IETF Logo Mail Archive

Re: [openpgp] [dane] The DANE draft

"Paul Hoffman" <paul.hoffman@vpnc.org> Wed, 05 August 2015 15:12 UTC

Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CFDF11B2F8E; Wed, 5 Aug 2015 08:12:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.347
X-Spam-Level:
X-Spam-Status: No, score=-1.347 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_MISMATCH_COM=0.553] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IivP_sGwdvcO; Wed, 5 Aug 2015 08:12:17 -0700 (PDT)
Received: from hoffman.proper.com (Opus1.Proper.COM [207.182.41.91]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 342F41B2D82; Wed, 5 Aug 2015 08:12:17 -0700 (PDT)
Received: from [10.32.60.120] (142-254-17-100.dsl.dynamic.fusionbroadband.com [142.254.17.100]) (authenticated bits=0) by hoffman.proper.com (8.15.1/8.14.9) with ESMTPSA id t75FC6Jf071674 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 5 Aug 2015 08:12:07 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
X-Authentication-Warning: hoffman.proper.com: Host 142-254-17-100.dsl.dynamic.fusionbroadband.com [142.254.17.100] claimed to be [10.32.60.120]
From: Paul Hoffman <paul.hoffman@vpnc.org>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Date: Wed, 05 Aug 2015 08:12:06 -0700
Message-ID: <B7419740-25C9-4F8D-85AE-FC6E11BCC038@vpnc.org>
In-Reply-To: <55C1F35A.5070904@cs.tcd.ie>
References: <CAMm+LwhYdBLXM8Td8q8SCnzgwywRgMx3wNKeS_Q0JSN4Lh7rZQ@mail.gmail.com> <87bnf1hair.fsf@alice.fifthhorseman.net> <alpine.LFD.2.11.1507250832510.854@bofh.nohats.ca> <87bnem2xjq.fsf@alice.fifthhorseman.net> <alpine.LFD.2.11.1508050331340.1451@bofh.nohats.ca> <55C1F35A.5070904@cs.tcd.ie>
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"
X-Mailer: MailMate (1.9.1r5084)
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/bGMI0Q7BEE8q2ofSUQm98cCNfmg>
X-Mailman-Approved-At: Wed, 05 Aug 2015 10:43:13 -0700
Cc: Paul Wouters <paul@nohats.ca>, dane WG list <dane@ietf.org>, Daniel Kahn Gillmor <dkg@fifthhorseman.net>, IETF OpenPGP <openpgp@ietf.org>
Subject: Re: [openpgp] [dane] The DANE draft
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Aug 2015 15:12:18 -0000

Wearing my author hat: I don't care between b32 and hashing. Both are 
equally easy to document. However:

On 5 Aug 2015, at 4:28, Stephen Farrell wrote:

> So sorry to continue an argument but shouldn't this experiment be
> a more conservative about privacy just in case it ends up wildly
> successful?

How is using the hash more conservative about privacy, except in zones 
that are signed with NSEC instead of the more common NSEC3? If you 
assume zones signed with NSEC3, both options are equally susceptible to 
dictionary-based guessing attacks, given that the effort to create 
search dictionaries for the billion of common LHS names is pretty low 
even for hashes.

--Paul Hoffman

v2.23.0 | Report a Bug | By Email