Re: [saag] IETF 93 Agenda Request - Key Discovery
"John Levine" <johnl@taugh.com> Thu, 23 July 2015 15:31 UTC
Return-Path: <johnl@taugh.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5EB771A7D83 for <saag@ietfa.amsl.com>; Thu, 23 Jul 2015 08:31:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.862
X-Spam-Level:
X-Spam-Status: No, score=0.862 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Gvledk33sZeQ for <saag@ietfa.amsl.com>; Thu, 23 Jul 2015 08:31:55 -0700 (PDT)
Received: from miucha.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 691161A7D82 for <saag@ietf.org>; Thu, 23 Jul 2015 08:31:55 -0700 (PDT)
Received: (qmail 93885 invoked from network); 23 Jul 2015 15:32:10 -0000
Received: from unknown (64.57.183.18) by mail1.iecc.com with QMQP; 23 Jul 2015 15:32:10 -0000
Date: Thu, 23 Jul 2015 15:31:31 -0000
Message-ID: <20150723153131.67097.qmail@ary.lan>
From: John Levine <johnl@taugh.com>
To: saag@ietf.org
In-Reply-To: <20150723150446.GT4347@mournblade.imrryr.org>
Organization:
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/oZbuBT2h7Eg63Ft83kZ9K0WeVAg>
Subject: Re: [saag] IETF 93 Agenda Request - Key Discovery
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jul 2015 15:31:56 -0000
>> I don't know why you think MXs or MTAs have any role in this at all. >> The major point of this stuff is to look up keys for e2e, ... Because MTAs are the only ones that know what account goes with what addresses. (Remember that when you log in for SUBMIT, your credentials as often as not are not your address.) As I said yesterday in a related thread, here's my usage model: I set up my online access at Bigbank. One of the things I do is to give them the addresss john+bigbank@example.com. The bank looks up my PGP key and sends all subsequent mail encrypted to my key, which in this case happens to be the same one as for john@example.com. My MTA already knows where it routes that address and can find the appropriate account and the corresponding keys. Webfinger or anything else would either need a side channel into the MTA or try to match the local address resolution logic. Ugh. R's, John PS: To summarize some lengthy discussions in DANE, the response to any suggestion starting "You can just canonicalize the address by ..." is "No, that may work on your MTA, but it doesn't work in general."
- [saag] IETF 93 Agenda Request - Key Discovery ⌘ Matt Miller
- Re: [saag] IETF 93 Agenda Request - Key Discovery Viktor Dukhovni
- Re: [saag] IETF 93 Agenda Request - Key Discovery Phillip Hallam-Baker
- Re: [saag] IETF 93 Agenda Request - Key Discovery Viktor Dukhovni
- Re: [saag] IETF 93 Agenda Request - Key Discovery John Levine
- Re: [saag] IETF 93 Agenda Request - Key Discovery Viktor Dukhovni
- Re: [saag] IETF 93 Agenda Request - Key Discovery John Levine
- Re: [saag] IETF 93 Agenda Request - Key Discovery ⌘ Matt Miller
- Re: [saag] IETF 93 Agenda Request - Key Discovery Viktor Dukhovni
- Re: [saag] IETF 93 Agenda Request - Key Discovery Richard Barnes
- Re: [saag] IETF 93 Agenda Request - Key Discovery Richard Barnes
- Re: [saag] IETF 93 Agenda Request - Key Discovery Russ Housley
- Re: [saag] IETF 93 Agenda Request - Key Discovery 🔓Dan Wing
- Re: [saag] IETF 93 Agenda Request - Key Discovery Richard Barnes
- Re: [saag] IETF 93 Agenda Request - Key Discovery Viktor Dukhovni
- Re: [saag] IETF 93 Agenda Request - Key Discovery Phil Hunt
- Re: [saag] IETF 93 Agenda Request - Key Discovery Viktor Dukhovni
- Re: [saag] IETF 93 Agenda Request - Key Discovery Richard Barnes
- Re: [saag] IETF 93 Agenda Request - Key Discovery ⌘ Matt Miller
- Re: [saag] IETF 93 Agenda Request - Key Discovery Viktor Dukhovni
- Re: [saag] SASL for mail, was IETF 93 Agenda Requ… John Levine
- Re: [saag] IETF 93 Agenda Request - Key Discovery Richard Barnes
- Re: [saag] IETF 93 Agenda Request - Key Discovery Viktor Dukhovni
- Re: [saag] IETF 93 Agenda Request - Key Discovery John R Levine
- Re: [saag] IETF 93 Agenda Request - Key Discovery Benjamin Kaduk
- Re: [saag] IETF 93 Agenda Request - Key Discovery Viktor Dukhovni
- Re: [saag] IETF 93 Agenda Request - Key Discovery Chris Newman