Re: [Secdispatch] Please help dispatch "Dangerous Labels"
Michael Richardson <mcr+ietf@sandelman.ca> Tue, 26 July 2022 18:03 UTC
Return-Path: <mcr@sandelman.ca>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 99FD4C13C23E for <secdispatch@ietfa.amsl.com>; Tue, 26 Jul 2022 11:03:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.906
X-Spam-Level:
X-Spam-Status: No, score=-6.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bhrDrMkS-6Cx for <secdispatch@ietfa.amsl.com>; Tue, 26 Jul 2022 11:03:47 -0700 (PDT)
Received: from relay.sandelman.ca (relay.cooperix.net [IPv6:2a01:7e00:e000:2bb::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C8981C13CCE5 for <secdispatch@ietf.org>; Tue, 26 Jul 2022 11:03:47 -0700 (PDT)
Received: from dooku.sandelman.ca (dhcp-886b.meeting.ietf.org [31.133.136.107]) by relay.sandelman.ca (Postfix) with ESMTPS id F28F51F448; Tue, 26 Jul 2022 18:03:44 +0000 (UTC)
Received: by dooku.sandelman.ca (Postfix, from userid 179) id EE6BE1A04AC; Tue, 26 Jul 2022 14:03:43 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, secdispatch@ietf.org
In-reply-to: <87tu73q5c6.fsf@fifthhorseman.net>
References: <87tu73q5c6.fsf@fifthhorseman.net>
Comments: In-reply-to Daniel Kahn Gillmor <dkg@fifthhorseman.net> message dated "Tue, 26 Jul 2022 11:08:41 -0400."
X-Mailer: MH-E 8.6+git; nmh 1.7.1; GNU Emacs 26.3
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Tue, 26 Jul 2022 14:03:43 -0400
Message-ID: <258490.1658858623@dooku>
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/oKXA-16Jj-eqe_q2siYr8preb7k>
Subject: Re: [Secdispatch] Please help dispatch "Dangerous Labels"
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Jul 2022 18:03:49 -0000
Daniel Kahn Gillmor <dkg@fifthhorseman.net> wrote: > https://datatracker.ietf.org/doc/draft-dkg-intarea-dangerous-labels/ I skimmed it. I see the point of doing this. I don't know where to dispatch it. > The not-so-secret goal of the document is to *discourage* creation of > new labels like this. Or, rather, to discourage the creation of systems > that treat certain "magic" labels as having special properties. And yet... we are creating an IANA registry for them, which feels kinda weird, but I see how it's probably the right action. It just might be hard to explain to outsiders. > For example, if the administrators of "example.com" permit Jennifer to > take control of "mta-sts.example.com", she can change the e-mail > transport security properties of the entire zone. I never heard of that label before! I don't think that RFC8641 is the right reference though. Swapped some digits? RFC8461! But that RFC uses _mts-sts... underscore. -- Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-
- [Secdispatch] Please help dispatch "Dangerous Lab… Daniel Kahn Gillmor
- Re: [Secdispatch] Please help dispatch "Dangerous… Salz, Rich
- Re: [Secdispatch] Please help dispatch "Dangerous… Michael Richardson
- Re: [Secdispatch] Please help dispatch "Dangerous… Dan Collins
- Re: [Secdispatch] [EXTERNAL] Please help dispatch… Mike Ounsworth
- Re: [Secdispatch] [EXTERNAL] Please help dispatch… Mike Ounsworth
- Re: [Secdispatch] [EXTERNAL] Please help dispatch… Daniel Kahn Gillmor
- Re: [Secdispatch] [EXTERNAL] Please help dispatch… Salz, Rich
- Re: [Secdispatch] [EXTERNAL] Please help dispatch… Daniel Kahn Gillmor
- Re: [Secdispatch] Please help dispatch "Dangerous… Michael Richardson
- Re: [Secdispatch] [EXTERNAL] Please help dispatch… Michael Richardson
- Re: [Secdispatch] [EXTERNAL] Please help dispatch… Salz, Rich
- Re: [Secdispatch] [EXTERNAL] Please help dispatch… Salz, Rich
- Re: [Secdispatch] [EXTERNAL] Please help dispatch… Carsten Bormann
- Re: [Secdispatch] Please help dispatch "Dangerous… Mark Nottingham
- Re: [Secdispatch] Please help dispatch "Dangerous… Carsten Bormann
- Re: [Secdispatch] Please help dispatch "Dangerous… Michael Richardson
- Re: [Secdispatch] [EXTERNAL] Please help dispatch… Daniel Kahn Gillmor
- Re: [Secdispatch] [EXTERNAL] Please help dispatch… Salz, Rich
- Re: [Secdispatch] [EXTERNAL] Please help dispatch… Daniel Kahn Gillmor
- Re: [Secdispatch] [EXTERNAL] Please help dispatch… Salz, Rich