Re: [dane] Second WGLC draft-ietf-dane-smime
Paul Wouters <paul@nohats.ca> Thu, 17 November 2016 09:10 UTC
Return-Path: <paul@nohats.ca>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3BED31294E4 for <dane@ietfa.amsl.com>; Thu, 17 Nov 2016 01:10:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.497
X-Spam-Level:
X-Spam-Status: No, score=-3.497 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-1.497] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Pd1SeeVpyuhK for <dane@ietfa.amsl.com>; Thu, 17 Nov 2016 01:10:15 -0800 (PST)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 107B2127077 for <dane@ietf.org>; Thu, 17 Nov 2016 01:10:15 -0800 (PST)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3tKFhN2Z9mz3K8 for <dane@ietf.org>; Thu, 17 Nov 2016 10:10:12 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1479373812; bh=VZ2FLWcDwqCfssiJrbR3W09QwJh7SF4MtIUvNl4hg+4=; h=Date:From:To:Subject:In-Reply-To:References; b=rL8ZOUptq2QPbDQS23S4CZuEYwoQBA8+jsAshrRlb1dYcQo+cq4fnB+QHma6yqfEg GgA6NsKnZoPIiwUlPzkvxXJxz6vBBnexAmifBxTNDHXFLMG5M15AIvdQ1E2kTT7e2p PdXpe5QWh0w+/X2IdxZKURb+d/bKhTGDCeTfORUo=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id YdXG52naRRUv for <dane@ietf.org>; Thu, 17 Nov 2016 10:10:11 +0100 (CET)
Received: from bofh.nohats.ca (206-248-139-105.dsl.teksavvy.com [206.248.139.105]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS for <dane@ietf.org>; Thu, 17 Nov 2016 10:10:11 +0100 (CET)
Received: by bofh.nohats.ca (Postfix, from userid 1000) id 2766735A2B2; Thu, 17 Nov 2016 04:10:09 -0500 (EST)
DKIM-Filter: OpenDKIM Filter v2.10.3 bofh.nohats.ca 2766735A2B2
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 0D68140DAA4D for <dane@ietf.org>; Thu, 17 Nov 2016 04:10:08 -0500 (EST)
Date: Thu, 17 Nov 2016 04:10:08 -0500
From: Paul Wouters <paul@nohats.ca>
To: dane WG list <dane@ietf.org>
In-Reply-To: <20161109113201.21235.qmail@ary.lan>
Message-ID: <alpine.LRH.2.20.1611170404130.28374@bofh.nohats.ca>
References: <20161109113201.21235.qmail@ary.lan>
User-Agent: Alpine 2.20 (LRH 67 2015-01-07)
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dane/vZzOgTH4fflbQF_U4Y0svht6Bj0>
Subject: Re: [dane] Second WGLC draft-ietf-dane-smime
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Nov 2016 09:10:16 -0000
On Wed, 9 Nov 2016, John Levine wrote: > If you do publish it, I'd suggest much stronger language in the first > sentence of section 9 on security considerations. The security model > for S/MIME certs has always been that the trust flows from the CA to > the user without involving the user's mail operator. Now the domain > is the trust source for all of its users. Sometimes that's > reasonable, sometimes not, and there's no way you can tell without > knowing information about the domain that's not in the DNS. The document states: Given that the DNS administrator for a domain name is authorized to give identifying information about the zone, it makes sense to allow that administrator to also make an authoritative binding between email messages purporting to come from the domain name and a certificate that might be used by someone authorized to send mail from those servers. If you use gmail.com, you are at the mercy of google - whether encrypted or not. those users have already given control away to google. This document is not the right place to warn them about that. Paul
- [dane] Second WGLC draft-ietf-dane-smime Olafur Gudmundsson
- Re: [dane] Second WGLC draft-ietf-dane-smime Doug Montgomery
- Re: [dane] Second WGLC draft-ietf-dane-smime Edward Lewis
- Re: [dane] Second WGLC draft-ietf-dane-smime John Levine
- Re: [dane] Second WGLC draft-ietf-dane-smime Olafur Gudmundsson
- Re: [dane] Second WGLC draft-ietf-dane-smime Paul Wouters
- Re: [dane] Second WGLC draft-ietf-dane-smime Paul Wouters
- Re: [dane] Second WGLC draft-ietf-dane-smime John Levine
- Re: [dane] Second WGLC draft-ietf-dane-smime Garfinkel, Simson L. (Fed)
- Re: [dane] Second WGLC draft-ietf-dane-smime John R Levine
- Re: [dane] Second WGLC draft-ietf-dane-smime Jim Reid
- Re: [dane] Second WGLC draft-ietf-dane-smime tjw ietf
- Re: [dane] Second WGLC draft-ietf-dane-smime Garfinkel, Simson L. (Fed)
- [dane] direction of effort (was: Re: Second WGLC … Stephen Farrell
- Re: [dane] Second WGLC draft-ietf-dane-smime John Levine
- Re: [dane] Second WGLC draft-ietf-dane-smime Garfinkel, Simson L. (Fed)
- Re: [dane] Second WGLC draft-ietf-dane-smime John R Levine
- Re: [dane] Second WGLC draft-ietf-dane-smime Garfinkel, Simson L. (Fed)
- Re: [dane] Second WGLC draft-ietf-dane-smime John R Levine
- Re: [dane] Second WGLC draft-ietf-dane-smime Matt Miller
- Re: [dane] direction of effort (was: Re: Second W… Peter Gutmann
- Re: [dane] direction of effort Stephen Farrell
- Re: [dane] direction of effort Paul Hoffman
- Re: [dane] direction of effort Stephen Farrell
- [dane] Fwd: Second WGLC draft-ietf-dane-smime Olafur Gudmundsson
- Re: [dane] Fwd: Second WGLC draft-ietf-dane-smime Shumon Huque
- Re: [dane] Fwd: Second WGLC draft-ietf-dane-smime Garfinkel, Simson L. (Fed)
- Re: [dane] direction of effort Martin Rex
- [dane] S/MIME (was: Re: direction of effort) Garfinkel, Simson L. (Fed)
- Re: [dane] direction of effort (was: Re: Second W… Garfinkel, Simson L. (Fed)
- Re: [dane] direction of effort (was: Re: Second W… Viktor Dukhovni