Re: Last Call: <draft-ietf-dane-openpgpkey-05.txt> (Using DANE to Associate OpenPGP public keys with email addresses) to Proposed Standard
"John R. Levine" <johnl@iecc.com> Wed, 09 September 2015 20:49 UTC
Return-Path: <johnl@iecc.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A818F1B447E for <ietf@ietfa.amsl.com>; Wed, 9 Sep 2015 13:49:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 3.863
X-Spam-Level: ***
X-Spam-Status: No, score=3.863 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, MANGLED_TEXT=2.3, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O1Gqo6sB0FGR for <ietf@ietfa.amsl.com>; Wed, 9 Sep 2015 13:49:43 -0700 (PDT)
Received: from miucha.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 178AA1B4475 for <ietf@ietf.org>; Wed, 9 Sep 2015 13:49:42 -0700 (PDT)
Received: (qmail 89631 invoked from network); 9 Sep 2015 20:49:41 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:subject:in-reply-to:references:mime-version:content-type:user-agent; s=15e1e.55f09b65.k1509; bh=8JmM6c2IXp8PLyo4Sb5RN/MQ/vCF7rZuoFvjfDi/RJo=; b=q0mbjqhejjS0e0P+k8jfYuu7GZqT6WA5VqO8Ovxaz7x+iitAo38c32Fs6KomgXK1QRyqkublQJVXURpou61hN4fJvqa5pBGaKsMUfY5xnPcwTg58YrC2o+sC6jwhCZMdqUKhsgUa9ZYidcEeIZImeyXSidGmYbvaFUOFmJNQexjMkekgkUEZtMOolJCbScbo577IxnPAyIzZY/LEgOMebDzADRO0kNWUPpa6V4Hb1kcFWRw8kBh/XaLWlDWnjT+2
Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.0/X.509/SHA1) via TCP6; 09 Sep 2015 20:49:41 -0000
Date: Wed, 09 Sep 2015 16:49:40 -0400
Message-ID: <alpine.OSX.2.11.1508311731160.8791@ary.lan>
From: "John R. Levine" <johnl@iecc.com>
To: ietf@ietf.org
Subject: Re: Last Call: <draft-ietf-dane-openpgpkey-05.txt> (Using DANE to Associate OpenPGP public keys with email addresses) to Proposed Standard
In-Reply-To: <20150828151107.2592.98917.idtracker@ietfa.amsl.com>
References: <20150828151107.2592.98917.idtracker@ietfa.amsl.com>
User-Agent: Alpine 2.11 (OSX 23 2013-08-11)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format="flowed"; charset="US-ASCII"
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/_kUe6YG6BUMlI43I65okFhqR6L8>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Sep 2015 20:49:44 -0000
> - 'Using DANE to Associate OpenPGP public keys with email addresses' > <draft-ietf-dane-openpgpkey-05.txt> as Proposed Standard This draft has several technical issues that will make it a problem to interoperate at Internet scale. They've all come up in the WG mailing list, but they're still unresolved. It would be great if there were a workable automated way to discover an encryption key for an address. I'd like to sign up on my bank's web site with the tagged address john+bank@example.com, the bank's then automatically looks up the key (likely the same as for john@example.com,) and after that the mail they send to me is encrypted to my key, and they can verify that the mail I send to them is signed with my key. * Name semantics The SMTP specs have always said that the local-part of an e-mail address (the part before the @) is only interpreted by the recipient MTA. MTAs invariably map a lot of different local-parts to the same internal mailbox. They do ASCII case folding, drop noise characters (Gmail's dots), trim extensions (user+ext), do LDAP lookups, and more, with great inconsistency among mail systems. The DNS does exact matches other than ASCII case folding and wild cards, neither of which seem relevant here. Every variation that can be looked up using this scheme has to be put separately in the DNS, as a key record or a CNAME, so the number of variations that a user can look up will be only a tiny fraction of the total. The WG considered and rejected reversible encodings, e.g. base32, that would allow a specialized DNS server to recover the local-part, pass it to the relevant MTA to find the mailbox and then sign and return an appropriate key record. Since it appears unlikely that anyone would ever implement that, I agree it's not a solution. >From discussions on the WG list, the plan appears to be that lookups will be made manually by human users who will pick addresses they think are likely to be in the DNS, e.g., lower case without extensions. If that's the use model, the draft should say so explicitly and make it clear that most addresses that work in SMTP won't be in the DNS. We should consider whether such a narrow use case is worth it. It also appears that they expect users and maybe MUAs to modify incoming addresses (the draft now says not to but the author recently said he wants to put back case folding advice, as did some last call comments), arguing that in practice all MUAs treat upper and lower case as equivalent. While that may well be true for ASCII addresses, it is a significant change to RFC 5321 address semantics. If we're going to make that change, it should be an update to RFC 5321, not an end run. * Scaling Mail system sizes range from a handful of users to some with over 10^8 users and possibly one with 10^9. There are three mail systems in the U.S. with over 10^8 users that handle about half of all the mail in the country. Hashed names require that all of the keys for a domain be served in one flat zone. Large mail systems typically partition the users based on the local part, but since the hashes aren't reversible, there's no way to tell what partition would handle what hashed name. The server might broadcast queries to all the partitions, but that just pushes the problem down a level, since there's still no way to tell what address matches a query without a precomputed table of hashes. PGP key records are about 3K so a zone with 10^8 keys, which would be under 1/4 of Gmail's or Yahoo's users, would be 300 gigabytes before signing. The largest signed zone now is probably .COM at about 10GB before signing; a zone 30 times as big seems rather a stretch. In one sense it doesn't matter since large mail systems are unlikely to implement this (I asked), but at the least the draft should document the scale problems for large systems. * Security and name guessing Absent a change to RFC 5321 name semantics, this draft pretty much demands name guessing. If Bobsmith@example doesn't work, try bobsmith@ or BOBSMITH@ or BobSmith@ or maybe just bob@. If john-bank@example doesn't work, maybe john@ or JOHN@ will. Key guessing in a security protocol seems oddly insecure. R's, John PS: For a different approach, see draft-moore-email-addrquery-01.
- Re: [dane] Last Call: <draft-ietf-dane-openpgpkey… Petr Spacek
- Re: [dane] Last Call: <draft-ietf-dane-openpgpkey… Viktor Dukhovni
- Re: Last Call: <draft-ietf-dane-openpgpkey-05.txt… John R. Levine
- Re: Last Call: <draft-ietf-dane-openpgpkey-05.txt… Paul Wouters
- Re: Last Call: <draft-ietf-dane-openpgpkey-05.txt… John Levine
- Re: Last Call: <draft-ietf-dane-openpgpkey-05.txt… Stephen Farrell
- Re: Last Call: <draft-ietf-dane-openpgpkey-05.txt… John R Levine
- Re: Last Call: <draft-ietf-dane-openpgpkey-05.txt… Paul Wouters
- Re: Last Call: <draft-ietf-dane-openpgpkey-05.txt… John Levine
- Re: Last Call: <draft-ietf-dane-openpgpkey-05.txt… Viktor Dukhovni
- Re: Last Call: <draft-ietf-dane-openpgpkey-05.txt… Simon Josefsson
- Re: Last Call: <draft-ietf-dane-openpgpkey-05.txt… Simon Josefsson
- Re: Last Call: <draft-ietf-dane-openpgpkey-05.txt… manning
- Re: Last Call: <draft-ietf-dane-openpgpkey-05.txt… Paul Wouters
- Re: Last Call: <draft-ietf-dane-openpgpkey-05.txt… Paul Wouters
- Re: Last Call: <draft-ietf-dane-openpgpkey-05.txt… John C Klensin
- Re: what's a standard for, was Last Call John Levine
- Re: Last Call: <draft-ietf-dane-openpgpkey-05.txt… Viktor Dukhovni
- Re: what's a standard for, was Last Call Paul Wouters
- Re: Last Call: <draft-ietf-dane-openpgpkey-05.txt… John C Klensin
- Re: Last Call: <draft-ietf-dane-openpgpkey-05.txt… Paul Wouters
- Re: what's a standard for, was Last Call John Levine
- Re: Last Call: <draft-ietf-dane-openpgpkey-05.txt… Viktor Dukhovni
- Re: Last Call: <draft-ietf-dane-openpgpkey-05.txt… John C Klensin
- Re: Last Call: <draft-ietf-dane-openpgpkey-05.txt… John C Klensin
- Re: Last Call: <draft-ietf-dane-openpgpkey-05.txt… Paul Wouters
- Re: Last Call: <draft-ietf-dane-openpgpkey-05.txt… Scott Kitterman
- Re: DNS names, was Last Call on _openpgpkey John Levine
- Re: DNS names, was Last Call on _openpgpkey Mark Andrews
- Re: Last Call: <draft-ietf-dane-openpgpkey-05.txt… John C Klensin
- Re: Last Call: <draft-ietf-dane-openpgpkey-05.txt… Stephen Farrell
- Re: DNS names, was Last Call on _openpgpkey Andrew Sullivan
- Re: DNS names, was Last Call on _openpgpkey John C Klensin
- Re: DNS names, was Last Call on _openpgpkey Andrew Sullivan
- Re: DNS names, was Last Call on _openpgpkey Donald Eastlake
- Re: DNS names, was Last Call on _openpgpkey Mark Andrews
- Re: DNS names, was Last Call on _openpgpkey Andrew Sullivan