Re: [dane] draft-wouters-dane-openpgp-01 review
Paul Wouters <paul@nohats.ca> Tue, 07 January 2014 04:31 UTC
Return-Path: <paul@nohats.ca>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A2DC81AE428 for <dane@ietfa.amsl.com>; Mon, 6 Jan 2014 20:31:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.338
X-Spam-Level:
X-Spam-Status: No, score=-1.338 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, J_CHICKENPOX_44=0.6, J_CHICKENPOX_48=0.6, RP_MATCHES_RCVD=-0.538] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DJM8htZafgk6 for <dane@ietfa.amsl.com>; Mon, 6 Jan 2014 20:31:03 -0800 (PST)
Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) by ietfa.amsl.com (Postfix) with ESMTP id 4DC571ADF7B for <dane@ietf.org>; Mon, 6 Jan 2014 20:31:03 -0800 (PST)
Received: by bofh.nohats.ca (Postfix, from userid 500) id 51D6A80055; Mon, 6 Jan 2014 23:30:54 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1389069054; bh=xlx+xPs6PO1HNGJzH98LCCwxiu9cLZhxXtY+WSwf7aA=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=hXD/Qm9magPBEmwlsNpPC6O2fJI5rKZYon8PI7AufiGNfgxPCSD7MVQ3IKkIYRKWu PzRGxiMAf4FW0I4C9CD3Ux7y1OgkTnJSbuTZWBEdPVk4J/O5E2Za4F13qXziTyI3Z9 jIUUGPle9ZAvOHGKh1LlkhrDomchM6naBPGRj67I=
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 4185E80048; Mon, 6 Jan 2014 23:30:54 -0500 (EST)
Date: Mon, 06 Jan 2014 23:30:54 -0500
From: Paul Wouters <paul@nohats.ca>
To: Mark Andrews <marka@isc.org>
In-Reply-To: <20140107021142.A6C6BC772A3@rock.dv.isc.org>
Message-ID: <alpine.LFD.2.10.1401062246300.5833@bofh.nohats.ca>
References: <E05CBC7F-1B37-49A0-9E27-D2B52BFA48A9@ogud.com> <20140107021142.A6C6BC772A3@rock.dv.isc.org>
User-Agent: Alpine 2.10 (LFD 1266 2009-07-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format="flowed"; charset="US-ASCII"
Cc: "dane@ietf.org list" <dane@ietf.org>
Subject: Re: [dane] draft-wouters-dane-openpgp-01 review
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Jan 2014 04:31:04 -0000
On Tue, 7 Jan 2014, Mark Andrews wrote: Thanks for the review Mark. > Section 3.1 has lots of factually incorrect rationals for > encoding using base32. The DNS is capable of encoding > binary data in labels up to 63 octets. I've got no problem > with encoding, but if one intends to include rationalisations > please make them factually correct. I took those from draft-hoffman-dane-smime-01, Paul Hoffman and Jacob Schlyter believe these to be right as well? Can you explain what's wrong or perhaps write a replacement paragraph that would agree with you more? It's mostly there to explain why we did not end up using username._openpgpkey.domain.com and require base32 encoding. > There is no mention of how to encode LHS which exceed 63 octets > when encoded using base32. Pack the left most labels or the > right most labels? Is that really a use-case we need to cover? How many _real_ +- 50+ LHS character email addresses do people use? I'm happy to document the limitation, a little more reserved for specifying tricks to go beyond. For example, http://tools.ietf.org/html/rfc6763 mentions this limit too in context of UTF8,unicode,Kanji without defining anything to extend this limit. > There is no mention of how to normalise LHS prior to base32 encoding. That was discussed offline, but you are right in that the result of that discussion is missing. Since there seems to be great variety in how SMTP servers normalise the LHS, we did not want to enforce our one normalisation. > Are "Hugh" and "hugh" the same? That really depends on the SMTP server implementation, the OS it runs on, the email client used by the sender, etc. > Should "hugh" and "hugh+xxx" be treated the same? I don't think so? The "+" sign as magic "this is the same user as" is also not a feature supported by all SMTP servers or specified in a standard, correct? And people might want to use different keys for paul+personal versus paul+ietf. > It should be possible to specify normalisation > rules and store them at _openpgpkey. But those rules could change if the SMTP implementation changes? So, this document is leaving these as unclear as whether your email will arrive at all or not based on the presence or absence of normalisation rules of the SMTP server. > It might be useful to suppress the padding at the end of base32 > encoded strings. We already do similar suppression with NSEC3 > records. Unlike NSEC3 we will see some interaction with userland tools and humans that will use stock base32 that produces the padding. So I have a slight preference to stick with the output generated by standard base32 code in the hope that it will be less confusing to users and developers. Paul
- [dane] draft-wouters-dane-openpgp-01 review Olafur Gudmundsson
- Re: [dane] draft-wouters-dane-openpgp-01 review Viktor Dukhovni
- Re: [dane] draft-wouters-dane-openpgp-01 review Mark Andrews
- Re: [dane] draft-wouters-dane-openpgp-01 review Paul Wouters
- Re: [dane] draft-wouters-dane-openpgp-01 review Paul Wouters
- Re: [dane] draft-wouters-dane-openpgp-01 review Mark Andrews
- Re: [dane] draft-wouters-dane-openpgp-01 review Viktor Dukhovni
- Re: [dane] draft-wouters-dane-openpgp-01 review Mark Andrews
- Re: [dane] draft-wouters-dane-openpgp-01 review Jelte Jansen
- Re: [dane] draft-wouters-dane-openpgp-01 review Scott Rose