Re: [pkix] [smime] Key lookup service via draft-bhjl-x509-srv-00
"John R Levine" <johnl@taugh.com> Wed, 23 March 2016 20:28 UTC
Return-Path: <johnl@taugh.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 04B1712D8B7 for <pkix@ietfa.amsl.com>; Wed, 23 Mar 2016 13:28:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=AFExgYKy; dkim=pass (1536-bit key) header.d=taugh.com header.b=Xgj86FDv
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id anSzYzaMGt1b for <pkix@ietfa.amsl.com>; Wed, 23 Mar 2016 13:28:43 -0700 (PDT)
Received: from miucha.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 316D312D8B5 for <pkix@ietf.org>; Wed, 23 Mar 2016 13:28:43 -0700 (PDT)
Received: (qmail 64082 invoked from network); 23 Mar 2016 20:28:42 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=fa51.56f2fc7a.k1603; bh=8+a3VhvfSOIHNXI5Qe3ZWksbLUmtJHhD/II1u0zAm7g=; b=AFExgYKydDt7CTXpCsYar6EL0ajqjOdyK11bprBzmYnJ/DpIYGU7liIVp7Z4KAucPm1fcN21/trA0T6rc/ZUDZTTKpW5baZ559hYrB4yCd5VVXkVdFZd181/rPUlmtO6vGV1H0ZmyEFu/iuNXEMHEDG2SXGqShgvpXtaIvIapRKhILzSZvuSKif6ICBnWiz3CuAMtsOCeKy/4p+pLt2PKcoAellsdjdoWCC3iX/UlmtCrhg7QOTTb69iodkoMHkU
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=fa51.56f2fc7a.k1603; bh=8+a3VhvfSOIHNXI5Qe3ZWksbLUmtJHhD/II1u0zAm7g=; b=Xgj86FDvRVgORgyLq2mDzBi/CmZdZ9K+X11Y8Zzbk6lrld4CJEMpBk6qP3InFA6ddzJ5AxJ3oATZqDx72NE0Sgrsd3ksEecyxOno5KWr922RaY0jVHhQIQ0dYOxMyr/4kp/uD/BE7lF0haTS/GED7inc4aia7A4axQAId/DCKQKwD8qWhjyJb/eO9ZhMZoPhX5BeVklg9UkXLwn3IO+/samh9DKtGwVwPVFA6Cp3VoW/U6Ezt35jfmLGrOapNbdW
Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.0/X.509/SHA1) via TCP6; 23 Mar 2016 20:28:42 -0000
Date: Wed, 23 Mar 2016 16:28:41 -0400
Message-ID: <alpine.OSX.2.11.1603231625530.4624@ary.lan>
From: John R Levine <johnl@taugh.com>
To: "Miller, Timothy J." <tmiller@mitre.org>
In-Reply-To: <FB501B0B-999D-45E4-A739-4D561A25275B@mitre.org>
References: <CAAFsWK3HEXDgqONxBohBCGMKk2qMa230fxcNEaGhoTwQZVYQoQ@mail.gmail.com> <alpine.OSX.2.11.1603221443230.18473@ary.lan> <CAAFsWK2Xbw0eU2oz4edtmPH5PhwJgQkTYWKhFruZnCnD37c_CQ@mail.gmail.com> <alpine.OSX.2.11.1603231431110.4624@ary.lan> <FB501B0B-999D-45E4-A739-4D561A25275B@mitre.org>
User-Agent: Alpine 2.11 (OSX 23 2013-08-11)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
Archived-At: <http://mailarchive.ietf.org/arch/msg/pkix/58b8qoA633qCG74Whis_NCVDPro>
Cc: PKIX <pkix@ietf.org>, Brian Haberman <brian@innovationslab.net>, IETF SMIME <smime@ietf.org>
Subject: Re: [pkix] [smime] Key lookup service via draft-bhjl-x509-srv-00
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Mar 2016 20:28:45 -0000
> So an authoritative service makes sense in an Enterprise context, but not in a consumer context. How do you preserve consumer choice if Yahoo! owns their email service, but they want to certify keys elsewhere? Welcome to the key semantics undrainable swamp of despair. If the domain says "I'm authoritative for all my users" and one of the users says "no you're not", there's no mechanical way to resolve that. You can punt to the user, which is known not to work ("Accept domain self-signed key for igor@example.org gargle jargon blurch OK!") or else you can appeal to a credible third party. Except the third parties are CAs and they're not as credible as we might wish. This is why the draft tip-toes around the edge of the swamp, for fear of falling in. Regards, John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY Please consider the environment before reading this e-mail.
- [pkix] Key lookup service via draft-bhjl-x509-srv… Wei Chuang
- Re: [pkix] Key lookup service via draft-bhjl-x509… John R Levine
- Re: [pkix] Key lookup service via draft-bhjl-x509… Wei Chuang
- Re: [pkix] Key lookup service via draft-bhjl-x509… John R Levine
- Re: [pkix] [smime] Key lookup service via draft-b… Miller, Timothy J.
- Re: [pkix] [smime] Key lookup service via draft-b… John R Levine
- Re: [pkix] [smime] Key lookup service via draft-b… Wei Chuang
- Re: [pkix] [smime] Key lookup service via draft-b… John R Levine
- Re: [pkix] [smime] Key lookup service via draft-b… Wei Chuang
- Re: [pkix] [smime] Key lookup service via draft-b… Miller, Timothy J.
- Re: [pkix] [smime] Key lookup service via draft-b… Wei Chuang
- Re: [pkix] [smime] Key lookup service via draft-b… Miller, Timothy J.
- Re: [pkix] [smime] Key lookup service via draft-b… John R Levine
- Re: [pkix] [smime] Key lookup service via draft-b… Miller, Timothy J.
- Re: [pkix] [smime] Key lookup service via draft-b… John R Levine
- Re: [pkix] [smime] Key lookup service via draft-b… Miller, Timothy J.
- Re: [pkix] [smime] Key lookup service via draft-b… John R Levine
- Re: [pkix] [smime] Key lookup service via draft-b… Michael StJohns
- Re: [pkix] [smime] Key lookup service via draft-b… John Levine