IETF Logo Mail Archive

Re: [Endymail] Hashes of key as addresses

Phillip Hallam-Baker <phill@hallambaker.com> Fri, 05 September 2014 21:59 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: endymail@ietfa.amsl.com
Delivered-To: endymail@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1ADD71A01A5 for <endymail@ietfa.amsl.com>; Fri, 5 Sep 2014 14:59:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PUyqHL8Tt7UV for <endymail@ietfa.amsl.com>; Fri, 5 Sep 2014 14:59:14 -0700 (PDT)
Received: from mail-lb0-x22f.google.com (mail-lb0-x22f.google.com [IPv6:2a00:1450:4010:c04::22f]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 67DB81A017C for <endymail@ietf.org>; Fri, 5 Sep 2014 14:59:14 -0700 (PDT)
Received: by mail-lb0-f175.google.com with SMTP id u10so14054487lbd.20 for <endymail@ietf.org>; Fri, 05 Sep 2014 14:59:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=AdTyN7ImjhDh5Tt62IyabdsLMOwnflmQvrRQWbW4r2w=; b=ZzBOexLqlICWUlmJp8g/G05KLGrcll90ZnpCNG8a0pv5OvsOi1KK4SjjQdSzwDRurl aU0ImLutAcuEODpIqiDm3NqL3CTKDvJQjaYO2+zuGnap80VNMdfKvm2MjyBMfDo/r9u8 0M80WcdyrF3jTFUUtIdadUAZUGnoINeQMgzIqkxj7GaW1hgC42Fj70Lp3yFRIxGKLN7X n9BimxCUpam2DtQ4NPI7pJLF/UL0jOqlPFm/U1snQeDNsSyjmjbQ8oRFG1WeCehrt0PX KSRi1+LJEfnCLznpGUpZslAzh7pGZNAGdO+XB88MNr/A042mT3hUvCTAQUWMexGNb1RL Lb5A==
MIME-Version: 1.0
X-Received: by 10.152.36.101 with SMTP id p5mr14417425laj.31.1409954352612; Fri, 05 Sep 2014 14:59:12 -0700 (PDT)
Sender: hallam@gmail.com
Received: by 10.112.122.50 with HTTP; Fri, 5 Sep 2014 14:59:12 -0700 (PDT)
In-Reply-To: <20140905212537.GY26920@mournblade.imrryr.org>
References: <CAMm+LwimhUi5uZAgm9erYtMJ9-o6+x__344TwKH4-Pa_-mckfg@mail.gmail.com> <20140829091133.GA25723@yeono.kjorling.se> <CAMm+LwhSYm7e4WevDKqewGuOk=O_Zd7dKa1ctfvBzyF3jz4jtg@mail.gmail.com> <20140904132955.GN603@yeono.kjorling.se> <20140905192712.XG2Xmr5N%sdaoden@yandex.com> <20140905212537.GY26920@mournblade.imrryr.org>
Date: Fri, 5 Sep 2014 17:59:12 -0400
X-Google-Sender-Auth: chi2Sgzxnpy8vsquKGcd6PzASsI
Message-ID: <CAMm+LwgF825P+k9tNoaaw5YY+_dkGZBgOAcx9KF=f23ouCJLZQ@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: Viktor Dukhovni <ietf-dane@dukhovni.org>
Content-Type: text/plain; charset=UTF-8
Archived-At: http://mailarchive.ietf.org/arch/msg/endymail/4YM2lnCGnPzQwi-KTMmXTosr-oo
Cc: endymail <endymail@ietf.org>
Subject: Re: [Endymail] Hashes of key as addresses
X-BeenThere: endymail@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <endymail.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/endymail>, <mailto:endymail-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/endymail/>
List-Post: <mailto:endymail@ietf.org>
List-Help: <mailto:endymail-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/endymail>, <mailto:endymail-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Sep 2014 21:59:16 -0000

On Fri, Sep 5, 2014 at 5:25 PM, Viktor Dukhovni <ietf-dane@dukhovni.org> wrote:
> On Fri, Sep 05, 2014 at 08:27:12PM +0200, Steffen Nurpmeso wrote:
>
>> I don't know how many messages are sent over SMTP each day, but it
>> would be interesting to know how much energy all those useless
>> roundtrip packets consume which are necessary to get upgrade
>> a SMTP session via STARTTLS, and how many percent of those
>> connections could also instantiate a non-existent SMTPS instead,
>> not requiring these upgrades.
>
> SMTP is not that latency sensitive.  Because SMTP starts in cleartext,
> servers can and do refuse to STARTTLS with clients they are going
> to reject due to poor IP reputation.
>
> There are other advantages.  For example, the server learns the
> client's EHLO name before TLS, allowing it to base TLS policy (like
> requests for the client certificate) on the the client's EHLO name.
> And of course clients that fail to interoperably negotiate TLS can
> fall back to cleartext.
>
> All told, STARTTLS is a good fit for SMTP, which unlike HTTP is
> not nearly as sensitive to latency.

Very good points and points that designers of DNS privacy approaches
would do to bear in mind. Any protocol that has a server performing a
public key transaction without any form of authentication on the
request is going to end up being killed by DoS.

So the trick is to pull the authentication out of the DNS query loop
so it can be amortized.

v2.8.7 | Report a Bug | By Email