IETF Logo Mail Archive

Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt>

John C Klensin <john-ietf@jck.com> Tue, 16 February 2016 23:08 UTC

Return-Path: <john-ietf@jck.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4A4D91ACD44 for <ietf@ietfa.amsl.com>; Tue, 16 Feb 2016 15:08:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.906
X-Spam-Level:
X-Spam-Status: No, score=-1.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.006] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uFxiFua6KmjW for <ietf@ietfa.amsl.com>; Tue, 16 Feb 2016 15:08:00 -0800 (PST)
Received: from bsa2.jck.com (bsa2.jck.com [70.88.254.51]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 71FEE1ACD1D for <ietf@ietf.org>; Tue, 16 Feb 2016 15:08:00 -0800 (PST)
Received: from [198.252.137.10] (helo=JcK-HP8200.jck.com) by bsa2.jck.com with esmtp (Exim 4.82 (FreeBSD)) (envelope-from <john-ietf@jck.com>) id 1aVoit-0009UI-7m; Tue, 16 Feb 2016 18:07:59 -0500
Date: Tue, 16 Feb 2016 18:07:54 -0500
From: John C Klensin <john-ietf@jck.com>
To: John Levine <johnl@taugh.com>, ietf@ietf.org
Subject: Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt>
Message-ID: <0553D20D0F9DB94B02A42F93@JcK-HP8200.jck.com>
In-Reply-To: <20160216224341.4620.qmail@ary.lan>
References: <20160216224341.4620.qmail@ary.lan>
X-Mailer: Mulberry/4.0.8 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-SA-Exim-Connect-IP: 198.252.137.10
X-SA-Exim-Mail-From: john-ietf@jck.com
X-SA-Exim-Scanned: No (on bsa2.jck.com); SAEximRunCond expanded to false
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/xe70zWkcVG4QI3JOU657-D3ff2w>
Cc: paul@nohats.ca
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Feb 2016 23:08:02 -0000


--On Tuesday, February 16, 2016 22:43 +0000 John Levine
<johnl@taugh.com> wrote:

>>>>  Sadly Keith Moore's addrquery draft seems to have stalled:
>>>> 
>>>>      https://tools.ietf.org/html/draft-moore-email-addrquer
>>>>      y-01
> 
>> Unfortunately, the draft is useless for end-to-end
>> encryption, as it relies on a clean path from the client to
>> the recipient's SMTP server ...
> 
> I would encourage anyone interested in this topic to read the
> draft, particularly section 4.  No, it does not depend on a
> clean path from the MUA to the recipient MTA.

As I read it, it requires a path from the MUA or Submission
server that can be secured with TLS at each hop.   It does not
require a single hop arrangement.  Whether the first is a "clean
path" is a matter of definition, but the proposal certainly
appears to be workable for end-to-end encryption to me.

I have suggested, off-list, to Keith that, in preparing a new
version, he should carefully consider the tradeoffs implied by
the TLS requirement versus allowing any server that can be
reached (even multihop) by SMTP to return key and address
information.   As usual, the answer will probably depend on what
problem we are trying to solve and which aspects of it are most
important.

    john

v2.23.0 | Report a Bug | By Email