Re: [openpgp] [dane] Storing public keys in DNS or LDAP, or elsewhere
Paul Wouters <paul@cypherpunks.ca> Thu, 08 August 2013 19:45 UTC
Return-Path: <paul@cypherpunks.ca>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 38E1511E820C; Thu, 8 Aug 2013 12:45:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.67
X-Spam-Level:
X-Spam-Status: No, score=-1.67 tagged_above=-999 required=5 tests=[AWL=-0.930, BAYES_20=-0.74]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BK-lrVSUOY7a; Thu, 8 Aug 2013 12:44:55 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) by ietfa.amsl.com (Postfix) with ESMTP id 56A4711E820D; Thu, 8 Aug 2013 12:44:54 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3cB0R65FYlz47F; Thu, 8 Aug 2013 15:44:50 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id UnGSUa1YaXQK; Thu, 8 Aug 2013 15:44:49 -0400 (EDT)
Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) by mx.nohats.ca (Postfix) with ESMTP; Thu, 8 Aug 2013 15:44:48 -0400 (EDT)
Received: by bofh.nohats.ca (Postfix, from userid 500) id E3F2E80EC9; Thu, 8 Aug 2013 15:44:49 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id D686380E8F; Thu, 8 Aug 2013 15:44:49 -0400 (EDT)
Date: Thu, 08 Aug 2013 15:44:49 -0400
From: Paul Wouters <paul@cypherpunks.ca>
X-X-Sender: paul@bofh.nohats.ca
To: John Gilmore <gnu@toad.com>
In-Reply-To: <201308070106.r7716UgN004651@new.toad.com>
Message-ID: <alpine.LFD.2.10.1308081542460.28351@bofh.nohats.ca>
References: <030F2A8C-1C25-4C91-88FD-C81AF44FA98E@openfortress.nl> <A2FA963F-FB8F-4CEE-9001-464A128F1EAD@openfortress.nl> <CAMm+LwjFBhQD+fzQyWbhyWwBNqAXUwC5u4EFivw+US1uCbBccQ@mail.gmail.com> <201308070106.r7716UgN004651@new.toad.com>
User-Agent: Alpine 2.10 (LFD 1266 2009-07-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format="flowed"; charset="US-ASCII"
X-Mailman-Approved-At: Thu, 08 Aug 2013 13:29:54 -0700
Cc: openpgp@ietf.org, "Rick van Rein (OpenFortress)" <rick@openfortress.nl>, Phillip Hallam-Baker <hallam@gmail.com>, "dane@ietf.org" <dane@ietf.org>
Subject: Re: [openpgp] [dane] Storing public keys in DNS or LDAP, or elsewhere
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Aug 2013 19:45:01 -0000
On Tue, 6 Aug 2013, John Gilmore wrote: >>> * draft-wouters-dane-openpgp-00 >>> * draft-wouters-dane-otrfp-00 > > These actually specify how to get authenticated key material from the > DNS. (However, they don't encrypt the DNS transaction, so the > identity of the user being communicated with is leaked to NSA and > any other wiretappers...) I would suggest we address DNS query privacy in a generic way for all DNS, although even if you just encrypt, it might not be enough when the adversary has so many listening points, and the user immediately uses the DNS information for another action (eg an IM message or sending an email) Paul
- Re: [openpgp] [dane] Storing public keys in DNS… … Phillip Hallam-Baker
- Re: [openpgp] [dane] Storing public keys in DNS o… John Gilmore
- Re: [openpgp] [dane] Storing public keys in DNS o… Michael Richardson
- Re: [openpgp] [dane] Storing public keys in DNS o… Mark Andrews
- Re: [openpgp] [dane] Storing public keys in DNS o… Rick van Rein (OpenFortress)
- Re: [openpgp] [dane] Storing public keys in DNS o… Rick van Rein (OpenFortress)
- Re: [openpgp] [dane] Storing public keys in DNS o… Paul Wouters
- Re: [openpgp] [dane] Storing public keys in DNS o… ianG
- Re: [openpgp] [dane] Storing public keys in DNS o… Ben Laurie
- Re: [openpgp] [dane] Storing public keys in DNS o… Paul Wouters