IETF Logo Mail Archive

Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt>

Viktor Dukhovni <ietf-dane@dukhovni.org> Fri, 19 February 2016 19:29 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A58B51B3460 for <ietf@ietfa.amsl.com>; Fri, 19 Feb 2016 11:29:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W8AoR-IGVw65 for <ietf@ietfa.amsl.com>; Fri, 19 Feb 2016 11:29:12 -0800 (PST)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 063C91B3463 for <ietf@ietf.org>; Fri, 19 Feb 2016 11:29:11 -0800 (PST)
Received: from vpro.lan (cpe-74-71-8-253.nyc.res.rr.com [74.71.8.253]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mournblade.imrryr.org (Postfix) with ESMTPSA id 08B14282F4E for <ietf@ietf.org>; Fri, 19 Feb 2016 19:29:10 +0000 (UTC) (envelope-from ietf-dane@dukhovni.org)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 9.2 \(3112\))
Subject: Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt>
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
In-Reply-To: <alpine.LFD.2.20.1602191411340.28037@bofh.nohats.ca>
Date: Fri, 19 Feb 2016 14:29:09 -0500
Content-Transfer-Encoding: 7bit
Message-Id: <D399A1F5-B93D-4AAF-B489-CB1F77A614EF@dukhovni.org>
References: <20160219174915.8889.qmail@ary.lan> <alpine.LFD.2.20.1602191411340.28037@bofh.nohats.ca>
To: ietf@ietf.org
X-Mailer: Apple Mail (2.3112)
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/8RxUW4362jB97mZHhQSTiwZ7BdQ>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: ietf@ietf.org
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Feb 2016 19:29:13 -0000

> On Feb 19, 2016, at 2:18 PM, Paul Wouters <paul@nohats.ca> wrote:
> 
> I do not understand how the process of a plaintext email that goes
> through this document's advice, and leaves as either still plaintext
> or encrypted, could be construed as a "cryptographic downgrade".

RFC7435 has not been read attentively, or perhaps is viewed as heresy:

   https://tools.ietf.org/html/rfc7435#section-1.2

   "Opportunistic Security" (OS) is defined as the use of cleartext as
   the baseline communication security policy, with encryption and
   authentication negotiated and applied to the communication when
   available.

   Cleartext, not comprehensive protection, is the default baseline.  An
   OS protocol is not falling back from comprehensive protection when
   that protection is not supported by all peers; rather, OS protocols
   aim to use the maximum protection that is available. 

-- 
	Viktor.

v2.23.0 | Report a Bug | By Email