Re: [openpgp] [dane] The DANE draft

Paul Wouters <paul@nohats.ca> Thu, 06 August 2015 08:54 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 28E5B1B2A39; Thu, 6 Aug 2015 01:54:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.01
X-Spam-Level:
X-Spam-Status: No, score=-4.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, GB_I_LETTER=-2, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9fsidvjvlBV8; Thu, 6 Aug 2015 01:54:31 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8E7201B2A33; Thu, 6 Aug 2015 01:54:31 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3mn3Xh5LW7z3Nf; Thu, 6 Aug 2015 10:54:28 +0200 (CEST)
Authentication-Results: mx.nohats.ca; dkim=pass (1024-bit key) header.d=nohats.ca header.i=@nohats.ca header.b=eK4Ar0JS
X-OPENPGPKEY: Message passed unmodified
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id 2wWNJ-tdCu39; Thu, 6 Aug 2015 10:54:27 +0200 (CEST)
Received: from bofh.nohats.ca (206-248-139-105.dsl.teksavvy.com [206.248.139.105]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Thu, 6 Aug 2015 10:54:27 +0200 (CEST)
Received: from bofh.nohats.ca (bofh.nohats.ca [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id CBC29800B3; Thu, 6 Aug 2015 04:54:26 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1438851266; bh=Rjn9sNIKouiZpqO92bzNP403chbcNLexIH13TprNeA0=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=eK4Ar0JSqhQOx2wEtADUievWWmOrmrkuvWdv+nmAzf6Vm1C8eIHhvElpOdKKMQTpg Qny8KklALgCdnpyXnY6bBauCRls23G7S8ySuOLjZVNx92v9ZI8shW8YYM9n4kxeKx3 CmT0i45LZf06bF8MZO1U0i7svAbrfGnatrUoQWjg=
Received: from localhost (paul@localhost) by bofh.nohats.ca (8.15.1/8.15.1/Submit) with ESMTP id t768sOQr025801; Thu, 6 Aug 2015 04:54:26 -0400
X-Authentication-Warning: bofh.nohats.ca: paul owned process doing -bs
Date: Thu, 06 Aug 2015 04:54:24 -0400
From: Paul Wouters <paul@nohats.ca>
To: Jiankang Yao <yaojk@cnnic.cn>
In-Reply-To: <20150806163914546863148@cnnic.cn>
Message-ID: <alpine.LFD.2.11.1508060447180.16408@bofh.nohats.ca>
References: <CAMm+LwhYdBLXM8Td8q8SCnzgwywRgMx3wNKeS_Q0JSN4Lh7rZQ@mail.gmail.com> <87bnf1hair.fsf@alice.fifthhorseman.net> <alpine.LFD.2.11.1507250832510.854@bofh.nohats.ca> <87bnem2xjq.fsf@alice.fifthhorseman.net> <alpine.LFD.2.11.1508050331340.1451@bofh.nohats.ca> <55C1F35A.5070904@cs.tcd.ie> <B7419740-25C9-4F8D-85AE-FC6E11BCC038@vpnc.org> <55C22D64.9080507@strotmann.de>, <alpine.LFD.2.11.1508060417450.16408@bofh.nohats.ca> <20150806163914546863148@cnnic.cn>
User-Agent: Alpine 2.11 (LFD 23 2013-08-11)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="ISO-8859-15"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/A3wCWIPshW7HFcuGUhTBx1GR82Q>
Cc: IETF OpenPGP <openpgp@ietf.org>, dane <dane@ietf.org>
Subject: Re: [openpgp] [dane] The DANE draft
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Aug 2015 08:54:33 -0000

On Thu, 6 Aug 2015, Jiankang Yao wrote:

> if there is a "email zone walking", the email spammer can use this feature to get the valid addrees easily and send trash emails.
> If we hope to prevent the spammer from getting the email address easily, the email address should be regarded as secret.

So if you use NSEC3 and base32, they need to break the NSEC3 hashing,
which has various parameters to make it easier or harder, but all are
basically in the range of a few days of GPU cracking.

If you use NSEC3 and sha256(LHS) then the work increase is basically
making a table for every 8 letter combination and dictionary names which
should be far less computations than the NSEC3 breaking. And to defend
your email address against this, you have to make it so it is not easilly
guessable with known names and that makes it harder to convey your email
address verbally to other people - the exact opposite of what you want.

Also, the only current alternative for people is to push their email
address plaintext to a keyserver. So even with base32, we are
increasing the privacy of email addresses of openpgp users.

I really do believe that the hashing is not an affective security
meassure.

Paul