Re: [saag] IETF 93 Agenda Request - Key Discovery
"John R Levine" <johnl@taugh.com> Thu, 23 July 2015 16:41 UTC
Return-Path: <johnl@taugh.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 855091A8877 for <saag@ietfa.amsl.com>; Thu, 23 Jul 2015 09:41:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.137
X-Spam-Level:
X-Spam-Status: No, score=-1.137 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WzICjJ69Wt8h for <saag@ietfa.amsl.com>; Thu, 23 Jul 2015 09:41:55 -0700 (PDT)
Received: from miucha.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6A9421ACE1E for <saag@ietf.org>; Thu, 23 Jul 2015 09:40:58 -0700 (PDT)
Received: (qmail 6264 invoked from network); 23 Jul 2015 16:41:13 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=1877.55b11929.k1507; bh=5kolDVCval3Erk1PuKh4aCFP9Qhiip8RzU419JDWNWE=; b=MY571kSG+hxXHqPBMLxLym0HlkBf7fIcadUvpbMdiW9My9lRtZegLDGaJSXarC+Zo7JVSJ1UqnBVhwdTKoFaAybRyn4vXjaX2lohFzeUphJUWuMLyAjcEsWGpvUKJX0RpGYbxFTJotVAF3MAU/4zBXebg4xkWQuUc4hKhNh2vp4ENyXJCQauvNGuZwpo6RqhK4p7rCPtpoU94R9onB8pwQLI1LHw2P3P+T4Xcb9Ac91YkMJP1QCOhG5Cm7HigyiT
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=1877.55b11929.k1507; bh=5kolDVCval3Erk1PuKh4aCFP9Qhiip8RzU419JDWNWE=; b=YMAakatIt7nASATF7KTOGCqxgFzrX4F5x5M4RdUkvsQuaNYZyQNrqpDkYfdSaSqrft5UUHXX8ptAuAQE/Fq5FIDnqaXgJnTlLNnqncIJipj54JvCHKQ1eDrXqrxUz5vKL4oKjR2g2qVPy08cS5W4/WhwpCmJ+3neFNOcbuuFvmZgwV4c6QzVR5w8QiLykkfnJnJayUkcfpcCBnXkZWPxAyxNIS8MN1aVG74mKF9EnClv8Vnsx1DxTWpLjBAwjz59
Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.0/X.509/SHA1) via TCP6; 23 Jul 2015 16:41:13 -0000
Date: Thu, 23 Jul 2015 12:40:56 -0400
Message-ID: <alpine.OSX.2.11.1507231202590.61857@ary.lan>
From: John R Levine <johnl@taugh.com>
To: Richard Barnes <rlb@ipv.sx>
In-Reply-To: <CAL02cgR2oTx0xypXAZKBONyxSDgGb_jNJZWGeqbF-7NVpdxxSg@mail.gmail.com>
References: <20150723150446.GT4347@mournblade.imrryr.org> <20150723153131.67097.qmail@ary.lan> <CAL02cgR2oTx0xypXAZKBONyxSDgGb_jNJZWGeqbF-7NVpdxxSg@mail.gmail.com>
User-Agent: Alpine 2.11 (OSX 23 2013-08-11)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/zTjyyBFxRRvXiTO2Gft_CY3tmdY>
Cc: IETF SAAG <saag@ietf.org>
Subject: Re: [saag] IETF 93 Agenda Request - Key Discovery
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jul 2015 16:41:56 -0000
> needs to be the REMOTE MTA. If it reaches that remote MTA through its > local MTA, that's a problem, since now either (1) the MUA has to trust > the local MTA for all of its keys or (2) the remote MTA needs to sign > its address/key bindings. Both of which are gross. Yes, but webfinger is just as bad. One of my clients is an ad agency in Montreal. I host their mail at Tucows, their web site is at some hosting provider in Toronto with whom I have had no contact beyond what's needed to point A records at them. It is not unusual for a domain's mail and web to be handed this separately. If it were easy to use encrypted e-mail, I expect they would, e.g., mail to a client about a campaign for an unannounced product. So where do you do your webfingering for say, marie@flacks.biz? It's not going to be https://flacks.biz, they don't know anything about the mail. So you need some way to publish the location of the server, presumably a SRV record. Even if you assume that an MUA behind a corporate firewall won't filter out SRV record requests, unless you believe in DNSSEC everywhere, you can't trust the SRV more than anything else, so the responses from webfinger need to be signed just like the ones from the MTA do. I presume JOSE is the way to do that, but you'd know better than I would. Regards, John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY Please consider the environment before reading this e-mail.
- [saag] IETF 93 Agenda Request - Key Discovery ⌘ Matt Miller
- Re: [saag] IETF 93 Agenda Request - Key Discovery Viktor Dukhovni
- Re: [saag] IETF 93 Agenda Request - Key Discovery Phillip Hallam-Baker
- Re: [saag] IETF 93 Agenda Request - Key Discovery Viktor Dukhovni
- Re: [saag] IETF 93 Agenda Request - Key Discovery John Levine
- Re: [saag] IETF 93 Agenda Request - Key Discovery Viktor Dukhovni
- Re: [saag] IETF 93 Agenda Request - Key Discovery John Levine
- Re: [saag] IETF 93 Agenda Request - Key Discovery ⌘ Matt Miller
- Re: [saag] IETF 93 Agenda Request - Key Discovery Viktor Dukhovni
- Re: [saag] IETF 93 Agenda Request - Key Discovery Richard Barnes
- Re: [saag] IETF 93 Agenda Request - Key Discovery Richard Barnes
- Re: [saag] IETF 93 Agenda Request - Key Discovery Russ Housley
- Re: [saag] IETF 93 Agenda Request - Key Discovery 🔓Dan Wing
- Re: [saag] IETF 93 Agenda Request - Key Discovery Richard Barnes
- Re: [saag] IETF 93 Agenda Request - Key Discovery Viktor Dukhovni
- Re: [saag] IETF 93 Agenda Request - Key Discovery Phil Hunt
- Re: [saag] IETF 93 Agenda Request - Key Discovery Viktor Dukhovni
- Re: [saag] IETF 93 Agenda Request - Key Discovery Richard Barnes
- Re: [saag] IETF 93 Agenda Request - Key Discovery ⌘ Matt Miller
- Re: [saag] IETF 93 Agenda Request - Key Discovery Viktor Dukhovni
- Re: [saag] SASL for mail, was IETF 93 Agenda Requ… John Levine
- Re: [saag] IETF 93 Agenda Request - Key Discovery Richard Barnes
- Re: [saag] IETF 93 Agenda Request - Key Discovery Viktor Dukhovni
- Re: [saag] IETF 93 Agenda Request - Key Discovery John R Levine
- Re: [saag] IETF 93 Agenda Request - Key Discovery Benjamin Kaduk
- Re: [saag] IETF 93 Agenda Request - Key Discovery Viktor Dukhovni
- Re: [saag] IETF 93 Agenda Request - Key Discovery Chris Newman