Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt>
"John R Levine" <johnl@taugh.com> Thu, 18 February 2016 21:43 UTC
Return-Path: <johnl@taugh.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3DBBC1B3297 for <ietf@ietfa.amsl.com>; Thu, 18 Feb 2016 13:43:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.137
X-Spam-Level:
X-Spam-Status: No, score=-1.137 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Zd3c80gY-l8t for <ietf@ietfa.amsl.com>; Thu, 18 Feb 2016 13:43:25 -0800 (PST)
Received: from miucha.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F12BD1B326C for <ietf@ietf.org>; Thu, 18 Feb 2016 13:43:24 -0800 (PST)
Received: (qmail 78259 invoked from network); 18 Feb 2016 21:43:23 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:subject:mime-version:content-type:user-agent; s=131b2.56c63afb.k1602; bh=H/5JOpQsltyYIOPpBq51yZPGGGERX7H/nYIq/oWjMmM=; b=pQmZz34mwZQscfZPKoo0R/5pT3DLxtw13mlJ5EoJDm69GXDH+fjrYi6OJiAf3pEz2FLI8SoL5FA84MdO2JC4CBTmsgYLoQE/iAAi4Yrqz3Lu13kk3PK+s4CgoMyYTX+exxBei2EqTjs30GiTtccAuZJLPsTDg2aMvxa93EMHtXIlbTLwAy1YXrwEH1filMGO9hRGpPudAsB1axiTS9ipHFQWQkTsjBl9cbtnVi6d+ddtN3clS/j6/YozK4ndb9Um
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:subject:mime-version:content-type:user-agent; s=131b2.56c63afb.k1602; bh=H/5JOpQsltyYIOPpBq51yZPGGGERX7H/nYIq/oWjMmM=; b=aQ2qZNAAkx9eRLM/XXUem5iZlWTHopZkGdhXrVNltWzTCuIpRRnWr61857jacvhHPk+RCmQWzDG7ALI9peS5Uaog3HSBYMBU7czBc3hTFJJGPjyg6CNqj9AHUh5Kws6Zn+H5HtsSJGv3udHzbtKuBw8KhAkQDHHBGm+KYp3cmaXh2QXSiJ23QWLS6OXlspPsrAeZFqZmYAMkPDtkR2J/Mruk18ep8N7E/u9W1mjBvygLQtLM7fJE2I9nUklGz/H2
Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.0/X.509/SHA1) via TCP6; 18 Feb 2016 21:43:22 -0000
Date: Thu, 18 Feb 2016 13:43:21 -0800
Message-ID: <alpine.OSX.2.11.1602181339290.48660@ary.local>
From: John R Levine <johnl@taugh.com>
To: IETF general list <ietf@ietf.org>
Subject: Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt>
User-Agent: Alpine 2.11 (OSX 23 2013-08-11)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format="flowed"; charset="US-ASCII"
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/5lW3clLKgu6NL-0atCE4i9sO2oM>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Feb 2016 21:43:26 -0000
One other issue that hasn't come up is the security model, in particular what it means for a domain to publish PGP keys that it claims are associated with mail addresses in that domain. The draft's introduction compares this design to existing key servers and argues that the key servers refusing to delete keys for which the private keys have been lost is a problem to be solved, although the key servers consider it to be a security feature. In sections 1 and 7, it claims that finding a key through DNS lookup is not a substitute for web-of-trust verification, which is fine. But section 5.2 says that if a domain publishes a key for an address that's inconsistent with an existing key, verification of the key is "treated as a failure." It's unclear what the effect is supposed to be, but considering the discussion of the lost key problem, it appears that the intent is that the sender would stop using the old key. Maybe a domain is an investment advisor ensuring that it can log its employees' mail, or maybe it's webmail that wants to snoop on its users to add intrusive advertising. Unless a sender has external knowlege of the relationship between a domain and its mail users, a can of worms that I wouldn't want to open, this is in effect a downgrade attack. PGP has always associated keys with users and put users in control of their keys; the inability to delete lost keys from keyservers is an effect of that. This draft moves a lot of that control to domain operators. That may or may not be a good idea but it's a large change to the security model. R's, John
- Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt> E Taylor
- Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt> John C Klensin
- Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt> E Taylor
- Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt> Harald Alvestrand
- Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt> John C Klensin
- Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt> Harald Alvestrand
- Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt> John Levine
- Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt> John Levine
- Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt> ned+ietf
- Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt> Viktor Dukhovni
- Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt> Paul Wouters
- Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt> Paul Wouters
- Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt> Paul Wouters
- Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt> John C Klensin
- Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt> Harald Alvestrand
- Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt> Keith Moore
- Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt> John C Klensin
- Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt> Paul Wouters
- Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt> John Levine
- Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt> John C Klensin
- Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt> Paul Wouters
- Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt> Viktor Dukhovni
- Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt> John C Klensin
- Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt> John R Levine
- Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt> Stephen Farrell
- Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt> John C Klensin
- Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt> Stephen Farrell
- Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt> Paul Wouters
- Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt> Paul Wouters
- Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt> Paul Wouters
- Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt> John Levine
- Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt> Viktor Dukhovni
- Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt> Paul Wouters
- Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt> Viktor Dukhovni
- Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt> John C Klensin