IETF Logo Mail Archive

Re: [dane] Second WGLC draft-ietf-dane-smime

Paul Wouters <paul@nohats.ca> Thu, 17 November 2016 09:10 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3BED31294E4 for <dane@ietfa.amsl.com>; Thu, 17 Nov 2016 01:10:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.497
X-Spam-Level:
X-Spam-Status: No, score=-3.497 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-1.497] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Pd1SeeVpyuhK for <dane@ietfa.amsl.com>; Thu, 17 Nov 2016 01:10:15 -0800 (PST)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 107B2127077 for <dane@ietf.org>; Thu, 17 Nov 2016 01:10:15 -0800 (PST)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3tKFhN2Z9mz3K8 for <dane@ietf.org>; Thu, 17 Nov 2016 10:10:12 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1479373812; bh=VZ2FLWcDwqCfssiJrbR3W09QwJh7SF4MtIUvNl4hg+4=; h=Date:From:To:Subject:In-Reply-To:References; b=rL8ZOUptq2QPbDQS23S4CZuEYwoQBA8+jsAshrRlb1dYcQo+cq4fnB+QHma6yqfEg GgA6NsKnZoPIiwUlPzkvxXJxz6vBBnexAmifBxTNDHXFLMG5M15AIvdQ1E2kTT7e2p PdXpe5QWh0w+/X2IdxZKURb+d/bKhTGDCeTfORUo=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id YdXG52naRRUv for <dane@ietf.org>; Thu, 17 Nov 2016 10:10:11 +0100 (CET)
Received: from bofh.nohats.ca (206-248-139-105.dsl.teksavvy.com [206.248.139.105]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS for <dane@ietf.org>; Thu, 17 Nov 2016 10:10:11 +0100 (CET)
Received: by bofh.nohats.ca (Postfix, from userid 1000) id 2766735A2B2; Thu, 17 Nov 2016 04:10:09 -0500 (EST)
DKIM-Filter: OpenDKIM Filter v2.10.3 bofh.nohats.ca 2766735A2B2
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 0D68140DAA4D for <dane@ietf.org>; Thu, 17 Nov 2016 04:10:08 -0500 (EST)
Date: Thu, 17 Nov 2016 04:10:08 -0500
From: Paul Wouters <paul@nohats.ca>
To: dane WG list <dane@ietf.org>
In-Reply-To: <20161109113201.21235.qmail@ary.lan>
Message-ID: <alpine.LRH.2.20.1611170404130.28374@bofh.nohats.ca>
References: <20161109113201.21235.qmail@ary.lan>
User-Agent: Alpine 2.20 (LRH 67 2015-01-07)
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dane/vZzOgTH4fflbQF_U4Y0svht6Bj0>
Subject: Re: [dane] Second WGLC draft-ietf-dane-smime
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Nov 2016 09:10:16 -0000

On Wed, 9 Nov 2016, John Levine wrote:

> If you do publish it, I'd suggest much stronger language in the first
> sentence of section 9 on security considerations.  The security model
> for S/MIME certs has always been that the trust flows from the CA to
> the user without involving the user's mail operator.  Now the domain
> is the trust source for all of its users.  Sometimes that's
> reasonable, sometimes not, and there's no way you can tell without
> knowing information about the domain that's not in the DNS.

The document states:

    Given that the DNS administrator for a domain name is
    authorized to give identifying information about the zone, it makes
    sense to allow that administrator to also make an authoritative
    binding between email messages purporting to come from the domain
    name and a certificate that might be used by someone authorized to
    send mail from those servers.

If you use gmail.com, you are at the mercy of google - whether encrypted
or not. those users have already given control away to google. This
document is not the right place to warn them about that.

Paul

v2.23.0 | Report a Bug | By Email