IETF Logo Mail Archive

Re: [Endymail] We're not done yet

Viktor Dukhovni <ietf-dane@dukhovni.org> Mon, 17 November 2014 07:25 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: endymail@ietfa.amsl.com
Delivered-To: endymail@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE7551A019B for <endymail@ietfa.amsl.com>; Sun, 16 Nov 2014 23:25:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UV0PRdR2OLld for <endymail@ietfa.amsl.com>; Sun, 16 Nov 2014 23:25:38 -0800 (PST)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9E4FB1A0169 for <endymail@ietf.org>; Sun, 16 Nov 2014 23:25:38 -0800 (PST)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id 6BC55284B0F; Mon, 17 Nov 2014 07:25:36 +0000 (UTC)
Date: Mon, 17 Nov 2014 07:25:36 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: endymail@ietf.org
Message-ID: <20141117072536.GY13179@mournblade.imrryr.org>
References: <CACsn0ck-bueehMDjgx-Co=bL0pLkeJM=Fqc0T_SDT4bdX4nzPg@mail.gmail.com> <20141117063948.GX13179@mournblade.imrryr.org> <alpine.LFD.2.10.1411170150290.7218@bofh.nohats.ca>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <alpine.LFD.2.10.1411170150290.7218@bofh.nohats.ca>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: http://mailarchive.ietf.org/arch/msg/endymail/leb6Opf1c2WPf2Zo1TrCSJKRaM4
Subject: Re: [Endymail] We're not done yet
X-BeenThere: endymail@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: endymail@ietf.org
List-Id: <endymail.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/endymail>, <mailto:endymail-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/endymail/>
List-Post: <mailto:endymail@ietf.org>
List-Help: <mailto:endymail-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/endymail>, <mailto:endymail-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Nov 2014 07:25:50 -0000

On Mon, Nov 17, 2014 at 01:57:15AM -0500, Paul Wouters wrote:

> >  one might publish the same keys for each of:
> >
> >	First.Last@example.com
> >	first.last@example.com
> >	FIRST.LAST@example.com
> >
> >   and hope that these combinations cover all the likely variants.
> 
> That problem already exists at the SMTP level. There is nothing we can
> do anymore. Implementations for OPENPGPKEY or SMIMEA will just have to
> try some varients, or just lowercase it all. The discovery of those
> records in cheap and the DNS probes can be sent in parallel.

The client does not know whether these are safely treated as the
same address, so should only query for the address it is sending
to as-is.  Any variant equivalent lookup keys should be created at
the receving domain.  So there's only one lookup.

> >2. Revocation, or where does one attach the horse to the motor car?
> 
> Use the key that is valid NOW and in DNS. There is nothing else better.

For the record, I agree.  We still need to explain how this works
to others, why revocation is out of scope, and document the complete
life-cycle requirements (including the need for MUAs to save signing
keys associated with the message at time of delivery, and to securely
tag already verified messages, so that old mail can still be
verified).

Users likely also need to store old private keys forever so that
old mail can still be read.  The complete architecture for encrypted
email has many parts we're not making explicit, but all have a
bearing on key management requirements for MUAs.

-- 
	Viktor.

v2.23.0 | Report a Bug | By Email