Re: dane-openpgp 2nd LC resolution
Doug Barton <dougb@dougbarton.us> Tue, 15 March 2016 01:44 UTC
Return-Path: <dougb@dougbarton.us>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 471A712D65A for <ietf@ietfa.amsl.com>; Mon, 14 Mar 2016 18:44:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.003
X-Spam-Level:
X-Spam-Status: No, score=-2.003 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=dougbarton.us
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id szcm-e-LLrET for <ietf@ietfa.amsl.com>; Mon, 14 Mar 2016 18:44:07 -0700 (PDT)
Received: from dougbarton.us (dougbarton.us [208.79.90.218]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3FFEB12D559 for <ietf@ietf.org>; Mon, 14 Mar 2016 18:44:07 -0700 (PDT)
Received: from [IPv6:2001:4830:1a00:8056:2caf:7cc:3d7d:de4e] (unknown [IPv6:2001:4830:1a00:8056:2caf:7cc:3d7d:de4e]) by dougbarton.us (Postfix) with ESMTPSA id A07EE3A0BD; Tue, 15 Mar 2016 01:44:06 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dougbarton.us; s=dkim; t=1458006246; bh=QNAXyUS2KjPPLJlSYUkvavz9FJHWR/ZFQkjjkoPntXs=; h=From:Subject:To:References:Cc:Date:In-Reply-To; b=LuBHkB7X6Uzhq2qEDkEhNMei6MW7YFtCKZX/jlsk8ON3qtM2F/j02+rbl28DZS25Y yvTpDuuO+NF+EToLRZA2MyJWQvrBdVV6N9AbV0upqA3fBI7kq+19v+wI0n8UAh9MOy XwQ1PE5AcT6/F25RItVLwdUajdYQqdo1rXkmaNTQ=
From: Doug Barton <dougb@dougbarton.us>
Subject: Re: dane-openpgp 2nd LC resolution
To: Paul Wouters <paul@nohats.ca>
References: <56DC484F.7010607@cs.tcd.ie> <56E636FD.9050902@dougbarton.us> <alpine.LFD.2.20.1603141916360.830@bofh.nohats.ca>
Openpgp: id=E3520E149D053533C33A67DB5CC686F11A1ABC84
Message-ID: <56E768E6.5090905@dougbarton.us>
Date: Mon, 14 Mar 2016 18:44:06 -0700
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0
MIME-Version: 1.0
In-Reply-To: <alpine.LFD.2.20.1603141916360.830@bofh.nohats.ca>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/umXygc_wjMDyVDsaA6bHjujQj9k>
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Mar 2016 01:44:09 -0000
On 03/14/2016 04:18 PM, Paul Wouters wrote: > Yes, you are about 1.5 years late. And your arguments are (un)fortunately > not new arguments. Since the archive on this draft is rather huge, I can > understand that you missed part of this discussion. So for completeness > sake, I will answer your questions again. Thank you for your patience in explaining your reasoning, and again, I'm sorry for coming late to the party. And thanks as well for confirming that my memory is correct ... at one time I did hear that this topic was going in the direction of signatures rather than certs. Unfortunate that I didn't follow it closer. Regarding what you said and what your goals are, I think that we are pretty far apart. I will send a detailed response to your message on the DANE list soon. In all likelihood I will also create a new I-D with my ideas specified in more detail. Perhaps what is needed is more than one experiment. :) In regards to the current last call, while your explanations do help to alleviate a few of my concerns, in large part I am still not enthusiastic about this version of the draft proceeding. In particular I think the concern about these RRs being used for DDOS amplification remains. There is no mechanism in place currently in any name server software that I am aware of to limit responses to queries in the manner you describe (only send answers if the query comes over TCP or with DNS-Cookies). Further, I don't see that happening any time soon. Close behind that concern, the larger IETF community (or at least some very vocal segments of it) have serious concerns about this type of opportunistic encryption happening at all, or in my case, without user input. They (and to some extent I) remain unconvinced that your assertion that this type of opportunistic encryption is always better than the current state. Personally, I need to think more about that, but at least in the early stages of an experiment in tying PGP keys to DNS RRs, I'm definitely opposed. FWIW, Doug
- dane-openpgp 2nd LC resolution Stephen Farrell
- Re: dane-openpgp 2nd LC resolution E Taylor
- Re: dane-openpgp 2nd LC resolution Stephen Farrell
- Re: dane-openpgp 2nd LC resolution John C Klensin
- Re: dane-openpgp 2nd LC resolution John C Klensin
- Re: dane-openpgp 2nd LC resolution Doug Barton
- Re: dane-openpgp 2nd LC resolution Paul Wouters
- Treat model (was: Re: dane-openpgp 2nd LC resolut… John C Klensin
- Case distinctions as theoretical exercise (was: R… John C Klensin
- Re: dane-openpgp 2nd LC resolution Viktor Dukhovni
- Re: dane-openpgp 2nd LC resolution John Levine
- Re: dane-openpgp 2nd LC resolution Paul Wouters
- Re: dane-openpgp 2nd LC resolution Paul Wouters
- Re: dane-openpgp 2nd LC resolution Doug Barton
- Re: Case distinctions as theoretical exercise Doug Barton
- Re: Threat model Doug Barton
- Re: dane-openpgp 2nd LC resolution Doug Barton
- Re: Case distinctions as theoretical exercise John C Klensin
- Re: dane-openpgp 2nd LC resolution John R Levine
- Re: dane-openpgp 2nd LC resolution John C Klensin
- Re: dane-openpgp 2nd LC resolution Doug Barton
- Re: dane-openpgp 2nd LC resolution Viktor Dukhovni
- Re: dane-openpgp 2nd LC resolution Paul Wouters
- Re: dane-openpgp 2nd LC resolution Paul Wouters
- Re: dane-openpgp 2nd LC resolution Doug Barton
- Re: dane-openpgp 2nd LC resolution Viktor Dukhovni
- Re: dane-openpgp 2nd LC resolution Mark Andrews
- Re: dane-openpgp 2nd LC resolution Warren Kumari
- Re: Case distinctions as theoretical exercise Phillip Hallam-Baker
- Re: Case distinctions as theoretical exercise John Levine
- Re: Case distinctions as theoretical exercise Phillip Hallam-Baker
- Re: dane-openpgp 2nd LC resolution Stephen Farrell
- Re: dane-openpgp 2nd LC resolution John C Klensin
- Hashing local-parts of addresses (was: dane-openp… ned+ietf