Re: [openpgp] [dane] Storing public keys in DNS or LDAP, or elsewhere

"Rick van Rein (OpenFortress)" <rick@openfortress.nl> Thu, 08 August 2013 19:56 UTC

Return-Path: <rick@openfortress.nl>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 630A721F8AA1; Thu, 8 Aug 2013 12:56:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.429
X-Spam-Level:
X-Spam-Status: No, score=-0.429 tagged_above=-999 required=5 tests=[AWL=0.075, BAYES_00=-2.599, HELO_EQ_NL=0.55, HOST_EQ_NL=1.545]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vdVW-P4wOm1J; Thu, 8 Aug 2013 12:56:24 -0700 (PDT)
Received: from smtp-vbr14.xs4all.nl (smtp-vbr14.xs4all.nl [194.109.24.34]) by ietfa.amsl.com (Postfix) with ESMTP id A8D9A11E8219; Thu, 8 Aug 2013 12:56:02 -0700 (PDT)
Received: from [10.0.1.225] (phantom.vanrein.org [83.161.146.46]) (authenticated bits=0) by smtp-vbr14.xs4all.nl (8.13.8/8.13.8) with ESMTP id r78JtmqC075505 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Thu, 8 Aug 2013 21:55:50 +0200 (CEST) (envelope-from rick@openfortress.nl)
Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\))
Content-Type: text/plain; charset=windows-1252
From: "Rick van Rein (OpenFortress)" <rick@openfortress.nl>
In-Reply-To: <alpine.LFD.2.10.1308081542460.28351@bofh.nohats.ca>
Date: Thu, 8 Aug 2013 21:55:48 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <530909EF-59D1-47F7-AA29-47A69F4C37C4@openfortress.nl>
References: <030F2A8C-1C25-4C91-88FD-C81AF44FA98E@openfortress.nl> <A2FA963F-FB8F-4CEE-9001-464A128F1EAD@openfortress.nl> <CAMm+LwjFBhQD+fzQyWbhyWwBNqAXUwC5u4EFivw+US1uCbBccQ@mail.gmail.com> <201308070106.r7716UgN004651@new.toad.com> <alpine.LFD.2.10.1308081542460.28351@bofh.nohats.ca>
To: Paul Wouters <paul@cypherpunks.ca>
X-Mailer: Apple Mail (2.1508)
X-Virus-Scanned: by XS4ALL Virus Scanner
Cc: openpgp@ietf.org, Phillip Hallam-Baker <hallam@gmail.com>, John Gilmore <gnu@toad.com>, "dane@ietf.org" <dane@ietf.org>
Subject: Re: [openpgp] [dane] Storing public keys in DNS or LDAP, or elsewhere
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Aug 2013 19:56:54 -0000

Ah!

> I would suggest we address DNS query privacy in a generic way for all DNS,

I feel a proposal towards DNS over TLS [1] coming up ;-)

-Rick

[1] The hard way, even… first negotiating ANON-DH, then doing a secure renegotiation to obtain the identity of the remote server, and finally retrieving the data requested.