Re: [pkix] [smime] Key lookup service via draft-bhjl-x509-srv-00
"John R Levine" <johnl@taugh.com> Thu, 24 March 2016 15:28 UTC
Return-Path: <johnl@taugh.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 513F812DB82 for <pkix@ietfa.amsl.com>; Thu, 24 Mar 2016 08:28:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=j9UN9TsX; dkim=pass (1536-bit key) header.d=taugh.com header.b=jhXGBMPP
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UG7AAbibFEuw for <pkix@ietfa.amsl.com>; Thu, 24 Mar 2016 08:28:49 -0700 (PDT)
Received: from miucha.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F3FF512DC54 for <pkix@ietf.org>; Thu, 24 Mar 2016 08:12:16 -0700 (PDT)
Received: (qmail 25176 invoked from network); 24 Mar 2016 15:12:16 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=6257.56f403d0.k1603; bh=qcxin0qj5Pfl49Stzu01VtmYwEDUKKIcpXvXQWOwz1A=; b=j9UN9TsX/TH95qWx1fSE5ghg6FvVqVDU84x7DNoHdkT13JsQbeL3JXDwQMRX+eF6AX5B+WxNWX5kEBytRWY87aH1LRQK/BylI2F54wXQxorrp9TNQx4TN5MCOrYQAleeCWkjRyopzuppNgodfDk0J/PMs8qZct9R7DudNBmJjnxzSGy+cc44ihC+YgQcyHkEJKujfL3C3HqzLLtBoXeT52VFNP6aRFPZwtbmR1Fmqygdj8aa+hFmCcoOZR8AAtXx
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=6257.56f403d0.k1603; bh=qcxin0qj5Pfl49Stzu01VtmYwEDUKKIcpXvXQWOwz1A=; b=jhXGBMPPZ60iEMZxvCyuy28rZKBhQGROt20jIxOvDGGyXGKA7O4rQ1vlbvAXXdn115oJb1uUgMmUexQz/fiuA4Bz1rhhOn7LdrMBpEaWOwk5mdG/k4SkXnfTYopRu4jygrtXdX2PpJjCsk2PKCOd9oQ7Gc97fTi0jqxju5DnuF+9Wi5PM4gF6Rdt03dr/jddIBnwMNthwXPPdxqOVC3g57RHw2waeinvMZZoiBmA9ZZ/ITbDO5yk02SJ8ZwRHJkT
Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.0/X.509/SHA1) via TCP6; 24 Mar 2016 15:12:15 -0000
Date: Thu, 24 Mar 2016 11:12:15 -0400
Message-ID: <alpine.OSX.2.11.1603241107510.9761@ary.lan>
From: John R Levine <johnl@taugh.com>
To: "Miller, Timothy J." <tmiller@mitre.org>
In-Reply-To: <BY1PR09MB09201BC92CD9FD1E76703D7FAE820@BY1PR09MB0920.namprd09.prod.outlook.com>
References: <CAAFsWK3HEXDgqONxBohBCGMKk2qMa230fxcNEaGhoTwQZVYQoQ@mail.gmail.com> <alpine.OSX.2.11.1603221443230.18473@ary.lan> <CAAFsWK2Xbw0eU2oz4edtmPH5PhwJgQkTYWKhFruZnCnD37c_CQ@mail.gmail.com> <alpine.OSX.2.11.1603231431110.4624@ary.lan> <FB501B0B-999D-45E4-A739-4D561A25275B@mitre.org> <CAAFsWK1p-_HNYwM1B-p8MMo58u2hURW45ytKr_1f3h+XKDS5wA@mail.gmail.com> <BY1PR09MB09201BC92CD9FD1E76703D7FAE820@BY1PR09MB0920.namprd09.prod.outlook.com>
User-Agent: Alpine 2.11 (OSX 23 2013-08-11)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
Archived-At: <http://mailarchive.ietf.org/arch/msg/pkix/JQ6H7X8m91sOBzC1hYPYj4T5SrI>
Cc: PKIX <pkix@ietf.org>, IETF SMIME <smime@ietf.org>
Subject: Re: [pkix] [smime] Key lookup service via draft-bhjl-x509-srv-00
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Mar 2016 15:28:51 -0000
> My advice is to keep it as simple as possible. MUAs interact directly with users, so it should be MUAs that provide assurance, not mail providers. This relieves the provider from having to worry about it, and users can opt in or out at will using any mail provider or key infrastructure they choose (up to and including roll-your-own). I wouldn't disagree, but I would also point out that there are a lot of people who are eager to add a per-domain key lookup to their mail service. There are proposals in DANE to publish PGP and S/MIME keys directly in the DNS which are a bad idea for various reasons, but I don't see any reason that a domain operator shouldn't be able to offer a key server if it wants. Scott Rose at NIST and Richard Lau at ICANN have expressed interest in the DANE versions, so I'd like to give them an option that could work. My main concern would be to keep it crystal clear that the key server semantics are "foo.com asserts this is the key for bob@foo.com" rather than "this is the key for bob@foo.com". Regards, John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY Please consider the environment before reading this e-mail.
- [pkix] Key lookup service via draft-bhjl-x509-srv… Wei Chuang
- Re: [pkix] Key lookup service via draft-bhjl-x509… John R Levine
- Re: [pkix] Key lookup service via draft-bhjl-x509… Wei Chuang
- Re: [pkix] Key lookup service via draft-bhjl-x509… John R Levine
- Re: [pkix] [smime] Key lookup service via draft-b… Miller, Timothy J.
- Re: [pkix] [smime] Key lookup service via draft-b… John R Levine
- Re: [pkix] [smime] Key lookup service via draft-b… Wei Chuang
- Re: [pkix] [smime] Key lookup service via draft-b… John R Levine
- Re: [pkix] [smime] Key lookup service via draft-b… Wei Chuang
- Re: [pkix] [smime] Key lookup service via draft-b… Miller, Timothy J.
- Re: [pkix] [smime] Key lookup service via draft-b… Wei Chuang
- Re: [pkix] [smime] Key lookup service via draft-b… Miller, Timothy J.
- Re: [pkix] [smime] Key lookup service via draft-b… John R Levine
- Re: [pkix] [smime] Key lookup service via draft-b… Miller, Timothy J.
- Re: [pkix] [smime] Key lookup service via draft-b… John R Levine
- Re: [pkix] [smime] Key lookup service via draft-b… Miller, Timothy J.
- Re: [pkix] [smime] Key lookup service via draft-b… John R Levine
- Re: [pkix] [smime] Key lookup service via draft-b… Michael StJohns
- Re: [pkix] [smime] Key lookup service via draft-b… John Levine