Re: [openpgp] The DANE draft
Paul Wouters <paul@nohats.ca> Sun, 26 July 2015 08:20 UTC
Return-Path: <paul@nohats.ca>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E55041A1A4B; Sun, 26 Jul 2015 01:20:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.01
X-Spam-Level:
X-Spam-Status: No, score=-2.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8MI1OYbM5YPg; Sun, 26 Jul 2015 01:20:58 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [IPv6:2a03:6000:1004:1::68]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1D7931A066C; Sun, 26 Jul 2015 01:20:58 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3mfHK35Bjmz5B6; Sun, 26 Jul 2015 10:20:55 +0200 (CEST)
Authentication-Results: mx.nohats.ca; dkim=pass (1024-bit key) header.d=nohats.ca header.i=@nohats.ca header.b=R9sZZhON
X-OPENPGPKEY: Message passed unmodified
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id ZpBR6utdva3x; Sun, 26 Jul 2015 10:20:53 +0200 (CEST)
Received: from bofh.nohats.ca (206-248-139-105.dsl.teksavvy.com [206.248.139.105]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Sun, 26 Jul 2015 10:20:53 +0200 (CEST)
Received: from bofh.nohats.ca (bofh.nohats.ca [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id D66D580042; Sun, 26 Jul 2015 04:20:52 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1437898852; bh=89ETkdMo9o+pLPiUD2dob0GXKyJqDeFWDQeL+LFo0fU=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=R9sZZhONBouriIUginx4bZagQXuUVb72B3S7c65MywXxxDF+3C1aRN/j7jCBVhjEu 1egkXsVaGr1HbhggGYod6473qjMfnyFXA97XAVSFWMDeRUFfiy54mv8K6xUara1mhv h+rL6zU//jhFK/5QYKtjZYnS4Rly/dmjiM1F0pvM=
Received: from localhost (paul@localhost) by bofh.nohats.ca (8.15.1/8.15.1/Submit) with ESMTP id t6Q8KqDl030840; Sun, 26 Jul 2015 04:20:52 -0400
X-Authentication-Warning: bofh.nohats.ca: paul owned process doing -bs
Date: Sun, 26 Jul 2015 04:20:52 -0400
From: Paul Wouters <paul@nohats.ca>
To: Phillip Hallam-Baker <phill@hallambaker.com>
In-Reply-To: <CAMm+LwhtQfUdsd0Tt8P7iLy+4UN6Sznp89emVQFt5bJeiEYAwg@mail.gmail.com>
Message-ID: <alpine.LFD.2.11.1507260410590.29300@bofh.nohats.ca>
References: <CAMm+LwhYdBLXM8Td8q8SCnzgwywRgMx3wNKeS_Q0JSN4Lh7rZQ@mail.gmail.com> <87bnf1hair.fsf@alice.fifthhorseman.net> <alpine.LFD.2.11.1507250832510.854@bofh.nohats.ca> <CAMm+LwhtQfUdsd0Tt8P7iLy+4UN6Sznp89emVQFt5bJeiEYAwg@mail.gmail.com>
User-Agent: Alpine 2.11 (LFD 23 2013-08-11)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/ROA493zaVqMpG4BqAPIkCADi-rA>
Cc: IETF OpenPGP <openpgp@ietf.org>, Daniel Kahn Gillmor <dkg@fifthhorseman.net>, dane WG list <dane@ietf.org>
Subject: Re: [openpgp] The DANE draft
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 26 Jul 2015 08:21:00 -0000
On Sat, 25 Jul 2015, Phillip Hallam-Baker wrote: > On Sat, Jul 25, 2015 at 8:56 AM, Paul Wouters <paul@nohats.ca> wrote: > > Answering phb and dkg: [note I stated my answer was to both you and dkg, and I used traditional ">" and ">>" which your email client seems to have eaten, so it is unfortunate if that causes further confusion to a lot of people's email client when reading this response] > That's not how I see it. It is surely a discovery and distribution > system for keys. But it is not a policy publication mechanism. The > draft (carefully) does not tell you what you can or cannot do with the > key. Some people tried to propose this (mostly for smime) by having > different prefixes for _encrypt or _sign, but this was not adopted. > > Again, you don't seem to understand the spec. 'MUST USE TLS' is one of the purported benefits. Which specification are you refering to? The OPENPGPKEY specification does not say "MUST USE TLS". > Key pinning to a specific key is another. I assume you mean "key pinning to a specific user"? If so, the OpenPGP RFC already binds the public key and the various key ID's. Any such existing pinning is in the OpenPGP RFC. This draft does not modify OpenPGP in any way whatsoever. It only provides a discovery mechanism to find an openpgp key based on an email address. > Those are security policy. whether or not they are, they are not specified in this draft. > I think those should be taken out of DANE but that hasn't happened yet as far as I am aware. I don't even understand what you mean with "DANE" in this context. This draft has nothing to do with the TLSA record which _does_ do further security policy specification using Selectors and Usage types. This draft specifically does not use Selectors or Usage types and leaves all the openpgp key policies to the OpenPGP RFC options. Paul
- [openpgp] The DANE draft Phillip Hallam-Baker
- Re: [openpgp] The DANE draft Werner Koch
- Re: [openpgp] The DANE draft Stephen Farrell
- Re: [openpgp] The DANE draft Aaron Zauner
- Re: [openpgp] The DANE draft Aaron Zauner
- Re: [openpgp] The DANE draft Stephen Farrell
- Re: [openpgp] The DANE draft Daniel Kahn Gillmor
- Re: [openpgp] The DANE draft Paul Wouters
- Re: [openpgp] The DANE draft Paul Wouters
- Re: [openpgp] The DANE draft Paul Wouters
- Re: [openpgp] The DANE draft Phillip Hallam-Baker
- Re: [openpgp] The DANE draft Phillip Hallam-Baker
- Re: [openpgp] The DANE draft Phillip Hallam-Baker
- Re: [openpgp] The DANE draft Paul Wouters
- Re: [openpgp] [dane] The DANE draft Paul Wouters
- Re: [openpgp] The DANE draft Paul Wouters
- Re: [openpgp] The DANE draft Watson Ladd
- Re: [openpgp] The DANE draft Paul Wouters
- Re: [openpgp] [dane] The DANE draft Werner Koch
- Re: [openpgp] The DANE draft Werner Koch
- Re: [openpgp] The DANE draft Olafur Gudmundsson
- Re: [openpgp] The DANE draft Simon Josefsson
- Re: [openpgp] The DANE draft Daniel Kahn Gillmor
- Re: [openpgp] The DANE draft Paul Wouters
- Re: [openpgp] [dane] The DANE draft Stephen Farrell
- Re: [openpgp] [dane] The DANE draft Stephen Farrell
- Re: [openpgp] [dane] The DANE draft Paul Hoffman
- Re: [openpgp] [dane] The DANE draft Paul Hoffman
- Re: [openpgp] The DANE draft Daniel Kahn Gillmor
- Re: [openpgp] [dane] The DANE draft Daniel Kahn Gillmor
- Re: [openpgp] [dane] The DANE draft Paul Wouters
- Re: [openpgp] [dane] The DANE draft Hosnieh Rafiee
- Re: [openpgp] [dane] The DANE draft Paul Wouters
- Re: [openpgp] [dane] The DANE draft Hosnieh Rafiee
- Re: [openpgp] [dane] The DANE draft Hosnieh Rafiee
- Re: [openpgp] [dane] The DANE draft Vincent Breitmoser
- Re: [openpgp] [dane] The DANE draft Stephen Farrell
- Re: [openpgp] [dane] The DANE draft Paul Wouters
- Re: [openpgp] [dane] The DANE draft Jiankang Yao
- Re: [openpgp] [dane] The DANE draft Daniel Kahn Gillmor