dane-openpgp 2nd LC resolution
Stephen Farrell <stephen.farrell@cs.tcd.ie> Sun, 06 March 2016 15:10 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6198E1A0030 for <ietf@ietfa.amsl.com>; Sun, 6 Mar 2016 07:10:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.702
X-Spam-Level:
X-Spam-Status: No, score=-3.702 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, J_CHICKENPOX_22=0.6, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2GI9ANmZ-9_v for <ietf@ietfa.amsl.com>; Sun, 6 Mar 2016 07:10:14 -0800 (PST)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4F5531A0029 for <ietf@ietf.org>; Sun, 6 Mar 2016 07:10:14 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id AC9E6BE55 for <ietf@ietf.org>; Sun, 6 Mar 2016 15:10:11 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mP19jUw_AOXW for <ietf@ietf.org>; Sun, 6 Mar 2016 15:10:08 +0000 (GMT)
Received: from [10.87.49.100] (unknown [86.46.19.12]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 81A0EBE4D for <ietf@ietf.org>; Sun, 6 Mar 2016 15:10:07 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1457277008; bh=JTGz1oPHwLEAAGUXDkJGb2LVvYpLdSO840megd11eiU=; h=From:Subject:To:Date:From; b=VXZhv94p4ODpJXp+kFlH+vgEff3U9BWeUQct168f/y+m/9ZuyYiJK9YXiZmsWrBW3 aZInw7YBjUAbZwwDDFY1Zfzphgy3KyUv1U9nH07CzjsisDupBptXydjV9Ep3kr8v3I Zg591mIyAhgt8TMwc1YmJ8H+Z4YYT2VojeDUES/0=
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: dane-openpgp 2nd LC resolution
To: IETF-Discussion <ietf@ietf.org>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <56DC484F.7010607@cs.tcd.ie>
Date: Sun, 06 Mar 2016 15:10:07 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.5.1
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="------------ms020508080505090606000705"
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/bTeOSH_ph6F2SRkLtdnQoQbNj_w>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Mar 2016 15:10:17 -0000
Hi all, The 2nd IETF last call for this started on Feb 8th. Thanks again for the lively discussion. The tl;dr version is: once a revision addresses the substantive issues raised as per below, taking into account reactions to this summary, and we have a chance to take a quick look at -08 (I'll extend the LC to the date of the -08 version plus one week), then if no new substantive issues arise, I think we have rough consensus to go forward with this experiment (and others to come) and let the IESG review the document. Cheers, S. The substantive issues that arose in the 2nd last call were: 1. The context of the experiment 2. Changes to the trust model 3. The local-part (lhs) issue and i18n For each, I'll say where I conclude we've ended up and recommend what to do for -08. 1. The context of the experiment -------------------------------- I think part of the reason this one has been hard has been a perception that we're developing the one true way to retrieve key retrieval for e2e email security. The resolution here is to include text like that below in all similar experiments. "This specification is one experiment in improving access to public keys for end-to-end email security. There are a range of ways in which this can reasonably be done, for OpenPGP or S/MIME, for example using the DNS, or SMTP, or HTTP. Proposals for each of these have been made with various levels of support in terms of implementation and deployment. For each such experiment, specifications such as this will enable experiments to be carried out that may succeed or that may uncover technical or other impediments to large- or small-scale deployments. The IETF encourages those implementing and deploying such experiments to publicly document their experiences so that future specifications in this space can benefit." 2. Changes to trust model ------------------------- John Levine noted a place where -07 seems to be saying a bit too much: " In sections 1 and 7, it claims that finding a key through DNS lookup is not a substitute for web-of-trust verification, which is fine. But section 5.2 says that if a domain publishes a key for an address that's inconsistent with an existing key, verification of the key is "treated as a failure." It's unclear what the effect is supposed to be, but considering the discussion of the lost key problem, it appears that the intent is that the sender would stop using the old key. " I think the text is 5.2 is a little ambiguous so suggest the change below, which clarifies that the failure is in the confirmation step and that the resulting action is dependent on local policy and is not being determined by taking part in the experiment. OLD: Locally stored OpenPGP public keys are not automatically refreshed. If the owner of that key creates a new OpenPGP public key, that owner is unable to securely notify all users and applications that have its old OpenPGP public key. Applications and users can perform an OPENPGPKEY lookup to confirm the locally stored OpenPGP public key is still the correct key to use. If the locally stored OpenPGP public key is different from the DNSSEC validated OpenPGP public key currently published in DNS, the verification MUST be treated as a failure unless the locally stored OpenPGP key signed the newly published OpenPGP public key found in DNS. An application that can interact with the user MAY ask the user for guidance. For privacy reasons, an application MUST NOT attempt to lookup an OpenPGP key from DNSSEC at every use of that key. NEW: Locally stored OpenPGP public keys are not automatically refreshed. If the owner of that key creates a new OpenPGP public key, that owner is unable to securely notify all users and applications that have its old OpenPGP public key. Applications and users can perform an OPENPGPKEY lookup to confirm the locally stored OpenPGP public key is still the correct key to use. If the locally stored OpenPGP public key is different from the DNSSEC validated OpenPGP public key currently published in DNS, the confirmation MUST be treated as a failure unless the locally stored OpenPGP key signed the newly published OpenPGP public key found in DNS. An application that can interact with the user MAY ask the user for guidance, otherwise the application will have to apply local policy. For privacy reasons, an application MUST NOT attempt to lookup an OpenPGP key from DNSSEC at every use of that key. 3. The local-part (lhs) issue and i18n --------------------------------------- This has always been and will always be an issue for any solution in this space. Absent changes to the mail architecture, or major changes to email protocols and deployment, it will always be an issue. And it's quite related to the "joe+ietf" kind of lhs too, which'd need to be considered for a general solution to the problem. I conclude that the right thing here is to do experiments, but for those to not try to solve the general issue, and instead to define the limits within which the experiment is to be done. In this case, I think the only tractable thing is stick with the lhs handling in -07, to note that implementations are in fact not quite doing that, and to point to an existing well-thought out description of some some of the issues. To that end I suggest renaming section 4 to become "Email address variants and internationalisaion considerations." and adding the following NEW text to the end of the section: "Section 3 above defines how the local-part is used to determine the location in which one looks for an OPENPGPKEY record. Given the variety of local-parts seen in email, designing a good experiment for this is difficult as: a) some current implementations are known to lowercase at least US-ASCII local-parts, b) we know from (many) other situations that any strategy based on guessing and making multiple DNS queries is not going to achieve consensus for good reasons, and c) the underlying issues are just hard - see Section 10.1 of RFC 6530 for discussion of just some of the issues that would need to be tackled to fully address this problem. However, while this specification is not the place to try to address these issues with local-parts, doing so is also not required to determine the outcome of this experiment. If this experiment succeeds then further work on email addresses with non-ASCII local-parts will be needed and that would be better based on the findings from this experiment, rather than doing nothing or starting this experiment based on a speculative approach to what is a very complex topic." Misc comments ------------- - There were also a bunch of nits noted in [1] that we may as well fix in -08. [1] https://mailarchive.ietf.org/arch/msg/ietf/7qqmoghCO_BfAt3YdRn81chn5Mc
- dane-openpgp 2nd LC resolution Stephen Farrell
- Re: dane-openpgp 2nd LC resolution E Taylor
- Re: dane-openpgp 2nd LC resolution Stephen Farrell
- Re: dane-openpgp 2nd LC resolution John C Klensin
- Re: dane-openpgp 2nd LC resolution John C Klensin
- Re: dane-openpgp 2nd LC resolution Doug Barton
- Re: dane-openpgp 2nd LC resolution Paul Wouters
- Treat model (was: Re: dane-openpgp 2nd LC resolut… John C Klensin
- Case distinctions as theoretical exercise (was: R… John C Klensin
- Re: dane-openpgp 2nd LC resolution Viktor Dukhovni
- Re: dane-openpgp 2nd LC resolution John Levine
- Re: dane-openpgp 2nd LC resolution Paul Wouters
- Re: dane-openpgp 2nd LC resolution Paul Wouters
- Re: dane-openpgp 2nd LC resolution Doug Barton
- Re: Case distinctions as theoretical exercise Doug Barton
- Re: Threat model Doug Barton
- Re: dane-openpgp 2nd LC resolution Doug Barton
- Re: Case distinctions as theoretical exercise John C Klensin
- Re: dane-openpgp 2nd LC resolution John R Levine
- Re: dane-openpgp 2nd LC resolution John C Klensin
- Re: dane-openpgp 2nd LC resolution Doug Barton
- Re: dane-openpgp 2nd LC resolution Viktor Dukhovni
- Re: dane-openpgp 2nd LC resolution Paul Wouters
- Re: dane-openpgp 2nd LC resolution Paul Wouters
- Re: dane-openpgp 2nd LC resolution Doug Barton
- Re: dane-openpgp 2nd LC resolution Viktor Dukhovni
- Re: dane-openpgp 2nd LC resolution Mark Andrews
- Re: dane-openpgp 2nd LC resolution Warren Kumari
- Re: Case distinctions as theoretical exercise Phillip Hallam-Baker
- Re: Case distinctions as theoretical exercise John Levine
- Re: Case distinctions as theoretical exercise Phillip Hallam-Baker
- Re: dane-openpgp 2nd LC resolution Stephen Farrell
- Re: dane-openpgp 2nd LC resolution John C Klensin
- Hashing local-parts of addresses (was: dane-openp… ned+ietf