Re: [openpgp] Fwd: New Version Notification for draft-wouters-dane-openpgp-00.txt (fwd)

Andrey Jivsov <openpgp@brainhub.org> Thu, 18 July 2013 18:37 UTC

Return-Path: <openpgp@brainhub.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8654721E8167 for <openpgp@ietfa.amsl.com>; Thu, 18 Jul 2013 11:37:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.437
X-Spam-Level:
X-Spam-Status: No, score=-0.437 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_NET=0.611, RDNS_NONE=0.1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xgIjTIcLJKNx for <openpgp@ietfa.amsl.com>; Thu, 18 Jul 2013 11:37:26 -0700 (PDT)
Received: from qmta09.emeryville.ca.mail.comcast.net (qmta09.emeryville.ca.mail.comcast.net [IPv6:2001:558:fe2d:43:76:96:30:96]) by ietfa.amsl.com (Postfix) with ESMTP id 3A51021E8161 for <openpgp@ietf.org>; Thu, 18 Jul 2013 11:37:23 -0700 (PDT)
Received: from omta05.emeryville.ca.mail.comcast.net ([76.96.30.43]) by qmta09.emeryville.ca.mail.comcast.net with comcast id 1uCd1m00B0vp7WLA9udNVs; Thu, 18 Jul 2013 18:37:22 +0000
Received: from [127.0.0.1] ([69.181.162.123]) by omta05.emeryville.ca.mail.comcast.net with comcast id 1udL1m00Y2g33ZR8RudLfs; Thu, 18 Jul 2013 18:37:22 +0000
Message-ID: <51E8350E.7010403@brainhub.org>
Date: Thu, 18 Jul 2013 11:33:50 -0700
From: Andrey Jivsov <openpgp@brainhub.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130625 Thunderbird/17.0.7
MIME-Version: 1.0
To: openpgp@ietf.org
References: <alpine.LFD.2.10.1307151832180.22103@bofh.nohats.ca> <51E482E5.5020201@brainhub.org> <alpine.LFD.2.10.1307152150210.22103@bofh.nohats.ca>
In-Reply-To: <alpine.LFD.2.10.1307152150210.22103@bofh.nohats.ca>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net; s=q20121106; t=1374172642; bh=482shEaz74hHUCQl6CPOB1zmFeKaQFTIKMx601UNV9k=; h=Received:Received:Message-ID:Date:From:MIME-Version:To:Subject: Content-Type; b=m/5zLl9KgNN9Pm8UzynG9n/rdHZuaqT8ocNW5SHoKG84YrQg+q1ReKgc5tEjeFnVJ 23XncN48rPsc/w2iQFU6b5wOwHMC0rwiM8Kq1EVUbe9f3gmrSRE+OSgqHhqBacvadB nLJfqkYil36uReqURXiBgmfRYm8UKb+VfswJCeJhjvkg807kR8XVnBMoeU1IxdaVnV yUIiKFOgLlgrdK37tBB3/1tyOSsr5sHtHjQ6ju5LVgHLQVuUI7d/KtxRln8Xc36LY8 2w/Mv6uSeFQUEKPCFfUR80RdoPgWj79JjhtJAEcAXZ01yxrA/5TCBN1csB2rfXnqfA l2yiDAtU7O1Kg==
Cc: Paul Wouters <paul@nohats.ca>
Subject: Re: [openpgp] Fwd: New Version Notification for draft-wouters-dane-openpgp-00.txt (fwd)
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Jul 2013 18:37:30 -0000

On 07/15/2013 07:01 PM, Paul Wouters wrote:
> On Mon, 15 Jul 2013, Andrey Jivsov wrote:
>
>> A few quick comments follow.
>
> Thanks for the comments.
>
>> This ignores prior work in this area. https://keyserver.pgp.com is
>> known to solve exactly the problems you described for many years now.
>
> Ahh, yet another different webgui? I see the howto also states "You can
> only remove your own key and the email address must match exactly". I
> had one of my email addresses yanked two years ago with zero notice. I
> would not have been able to remove my key. But even so, many (most?)
> people still seem to use other more well known, non-commercial,
> keyservers, such as pgp.mit.edu and pgp.surfnet.nl. Even if I use very
> secure key servers, if people look for my key on crappy old key servers,
> the risk remains.

Yes, it's a valid use case. The https://keyserver.pgp.com server will 
periodically send renewal requests to e-mails on the key, and if the 
owner doesn't reply the key key will be deleted.

>
>> 2. Given that the size of the record is very important when stored in
>> DNS records, it's odd to see that ECC OpenPGP keys are not even
>> mentioned.
>
> I specifically did not want to limit the record to any particular type.
> I just wanted it to support RFC OpenPGP compliant keys. Some people
> don't want to use ECC (for legal other other reasons). Others don't
> want to use ElGamal, DSA, RSA, etc. There is no reason for this draft
> to distinguish and force people to pick a specific key type.

I agree that support for all keys is one way to do this, but this 
intention is unclear from the draft-wouters-dane-openpgp-00.txt: if one 
mentions RFC 4880 but not RFC 6637, it can be interpreted as the 
exclusion of ECC keys.

...