Re: [dispatch] please dispatch draft-bhjl-x509-srv-02.xml
"John Levine" <johnl@taugh.com> Fri, 22 July 2016 16:59 UTC
Return-Path: <johnl@taugh.com>
X-Original-To: dispatch@ietfa.amsl.com
Delivered-To: dispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2DB7412DE66 for <dispatch@ietfa.amsl.com>; Fri, 22 Jul 2016 09:59:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KMW4HqyvPbkP for <dispatch@ietfa.amsl.com>; Fri, 22 Jul 2016 09:59:01 -0700 (PDT)
Received: from miucha.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3591A12DE5D for <dispatch@ietf.org>; Fri, 22 Jul 2016 09:59:01 -0700 (PDT)
Received: (qmail 4401 invoked from network); 22 Jul 2016 16:58:59 -0000
Received: from unknown (64.57.183.18) by mail1.iecc.com with QMQP; 22 Jul 2016 16:58:59 -0000
Date: Fri, 22 Jul 2016 16:58:37 -0000
Message-ID: <20160722165837.11498.qmail@ary.lan>
From: John Levine <johnl@taugh.com>
To: dispatch@ietf.org
In-Reply-To: <CABkgnnXcg_LtaVyrGx0prAhfC-KJkp4a1wgztqwwo1XCROD32A@mail.gmail.com>
Organization:
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dispatch/ZfnwNrngShuF2kPCsNCgaBMWPJ8>
Subject: Re: [dispatch] please dispatch draft-bhjl-x509-srv-02.xml
X-BeenThere: dispatch@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: DISPATCH Working Group Mail List <dispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dispatch>, <mailto:dispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dispatch/>
List-Post: <mailto:dispatch@ietf.org>
List-Help: <mailto:dispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dispatch>, <mailto:dispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Jul 2016 16:59:03 -0000
More review is nice, but useful review needs to be more than "I don't trust this." >Primarily, there needs to be adequate security review. There are >several big risks that this draft skirts and good review, and maybe >even analysis, of this is important. This draft describes a way to publish and retrieve S/MIME and PGP keys. The keys are the exact same ones you can get in other ways now, and the draft goes to considerable lengths to say that, just like with keys you get any other way, it's up to the client to decide how much credence to give to them. Any security problems with bogus keys are the same ones we've already been dealing with as long as there have been PGP and S/MIME. If it appears that this draft is asserting that the keys are "real" because the domain says so, it's trying very hard not to say that, so it'd help to know what was confusing. (Attempting to specify the relationship between a domain and its users is a hopeless swamp of despair where we're not going.) >The draft appears to violate RFC 7320. That suggests that wider >review of other areas of this is needed. I presume this is a reference to the URL paths in section 3. They are imported verbatim from RFC 4387 which was published ten years ago. Since they're not new, it would be helpful to clarify under what circumstances we're not allowed to use specs from existing standards track RFCs. R's, John
- Re: [dispatch] please dispatch draft-bhjl-x509-sr… John R Levine
- Re: [dispatch] please dispatch draft-bhjl-x509-sr… Cullen Jennings (fluffy)
- Re: [dispatch] please dispatch draft-bhjl-x509-sr… John Levine
- Re: [dispatch] please dispatch draft-bhjl-x509-sr… Martin Thomson
- Re: [dispatch] please dispatch draft-bhjl-x509-sr… John Levine
- Re: [dispatch] please dispatch draft-bhjl-x509-sr… Martin Thomson
- [dispatch] please dispatch draft-bhjl-x509-srv-02… John R Levine
- Re: [dispatch] please dispatch draft-bhjl-x509-sr… John Levine
- Re: [dispatch] please dispatch draft-bhjl-x509-sr… Cullen Jennings (fluffy)
- Re: [dispatch] please dispatch draft-bhjl-x509-sr… John R Levine
- Re: [dispatch] please dispatch draft-bhjl-x509-sr… Cullen Jennings (fluffy)
- Re: [dispatch] please dispatch draft-bhjl-x509-sr… Eric Rescorla
- Re: [dispatch] please dispatch draft-bhjl-x509-sr… John R Levine
- Re: [dispatch] please dispatch draft-bhjl-x509-sr… Eric Rescorla
- Re: [dispatch] please dispatch draft-bhjl-x509-sr… Eric Rescorla
- Re: [dispatch] please dispatch draft-bhjl-x509-sr… John R Levine
- Re: [dispatch] please dispatch draft-bhjl-x509-sr… Cullen Jennings
- Re: [dispatch] please dispatch draft-bhjl-x509-sr… John Levine
- Re: [dispatch] please dispatch draft-bhjl-x509-sr… Wei Chuang
- Re: [dispatch] please dispatch draft-bhjl-x509-sr… Stephen Farrell
- Re: [dispatch] please dispatch draft-bhjl-x509-sr… John R Levine
- Re: [dispatch] please dispatch draft-bhjl-x509-sr… A. Schulze