IETF Logo Mail Archive

Re: [pkix] [smime] Key lookup service via draft-bhjl-x509-srv-00

"Miller, Timothy J." <tmiller@mitre.org> Thu, 24 March 2016 12:25 UTC

Return-Path: <tmiller@mitre.org>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BEF4A12DAC6; Thu, 24 Mar 2016 05:25:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.21
X-Spam-Level:
X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mitre.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id daMuD_4b6Fje; Thu, 24 Mar 2016 05:25:36 -0700 (PDT)
Received: from smtpvmsrv1.mitre.org (smtpvmsrv1.mitre.org [192.52.194.136]) by ietfa.amsl.com (Postfix) with ESMTP id B532012DAEF; Thu, 24 Mar 2016 05:25:36 -0700 (PDT)
Received: from smtpvmsrv1.mitre.org (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id 55FBC6C033A; Thu, 24 Mar 2016 08:25:36 -0400 (EDT)
Received: from imshyb01.MITRE.ORG (imshyb01.mitre.org [129.83.29.2]) by smtpvmsrv1.mitre.org (Postfix) with ESMTP id 455C96C032D; Thu, 24 Mar 2016 08:25:36 -0400 (EDT)
Received: from imshyb01.MITRE.ORG (129.83.29.2) by imshyb01.MITRE.ORG (129.83.29.2) with Microsoft SMTP Server (TLS) id 15.0.1130.7; Thu, 24 Mar 2016 08:25:36 -0400
Received: from gcc01-CY1-obe.outbound.protection.outlook.com (10.140.19.249) by imshyb01.MITRE.ORG (129.83.29.2) with Microsoft SMTP Server (TLS) id 15.0.1130.7 via Frontend Transport; Thu, 24 Mar 2016 08:25:35 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mitre.onmicrosoft.com; s=selector1-mitre-org; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=CjQiOcYgQw+KNGAsD7Xu4kmDNai7n561nUNO+66ANO8=; b=Sz4Pl9CLOMbwqRhw0OASTwMVMfUYp90brluKRW6PojQvBoB5RmZxeP7uV2MAp1CwBkhYa8+3bgVZvZuxU+VBOneEqXuy2a7/ZjK7W0D/yHPTLF/Y4UN22m7ca08SSWgMriJOqDIHY7a2IN5BBnRmhMcb3pyB3qZJDwtgkaAiiFE=
Received: from BY1PR09MB0920.namprd09.prod.outlook.com (10.162.144.157) by BY1PR09MB0918.namprd09.prod.outlook.com (10.162.144.155) with Microsoft SMTP Server (TLS) id 15.1.434.16; Thu, 24 Mar 2016 12:25:34 +0000
Received: from BY1PR09MB0920.namprd09.prod.outlook.com ([10.162.144.157]) by BY1PR09MB0920.namprd09.prod.outlook.com ([10.162.144.157]) with mapi id 15.01.0434.019; Thu, 24 Mar 2016 12:25:35 +0000
From: "Miller, Timothy J." <tmiller@mitre.org>
To: Wei Chuang <weihaw@google.com>
Thread-Topic: [smime] Key lookup service via draft-bhjl-x509-srv-00
Thread-Index: AQHRhTGmh22EPby4TE+kk5RKeaJMBp9nWoUA///EeQCAAGy0AIAA+HcQ
Date: Thu, 24 Mar 2016 12:25:34 +0000
Message-ID: <BY1PR09MB09201BC92CD9FD1E76703D7FAE820@BY1PR09MB0920.namprd09.prod.outlook.com>
References: <CAAFsWK3HEXDgqONxBohBCGMKk2qMa230fxcNEaGhoTwQZVYQoQ@mail.gmail.com> <alpine.OSX.2.11.1603221443230.18473@ary.lan> <CAAFsWK2Xbw0eU2oz4edtmPH5PhwJgQkTYWKhFruZnCnD37c_CQ@mail.gmail.com> <alpine.OSX.2.11.1603231431110.4624@ary.lan> <FB501B0B-999D-45E4-A739-4D561A25275B@mitre.org> <CAAFsWK1p-_HNYwM1B-p8MMo58u2hURW45ytKr_1f3h+XKDS5wA@mail.gmail.com>
In-Reply-To: <CAAFsWK1p-_HNYwM1B-p8MMo58u2hURW45ytKr_1f3h+XKDS5wA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: google.com; dkim=none (message not signed) header.d=none;google.com; dmarc=none action=none header.from=mitre.org;
x-originating-ip: [192.160.51.86]
x-ms-office365-filtering-correlation-id: 682c42ce-04f9-4f6f-9998-08d353df6670
x-microsoft-exchange-diagnostics: 1; BY1PR09MB0918; 5:eIhCv3RAmHuhTuulhC0nGo0Z+UPm50+5gyWCKDH64jLe5Fr9D1q2YPR/UB7xLCyS02g3WcLqUP++ea/gZr9iPty5+4n7Z6p/Vj9uKGYCizPDHC4OHtwMQgQLhhRM83a0gesHSmpMrEW4X+5B4slmgQ==; 24:hLIVHDwtgiKMpbkWiiQLgRfAzsEBIamWMrxe5MkyX1r681dDfLhMlX5VjWCqDA6SVz8ncMTdWSeFm9O3xnysZW40//+7m38uFpgCycQoeDo=
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BY1PR09MB0918;
x-microsoft-antispam-prvs: <BY1PR09MB0918BDFFF8BD3B852BB2A91FAE820@BY1PR09MB0918.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046); SRVR:BY1PR09MB0918; BCL:0; PCL:0; RULEID:; SRVR:BY1PR09MB0918;
x-forefront-prvs: 0891BC3F3D
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(3280700002)(106116001)(99286002)(81166005)(5008740100001)(10400500002)(2900100001)(2950100001)(54356999)(3846002)(189998001)(3660700001)(110136002)(586003)(77096005)(33656002)(76576001)(5002640100001)(4326007)(86362001)(102836003)(6116002)(87936001)(92566002)(66066001)(5004730100002)(93886004)(1096002)(5003600100002)(2906002)(1220700001)(74316001)(76176999)(122556002)(230783001)(50986999); DIR:OUT; SFP:1101; SCL:1; SRVR:BY1PR09MB0918; H:BY1PR09MB0920.namprd09.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Mar 2016 12:25:34.9277 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: c620dc48-1d50-4952-8b39-df4d54d74d82
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY1PR09MB0918
X-OriginatorOrg: mitre.org
Archived-At: <http://mailarchive.ietf.org/arch/msg/pkix/8pgyjLG4R0rkpzlYTZSkd9B5vD4>
Cc: PKIX <pkix@ietf.org>, Brian Haberman <brian@innovationslab.net>, John R Levine <johnl@taugh.com>, IETF SMIME <smime@ietf.org>
Subject: Re: [pkix] [smime] Key lookup service via draft-bhjl-x509-srv-00
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Mar 2016 12:25:39 -0000

> Could Yahoo! (in this example) not provide a means for their users to update
> the key lookup service?  As the user is authenticated through their UI, he or
> she could upload the keys they want in a secure way.   (A realistic
> deployment caveat might be that Yahoo! puts some restrictions on e.g.
> Yahoo! might not support self-signed, weak key sizes etc).  One might argue
> Yahoo! wouldn't want to provide a key service, but then that's fine.  Without
> the SRV RR, things should be defined to fall back to the current state of
> things.

First, consider a user forwarding mail from Yahoo! to some other service, or using a single client to access multiple mailboxes but replying from a single address.  Who attests to what in these cases?

Second, by adding provider-side infrastructure you're increasing the cost of providing the mail service with no direct benefit to the mail provider himself.  There's an indirect benefit in which you're making the service slightly more attractive to a certain niche of users, but that's probably not even measurable as that niche is exceedingly small.  IOW, there's no incentive.

My advice is to keep it as simple as possible.  MUAs interact directly with users, so it should be MUAs that provide assurance, not mail providers.  This relieves the provider from having to worry about it, and users can opt in or out at will using any mail provider or key infrastructure they choose (up to and including roll-your-own).

-- T

v2.23.0 | Report a Bug | By Email