IETF Logo Mail Archive

Re: [openpgp] The DANE draft

Paul Wouters <paul@nohats.ca> Sat, 25 July 2015 12:30 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC8BD1A7035 for <openpgp@ietfa.amsl.com>; Sat, 25 Jul 2015 05:30:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.01
X-Spam-Level:
X-Spam-Status: No, score=-2.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j8sb2YXaiB_Y for <openpgp@ietfa.amsl.com>; Sat, 25 Jul 2015 05:30:24 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [IPv6:2a03:6000:1004:1::68]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7828C1A037F for <openpgp@ietf.org>; Sat, 25 Jul 2015 05:30:24 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3mdmvM0BFKz21f; Sat, 25 Jul 2015 14:30:23 +0200 (CEST)
Authentication-Results: mx.nohats.ca; dkim=pass (1024-bit key) header.d=nohats.ca header.i=@nohats.ca header.b=jlLRXwYX
X-OPENPGPKEY: Message passed unmodified
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id DEF5PXbM4W_b; Sat, 25 Jul 2015 14:30:21 +0200 (CEST)
Received: from bofh.nohats.ca (206-248-139-105.dsl.teksavvy.com [206.248.139.105]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Sat, 25 Jul 2015 14:30:21 +0200 (CEST)
Received: from bofh.nohats.ca (bofh.nohats.ca [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id B03B880042; Sat, 25 Jul 2015 08:30:20 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1437827420; bh=nHJcBimJO5AGH+S0lkkU5Eo9TMV+a063jZfK+KzK6rI=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=jlLRXwYXiWNwPb4zb58G9+4KZDlvsDpvqsRKXwI19gXCbDmoNjyVOiuO78BJPzBZ1 +rAf/fsBJAJXpknveuIeR2Rd6hJVu+OX8iKxNtbgguOeZy6GTwM60rpaurKAA6aPaD qYhLUGqkI9DG0xcOh3rDvndXLVu6CVkMULfzQau0=
Received: from localhost (paul@localhost) by bofh.nohats.ca (8.15.1/8.15.1/Submit) with ESMTP id t6PCUKnE011683; Sat, 25 Jul 2015 08:30:20 -0400
X-Authentication-Warning: bofh.nohats.ca: paul owned process doing -bs
Date: Sat, 25 Jul 2015 08:30:20 -0400
From: Paul Wouters <paul@nohats.ca>
To: Aaron Zauner <azet@azet.org>
In-Reply-To: <55B24AAB.7000601@azet.org>
Message-ID: <alpine.LFD.2.11.1507250820120.854@bofh.nohats.ca>
References: <CAMm+LwhYdBLXM8Td8q8SCnzgwywRgMx3wNKeS_Q0JSN4Lh7rZQ@mail.gmail.com> <55B231EB.6000703@cs.tcd.ie> <55B24AAB.7000601@azet.org>
User-Agent: Alpine 2.11 (LFD 23 2013-08-11)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/ULmSZ-GTrp4dutK7tsgkAEw9p44>
Cc: IETF OpenPGP <openpgp@ietf.org>
Subject: Re: [openpgp] The DANE draft
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 25 Jul 2015 12:30:30 -0000

On Fri, 24 Jul 2015, Aaron Zauner wrote:

> Just wanted to point out that UTA has recieved a draft that's very
> interesting (and IMHO more valuable than anything that relies on DNSSEC)
> - it defines an extension to SMTP and SUBMISSION for querying e-mail
> address related information (e.g. PGP keys), and may be used to
> authenticate afterwards:
>
> https://tools.ietf.org/html/draft-moore-email-addrquery-01

This has come up on the dane list too and was discussed at IETF 92 in
Dallas. As the introduction to this draft stateS:

    This document defines several mechanisms which can be used by a
    client such as a Mail User Agent or Mail Submission Agent, to query
    an SMTP server which is configured to accept incoming mail for a mail
    domain, to

The problem is that anti-spam policies generally block SMTP ports so an
enduser often has no way of reaching a target user's SMTP server for
querying the target user data/key.

The draft does allow using one's SMTP server's submission port, so if
I'm on coffeeshop wifi, presumbly this could still work, but it requires
the sender to be an actual user with verifiable credentials.

It also allows the ISP to lie about these extensions and to (be forced)
to disable these and causing unencrypted emails. Think of the lavabit
issue.

Paul

v2.23.0 | Report a Bug | By Email