IETF Logo Mail Archive

Re: [openpgp] Fwd: New Version Notification for draft-wouters-dane-openpgp-00.txt (fwd)

Werner Koch <wk@gnupg.org> Tue, 16 July 2013 06:14 UTC

Return-Path: <wk@gnupg.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4134021E81B1 for <openpgp@ietfa.amsl.com>; Mon, 15 Jul 2013 23:14:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2h9-G4+bWy3j for <openpgp@ietfa.amsl.com>; Mon, 15 Jul 2013 23:14:41 -0700 (PDT)
Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [217.69.77.222]) by ietfa.amsl.com (Postfix) with ESMTP id 14EF521E81A8 for <openpgp@ietf.org>; Mon, 15 Jul 2013 23:14:40 -0700 (PDT)
Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.80 #2 (Debian)) id 1UyyX0-0006R0-Cq for <openpgp@ietf.org>; Tue, 16 Jul 2013 08:14:38 +0200
Received: from wk by vigenere.g10code.de with local (Exim 4.80 #3 (Debian)) id 1UyyPI-0008OX-O6; Tue, 16 Jul 2013 08:06:40 +0200
From: Werner Koch <wk@gnupg.org>
To: Paul Wouters <paul@nohats.ca>
References: <alpine.LFD.2.10.1307151832180.22103@bofh.nohats.ca>
Organisation: g10 Code GmbH
X-message-flag: Mails containing HTML will not be read! Please send only plain text.
OpenPGP: id=1E42B367; url=finger:wk@g10code.com
Date: Tue, 16 Jul 2013 08:06:40 +0200
In-Reply-To: <alpine.LFD.2.10.1307151832180.22103@bofh.nohats.ca> (Paul Wouters's message of "Mon, 15 Jul 2013 18:32:46 -0400 (EDT)")
Message-ID: <87y597jaxb.fsf@vigenere.g10code.de>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Cc: openpgp@ietf.org
Subject: Re: [openpgp] Fwd: New Version Notification for draft-wouters-dane-openpgp-00.txt (fwd)
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Jul 2013 06:14:46 -0000

On Tue, 16 Jul 2013 00:32, paul@nohats.ca said:

> I've submitted a draft to associate an PGP public key with an email address using DANE.

Some quick notes:

Basically this is the same as the existing CERT RRs which are support by
GnuPG for many years.  The twist here is the Base32 encoding, which is
avoids a few problems.  I might haved missed that but they are not
mentioned in the I-D.

What I miss in this I-D are indirections and the use of URLs to download
a complete key.  Putting a 100k keyring into the DNS does not seem to be
optimal.  Granted, this is the exception but provisions for this should
be defined.

I consider wildcard mail address a bad idea.  If you do not want
end-to-end encryption, STARTTLS is much easier measure (we are not
relaying anymore, right?)

> 4.6.  Subject: line encryption

There is a well defined way to do this.  The special case for the
Subject is not needed.  Wrap the mail into an message/rfc822 containers
which has innocent headers.  In any case I doubt that this is in the
scope of the I-D.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

v2.23.0 | Report a Bug | By Email