Re: dane-openpgp 2nd LC resolution

E Taylor <> Tue, 08 March 2016 02:16 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id D22491CD8BF for <>; Mon, 7 Mar 2016 18:16:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id zqWT8VMDsKML for <>; Mon, 7 Mar 2016 18:16:24 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 4BE771CD664 for <>; Mon, 7 Mar 2016 18:16:23 -0800 (PST)
Received: from enoch.localdomain ( [::ffff:]) (AUTH: LOGIN hagfish, TLS: TLSv1/SSLv3,128bits,DHE-RSA-AES128-SHA) by with ESMTPSA; Tue, 08 Mar 2016 02:16:20 +0000 id 000000000008005F.0000000056DE35F4.000006F4
Received: from localhost ([]) by enoch.localdomain with esmtp (Exim 4.80) (envelope-from <>) id 1ad7C8-0001FL-4y; Tue, 08 Mar 2016 02:16:20 +0000
Message-ID: <>
Date: Tue, 08 Mar 2016 02:16:20 +0000
From: E Taylor <>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0.12) Gecko/20130116 Icedove/10.0.12
MIME-Version: 1.0
To: Stephen Farrell <>
Subject: Re: dane-openpgp 2nd LC resolution
References: <>
In-Reply-To: <>
X-Enigmail-Version: 1.4.1
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Archived-At: <>
Cc: IETF-Discussion <>
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 08 Mar 2016 02:16:26 -0000

Hi Stephen,

> The tl;dr version is: once a revision addresses the
> substantive issues raised as per below, taking into
> account reactions to this summary, and we have a chance to
> take a quick look at -08 (I'll extend the LC to the date
> of the -08 version plus one week), then if no new
> substantive issues arise, I think we have rough consensus
> to go forward with this experiment (and others to come)
> and let the IESG review the document.

Thanks for producing this summary and these suggestions, with specific
sections of text to be added, which gives a clear picture of what we're
discussing.  I was initially concerned that your additions, and the
general process of updating the drafts to reach consensus, might have
made the document become an unruly patchwork, but I took the time to
re-read it, in light of what you propose, and it actually holds together
remarkably well.

In particular, I think your judgement on the casing / i18n issue is
sound, and seeing it in the context of the whole document makes it feel
like the most technologically neutral and acceptable solution.  It puts
no undue burdens on the traditions and best practices of the DNS
community, nor on the email community.  As you say, more work in a
future Standards Track document can be done to extend the approach
specified in the draft, but "doing so is also not required to determine
the outcome of this experiment".

One thing I wanted to bring to wider attention, though, was an
observation I made in looking at RFC 4398 (which is referenced in
section 1.1 of the draft).  That RFC, Storing Certificates in the Domain
Name System (DNS), says:

>    OpenPGP signed keys (certificates) use a general character string
>    User ID.  However, it is recommended by OpenPGP that such names
>    include the RFC 2822 email address of the party, as in "Leslie
>    Example <Leslie@host.example>"e>".  If such a format is used, the CERT
>    ought to be under the standard translation of the email address into
>    a domain name, which would be in this case.  If
>    no RFC 2822 name can be extracted from the string name, no specific
>    domain name is recommended.

(internal references removed).  This is interesting because not only
does it not consider a non-ASCII (or even give an example of a
non-alphabetic) local-part, but it also happily lower-cases the
local-part, "under the standard translation of the email address into a
domain name".

Admittedly this RFC is from 2006, and of course it is good that the IETF
is now thinking harder about non-ASCII use cases, but I think that the
fact that this RFC was accepted onto the Standards Track, with that
approach to email addresses, reinforces your point that the experiment
of dane-openpgp can safely go ahead while leaving some questions open
until further data has been accumulated from wider deployment of this

I look forward to the closing of the extended LC, and to reading the
IESG's review of the -08 draft.

Best regards,