IETF Logo Mail Archive

Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt>

"John Levine" <johnl@taugh.com> Mon, 15 February 2016 19:29 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 364D11ACF1D for <ietf@ietfa.amsl.com>; Mon, 15 Feb 2016 11:29:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.663
X-Spam-Level: *
X-Spam-Status: No, score=1.663 tagged_above=-999 required=5 tests=[BAYES_50=0.8, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QIy724LRljI6 for <ietf@ietfa.amsl.com>; Mon, 15 Feb 2016 11:29:27 -0800 (PST)
Received: from miucha.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3D6EA1ACF17 for <ietf@ietf.org>; Mon, 15 Feb 2016 11:29:27 -0800 (PST)
Received: (qmail 11701 invoked from network); 15 Feb 2016 19:29:26 -0000
Received: from unknown (64.57.183.18) by mail1.iecc.com with QMQP; 15 Feb 2016 19:29:26 -0000
Date: Mon, 15 Feb 2016 19:29:03 -0000
Message-ID: <20160215192903.3510.qmail@ary.lan>
From: John Levine <johnl@taugh.com>
To: ietf@ietf.org
Subject: Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt>
In-Reply-To: <56C20EE5.4060009@alvestrand.no>
Organization:
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/Hi76meMoLNaZjPttTCnYcV298hM>
Cc: harald@alvestrand.no
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Feb 2016 19:29:28 -0000

>DANE is an algorithm for the *sender* to look up information about the
>*recipient*'s mailbox in the DNS, which means that the whole experiment
>depends on the sender (who has no idea of what or where the recipient
>is) being able to construct exactly the same hash that is generated by
>the recipient - incompatible with the two pieces of advice I have
>abstracted out above.

You know, this is a self-inflicted wound.  Had they asked people in
the e-mail community while designing this hack whether it is a good
idea to map mailbox names into the DNS, the unanimous response would
be that it never has worked in the past, and it's not going to work
any better now.

There are perfectly reasonable ways to do DANE-secured lookups of
mailbox keys.  A simple one would be a per-domain SRV or URI record
that points at an RFC 4387 key server, with its certs secured by TLSA.
It's just as secure, just as DANE-ful, and has none of the semantics
and scaling problems of trying to shove mailbox keys into the DNS.
Its realistic security is better, since the mailbox names don't get
relayed through DNS caches of unknown snoopiness.

The endless debate about upper/lower case, and the continuing failure
to address the much greater actual range of mailbox semantics problems
should tell us to back up and look for something that really works.

R's,
John

v2.23.0 | Report a Bug | By Email