IETF Logo Mail Archive

Re: [saag] IETF 93 Agenda Request - Key Discovery

Chris Newman <chris.newman@oracle.com> Fri, 24 July 2015 08:25 UTC

Return-Path: <chris.newman@oracle.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D7FEE1A00BE for <saag@ietfa.amsl.com>; Fri, 24 Jul 2015 01:25:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.211
X-Spam-Level:
X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UB11wZ2CPymx for <saag@ietfa.amsl.com>; Fri, 24 Jul 2015 01:25:24 -0700 (PDT)
Received: from userp1040.oracle.com (userp1040.oracle.com [156.151.31.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3E8BB1A00E1 for <saag@ietf.org>; Fri, 24 Jul 2015 01:25:24 -0700 (PDT)
Received: from userv0022.oracle.com (userv0022.oracle.com [156.151.31.74]) by userp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id t6O8PMK1003697 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Fri, 24 Jul 2015 08:25:23 GMT
Received: from gotmail.us.oracle.com (gotmail.us.oracle.com [10.133.152.174]) by userv0022.oracle.com (8.13.8/8.13.8) with ESMTP id t6O8PJC1015481; Fri, 24 Jul 2015 08:25:19 GMT
MIME-version: 1.0
Content-transfer-encoding: 7bit
Content-disposition: inline
Content-type: text/plain; CHARSET="US-ASCII"
Received: from [10.175.255.159] (dhcp-ukc1-twvpn-1-vpnpool-10-175-191-98.vpn.oracle.com [10.175.191.98]) by gotmail.us.oracle.com (Oracle Communications Messaging Server 8.0.0.0.0 64bit (built Mar 19 2015)) with ESMTPA id <0NRZ00MAVGQ35F00@gotmail.us.oracle.com>; Fri, 24 Jul 2015 01:25:18 -0700 (PDT)
Date: Fri, 24 Jul 2015 10:25:16 +0200
From: Chris Newman <chris.newman@oracle.com>
To: Richard Barnes <rlb@ipv.sx>, John Levine <johnl@taugh.com>
Message-id: <09FE1D8AE5B776C2290DB53C@96B2F16665FF96BAE59E9B90>
In-reply-to: <CAL02cgQ3aTwpt43YYWSL-pEGcA5v1a10BskuA7-U1YN1Jk+G2w@mail.gmail.com>
References: <20150721222308.GU28047@mournblade.imrryr.org> <20150721231021.59110.qmail@ary.lan> <CAL02cgQ3aTwpt43YYWSL-pEGcA5v1a10BskuA7-U1YN1Jk+G2w@mail.gmail.com>
X-Mailer: Mulberry/4.0.8 (Mac OS X)
X-Source-IP: userv0022.oracle.com [156.151.31.74]
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/FbVywKVRhK_mj4CDQOwzbTfmugg>
Cc: IETF SAAG <saag@ietf.org>, Keith Moore <moore@network-heretics.com>
Subject: Re: [saag] IETF 93 Agenda Request - Key Discovery
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Jul 2015 08:25:26 -0000

--On July 23, 2015 14:30:34 +0200 Richard Barnes <rlb@ipv.sx> wrote:
> On Wed, Jul 22, 2015 at 1:10 AM, John Levine <johnl@taugh.com> wrote:
>>> I've just glanced at
>>> 
>>>    https://tools.ietf.org/html/draft-moore-email-addrquery-01
>>> 
>>> I think it is a more promising effort in the intended direction.
>> 
>> Agreed.  It distributes mail information through mail servers, rather
>> than hoping one can keep mail servers and web servers synchronized.
>> 
>> It's not perfect but the problems are fixable.
> 
> I'm kind of astonished that people still think that extending email
> protocols is a good idea for things like this.

Extending email protocols to lookup information about an email address is the
only model that provides good architecture, operational/security isolation, and
maximizes deployability.

It's a fundamental architectural principle of email addresses that the
semantics of the local part are owned by the domain on the RHS, or more
specifically the SMTP server that is the target of MX records for that domain
and performs routing, aliasing, local part transformations, subaddress
processing, list expansion, forwarding, SRS, rejection, delays, sieve, address
blinding policy, SMTPUTF8 mappings, etc. The only way for web finger to follow
the architectural principles of email and do a lookup on an email address is to
communicate with the configuration and codebase present on the SMTP server.

It's desirable to have security sensitive components of the infrastructure
isolated to the greatest extent possible. Web protocols have a lot of security
consequences. Email protocols have a lot of different security consequences.
Mixing those security consequences is bad security architecture as it increases
the attack surface of the combined server. Let's not do that.

Lookup protocol syntax is a trivial amount of code in the overall system
(regardless of debatable opinions about protocol modernity). What gets complex
is the semantics, infrastructure and operational practices behind those
protocols, so when that complexity is involved it's best to use the primary
protocol of the server codebase that owns those semantics.

I do think it's desirable for protocols that do certificate lookup to use a
common data model for results. It looks like the WebFinger and addrquery
protocols are moving in a similar (JSON) direction for the result data model so
alignment should be encouraged to the extent an aligned data model can provide
simple/necessary functionality.

		- Chris

v2.23.0 | Report a Bug | By Email