Re: dane-openpgp 2nd LC resolution

Paul Wouters <paul@nohats.ca> Sat, 12 March 2016 21:10 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EFA4712D869 for <ietf@ietfa.amsl.com>; Sat, 12 Mar 2016 13:10:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.101
X-Spam-Level:
X-Spam-Status: No, score=-1.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_ALL=0.8, RP_MATCHES_RCVD=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j230D2C92Y2G for <ietf@ietfa.amsl.com>; Sat, 12 Mar 2016 13:10:05 -0800 (PST)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7F5F412D858 for <ietf@ietf.org>; Sat, 12 Mar 2016 13:10:01 -0800 (PST)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3qMxVF1mFJzwS; Sat, 12 Mar 2016 22:09:57 +0100 (CET)
X-OPENPGPKEY: Message passed unmodified
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id TLx7MEQ247PI; Sat, 12 Mar 2016 22:09:51 +0100 (CET)
Received: from bofh.nohats.ca (206-248-139-105.dsl.teksavvy.com [206.248.139.105]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Sat, 12 Mar 2016 22:09:51 +0100 (CET)
Received: by bofh.nohats.ca (Postfix, from userid 1000) id C1354606625D; Sat, 12 Mar 2016 16:09:50 -0500 (EST)
DKIM-Filter: OpenDKIM Filter v2.10.3 bofh.nohats.ca C1354606625D
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id BD019A3C7; Sat, 12 Mar 2016 16:09:50 -0500 (EST)
Date: Sat, 12 Mar 2016 16:09:50 -0500 (EST)
From: Paul Wouters <paul@nohats.ca>
To: Doug Barton <dougb@dougbarton.us>
Subject: Re: dane-openpgp 2nd LC resolution
In-Reply-To: <56E478F7.5070907@dougbarton.us>
Message-ID: <alpine.LFD.2.20.1603121603040.11476@bofh.nohats.ca>
References: <56DC484F.7010607@cs.tcd.ie> <3470AB158222ED0ECAF2CAEA@JcK-HP8200.jck.com> <56E478F7.5070907@dougbarton.us>
User-Agent: Alpine 2.20 (LFD 67 2015-01-07)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII; format=flowed
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/QHVYBDggcW_gyLgIvapN07Mazes>
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Mar 2016 21:10:06 -0000

On Sat, 12 Mar 2016, Doug Barton wrote:

> On 03/12/2016 01:00 AM, John C Klensin wrote:
>>  The IETF should not be encouraging experiments on the public
>>  Internet that could be harmful to the Internet or to existing
>>  deployed applications, especially standards-track ones.  Several
>>  people with significant email operational experience have made
>>  the claim that this experiment could be harmful to the
>>  Internet's email infrastructure, if only by encouraging a
>>  violation of a fairly explicit (and very important, IMO)
>>  provision of SMTP.  As far as I can tell from reviewing the
>>  discussions, there has not even been effort to refute those
>>  claims or explain why they are not relevant.
>
> Has anyone laid out the perceived dangers in an easily digestible format? I 
> would be interested to see that discussion.
>
> Given that the DNS RR in question is something the end user has to explicitly 
> request, the danger is not immediately obvious to me.

That is not clear to me either, since the _delivery_ is unchanged, and
still goes to the local-part _exactly_ as specified by the user. So the
risks here are:

1 Failure to find an existing OPENPGPKEY record, email goes out in plaintext just as
   if this draft never existed.

2 In an email server has paul@nohats.ca and Paul@nohats.ca, AND these
   are different users, then instead of JUST mailing the wrong user in
   plaintext, the wrong user is emailed encrypted to that user. This is
   functionaly still better than the current deployment, since only 1
   wrong user can see the (encrypted) email instead of everyone on the
   path plus the user who can see the never-encrypted email.

However, the email community experts themselves have already stated that
finding an email server compliant to case 2 is a theoretical exercise
only.

Paul