IETF Logo Mail Archive

Re: [saag] IETF 93 Agenda Request - Key Discovery

Viktor Dukhovni <ietf-dane@dukhovni.org> Thu, 23 July 2015 13:05 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B14251A0173 for <saag@ietfa.amsl.com>; Thu, 23 Jul 2015 06:05:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BUVrj2sOKAhE for <saag@ietfa.amsl.com>; Thu, 23 Jul 2015 06:05:10 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4762F1A037F for <saag@ietf.org>; Thu, 23 Jul 2015 06:05:03 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id 5D4EF284B53; Thu, 23 Jul 2015 13:05:01 +0000 (UTC)
Date: Thu, 23 Jul 2015 13:05:01 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: saag@ietf.org
Message-ID: <20150723130501.GO4347@mournblade.imrryr.org>
References: <20150721222308.GU28047@mournblade.imrryr.org> <20150721231021.59110.qmail@ary.lan> <CAL02cgQ3aTwpt43YYWSL-pEGcA5v1a10BskuA7-U1YN1Jk+G2w@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CAL02cgQ3aTwpt43YYWSL-pEGcA5v1a10BskuA7-U1YN1Jk+G2w@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/PggeVB8K1b446UCthB-T2LocBW0>
Subject: Re: [saag] IETF 93 Agenda Request - Key Discovery
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: saag@ietf.org
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jul 2015 13:05:15 -0000

On Thu, Jul 23, 2015 at 02:30:34PM +0200, Richard Barnes wrote:

> > Agreed.  It distributes mail information through mail servers, rather
> > than hoping one can keep mail servers and web servers synchronized.
> >
> > It's not perfect but the problems are fixable.
> 
> I'm kind of astonished that people still think that extending email
> protocols is a good idea for things like this.  For example:
> 
> "BASE64 is used to avoid the need for the server to produce JSON text
> which conforms to SMTP line-length restrictions."

SMTP line length restrictions are primarily a constraint on the
command side of the protocol.  The new command could be defined to
return lines of arbitrary length, but in practice it is much simpler
to in fact base64 encode the output.

> Why, in 2015, would we continue to choose modalities that come with
> these arcane restrictions?

Because email servers understand the email address namespace and
canonicalization rules.  Because email clients, already talk to
MSAs, which are well positioned to find the remote MX hosts.  The
MSA might even cache the responses for sufficiently "popular" email
addresses.

MX hosts already have code for connection and request rate limits,
which can be extended to apply to these new queries.  

Also for first-contact keys, the MX host would typically return
the mail server's public key, not the recipient's so it can continue
to offer spam and malware protection to the target user.  Real
end-to-end keys would often only be returned by the user in a reply.

Returning the MTA's key allows the MTA to return a public key
regardless of whether email address requested exists or not, just
return the same key for all inputs (there should also be one or
more per-user signature key digests along with that key, to verify
any end-to-end keys later sent by the user, which can be random
for non-existent users).

> Let's use modern technology for this.  What's needed here is
> request/response protocol that can carry JSON, not a store-and-forward
> protocol that carries an oddly constrained text format.  WebFinger
> seems fine.

The "store-and-forward" bit is irrelevant here, requests are not
for multiple recipients, nor are there keys for mailing lists.
Therefore, the envelope never splits, and there's no need to
commit data to a queue to ensure reliable delivery to multiple
destinations.

WebFinger requires email server operators to also deploy HTTP
WebFinger servers, or email servers to support an additional request
protocol.  Neither seems necessary.

-- 
	Viktor.

v2.23.0 | Report a Bug | By Email