IETF Logo Mail Archive

Re: [pkix] [smime] Key lookup service via draft-bhjl-x509-srv-00

"John R Levine" <johnl@taugh.com> Thu, 24 March 2016 21:13 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2DDE312D718 for <pkix@ietfa.amsl.com>; Thu, 24 Mar 2016 14:13:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=WV8O8RO/; dkim=pass (1536-bit key) header.d=taugh.com header.b=oWdO4FZH
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id itqLv4qJEAGX for <pkix@ietfa.amsl.com>; Thu, 24 Mar 2016 14:13:15 -0700 (PDT)
Received: from miucha.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 48CC812D647 for <pkix@ietf.org>; Thu, 24 Mar 2016 14:12:45 -0700 (PDT)
Received: (qmail 72173 invoked from network); 24 Mar 2016 21:12:43 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=119ec.56f4584b.k1603; bh=wbZSHPupzKRwsLt6+PKndZVP+NHsPuKHA+clncM6hRw=; b=WV8O8RO/t3ytbWK/0zg35m3frLRISO+zOqc22qsy6n87PzghAJ1rirSlQ8tMVov6Sz9Bh5clCOGCmoBVk99MJ4/WUowSbL4e5/aGVIlINMbIFf3E7+LZBLskHLvQz3KE7V8XLR7i3s4DzGK5lEUvp9abzcnXt6Pfb5zFQa8+AM5Yr4b0+WnVNR4Em9B5ErXx8Pqldt1bG6Yuvo0r562u3pfCr32eJVS2Dbxx4xRmGmz/nPWHYyWkyhGMFgVXXOZs
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=119ec.56f4584b.k1603; bh=wbZSHPupzKRwsLt6+PKndZVP+NHsPuKHA+clncM6hRw=; b=oWdO4FZHlbapOqkzdE3G8VXuZFtdvUgbXKb8g1VxkqtCCxSAQuJncTz+LBTZa7jTPeKKfqUMWFlnSkXbQGt6xvKIK9H29uisAws0C1+HZyANbARwdIeSzTIMoYGjy9khvzE+FAXgKmwePmHSBIUGGALluyh2LOdH8UxdnExVHlNRbHrRufOSgNCG6hm96vj6Jq1lydW6mAAR/YSE7tRq5yKQLEE93ARpCpiGz2S4BRCvLAk02OMrWnqyXZ5dh2pW
Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.0/X.509/SHA1) via TCP6; 24 Mar 2016 21:12:43 -0000
Date: Thu, 24 Mar 2016 17:12:43 -0400
Message-ID: <alpine.OSX.2.11.1603241658070.11816@ary.lan>
From: John R Levine <johnl@taugh.com>
To: "Miller, Timothy J." <tmiller@mitre.org>
In-Reply-To: <BY1PR09MB0920F6BA9319D12BF6EF3771AE820@BY1PR09MB0920.namprd09.prod.outlook.com>
References: <CAAFsWK3HEXDgqONxBohBCGMKk2qMa230fxcNEaGhoTwQZVYQoQ@mail.gmail.com> <alpine.OSX.2.11.1603221443230.18473@ary.lan> <CAAFsWK2Xbw0eU2oz4edtmPH5PhwJgQkTYWKhFruZnCnD37c_CQ@mail.gmail.com> <alpine.OSX.2.11.1603231431110.4624@ary.lan> <FB501B0B-999D-45E4-A739-4D561A25275B@mitre.org> <CAAFsWK1p-_HNYwM1B-p8MMo58u2hURW45ytKr_1f3h+XKDS5wA@mail.gmail.com> <BY1PR09MB09201BC92CD9FD1E76703D7FAE820@BY1PR09MB0920.namprd09.prod.outlook.com> <alpine.OSX.2.11.1603241107510.9761@ary.lan> <BY1PR09MB0920D9D77D591080E5929631AE820@BY1PR09MB0920.namprd09.prod.outlook.com> <alpine.OSX.2.11.1603241357170.10758@ary.lan> <BY1PR09MB0920F6BA9319D12BF6EF3771AE820@BY1PR09MB0920.namprd09.prod.outlook.com>
User-Agent: Alpine 2.11 (OSX 23 2013-08-11)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
Archived-At: <http://mailarchive.ietf.org/arch/msg/pkix/OufnS0mk9pPi1HhD4z4BKNFIu44>
Cc: PKIX <pkix@ietf.org>, IETF SMIME <smime@ietf.org>
Subject: Re: [pkix] [smime] Key lookup service via draft-bhjl-x509-srv-00
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Mar 2016 21:13:16 -0000

>> I'm sorry, this makes no sense.  How is my MUA supposed to know about the
>> key of someone from whom I have not yet received a message?  Based on
>> the arguments I've seen, the main point of a key lookup service is to enable
>> opportunistic encryption on the first message.
>
> My MUA knows my key.  Your MUA knows your key.  All that's missing is a way to have my MUA talk to yours.

Right.  When you come up with a way for my MUA to fetch a key from your 
MUA when you have never sent me a message, let us know.

In the meantime, I think you need a better argument against per-domain key 
stores than "I don't trust them."  The people from DANE are determined to 
use per-domain stores, so it'd be a lot more useful to figure out how to 
minimize the suckage than to yet again stick our fingers in our ears and 
pretend we don't hear them.

Regards,
John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail.

v2.23.0 | Report a Bug | By Email