Re: [saag] IETF 93 Agenda Request - Key Discovery
Viktor Dukhovni <ietf-dane@dukhovni.org> Thu, 23 July 2015 13:05 UTC
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B14251A0173 for <saag@ietfa.amsl.com>; Thu, 23 Jul 2015 06:05:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BUVrj2sOKAhE for <saag@ietfa.amsl.com>; Thu, 23 Jul 2015 06:05:10 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4762F1A037F for <saag@ietf.org>; Thu, 23 Jul 2015 06:05:03 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id 5D4EF284B53; Thu, 23 Jul 2015 13:05:01 +0000 (UTC)
Date: Thu, 23 Jul 2015 13:05:01 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: saag@ietf.org
Message-ID: <20150723130501.GO4347@mournblade.imrryr.org>
References: <20150721222308.GU28047@mournblade.imrryr.org> <20150721231021.59110.qmail@ary.lan> <CAL02cgQ3aTwpt43YYWSL-pEGcA5v1a10BskuA7-U1YN1Jk+G2w@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CAL02cgQ3aTwpt43YYWSL-pEGcA5v1a10BskuA7-U1YN1Jk+G2w@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/PggeVB8K1b446UCthB-T2LocBW0>
Subject: Re: [saag] IETF 93 Agenda Request - Key Discovery
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: saag@ietf.org
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jul 2015 13:05:15 -0000
On Thu, Jul 23, 2015 at 02:30:34PM +0200, Richard Barnes wrote: > > Agreed. It distributes mail information through mail servers, rather > > than hoping one can keep mail servers and web servers synchronized. > > > > It's not perfect but the problems are fixable. > > I'm kind of astonished that people still think that extending email > protocols is a good idea for things like this. For example: > > "BASE64 is used to avoid the need for the server to produce JSON text > which conforms to SMTP line-length restrictions." SMTP line length restrictions are primarily a constraint on the command side of the protocol. The new command could be defined to return lines of arbitrary length, but in practice it is much simpler to in fact base64 encode the output. > Why, in 2015, would we continue to choose modalities that come with > these arcane restrictions? Because email servers understand the email address namespace and canonicalization rules. Because email clients, already talk to MSAs, which are well positioned to find the remote MX hosts. The MSA might even cache the responses for sufficiently "popular" email addresses. MX hosts already have code for connection and request rate limits, which can be extended to apply to these new queries. Also for first-contact keys, the MX host would typically return the mail server's public key, not the recipient's so it can continue to offer spam and malware protection to the target user. Real end-to-end keys would often only be returned by the user in a reply. Returning the MTA's key allows the MTA to return a public key regardless of whether email address requested exists or not, just return the same key for all inputs (there should also be one or more per-user signature key digests along with that key, to verify any end-to-end keys later sent by the user, which can be random for non-existent users). > Let's use modern technology for this. What's needed here is > request/response protocol that can carry JSON, not a store-and-forward > protocol that carries an oddly constrained text format. WebFinger > seems fine. The "store-and-forward" bit is irrelevant here, requests are not for multiple recipients, nor are there keys for mailing lists. Therefore, the envelope never splits, and there's no need to commit data to a queue to ensure reliable delivery to multiple destinations. WebFinger requires email server operators to also deploy HTTP WebFinger servers, or email servers to support an additional request protocol. Neither seems necessary. -- Viktor.
- [saag] IETF 93 Agenda Request - Key Discovery ⌘ Matt Miller
- Re: [saag] IETF 93 Agenda Request - Key Discovery Viktor Dukhovni
- Re: [saag] IETF 93 Agenda Request - Key Discovery Phillip Hallam-Baker
- Re: [saag] IETF 93 Agenda Request - Key Discovery Viktor Dukhovni
- Re: [saag] IETF 93 Agenda Request - Key Discovery John Levine
- Re: [saag] IETF 93 Agenda Request - Key Discovery Viktor Dukhovni
- Re: [saag] IETF 93 Agenda Request - Key Discovery John Levine
- Re: [saag] IETF 93 Agenda Request - Key Discovery ⌘ Matt Miller
- Re: [saag] IETF 93 Agenda Request - Key Discovery Viktor Dukhovni
- Re: [saag] IETF 93 Agenda Request - Key Discovery Richard Barnes
- Re: [saag] IETF 93 Agenda Request - Key Discovery Richard Barnes
- Re: [saag] IETF 93 Agenda Request - Key Discovery Russ Housley
- Re: [saag] IETF 93 Agenda Request - Key Discovery 🔓Dan Wing
- Re: [saag] IETF 93 Agenda Request - Key Discovery Richard Barnes
- Re: [saag] IETF 93 Agenda Request - Key Discovery Viktor Dukhovni
- Re: [saag] IETF 93 Agenda Request - Key Discovery Phil Hunt
- Re: [saag] IETF 93 Agenda Request - Key Discovery Viktor Dukhovni
- Re: [saag] IETF 93 Agenda Request - Key Discovery Richard Barnes
- Re: [saag] IETF 93 Agenda Request - Key Discovery ⌘ Matt Miller
- Re: [saag] IETF 93 Agenda Request - Key Discovery Viktor Dukhovni
- Re: [saag] SASL for mail, was IETF 93 Agenda Requ… John Levine
- Re: [saag] IETF 93 Agenda Request - Key Discovery Richard Barnes
- Re: [saag] IETF 93 Agenda Request - Key Discovery Viktor Dukhovni
- Re: [saag] IETF 93 Agenda Request - Key Discovery John R Levine
- Re: [saag] IETF 93 Agenda Request - Key Discovery Benjamin Kaduk
- Re: [saag] IETF 93 Agenda Request - Key Discovery Viktor Dukhovni
- Re: [saag] IETF 93 Agenda Request - Key Discovery Chris Newman