Re: dane-openpgp 2nd LC resolution

"John Levine" <johnl@taugh.com> Sun, 13 March 2016 17:11 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7C3D512D6B6 for <ietf@ietfa.amsl.com>; Sun, 13 Mar 2016 10:11:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ON4YHDLMb-od for <ietf@ietfa.amsl.com>; Sun, 13 Mar 2016 10:11:26 -0700 (PDT)
Received: from miucha.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8B90E12D6A6 for <ietf@ietf.org>; Sun, 13 Mar 2016 10:11:25 -0700 (PDT)
Received: (qmail 83214 invoked from network); 13 Mar 2016 17:11:23 -0000
Received: from unknown (64.57.183.18) by mail1.iecc.com with QMQP; 13 Mar 2016 17:11:23 -0000
Date: 13 Mar 2016 17:11:01 -0000
Message-ID: <20160313171101.3215.qmail@ary.lan>
From: "John Levine" <johnl@taugh.com>
To: ietf@ietf.org
Subject: Re: dane-openpgp 2nd LC resolution
In-Reply-To: <56E478F7.5070907@dougbarton.us>
Organization:
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset=utf-8
Content-transfer-encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/J4SpAdLDL2dAhBvlXK5mCoxoyvU>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Mar 2016 17:11:27 -0000

>Has anyone laid out the perceived dangers in an easily digestible 
>format? I would be interested to see that discussion.

See the discussion on this list in the first LC.  I tried to sum them
up in one message about a week before the end.

>Given that the DNS RR in question is something the end user has to 
>explicitly request, ...

Uh, what?  The DNS is under control of the domain owner, not the end
users.  If I'm running mitmmail.com, I can publish keys for all of my
users that I can decode on the way in.  If I'm that kind of MITM I
might even re-encode the mail with the users' real keys if I know what
they are, perhaps from the traditional PGP key servers.

This points out one of the problems with this draft: there's no
security model beyond the implicit DANE model that anything that's
signed with DNSSEC must be true.

R's,
John