Re: [dane] Improving DANE S/MIME Privacy

Viktor Dukhovni <ietf-dane@dukhovni.org> Wed, 12 April 2017 16:29 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C2E4012EADE for <dane@ietfa.amsl.com>; Wed, 12 Apr 2017 09:29:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2-MwTpC62fyW for <dane@ietfa.amsl.com>; Wed, 12 Apr 2017 09:29:09 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [108.5.242.66]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 72F09131777 for <dane@ietf.org>; Wed, 12 Apr 2017 09:29:06 -0700 (PDT)
Received: from vpro.lan (cpe-74-71-8-253.nyc.res.rr.com [74.71.8.253]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mournblade.imrryr.org (Postfix) with ESMTPSA id D13327A32F1 for <dane@ietf.org>; Wed, 12 Apr 2017 16:29:05 +0000 (UTC) (envelope-from ietf-dane@dukhovni.org)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
In-Reply-To: <alpine.LRH.2.20.999.1704121215170.16615@bofh.nohats.ca>
Date: Wed, 12 Apr 2017 12:29:04 -0400
Content-Transfer-Encoding: quoted-printable
Reply-To: IETF DANE Mailinglist <dane@ietf.org>
Message-Id: <6CBC1EB1-B87E-4CBE-B0D4-E7CC8B090165@dukhovni.org>
References: <f7332bd5-f003-c828-8f4a-0d543099c872@domblogger.net> <alpine.LRH.2.20.999.1704111513480.15830@bofh.nohats.ca> <0d74ee85-fe33-f245-6702-ae0b67040cd8@domblogger.net> <alpine.LRH.2.20.999.1704121215170.16615@bofh.nohats.ca>
To: IETF DANE Mailinglist <dane@ietf.org>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dane/x4WHYFnRpXLvD5_ltB8evgZzF2k>
Subject: Re: [dane] Improving DANE S/MIME Privacy
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Apr 2017 16:29:11 -0000

> On Apr 12, 2017, at 12:19 PM, Paul Wouters <paul@nohats.ca> wrote:
> 
>> That being said, the suggestion of using 2 1 1 or even 2 0 0 entries may give the privacy I seek.
> 
> It will, but you will then have to come up with a lookup system to find
> the SMIME cert for a given user.

No lookup system required, the certificate comes along with any signed
reply to the first contact message.  If that message is signed, then
the reply can also be encrypted.

> If I want to email you without having prior contact, how do I find
> your SMIME cert?

You don't, and this is a feature, because Alice did not want S/MIME
certificate publication to be an easy anti-spam/anti-virus filter
bypass mechanism.  With "SMIME 2 1 1 ..." first contact is in the
clear.

> Sure, if you email me you can attach it, but then the problem moves
> from me to you on the first email message.

1. Alice sends Bob a signed mesage:

   - Bob can use the "SMIMEA 2 1 1" record of Alice's domain to
     verify the signature on Alice's message.  Bob caches Alice's
     public key (certificate).

   - Bob can now use Alice's public key to encrypt replies.

2. Bob sends a signed (optionally encrypted) reply to Alice.

   - Alice can use the "SMIMEA 2 1 1" record of Bob's domain to
     verify the signature on Bob's message.  Alice caches Bob's
     public key (certificate).

   - Alice can now use Bob's public key to encrypt replies.

Lack of support for encryption on first contact can be seen as a
feature, not a bug.

-- 
	Viktor.