IETF Logo Mail Archive

Re: [saag] IETF 93 Agenda Request - Key Discovery

Richard Barnes <rlb@ipv.sx> Thu, 23 July 2015 15:54 UTC

Return-Path: <rlb@ipv.sx>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 403FF1A1B11 for <saag@ietfa.amsl.com>; Thu, 23 Jul 2015 08:54:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level:
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9nK6AI2So4g5 for <saag@ietfa.amsl.com>; Thu, 23 Jul 2015 08:54:22 -0700 (PDT)
Received: from mail-vn0-f42.google.com (mail-vn0-f42.google.com [209.85.216.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CA4B81A89F5 for <saag@ietf.org>; Thu, 23 Jul 2015 08:54:21 -0700 (PDT)
Received: by vnaa140 with SMTP id a140so62112210vna.2 for <saag@ietf.org>; Thu, 23 Jul 2015 08:54:21 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=HngKcdYXULepy9tqNmFsGebAajy0kEbWTsm4oeOmMLQ=; b=mg3isZ9FS8434kMSEuJMFK3dDQeALVU2fiTzlp0u+326M830Il/8nAS+gDD7L+r9Bd HMPM033oowjknSFCvMPYmq2NDaEjtHkAmWj5G0pJc9X5kM6xSD9Hvg1ZfFTo7BbovnNI eGp6K0Skdhd4tCX0ARsvhMnQ9TqjT5rl9ldgsynJxQSbG46nSqgohcp8sbYwDKn11l7c QQ2Kanf/q4hGkJUk5V1WKwLQp8IKC5Zslwm/0L32JBAA0EaeV/hO0XW1D/GeogLqR4RK ypULpSky71uwiGVIfuCboxjJ5MG5mNDOIn3LfFrNqeUMzWPhgvdexPZyRQuhc6c9Lt8X 5WeQ==
X-Gm-Message-State: ALoCoQm0AzxGNqAiCpOY+teVEM3lY1jfx4TLF9nK2EXSF3PztxRJ2QE1Sl/xb4cB5LQLt+RbmCal
MIME-Version: 1.0
X-Received: by 10.52.139.210 with SMTP id ra18mr10874343vdb.5.1437666860967; Thu, 23 Jul 2015 08:54:20 -0700 (PDT)
Received: by 10.31.164.207 with HTTP; Thu, 23 Jul 2015 08:54:20 -0700 (PDT)
In-Reply-To: <20150723153131.67097.qmail@ary.lan>
References: <20150723150446.GT4347@mournblade.imrryr.org> <20150723153131.67097.qmail@ary.lan>
Date: Thu, 23 Jul 2015 17:54:20 +0200
Message-ID: <CAL02cgR2oTx0xypXAZKBONyxSDgGb_jNJZWGeqbF-7NVpdxxSg@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
To: John Levine <johnl@taugh.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/PNF-8MQtyR0qIlzEEfKy3VDTGZ0>
Cc: IETF SAAG <saag@ietf.org>
Subject: Re: [saag] IETF 93 Agenda Request - Key Discovery
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jul 2015 15:54:24 -0000

On Thu, Jul 23, 2015 at 5:31 PM, John Levine <johnl@taugh.com> wrote:
>>> I don't know why you think MXs or MTAs have any role in this at all.
>>> The major point of this stuff is to look up keys for e2e, ...
>
> Because MTAs are the only ones that know what account goes with what
> addresses.  (Remember that when you log in for SUBMIT, your credentials
> as often as not are not your address.)
>
> As I said yesterday in a related thread, here's my usage model:
>
> I set up my online access at Bigbank.  One of the things I do is to
> give them the addresss john+bigbank@example.com.  The bank looks up my
> PGP key and sends all subsequent mail encrypted to my key, which in
> this case happens to be the same one as for john@example.com.

Thanks a lot for the example.  I was wondering what Viktor meant by
"canonicalization".  I understand better now why you guys are inclined
to localize things on the MTA, however...


> My MTA already knows where it routes that address and can find the
> appropriate account and the corresponding keys.  Webfinger or anything
> else would either need a side channel into the MTA or try to match the
> local address resolution logic.  Ugh.

Consider the security requirements.  The MUA needs to know that it's
got the authentic address/key binding, where the address is the one
the user put into the MUA.  So if it's going to talk to an MTA, it
needs to be the REMOTE MTA.  If it reaches that remote MTA through its
local MTA, that's a problem, since now either (1) the MUA has to trust
the local MTA for all of its keys or (2) the remote MTA needs to sign
its address/key bindings.  Both of which are gross.

For security reasons, then, you're going to need to depart from your
usual mail protocol habits.  So you might as well just ditch the old
protocol and do something that's easier for implementors to build to.
Yes, you might have to wire your WebFinger (etc) server to your MTA --
but only if you have non-trivial translation rules.

--Richard


>
> R's,
> John
>
> PS: To summarize some lengthy discussions in DANE, the response to
> any suggestion starting "You can just canonicalize the address by ..."
> is "No, that may work on your MTA, but it doesn't work in general."
>
> _______________________________________________
> saag mailing list
> saag@ietf.org
> https://www.ietf.org/mailman/listinfo/saag

v2.23.0 | Report a Bug | By Email