IETF Logo Mail Archive

Re: [saag] IETF 93 Agenda Request - Key Discovery

Viktor Dukhovni <ietf-dane@dukhovni.org> Thu, 23 July 2015 13:26 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C88C1A038D for <saag@ietfa.amsl.com>; Thu, 23 Jul 2015 06:26:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F5Ik7r7OhLrR for <saag@ietfa.amsl.com>; Thu, 23 Jul 2015 06:26:38 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 28FD41A01F6 for <saag@ietf.org>; Thu, 23 Jul 2015 06:26:38 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id 7DE3B284B53; Thu, 23 Jul 2015 13:26:37 +0000 (UTC)
Date: Thu, 23 Jul 2015 13:26:37 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: saag@ietf.org
Message-ID: <20150723132637.GQ4347@mournblade.imrryr.org>
References: <20150721222308.GU28047@mournblade.imrryr.org> <20150721231021.59110.qmail@ary.lan> <CAL02cgQ3aTwpt43YYWSL-pEGcA5v1a10BskuA7-U1YN1Jk+G2w@mail.gmail.com> <20150723130501.GO4347@mournblade.imrryr.org> <D14EE2BF-6AAE-456C-A4C0-9AA96E80937B@oracle.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <D14EE2BF-6AAE-456C-A4C0-9AA96E80937B@oracle.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/lGJd9fdtZFzAzMh_zIijd5ea288>
Subject: Re: [saag] IETF 93 Agenda Request - Key Discovery
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: saag@ietf.org
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jul 2015 13:26:39 -0000

On Thu, Jul 23, 2015 at 03:15:49PM +0200, Phil Hunt wrote:

> > WebFinger requires email server operators to also deploy HTTP
> > WebFinger servers, or email servers to support an additional request
> > protocol.  Neither seems necessary.
> 
> I wonder of this is true (not wanting http) for those supporting the oauth
> sasl extension.

Firstly, SASL is for MUA to MSA, not MSA/MTA to MTA.  Lookups of
keys for recipients is at the receving end, not the sending end.

Even if some large email provideds do end up supporting oauth SASL
for various web services, it seems unlikely that they would do so
for email accounts, where federated authentication seems rather
out of place.  More typically, the email provider would also be
the primary identity provider.

I can see an easy path to add support for the addrquery draft in
Postfix.  The same cannot be said for WebFinger.

-- 
	Viktor.

v2.23.0 | Report a Bug | By Email