Re: [openpgp] [dane] Storing public keys in DNS or LDAP, or elsewhere

Michael Richardson <mcr+ietf@sandelman.ca> Wed, 07 August 2013 02:49 UTC

Return-Path: <mcr@sandelman.ca>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C80721E80B5; Tue, 6 Aug 2013 19:49:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.522
X-Spam-Level:
X-Spam-Status: No, score=-2.522 tagged_above=-999 required=5 tests=[AWL=0.077, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gyjiAPIryeDx; Tue, 6 Aug 2013 19:49:32 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3::184]) by ietfa.amsl.com (Postfix) with ESMTP id D7B3421E80C1; Tue, 6 Aug 2013 19:49:31 -0700 (PDT)
Received: from sandelman.ca (desk.marajade.sandelman.ca [209.87.252.247]) by tuna.sandelman.ca (Postfix) with ESMTP id CD79820172; Tue, 6 Aug 2013 23:55:58 -0400 (EDT)
Received: by sandelman.ca (Postfix, from userid 179) id EC85BA904C; Tue, 6 Aug 2013 22:48:01 -0400 (EDT)
Received: from sandelman.ca (localhost [127.0.0.1]) by sandelman.ca (Postfix) with ESMTP id D6A49B8EA6; Tue, 6 Aug 2013 22:48:01 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: John Gilmore <gnu@toad.com>
In-Reply-To: <201308070106.r7716UgN004651@new.toad.com>
References: <030F2A8C-1C25-4C91-88FD-C81AF44FA98E@openfortress.nl> <A2FA963F-FB8F-4CEE-9001-464A128F1EAD@openfortress.nl> <CAMm+LwjFBhQD+fzQyWbhyWwBNqAXUwC5u4EFivw+US1uCbBccQ@mail.gmail.com> <201308070106.r7716UgN004651@new.toad.com>
X-Mailer: MH-E 8.2; nmh 1.3-dev; GNU Emacs 23.4.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha1; protocol="application/pgp-signature"
Date: Tue, 06 Aug 2013 22:48:01 -0400
Message-ID: <30532.1375843681@sandelman.ca>
Sender: mcr@sandelman.ca
X-Mailman-Approved-At: Tue, 06 Aug 2013 22:58:50 -0700
Cc: openpgp@ietf.org, "Rick van Rein \(OpenFortress\)" <rick@openfortress.nl>, Phillip Hallam-Baker <hallam@gmail.com>, "dane@ietf.org" <dane@ietf.org>
Subject: Re: [openpgp] [dane] Storing public keys in DNS or LDAP, or elsewhere
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Aug 2013 02:49:37 -0000

John Gilmore <gnu@toad.com>; wrote:
    >> For what it is worth, I agree that using the DNS to store per-user data is
    >> not a good approach. The DNS administration model is that it makes
    >> assertions about network names and not individual users. Previous attempts
    >> to put end users in the DNS have uniformly met with failure.
    >>
    >> But that does not mean that LDAP is a useful tool. LDAP has tons of
    >> complexity and none of it does the slightest bit of good.

    > The classic Internet protocol for providing per-user data is "finger",
    > RFC 742 from 1977.  (Note by the way the illustrious users in the
    > "examples" section.)  It has been updated a few times, most recently
    > in RFC 1288 from 1991.  It is a Draft Standard.  Many people put their
    > PGP public key in their .plan file for easy remote access via finger.

    > Finger has two drawbacks for this purpose: It is not authenticated nor
    > encrypted; and it is designed to be human-readable, not
    > machine-readable.  But a simple finger-like protocol, authenticated
    > and encrypted via keys anchored in DNSSEC, might not only fill the
    > need to obtain keys, but also offer a secured and machine-readable
    > replacement for the finger protocol.

Alas, finger ignores the MX records, and the standard client does not pass
the entire command line argument in the query (making multi-tenant hard).

This effectively means that one has to run the fingerd on the web server,
as many want "example.com" to answer the same as "www.example.com", and HTTP
doesn't do SRV lookup either.

If finger could be updated to look up a SRV RR to find the finger server,
it would be very so much easier to deploy.  Given IPv6, putting a unique IP
address per hosted domain isn't so terrible, but having
        % finger user@example.com

send "user@example.com"; as it's query would help too.

I frankly think that having per-user data in DNS is not a horrible thing.
It is true that the DNS administrators often will not like this, but as was
pointed out in a WG session last week, many them will respond to a request
like:
        "please insert
                user.example.com IN NS ns1.user.example.com"

even when they don't understand:
     "please delegate user.example.com to ns1.user.example.com"

(yes, you can finger me for keys to check this message. John convinced me it
the utility 15 years ago.)

--
Michael Richardson <mcr+IETF@sandelman.ca>;, Sandelman Software Works