IETF Logo Mail Archive

Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt>

John C Klensin <john-ietf@jck.com> Thu, 18 February 2016 13:42 UTC

Return-Path: <john-ietf@jck.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 79E311A6FA9 for <ietf@ietfa.amsl.com>; Thu, 18 Feb 2016 05:42:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.906
X-Spam-Level:
X-Spam-Status: No, score=-1.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.006] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7T5v-IFTeRMu for <ietf@ietfa.amsl.com>; Thu, 18 Feb 2016 05:42:56 -0800 (PST)
Received: from bsa2.jck.com (ns.jck.com [70.88.254.51]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 65AA21A7015 for <ietf@ietf.org>; Thu, 18 Feb 2016 05:42:56 -0800 (PST)
Received: from [198.252.137.10] (helo=JcK-HP8200.jck.com) by bsa2.jck.com with esmtp (Exim 4.82 (FreeBSD)) (envelope-from <john-ietf@jck.com>) id 1aWOr8-000FRq-5a; Thu, 18 Feb 2016 08:42:54 -0500
Date: Thu, 18 Feb 2016 08:42:49 -0500
From: John C Klensin <john-ietf@jck.com>
To: Paul Wouters <paul@nohats.ca>, ietf@ietf.org
Subject: Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt>
Message-ID: <33960AB5BE52AC5AE805049B@JcK-HP8200.jck.com>
In-Reply-To: <alpine.LFD.2.20.1602172221020.27439@bofh.nohats.ca>
References: <20160216224341.4620.qmail@ary.lan> <alpine.LFD.2.20.1602172221020.27439@bofh.nohats.ca>
X-Mailer: Mulberry/4.0.8 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-SA-Exim-Connect-IP: 198.252.137.10
X-SA-Exim-Mail-From: john-ietf@jck.com
X-SA-Exim-Scanned: No (on bsa2.jck.com); SAEximRunCond expanded to false
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/P-_kuUDxPL6mr42M3k7C1CVgZBw>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Feb 2016 13:42:58 -0000

Paul (and others),

There is no question that the email-addrquery draft needs work,
even the author has said so.  I've tried to start a thread on
the SMTP list that identifies some possible issues to be
examined.  If you want to have a constructive conversation about
that draft, please move it there.  Probably it would be best to
wait for the next draft and comment on it rather than attacking
-01.   

None of this is relevant to the proposed experiment advocated by
dane-openpgpkey unless you want to try to convert this
discussion into "dane-openpgpkey is no worse than
email-addrquery, therefore it should be approved".  I suggest
not going there because the IETF doesn't need to approve _any_
flawed protocol and, be being in Last Call, there is a claim
that dane-openpgpkey is finished and ready to go, a claim that
has never been made for email-addrquery.

I'll respond to your comment below if you want to make it on the
SMTP list, but suggest that the description of _any_
key-location or key-retrieval must mechanism be clear about the
difference between obtaining a purported key and determining its
validity for some intended use in order to be taken seriously.
This thread periodically seems to lose track of that distinction.

     john



--On Wednesday, February 17, 2016 22:24 -0500 Paul Wouters
<paul@nohats.ca> wrote:

> On Tue, 16 Feb 2016, John Levine wrote:
> 
>>>>>      https://tools.ietf.org/html/draft-moore-email-addrque
>>>>>      ry-01
>> 
>>> Unfortunately, the draft is useless for end-to-end
>>> encryption, as it relies on a clean path from the client to
>>> the recipient's SMTP server ...
>> 
>> I would encourage anyone interested in this topic to read the
>> draft, particularly section 4.  No, it does not depend on a
>> clean path from the MUA to the recipient MTA.
> 
>     This section defines a service extension to the Mail
> Submission
>     Protocol [RFC6409] which can be used by an authenticated,
> authorized
>     client to query an SMTP server on port 25 for information
> about an
>     email address.  This is intended only as a workaround for
> port 25
>     blocking, so the extension is minimally tailored for that
> purpose.
> 
> So if my ISP is blocking port 25, I am forced to ask my ISP if
> the
> remote party could accept encrypted email and to which key?
> 
> It is not "end to end" encryption, if the ISP can change the
> outcome.
> 
> So again, the above draft does not provide a workable solution
> for
> the openpgpkey draft.
> 
> Paul
>

v2.23.0 | Report a Bug | By Email