IETF Logo Mail Archive

Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt>

"John R Levine" <johnl@taugh.com> Thu, 18 February 2016 21:43 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3DBBC1B3297 for <ietf@ietfa.amsl.com>; Thu, 18 Feb 2016 13:43:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.137
X-Spam-Level:
X-Spam-Status: No, score=-1.137 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Zd3c80gY-l8t for <ietf@ietfa.amsl.com>; Thu, 18 Feb 2016 13:43:25 -0800 (PST)
Received: from miucha.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F12BD1B326C for <ietf@ietf.org>; Thu, 18 Feb 2016 13:43:24 -0800 (PST)
Received: (qmail 78259 invoked from network); 18 Feb 2016 21:43:23 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:subject:mime-version:content-type:user-agent; s=131b2.56c63afb.k1602; bh=H/5JOpQsltyYIOPpBq51yZPGGGERX7H/nYIq/oWjMmM=; b=pQmZz34mwZQscfZPKoo0R/5pT3DLxtw13mlJ5EoJDm69GXDH+fjrYi6OJiAf3pEz2FLI8SoL5FA84MdO2JC4CBTmsgYLoQE/iAAi4Yrqz3Lu13kk3PK+s4CgoMyYTX+exxBei2EqTjs30GiTtccAuZJLPsTDg2aMvxa93EMHtXIlbTLwAy1YXrwEH1filMGO9hRGpPudAsB1axiTS9ipHFQWQkTsjBl9cbtnVi6d+ddtN3clS/j6/YozK4ndb9Um
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:subject:mime-version:content-type:user-agent; s=131b2.56c63afb.k1602; bh=H/5JOpQsltyYIOPpBq51yZPGGGERX7H/nYIq/oWjMmM=; b=aQ2qZNAAkx9eRLM/XXUem5iZlWTHopZkGdhXrVNltWzTCuIpRRnWr61857jacvhHPk+RCmQWzDG7ALI9peS5Uaog3HSBYMBU7czBc3hTFJJGPjyg6CNqj9AHUh5Kws6Zn+H5HtsSJGv3udHzbtKuBw8KhAkQDHHBGm+KYp3cmaXh2QXSiJ23QWLS6OXlspPsrAeZFqZmYAMkPDtkR2J/Mruk18ep8N7E/u9W1mjBvygLQtLM7fJE2I9nUklGz/H2
Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.0/X.509/SHA1) via TCP6; 18 Feb 2016 21:43:22 -0000
Date: Thu, 18 Feb 2016 13:43:21 -0800
Message-ID: <alpine.OSX.2.11.1602181339290.48660@ary.local>
From: John R Levine <johnl@taugh.com>
To: IETF general list <ietf@ietf.org>
Subject: Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt>
User-Agent: Alpine 2.11 (OSX 23 2013-08-11)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format="flowed"; charset="US-ASCII"
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/5lW3clLKgu6NL-0atCE4i9sO2oM>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Feb 2016 21:43:26 -0000

One other issue that hasn't come up is the security model, in particular 
what it means for a domain to publish PGP keys that it claims are 
associated with mail addresses in that domain.

The draft's introduction compares this design to existing key servers and 
argues that the key servers refusing to delete keys for which the private 
keys have been lost is a problem to be solved, although the key servers 
consider it to be a security feature.

In sections 1 and 7, it claims that finding a key through DNS lookup is 
not a substitute for web-of-trust verification, which is fine.  But 
section 5.2 says that if a domain publishes a key for an address that's 
inconsistent with an existing key, verification of the key is "treated as 
a failure."  It's unclear what the effect is supposed to be, but 
considering the discussion of the lost key problem, it appears that the 
intent is that the sender would stop using the old key.

Maybe a domain is an investment advisor ensuring that it can log its 
employees' mail, or maybe it's webmail that wants to snoop on its users to 
add intrusive advertising.  Unless a sender has external knowlege of the 
relationship between a domain and its mail users, a can of worms that I 
wouldn't want to open, this is in effect a downgrade attack.

PGP has always associated keys with users and put users in control of 
their keys; the inability to delete lost keys from keyservers is an effect 
of that. This draft moves a lot of that control to domain operators. That 
may or may not be a good idea but it's a large change to the security 
model.

R's,
John

v2.23.0 | Report a Bug | By Email