Re: dane-openpgp 2nd LC resolution

Doug Barton <dougb@dougbarton.us> Mon, 14 March 2016 01:32 UTC

Return-Path: <dougb@dougbarton.us>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EF73212D864 for <ietf@ietfa.amsl.com>; Sun, 13 Mar 2016 18:32:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.003
X-Spam-Level:
X-Spam-Status: No, score=-2.003 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=dougbarton.us
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YG4q4Z-YljP0 for <ietf@ietfa.amsl.com>; Sun, 13 Mar 2016 18:32:18 -0700 (PDT)
Received: from dougbarton.us (dougbarton.us [208.79.90.218]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8979412D9E6 for <ietf@ietf.org>; Sun, 13 Mar 2016 18:32:18 -0700 (PDT)
Received: from [IPv6:2001:4830:1a00:8056:e0ab:e13a:62e3:f2b0] (unknown [IPv6:2001:4830:1a00:8056:e0ab:e13a:62e3:f2b0]) by dougbarton.us (Postfix) with ESMTPSA id 281213A0C0; Mon, 14 Mar 2016 01:32:16 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dougbarton.us; s=dkim; t=1457919137; bh=8w3o9UnEiU/U/Aug8m3ZZxmt56q5TXhvgOpt/HEP4a4=; h=Subject:To:References:From:Date:In-Reply-To; b=gukLyJm5dn5smweDvbc1rdyKg5L5DhbrAJAt7w3SZoLMmS2/AHsVPSvGDUBFdAkDV P0NCDcjSmVbSr8bMIkM+tocpQx1Q63y3Shv6WwKOYvDoXmdS7zB1cVGQMx8DLKQXyP ecfTwBpbOV/PMCQM86lXk39hyeoKkCMjySwrHNAM=
Subject: Re: dane-openpgp 2nd LC resolution
To: John Levine <johnl@taugh.com>, ietf@ietf.org
References: <20160313171101.3215.qmail@ary.lan>
From: Doug Barton <dougb@dougbarton.us>
Openpgp: id=E3520E149D053533C33A67DB5CC686F11A1ABC84
Message-ID: <56E61496.6040500@dougbarton.us>
Date: Sun, 13 Mar 2016 18:32:06 -0700
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0
MIME-Version: 1.0
In-Reply-To: <20160313171101.3215.qmail@ary.lan>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/GsUZWfLKp9yXDVke52hppKCLabA>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Mar 2016 01:32:20 -0000

On 03/13/2016 10:11 AM, John Levine wrote:
>> Has anyone laid out the perceived dangers in an easily digestible
>> format? I would be interested to see that discussion.
>
> See the discussion on this list in the first LC.  I tried to sum them
> up in one message about a week before the end.

Can you provide a URL? You have sent 98 messages to the DANE list (to 
date). I read all the ones that looked like they might apply to the 
topic and was unable to find the kind of tidy summary I was hoping for. 
Sorry if I missed it.

>> Given that the DNS RR in question is something the end user has to
>> explicitly request, ...
>
> Uh, what?  The DNS is under control of the domain owner, not the end
> users.

I was referring to the end user sending the mail. Sorry I wasn't more 
clear.

> If I'm running mitmmail.com, I can publish keys for all of my
> users that I can decode on the way in.  If I'm that kind of MITM I
> might even re-encode the mail with the users' real keys if I know what
> they are, perhaps from the traditional PGP key servers.

That is an interesting threat model, however I don't see how that's any 
worse than the status quo. If you're the operator of evilmail.com and 
the sending user doesn't already have and/or cannot find a PGP key for 
your receiving user they will almost certainly send the message in the 
clear. Therefore still have access to it, and your receiving user is 
still none the wiser.

If your receiving user has no PGP key that you are aware of, your scheme 
fails, and your user receives an unexplained encrypted message that will 
likely cause them to investigate why it happened.

Either way, your actions have not negatively affected security for 
either party.

> This points out one of the problems with this draft: there's no
> security model beyond the implicit DANE model that anything that's
> signed with DNSSEC must be true.

To a rather limited extent I agree with you on this. I will elaborate in 
another message.

Doug