; Wed, 25 Feb 2015 12:50:59 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1424886659; bh=JhYCUMrASOdiPIg3q6foXAMh6qb3MCAv3rS15BP7Io4=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=lU57yOpq/Yfgq6ZKDZj5K6wdiQg7qnjFDcpKgulz0GaY5MrXqGry/ld/YfLZvuZEj FU5TBGIkeVrm69c9qukN3hhfjOxb4yG8XESIKAIor7zO4fZZAlbp6D8KwogkYjnb4S gdSFncZKCmq9diH4sk1CkIPAYXc0T2ZChvW5mSHQ=
Received: from localhost (paul@localhost) by bofh.nohats.ca (8.14.7/8.14.7/Submit) with ESMTP id t1PHoxNa006215; Wed, 25 Feb 2015 12:50:59 -0500
X-Authentication-Warning: bofh.nohats.ca: paul owned process doing -bs
Date: Wed, 25 Feb 2015 12:50:59 -0500
From: Paul Wouters <paul@nohats.ca>
To: Warren Kumari <warren@kumari.net>
In-Reply-To: <CAHw9_iKNwGBOqdLm04Lqox6ai5tzK1Q-WfkxY=Qvtx+uOG1Qpw@mail.gmail.com>
Message-ID: <alpine.LFD.2.10.1502251246430.3004@bofh.nohats.ca>
References: <CAHw9_iJPuG23Aok7V_wcAMirua_DPDLHy01tnd+DaUqEeK3NZA@mail.gmail.com> <001a01d04f19$b0292e90$107b8bb0$@augustcellars.com> <20150223035230.GD1260@mournblade.imrryr.org> <001b01d04f1c$f626c940$e2745bc0$@augustcellars.com> <20150223040833.GF1260@mournblade.imrryr.org> <CAHw9_iJ167aCbpW=Fni0h_vsWLcWQVLC1P7vkr6X0cmAV9zG=g@mail.gmail.com> <20150223225630.GO1260@mournblade.imrryr.org> <CAHw9_iKNwGBOqdLm04Lqox6ai5tzK1Q-WfkxY=Qvtx+uOG1Qpw@mail.gmail.com>
User-Agent: Alpine 2.10 (LFD 1266 2009-07-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
Archived-At: <http://mailarchive.ietf.org/arch/msg/dane/tLJzv0D_OBdcOEcUzXfsGntAng0>
Cc: "<dane@ietf.org>" <dane@ietf.org>
Subject: Re: [dane] Start of WGLC for draft-ietf-dane-openpgpkey - *please* review.
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Feb 2015 17:51:05 -0000

On Wed, 25 Feb 2015, Warren Kumari wrote:

>> Is there rough consensus behind this proposal (for both OPENPGPKEY
>> and SMIMEA)?

> I think we were very close to rough consensus, but I'm not sure how
> many people actually read the suggestion. I know not everyone loved
> the idea, but I think it might be the best that we can do....
>
> Viktor, would you mind writing up the proposal again (in a new thread)
> and we'll call consensus on this approach?

I think I explained this before, but I don't like anything that requires
putting more than one entry into the DNS. The logic should be in the
client behaviour. the SMTP protocol allows "Frank" to be a different
email from "frank" so we cannot define these two to be the same at the
protocol level. We can only provide guidance the clients trying to
consume the new RRtypes.

So I'm okay with defining client behaviour to try sha224(Frank) and then
sha224(frank) and have a note in the security section explaining that
in theory (even if not in practise) these two could be different people.

Paul

v2.23.0 | Report a Bug | By Email