IETF Logo Mail Archive

Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt>

John C Klensin <john-ietf@jck.com> Fri, 19 February 2016 06:31 UTC

Return-Path: <john-ietf@jck.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8BE9E1A1A6D for <ietf@ietfa.amsl.com>; Thu, 18 Feb 2016 22:31:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.906
X-Spam-Level:
X-Spam-Status: No, score=-1.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.006] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ReX4-CjVuZIE for <ietf@ietfa.amsl.com>; Thu, 18 Feb 2016 22:31:38 -0800 (PST)
Received: from bsa2.jck.com (ns.jck.com [70.88.254.51]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 047891A21A7 for <ietf@ietf.org>; Thu, 18 Feb 2016 22:31:38 -0800 (PST)
Received: from [198.252.137.10] (helo=JcK-HP8200.jck.com) by bsa2.jck.com with esmtp (Exim 4.82 (FreeBSD)) (envelope-from <john-ietf@jck.com>) id 1aWebI-000IlI-AT; Fri, 19 Feb 2016 01:31:36 -0500
Date: Fri, 19 Feb 2016 01:31:31 -0500
From: John C Klensin <john-ietf@jck.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, ietf@ietf.org
Subject: Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt>
Message-ID: <3D98BF31A8730349F831E209@JcK-HP8200.jck.com>
In-Reply-To: <56C65E03.8090507@cs.tcd.ie>
References: <20160216224341.4620.qmail@ary.lan> <alpine.LFD.2.20.1602172221020.27439@bofh.nohats.ca> <19DDAD6C-B997-48C3-83E5-A61E27D97B6A@dukhovni.org> <56C65E03.8090507@cs.tcd.ie>
X-Mailer: Mulberry/4.0.8 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-SA-Exim-Connect-IP: 198.252.137.10
X-SA-Exim-Mail-From: john-ietf@jck.com
X-SA-Exim-Scanned: No (on bsa2.jck.com); SAEximRunCond expanded to false
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/QXTBf4reVpeQf5uh1OAYP-JT3rM>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Feb 2016 06:31:39 -0000

--On Friday, February 19, 2016 00:12 +0000 Stephen Farrell
<stephen.farrell@cs.tcd.ie> wrote:

> 
> 
> On 18/02/16 03:38, Viktor Dukhovni wrote:
>> The addrquery draft is not under discussion here, so perhaps I
>> should not even have said that much.  Exploring additional
>> approaches seems reasonable.
> 
> Agreed. I think it might make sense to add a bit of text to all
> the drafts in this space. Would something like the following be
> useful to include in this and other similar drafts?
> 
> "This specification is one experiment in improving access to
> public keys for end-to-end email security. There are a range
> of ways in which this can reasonably be done, for OpenPGP or
>...

Stephen,

I think such a paragraph would be a significant step forward.  I
don't think it is a substitute for any of the drafts being clear
about known issues and security risks, including warnings (aka
"considerations") about the difference between obtaining a key
and authentication of the key vis-a-vis the supposed key owner.
I don't know whether you consider that separate from "...other
points made about this draft." or not.

    john

v2.23.0 | Report a Bug | By Email