Re: Last Call: <draft-ietf-dane-openpgpkey-05.txt>
E Taylor <hagfish@hagfish.name> Sat, 29 August 2015 00:16 UTC
Return-Path: <hagfish@hagfish.name>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7A8371B3431 for <ietf@ietfa.amsl.com>; Fri, 28 Aug 2015 17:16:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZCHNpg3Z3dkW for <ietf@ietfa.amsl.com>; Fri, 28 Aug 2015 17:16:56 -0700 (PDT)
Received: from gradienthosting.co.uk (gradienthosting.co.uk [159.253.56.71]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0AD091B340C for <ietf@ietf.org>; Fri, 28 Aug 2015 17:16:55 -0700 (PDT)
Received: from enoch.localdomain (host109-155-27-156.range109-155.btcentralplus.com [::ffff:109.155.27.156]) (AUTH: LOGIN hagfish, TLS: TLSv1/SSLv3,128bits,DHE-RSA-AES128-SHA) by gradienthosting.co.uk with ESMTPSA; Sat, 29 Aug 2015 01:16:54 +0100 id 00000000000E0005.0000000055E0F9F6.00003A4E
Received: from localhost ([127.0.0.1]) by enoch.localdomain with esmtp (Exim 4.80) (envelope-from <hagfish@hagfish.name>) id 1ZVTpF-0004Df-Fq for ietf@ietf.org; Sat, 29 Aug 2015 01:16:53 +0100
Message-ID: <55E0F9F5.5020801@hagfish.name>
Date: Sat, 29 Aug 2015 01:16:53 +0100
From: E Taylor <hagfish@hagfish.name>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0.12) Gecko/20130116 Icedove/10.0.12
MIME-Version: 1.0
To: ietf@ietf.org
Subject: Re: Last Call: <draft-ietf-dane-openpgpkey-05.txt>
X-Enigmail-Version: 1.4.1
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/5uuauzlKTL_OJenfOHXHElF2Ia8>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 29 Aug 2015 00:20:43 -0000
Hello, The -05 draft looks good to me, but I've found a couple of typos / consistency issues, and I have one recommendation for a functional change. This latter issue is one that has been discussed before, but I wanted to make the point from my perspective here: I think that, in practice, software that makes OPENPGPKEY lookups is going to: * check if the lookup fails, then * detect if the email address being looked up contains any capitalisations, and if so * check if the lowercase version of the email address has an OPENPGPKEY record available. If it does find a record for the lowercase version in this situation, the software's interface is going to prompt the user to ask if they are happy to accept the lowercase version instead. For non-interactive lookups, I imagine there will be a config option (perhaps defaulting to false or an empty list of domains) which determines whether the software does this obvious best-effort lookup rather than failing. Therefore my recommendation is that the draft add language saying that implementers MAY attempt to look up the lowercase version of an email address if the value entered by the user fails, but use it only if the user has made some explicit confirmation that this is a reasonable thing to do. Mandating that software do something less useful, against the user's wishes, in all circumstances, seems like too much to ask. The more minor issues I list below: * Section 1 "using either the HTTP Keyserver Protocol [HKP] Alternatively, users" "using the HTTP Keyserver Protocol [HKP]. Alternatively, users" * Section 1 "Therefor, these keyservers are not well suited" "Therefore, these keyservers are not well suited" * Section 2.1.2 "to ensure that correspondents know about these earlier then expected revocations." "to ensure that correspondents know about these earlier than expected revocations." * Section 2.1.2 "Strip away all but the most recent self-sig for the remaining user IDs and subkeys" "Strip away all but the most recent self-signature for the remaining User IDs and subkeys." * Section 2.1.2 Missing "." at end of some bulleted sections. * Section 4 "A client supporting OPENPGPKEY therefor MUST NOT perform" "A client supporting OPENPGPKEY therefore MUST NOT perform" * Section 7.3 "Applications that do not have users associated with, such as daemon processes" "Applications that do not have users associated with them, such as daemon processes" * Section 7.4 "Web of Trust" "Web Of Trust" to match sections 1, 2.1.1 and 2.1.2 (or update those sections to match section 7.4). Best regards, Edwin Taylor