Re: dane-openpgp 2nd LC resolution

"John Levine" <> Sun, 13 March 2016 17:11 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 7C3D512D6B6 for <>; Sun, 13 Mar 2016 10:11:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id ON4YHDLMb-od for <>; Sun, 13 Mar 2016 10:11:26 -0700 (PDT)
Received: from ( [IPv6:2001:470:1f06:1126::2]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 8B90E12D6A6 for <>; Sun, 13 Mar 2016 10:11:25 -0700 (PDT)
Received: (qmail 83214 invoked from network); 13 Mar 2016 17:11:23 -0000
Received: from unknown ( by with QMQP; 13 Mar 2016 17:11:23 -0000
Date: 13 Mar 2016 17:11:01 -0000
Message-ID: <20160313171101.3215.qmail@ary.lan>
From: "John Levine" <>
Subject: Re: dane-openpgp 2nd LC resolution
In-Reply-To: <>
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset=utf-8
Content-transfer-encoding: 8bit
Archived-At: <>
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 13 Mar 2016 17:11:27 -0000

>Has anyone laid out the perceived dangers in an easily digestible 
>format? I would be interested to see that discussion.

See the discussion on this list in the first LC.  I tried to sum them
up in one message about a week before the end.

>Given that the DNS RR in question is something the end user has to 
>explicitly request, ...

Uh, what?  The DNS is under control of the domain owner, not the end
users.  If I'm running, I can publish keys for all of my
users that I can decode on the way in.  If I'm that kind of MITM I
might even re-encode the mail with the users' real keys if I know what
they are, perhaps from the traditional PGP key servers.

This points out one of the problems with this draft: there's no
security model beyond the implicit DANE model that anything that's
signed with DNSSEC must be true.