Re: [dane] [openpgp] The DANE draft
Patrick Ben Koetter <p@sys4.de> Wed, 05 August 2015 13:11 UTC
Return-Path: <p@sys4.de>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DFB9D1A0377 for <dane@ietfa.amsl.com>; Wed, 5 Aug 2015 06:11:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.661
X-Spam-Level:
X-Spam-Status: No, score=-1.661 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_EQ_DE=0.35, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QGGytcSPhA8L for <dane@ietfa.amsl.com>; Wed, 5 Aug 2015 06:11:26 -0700 (PDT)
Received: from mail.sys4.de (mail.sys4.de [IPv6:2001:1578:400:111::7]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2ABDD1A0276 for <dane@ietf.org>; Wed, 5 Aug 2015 06:11:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=sys4.de; h= in-reply-to:content-transfer-encoding:content-disposition :content-type:content-type:mime-version:references:message-id :subject:subject:from:from:date:date; s=mail201310; t= 1438780282; x=1440594683; bh=21GF47jiNk/1wCiAZ7EKZOlCOGuhU3xt+/j 4yXk1hbM=; b=NHJmnXU7bZWqdhSB02OWk5Pqs/Btqk3s2qDY01HcoFrJv7FYV0H A5m9GLqMXz1eeJEj3LMJPkQ6tMIr8P5SrrQ3g7dtLwp6PhBTgwj1CB4Dqofq6hDm v7gTw9sLiuVjSQOoBSKJWOf6CsIEM389uazqe1r2yAZwGYZXHovfgzngv7JZXF+S kIDzategDKyEqFXBA7LlCaZA8wsVoQT/B3p/61mcpIGI2qs8AMKQCB0mGsSqXT4n xqyXE4RV24qHbT3yW0KQOy9797NQiXnJxJcQgb8oZeabY89q9lx1NtbUBGtdkfon WRLwSBnMhNdrrndopZu5btzJ4pKK5KTypZA==
X-Virus-Scanned: Debian amavisd-new at mail.sys4.de
Received: from sys4.de (ppp-88-217-18-155.dynamic.mnet-online.de [88.217.18.155]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by mail.sys4.de (Postfix) with ESMTPSA id 3mmYHZ5FbZzDS for <dane@ietf.org>; Wed, 5 Aug 2015 15:11:22 +0200 (CEST)
Date: Wed, 05 Aug 2015 15:11:21 +0200
From: Patrick Ben Koetter <p@sys4.de>
To: dane@ietf.org
Message-ID: <20150805131120.GA12058@sys4.de>
References: <CAMm+LwhYdBLXM8Td8q8SCnzgwywRgMx3wNKeS_Q0JSN4Lh7rZQ@mail.gmail.com> <87bnf1hair.fsf@alice.fifthhorseman.net> <alpine.LFD.2.11.1507250832510.854@bofh.nohats.ca> <87bnem2xjq.fsf@alice.fifthhorseman.net> <alpine.LFD.2.11.1508050331340.1451@bofh.nohats.ca> <55C1F35A.5070904@cs.tcd.ie>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <55C1F35A.5070904@cs.tcd.ie>
Archived-At: <http://mailarchive.ietf.org/arch/msg/dane/udcutl1SyYtFp-uoe3gfNf1e3gA>
Subject: Re: [dane] [openpgp] The DANE draft
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Aug 2015 13:11:28 -0000
* Stephen Farrell <stephen.farrell@cs.tcd.ie>: > > > On 05/08/15 09:14, Paul Wouters wrote: > >> > >> > >> I have no strong preference for base32 vs. digested localpart for the > >> hostname. Digested localparts require a little bit more work to invert > >> than base32, but given the low entropy of typical normalized localparts, > >> they don't provide a lot of protection against a determined attacker. > > > > And as clearly stated, were never meant to provide security. > > Hmm. > > With no hats, I gotta say I prefer the harder to invert local part > (i.e. hashed) to the reversible one (b32). > > If this experiment ends up successful, then I think we'll be setting > a precedent for other per-user identifiers to be used as part of a > DNS name so I do not believe that arguments about this aspect ought > be decided solely based on PGP or SMIME or DANE. We should also > consider that some other protocol is highly likely to follow what > seems to have worked (just as _blah.example.com has been mimicked) > and where we don't now know the privacy consequences of copying > the pattern we're setting here. > > For that reason, I really would prefer that we stick to the hash and > not go for the reversible per-user identifier. ACK p@rick -- [*] sys4 AG https://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
- Re: [dane] [openpgp] The DANE draft Paul Wouters
- Re: [dane] [openpgp] The DANE draft Olafur Gudmundsson
- Re: [dane] [openpgp] The DANE draft Phillip Hallam-Baker
- Re: [dane] [openpgp] The DANE draft Paul Wouters
- Re: [dane] [openpgp] The DANE draft Paul Wouters
- [dane] Is running a DANE nameserver for a TLD as … Coyo
- Re: [dane] Is running a DANE nameserver for a TLD… Viktor Dukhovni
- Re: [dane] Is running a DANE nameserver for a TLD… Coyo
- Re: [dane] [openpgp] The DANE draft Werner Koch
- Re: [dane] Is running a DANE nameserver for a TLD… Wiley, Glen
- Re: [dane] Is running a DANE nameserver for a TLD… Nico Williams
- Re: [dane] The DANE draft Simon Josefsson
- Re: [dane] [openpgp] The DANE draft Paul Wouters
- Re: [dane] [openpgp] The DANE draft Stephen Farrell
- Re: [dane] [openpgp] The DANE draft Patrick Ben Koetter
- Re: [dane] [openpgp] The DANE draft Paul Hoffman
- Re: [dane] [openpgp] The DANE draft Stephen Farrell
- Re: [dane] [openpgp] The DANE draft Carsten Strotmann
- Re: [dane] [openpgp] The DANE draft Paul Hoffman
- Re: [dane] [openpgp] The DANE draft Patrik Löhr
- Re: [dane] [openpgp] The DANE draft Viktor Dukhovni
- Re: [dane] [openpgp] The DANE draft Stephen Farrell
- Re: [dane] [openpgp] The DANE draft Daniel Kahn Gillmor
- Re: [dane] [openpgp] The DANE draft Daniel Kahn Gillmor
- Re: [dane] [openpgp] The DANE draft Paul Wouters
- Re: [dane] [openpgp] The DANE draft Jiankang Yao
- Re: [dane] [openpgp] The DANE draft Hosnieh Rafiee
- Re: [dane] [openpgp] The DANE draft Paul Wouters
- Re: [dane] [openpgp] The DANE draft Hosnieh Rafiee
- Re: [dane] [openpgp] The DANE draft Hosnieh Rafiee
- Re: [dane] [openpgp] The DANE draft Vincent Breitmoser
- Re: [dane] [openpgp] The DANE draft Stephen Farrell
- Re: [dane] [openpgp] The DANE draft Carsten Strotmann
- Re: [dane] [openpgp] The DANE draft Paul Wouters
- Re: [dane] [openpgp] The DANE draft Stephen Farrell
- Re: [dane] [openpgp] The DANE draft Viktor Dukhovni
- Re: [dane] [openpgp] The DANE draft Hosnieh Rafiee
- Re: [dane] [openpgp] The DANE draft Warren Kumari
- Re: [dane] [openpgp] The DANE draft Daniel Kahn Gillmor