Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt>
Viktor Dukhovni <ietf-dane@dukhovni.org> Fri, 19 February 2016 18:39 UTC
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3CF4B1B2E68 for <ietf@ietfa.amsl.com>; Fri, 19 Feb 2016 10:39:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.8
X-Spam-Level:
X-Spam-Status: No, score=0.8 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zB0ei-ynFKME for <ietf@ietfa.amsl.com>; Fri, 19 Feb 2016 10:39:02 -0800 (PST)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A3A861B2E2A for <ietf@ietf.org>; Fri, 19 Feb 2016 10:39:02 -0800 (PST)
Received: from vpro.lan (cpe-74-71-8-253.nyc.res.rr.com [74.71.8.253]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mournblade.imrryr.org (Postfix) with ESMTPSA id 644B9282F4E for <ietf@ietf.org>; Fri, 19 Feb 2016 18:39:01 +0000 (UTC) (envelope-from ietf-dane@dukhovni.org)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 9.2 \(3112\))
Subject: Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt>
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
In-Reply-To: <alpine.LFD.2.20.1602190853120.17655@bofh.nohats.ca>
Date: Fri, 19 Feb 2016 13:39:00 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <5C8466DF-82EE-4FAF-90EE-0616A31EB15F@dukhovni.org>
References: <alpine.OSX.2.11.1602181339290.48660@ary.local> <alpine.LFD.2.20.1602190853120.17655@bofh.nohats.ca>
To: ietf@ietf.org
X-Mailer: Apple Mail (2.3112)
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/AvZi7ZnuPcJnFGlM7RlK4YA6cvU>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: ietf@ietf.org
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Feb 2016 18:39:04 -0000
> On Feb 19, 2016, at 8:57 AM, Paul Wouters <paul@nohats.ca> wrote: > > It can be used where otherwise a message would go out unencrypted. I think this is the *crucial* point. Just as DANE seems to be a good fit for authenticating opportunistic TLS in SMTP, implementation details aside (this draft, vs. addrquery, ...) it also seems like a good fit for authenticating "opportunistic PGP" if I a may be so bold as to coin a new term. One resorts to finding keys via DNS for better than nothing content encryption of communication with the unwashed masses. For communication with a covert whistle-blower one probably wants a greater level of assurance. The PGP web of trust does not scale to ad-hoc contact with strangers, this draft and its alternatives are to a great extent attempts to fill that gap by providing keys for opportunistic end-to-end email encryption. Encrypt what you can, send the rest in the clear. In some cases, the authenticity of keys obtained via DNS-authenticated online queries may be verifiable out of band (call the correspondent by phone or meet them in person and check the fingerprint, ...), then one might use this and related drafts for key acquisition, with follow-up verification as and when appropriate. There is no one-size-fits-all security model for end-to-end encryption. Neither PGP nor S/MIME dictate a single security model, except by virtue of lack of extant alternatives. -- Viktor.
- Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt> E Taylor
- Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt> John C Klensin
- Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt> E Taylor
- Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt> Harald Alvestrand
- Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt> John C Klensin
- Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt> Harald Alvestrand
- Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt> John Levine
- Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt> John Levine
- Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt> ned+ietf
- Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt> Viktor Dukhovni
- Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt> Paul Wouters
- Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt> Paul Wouters
- Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt> Paul Wouters
- Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt> John C Klensin
- Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt> Harald Alvestrand
- Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt> Keith Moore
- Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt> John C Klensin
- Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt> Paul Wouters
- Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt> John Levine
- Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt> John C Klensin
- Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt> Paul Wouters
- Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt> Viktor Dukhovni
- Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt> John C Klensin
- Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt> John R Levine
- Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt> Stephen Farrell
- Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt> John C Klensin
- Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt> Stephen Farrell
- Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt> Paul Wouters
- Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt> Paul Wouters
- Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt> Paul Wouters
- Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt> John Levine
- Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt> Viktor Dukhovni
- Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt> Paul Wouters
- Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt> Viktor Dukhovni
- Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt> John C Klensin