Re: [openpgp] [dane] Storing public keys in DNS or LDAP, or elsewhere
ianG <iang@iang.org> Fri, 09 August 2013 08:43 UTC
Return-Path: <iang@iang.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E45921F9E36 for <openpgp@ietfa.amsl.com>; Fri, 9 Aug 2013 01:43:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.299
X-Spam-Level:
X-Spam-Status: No, score=-2.299 tagged_above=-999 required=5 tests=[AWL=0.300, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 58yyWWGcgqsx for <openpgp@ietfa.amsl.com>; Fri, 9 Aug 2013 01:43:09 -0700 (PDT)
Received: from virulha.pair.com (virulha.pair.com [209.68.5.166]) by ietfa.amsl.com (Postfix) with ESMTP id F1DD021F9ADA for <openpgp@ietf.org>; Fri, 9 Aug 2013 01:43:08 -0700 (PDT)
Received: from tormenta.local (www2.futureware.at [78.41.115.142]) by virulha.pair.com (Postfix) with ESMTPSA id CC3C46D4A7; Fri, 9 Aug 2013 04:42:55 -0400 (EDT)
Message-ID: <5204AB8E.8020309@iang.org>
Date: Fri, 09 Aug 2013 11:42:54 +0300
From: ianG <iang@iang.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:17.0) Gecko/20130620 Thunderbird/17.0.7
MIME-Version: 1.0
To: openpgp@ietf.org
References: <030F2A8C-1C25-4C91-88FD-C81AF44FA98E@openfortress.nl> <A2FA963F-FB8F-4CEE-9001-464A128F1EAD@openfortress.nl> <CAMm+LwjFBhQD+fzQyWbhyWwBNqAXUwC5u4EFivw+US1uCbBccQ@mail.gmail.com> <201308070106.r7716UgN004651@new.toad.com> <alpine.LFD.2.10.1308081542460.28351@bofh.nohats.ca>
In-Reply-To: <alpine.LFD.2.10.1308081542460.28351@bofh.nohats.ca>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: Re: [openpgp] [dane] Storing public keys in DNS or LDAP, or elsewhere
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Aug 2013 08:43:22 -0000
On 8/08/13 22:44 PM, Paul Wouters wrote: > On Tue, 6 Aug 2013, John Gilmore wrote: > >>>> * draft-wouters-dane-openpgp-00 >>>> * draft-wouters-dane-otrfp-00 >> >> These actually specify how to get authenticated key material from the >> DNS. Would they work? (yes, asking for forgiveness for not reading them here...) > (However, they don't encrypt the DNS transaction, so the >> identity of the user being communicated with is leaked to NSA and >> any other wiretappers...) > > I would suggest we address DNS query privacy in a generic way for all > DNS, although even if you just encrypt, it might not be enough when the > adversary has so many listening points, and the user immediately uses > the DNS information for another action (eg an IM message or sending an > email) If I was the NSA, I'd make sure that people were focussed on solving the entire encryption and traffic analysis problem. Complete solution, end to end, with lots of options. I'd fight like hell to stop them just solving the authentication problem. iang
- Re: [openpgp] [dane] Storing public keys in DNS… … Phillip Hallam-Baker
- Re: [openpgp] [dane] Storing public keys in DNS o… John Gilmore
- Re: [openpgp] [dane] Storing public keys in DNS o… Michael Richardson
- Re: [openpgp] [dane] Storing public keys in DNS o… Mark Andrews
- Re: [openpgp] [dane] Storing public keys in DNS o… Rick van Rein (OpenFortress)
- Re: [openpgp] [dane] Storing public keys in DNS o… Rick van Rein (OpenFortress)
- Re: [openpgp] [dane] Storing public keys in DNS o… Paul Wouters
- Re: [openpgp] [dane] Storing public keys in DNS o… ianG
- Re: [openpgp] [dane] Storing public keys in DNS o… Ben Laurie
- Re: [openpgp] [dane] Storing public keys in DNS o… Paul Wouters