IETF Logo Mail Archive

Re: [perpass] perpass: what next?

Watson Ladd <watsonbladd@gmail.com> Wed, 22 April 2015 13:58 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AC26A1A9130 for <perpass@ietfa.amsl.com>; Wed, 22 Apr 2015 06:58:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.6
X-Spam-Level:
X-Spam-Status: No, score=-0.6 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u8jV_evwBcY0 for <perpass@ietfa.amsl.com>; Wed, 22 Apr 2015 06:58:40 -0700 (PDT)
Received: from mail-wg0-x22a.google.com (mail-wg0-x22a.google.com [IPv6:2a00:1450:400c:c00::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8EB7E1A9120 for <perpass@ietf.org>; Wed, 22 Apr 2015 06:58:32 -0700 (PDT)
Received: by wgso17 with SMTP id o17so248072628wgs.1 for <perpass@ietf.org>; Wed, 22 Apr 2015 06:58:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=gWgvHoFFwgrjz2MoUNE8LKQ0TnzpXKFmPtZibjzOAs4=; b=lRbGSNvcFmUUjXou6O3kHBjkSQppeH+DYMX7axocSji2dvot9yZPst9xN+p3odXQ7x GccqBUldcXFNE/fzK8zIQcIesSlnCXXYO0LMvsRA008AGRcKmGTj4/djz9wpj1R43MuB 54LiCsWyMPwRxnCc2lPJMH3CjBdlyYb2t/HYLYWfQ9aWDn9kbkoQbiGH60I7yQi9Zfui LLLI1oP9MSF87IraQ+p3hfi6IRd2B6HAGftk9J3aAf77mrYdHkIsRnX6ANbJDfCK4rhE 5LsgY7nT3gthTyhZWoX4YZriW1U4yK8uus0wGKBR3HoaaSUUHNy5/+cSGq9NuEkb389C +Odg==
MIME-Version: 1.0
X-Received: by 10.180.99.42 with SMTP id en10mr6257667wib.83.1429711111263; Wed, 22 Apr 2015 06:58:31 -0700 (PDT)
Received: by 10.194.20.97 with HTTP; Wed, 22 Apr 2015 06:58:31 -0700 (PDT)
In-Reply-To: <alpine.LFD.2.10.1504191050540.12640@bofh.nohats.ca>
References: <20150419032610.1333.qmail@ary.lan> <alpine.LFD.2.10.1504191050540.12640@bofh.nohats.ca>
Date: Wed, 22 Apr 2015 06:58:31 -0700
Message-ID: <CACsn0c=OQykOCKQOqzW82gkzikn1nwkW2CQbCU0OPKLoAXikaA@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: Paul Wouters <paul@nohats.ca>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/perpass/hcJr0vCtV7mQlllF38ja8d_BXfo>
Cc: perpass@ietf.org
Subject: Re: [perpass] perpass: what next?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Apr 2015 13:58:41 -0000

On Sun, Apr 19, 2015 at 7:53 AM, Paul Wouters <paul@nohats.ca> wrote:
> On Sat, 19 Apr 2015, John Levine wrote:
>
>>> -Key discovery in email has been kicked around a bunch, but no
>>> reasonable proposals yet. Doesn't seem that hard.
>>
>>
>> There's a draft in DANE which I think is fatally flawed for reasons
>> that boil down to DNS lookups are utterly unlike mailbox lookups.
>>
>> I agree it's not that hard.  Something like webfinger with the http
>> server found via SRV should work.
>
>
> And at the dane list it is also discussed why others think the current
> proposal(s) work well for real life mailboxes, and why out-of-band
> key discovery for email boxes is very problematic.

There's a difference between actually solving a problem, and making a
stab at a solution. Unless you are a mail provider, you don't know
what's actually deployable. In fact, adding SMTP commands and extra
headers containing keys is probably much less burdensome from an
operational perspective: patching software vs. hooking things up in
weird ways.

Proposals need to answer the following questions
1: Who gets to say which key to use?
2: How is key rotation handled?
3: Is this going to be compatible with Google/Yahoo/Microsoft's
existing way of doing things?
4: How hard it is to start using the new system?

As far as I can tell, the DANE based solution doesn't answer much of this.

Sincerely,
Watson Ladd

>
> For perpass people not on the dane list, the proposals for key discovery
> for verifying and encrypting email are:
>
> https://tools.ietf.org/html/draft-ietf-dane-openpgpkey-03
>
> https://tools.ietf.org/html/draft-ietf-dane-smime-08
>
> Paul
>
>
> _______________________________________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/listinfo/perpass



-- 
"Man is born free, but everywhere he is in chains".
--Rousseau.

v2.23.0 | Report a Bug | By Email