Re: [Endymail] We're not done yet
Paul Wouters <paul@nohats.ca> Mon, 17 November 2014 06:57 UTC
Return-Path: <paul@nohats.ca>
X-Original-To: endymail@ietfa.amsl.com
Delivered-To: endymail@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E58E41A0164 for <endymail@ietfa.amsl.com>; Sun, 16 Nov 2014 22:57:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.594
X-Spam-Level:
X-Spam-Status: No, score=-2.594 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.594] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id avtDNqmSD5uJ for <endymail@ietfa.amsl.com>; Sun, 16 Nov 2014 22:57:18 -0800 (PST)
Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A63E41A0162 for <endymail@ietf.org>; Sun, 16 Nov 2014 22:57:18 -0800 (PST)
Received: from bofh.nohats.ca (bofh.nohats.ca [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 805AF817C1 for <endymail@ietf.org>; Mon, 17 Nov 2014 01:57:16 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1416207436; bh=2Iyyp32J/4tXNd6u1L/UMZfDzebhrPbF7HxffVlt15Q=; h=Date:From:To:Subject:In-Reply-To:References; b=pdbEjKFH+vMsAsYMGWfPc0BLTJux/m+QbiV1D0EV8nNTA8p0l2R1Q8t1cfNi+CN28 8iRP7G7MmBwcQz8fOTXIOixz/bc8xJma1iIMlIfwLgAj8y/r8Y9yJTI4uYVrJ9s/87 nhEmmHDGzqbexA4oYs4leRqzW6rIjkIAqxx+QM4o=
Received: from localhost (paul@localhost) by bofh.nohats.ca (8.14.7/8.14.7/Submit) with ESMTP id sAH6vFSn008159 for <endymail@ietf.org>; Mon, 17 Nov 2014 01:57:15 -0500
X-Authentication-Warning: bofh.nohats.ca: paul owned process doing -bs
Date: Mon, 17 Nov 2014 01:57:15 -0500
From: Paul Wouters <paul@nohats.ca>
To: endymail@ietf.org
In-Reply-To: <20141117063948.GX13179@mournblade.imrryr.org>
Message-ID: <alpine.LFD.2.10.1411170150290.7218@bofh.nohats.ca>
References: <CACsn0ck-bueehMDjgx-Co=bL0pLkeJM=Fqc0T_SDT4bdX4nzPg@mail.gmail.com> <20141117063948.GX13179@mournblade.imrryr.org>
User-Agent: Alpine 2.10 (LFD 1266 2009-07-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format="flowed"; charset="US-ASCII"
Archived-At: http://mailarchive.ietf.org/arch/msg/endymail/kIkOHYfvNgwlxkfIw0-b7daF_54
Subject: Re: [Endymail] We're not done yet
X-BeenThere: endymail@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <endymail.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/endymail>, <mailto:endymail-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/endymail/>
List-Post: <mailto:endymail@ietf.org>
List-Help: <mailto:endymail-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/endymail>, <mailto:endymail-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Nov 2014 06:57:21 -0000
On Mon, 17 Nov 2014, Viktor Dukhovni wrote: > However, the conflict between c and d is rather severe. Key > lookups will only succeed when the email address query is for > the canonical capitalization of the email address. If the > email address were something like: > > First.Last@example.com > > and the destination domain supported case-insensitive delivery > (e.g. via LDAP in which addresses are not case-sensitive), one > might publish the same keys for each of: > > First.Last@example.com > first.last@example.com > FIRST.LAST@example.com > > and hope that these combinations cover all the likely variants. That problem already exists at the SMTP level. There is nothing we can do anymore. Implementations for OPENPGPKEY or SMIMEA will just have to try some varients, or just lowercase it all. The discovery of those records in cheap and the DNS probes can be sent in parallel. > 2. Revocation, or where does one attach the horse to the motor car? Use the key that is valid NOW and in DNS. There is nothing else better. I don't see these two as a problem (and the fact that people are implementing OPENPGKEY is a good sign they believe this too) For me, the biggest problem in this is for people who don't run their own DNS. It would be good if there was some kind of method for people with just a gmail account to also be able to publish their public keys. I think something along the lines of "DLV like" but requiring proof of ownership of both email address and public key for registration, with a requirement to keep signing something to keep the key in the "DLV like" publication space (DNS or otherwise). Paul
- Re: [Endymail] We're not done yet Viktor Dukhovni
- [Endymail] We're not done yet Watson Ladd
- Re: [Endymail] We're not done yet Paul Wouters
- Re: [Endymail] We're not done yet Viktor Dukhovni
- Re: [Endymail] We're not done yet Paul Wouters
- Re: [Endymail] We're not done yet Viktor Dukhovni
- Re: [Endymail] We're not done yet Watson Ladd
- Re: [Endymail] We're not done yet Viktor Dukhovni
- Re: [Endymail] We're not done yet Stephen Farrell
- Re: [Endymail] We're not done yet carlo von lynX
- Re: [Endymail] We're not done yet Dave Crocker