IETF Logo Mail Archive

Re: [openpgp] [dane] The DANE draft

Hosnieh Rafiee <hosnieh.rafiee@huawei.com> Thu, 06 August 2015 08:50 UTC

Return-Path: <hosnieh.rafiee@huawei.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6476E1B2A13; Thu, 6 Aug 2015 01:50:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.211
X-Spam-Level:
X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fV-F1OlNcUO1; Thu, 6 Aug 2015 01:50:02 -0700 (PDT)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9D0A21ACE12; Thu, 6 Aug 2015 01:50:01 -0700 (PDT)
Received: from 172.18.7.190 (EHLO lhreml402-hub.china.huawei.com) ([172.18.7.190]) by lhrrg02-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id BVY33393; Thu, 06 Aug 2015 08:50:00 +0000 (GMT)
Received: from LHREML504-MBS.china.huawei.com ([10.125.30.107]) by lhreml402-hub.china.huawei.com ([10.201.5.241]) with mapi id 14.03.0235.001; Thu, 6 Aug 2015 09:49:53 +0100
From: Hosnieh Rafiee <hosnieh.rafiee@huawei.com>
To: Paul Wouters <paul@nohats.ca>
Thread-Topic: [dane] [openpgp] The DANE draft
Thread-Index: AQHQz1cAG6iEyei+P0uLgSQSGhtjSZ39ND4AgAA+fgCAAAazAIABGZUAgAAThlA=
Date: Thu, 06 Aug 2015 08:49:53 +0000
Message-ID: <814D0BFB77D95844A01CA29B44CBF8A7015D6641@lhreml504-mbs>
References: <CAMm+LwhYdBLXM8Td8q8SCnzgwywRgMx3wNKeS_Q0JSN4Lh7rZQ@mail.gmail.com> <87bnf1hair.fsf@alice.fifthhorseman.net> <alpine.LFD.2.11.1507250832510.854@bofh.nohats.ca> <87bnem2xjq.fsf@alice.fifthhorseman.net> <alpine.LFD.2.11.1508050331340.1451@bofh.nohats.ca> <55C1F35A.5070904@cs.tcd.ie> <B7419740-25C9-4F8D-85AE-FC6E11BCC038@vpnc.org> <55C22D64.9080507@strotmann.de> <alpine.LFD.2.11.1508060417450.16408@bofh.nohats.ca>
In-Reply-To: <alpine.LFD.2.11.1508060417450.16408@bofh.nohats.ca>
Accept-Language: en-US, zh-CN
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.221.82.162]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/TPOkIxEJeZrUg6OdsQ2mI3llQ-Y>
Cc: IETF OpenPGP <openpgp@ietf.org>, dane WG list <dane@ietf.org>
Subject: Re: [openpgp] [dane] The DANE draft
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Aug 2015 08:50:04 -0000

> -----Original Message-----
> From: dane [mailto:dane-bounces@ietf.org] On Behalf Of Paul Wouters
> 
> On Wed, 5 Aug 2015, Carsten Strotmann wrote:
> 
> > for OPENPGPKEY/SMIMECERT zones, operators could (maybe SHOULD) use
> > NSEC/NSEC3 "narrow" signing to prevent "zone-walking".
> 
> email addresses are not secret. That is not the privacy you can protect
> at all. Anyone can either do a internet search or just attempt to
> deliver an email to figure out if the email address is valid.

Disagree! This really depends on the person and scenarios. 
For some people maybe it is not a problem to share their email addresses or put them on their public websites because it is a part of their job. For example a company shares its email to others so that other can contact them. But for someone like a president of a country or a politician  it is important because a criminal can bug them by threatening them, try to hack their email by sending messages with fake links to do phishing attack or send codes inside html body of the email to access their computer and infect it. Therefore, from privacy point of view, as much information as I can have about a victim, the chance of attack is higher. 


> The only realy privacy concern is learning who is querying, meaning who
> is interested in mailing a particular user - assuming everything else
> on the email path is secureb by TLS, and the domain is large enough to
> actually hide the userbase (that is, nohats.ca is already a lost cause,
> because everyone knows a TLS connection to mx.nohats.ca means you are
> going to email me)

Nope, some people who really care about their privacy uses different emails for different purposes (business, family, friends).

> > Breaking hashes requires much more "willful intent" than decoding
> BASE32.
> 
> But that difference these days is basically zero as soon as someone
> puts up a module for johntheripper or hashcat or something on github.


Again disagree. 

 
Hosnieh

v2.23.0 | Report a Bug | By Email