IETF Logo Mail Archive

Re: [saag] IETF 93 Agenda Request - Key Discovery

⌘ Matt Miller <mamille2@cisco.com> Thu, 23 July 2015 15:00 UTC

Return-Path: <mamille2@cisco.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1676C1ACEDF for <saag@ietfa.amsl.com>; Thu, 23 Jul 2015 08:00:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.211
X-Spam-Level:
X-Spam-Status: No, score=-14.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Fbr6_pFBm3dB for <saag@ietfa.amsl.com>; Thu, 23 Jul 2015 08:00:24 -0700 (PDT)
Received: from rcdn-iport-7.cisco.com (rcdn-iport-7.cisco.com [173.37.86.78]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C5A311A1A7C for <saag@ietf.org>; Thu, 23 Jul 2015 08:00:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1841; q=dns/txt; s=iport; t=1437663624; x=1438873224; h=message-id:date:from:mime-version:to:subject:references: in-reply-to:content-transfer-encoding; bh=MXjt3kSsa6XkyXhBMt0qhn1Y4hUzM9q1O7NnRhvNosw=; b=mOyxWChVwBQaRzsZ1GBSPURCeZyX8mUYNfRJjum7dGkv1JdNketN/0e3 Tszaz8bizqouJm6kB3a6J/bygrVSkghsCqik6o0wx2kaTMv8d4zxlDMRi +8agMayyX4Oigk6IPGcYzPaxBvBc1PLT7ToK7jGA+VjPHRsy6dWflJDvW o=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CHAwAKAbFV/5JdJa1TCRmCfFRpBoMduEcJgW2GCQKBTDgUAQEBAQEBAYEKhCQBAQEDIw8BRRELGAICBRYLAgIJAwIBAgFFBg0GAgEBiCq1ApYkAQEBAQEBBAEBAQEBAQEXBIEiiiqEIwcKAQYYOheCUoFDAQSUYIR2h0SIT4V8ilAmZIEpARyBVW2BDTqBBAEBAQ
X-IronPort-AV: E=Sophos;i="5.15,531,1432598400"; d="scan'208";a="12419180"
Received: from rcdn-core-10.cisco.com ([173.37.93.146]) by rcdn-iport-7.cisco.com with ESMTP; 23 Jul 2015 15:00:24 +0000
Received: from xhc-rcd-x05.cisco.com (xhc-rcd-x05.cisco.com [173.37.183.79]) by rcdn-core-10.cisco.com (8.14.5/8.14.5) with ESMTP id t6NF0ORE008793 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL) for <saag@ietf.org>; Thu, 23 Jul 2015 15:00:24 GMT
Received: from [10.61.106.182] (10.61.106.182) by xhc-rcd-x05.cisco.com (173.37.183.79) with Microsoft SMTP Server (TLS) id 14.3.195.1; Thu, 23 Jul 2015 10:00:23 -0500
Message-ID: <55B10185.5000308@cisco.com>
Date: Thu, 23 Jul 2015 17:00:21 +0200
From: ⌘ Matt Miller <mamille2@cisco.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: saag@ietf.org
References: <20150721222308.GU28047@mournblade.imrryr.org> <20150721231021.59110.qmail@ary.lan> <CAL02cgQ3aTwpt43YYWSL-pEGcA5v1a10BskuA7-U1YN1Jk+G2w@mail.gmail.com> <20150723130501.GO4347@mournblade.imrryr.org> <D14EE2BF-6AAE-456C-A4C0-9AA96E80937B@oracle.com> <20150723132637.GQ4347@mournblade.imrryr.org>
In-Reply-To: <20150723132637.GQ4347@mournblade.imrryr.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
X-Originating-IP: [10.61.106.182]
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/FP91WFQcBEpD5BD6W95xkmruPnc>
Subject: Re: [saag] IETF 93 Agenda Request - Key Discovery
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jul 2015 15:00:31 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 7/23/15 3:26 PM, Viktor Dukhovni wrote:
> On Thu, Jul 23, 2015 at 03:15:49PM +0200, Phil Hunt wrote:
> 
>>> WebFinger requires email server operators to also deploy HTTP 
>>> WebFinger servers, or email servers to support an additional
>>> request protocol.  Neither seems necessary.
>> 
>> I wonder of this is true (not wanting http) for those supporting
>> the oauth sasl extension.
> 
> Firstly, SASL is for MUA to MSA, not MSA/MTA to MTA.  Lookups of 
> keys for recipients is at the receving end, not the sending end.
> 
> Even if some large email provideds do end up supporting oauth SASL 
> for various web services, it seems unlikely that they would do so 
> for email accounts, where federated authentication seems rather out
> of place.  More typically, the email provider would also be the
> primary identity provider.
> 
> I can see an easy path to add support for the addrquery draft in 
> Postfix.  The same cannot be said for WebFinger.
> 

I think key discovery will be used far far more by MUAs than MTAs or
MSAs.  All the MUAs I use today already do a fair amount over HTTPS;
the extra effort for WebFinger seems fairly trivial.


- -- 
- - m&m

Matt Miller < mamille2@cisco.com >
Cisco Systems, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2
Comment: GPGTools - https://gpgtools.org

iQEcBAEBCgAGBQJVsQGFAAoJEDWi+S0W7cO1V2AIALljGePNrPJHrlawbeUBhztJ
6Dig4yVogwtaTpSUsJwJdYH0hrvxOLEqm5ZZJMYpCN7aBT4FKMNoLAvtGbw/IXwG
4QJl2x7wTsxfl1X3bZRuUOlvqkr1enU5XIqrZIuu/paEXqkffblOzyzlpZFd55xn
b3ZiX7va8tS08OBUBQeHqwADJ9JAtAv2/y0JQ7oozU9Kq4JPZOIZ8R8M+nTMOXQn
I1lg5Dug7ViadQ0ejKXkNBbajjBZ9qnP3LVoUpR4OfzX/Hiip8UrMU/LU2k3JJ4e
JM3Ne/4di+vU5Bw3ZBQLuIPx72EHAk5YYZZeVRjpRhazXQP8YCDJPUH1LvLfwHs=
=F9rb
-----END PGP SIGNATURE-----

v2.23.0 | Report a Bug | By Email