Re: [Uta] draft-moore-smtp-addrquery
"John R Levine" <johnl@taugh.com> Wed, 22 July 2015 07:38 UTC
Return-Path: <johnl@taugh.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 388341B2D19 for <uta@ietfa.amsl.com>; Wed, 22 Jul 2015 00:38:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.263
X-Spam-Level:
X-Spam-Status: No, score=0.263 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bOSTToNJw2QH for <uta@ietfa.amsl.com>; Wed, 22 Jul 2015 00:38:10 -0700 (PDT)
Received: from miucha.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8B2571B2D15 for <uta@ietf.org>; Wed, 22 Jul 2015 00:38:09 -0700 (PDT)
Received: (qmail 51618 invoked from network); 22 Jul 2015 07:38:21 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=c9a1.55af486d.k1507; bh=H76pF+6xcIRpZFXuKAlv8g9mkNaKr3UbpArQEbQJIDc=; b=riY7uG0pd+mQCIWxxu08HWxo7gWfdEeRvUsW0NiIFdb+NrP3XbI8JLrtknwAVB8hhnR96TkTFWR7SdAONnNlEo1buicw0rx/GGbhLKvN/l/mJtie2ZkuvSHOvfkpLtJNprVhxOStHkqR3murq9NK7nUIcoJ0JXvSx/eqo2Uw+Ke1cRWTMwdznVP09RiwIpu8DdWtPVuc/d8lwNn3jVWxw2+7Ij2yR0+nQyDcbxD2Hsphld2N7SNMO2GNWLnuDviZ
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=c9a1.55af486d.k1507; bh=H76pF+6xcIRpZFXuKAlv8g9mkNaKr3UbpArQEbQJIDc=; b=NtiaZZOFh+/Aw7E3HjKKiXWaUAlXAh6sNpknPwqoeTqFRchOVflmplG8NeH4mwKrK4LE6/H5N7RfgfGBkX6xXgu1fRED9380JaWbA+psJtwknzZOEpVBpMeh7iVUDIjTjOIc5ZBbaamaO28Lj/PZJ59mmXLFo6lWagqbTTJ4pHs2eUN2ygQchpdsbYcOPW/xEuv+ytF4yRGmri4nt67yHPoCNAZXzhZN/SH5Gw+a2ni2S2gDb0+4wV6fRVRuODbT
Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.0/X.509/SHA1) via TCP6; 22 Jul 2015 07:38:21 -0000
Date: Wed, 22 Jul 2015 03:38:02 -0400
Message-ID: <alpine.OSX.2.11.1507220320370.52651@ary.lan>
From: John R Levine <johnl@taugh.com>
To: Keith Moore <moore@network-heretics.com>
In-Reply-To: <55AF3E46.6090306@network-heretics.com>
References: <20150722055913.60220.qmail@ary.lan> <55AF3E46.6090306@network-heretics.com>
User-Agent: Alpine 2.11 (OSX 23 2013-08-11)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
Archived-At: <http://mailarchive.ietf.org/arch/msg/uta/ZPcU6sD8WQA5eVoeeKdnLZVJ5us>
Cc: uta@ietf.org
Subject: Re: [Uta] draft-moore-smtp-addrquery
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Jul 2015 07:38:11 -0000
> By contrast, unsigned TLSA records offer essentially zero security. If they're not signed, sure. > That's not what concerns me. What concerns me is whether all of those mail > domains would permit such updates. This draft doesn't define an API for > posting or updating such information, but we'd need one. ... If they don't, they don't. People using those domains have to distribute their keys however they do now. I think you'll find that most people's mail either isn't forwarded at all, or goes through at most one level, with some sort of remote access to change where the forwarded mail goes. > Some mail domains are going to outsource every service that they offer. > That's their decision to make, and for some mail domains it might well be > more secure than trying to provide that service in house. The way AQRY is > written at the moment, a mail domain can outsource its AQRY redirect server > to a different party than its mail service provider, so it's not having to > trust their MSP with their private keys. But any time that kind of service > is outsourced, the customer almost inherently has less control over its > private keys and less ability to prevent their exposure and/or misuse. Yup. I think it's perfectly fine to define a way to let people run their own key servers, but I also think that if you require it, you might as well stop now because it's not going to work for enough people to be worth the effort. One of my mail hosting clients is more or less an ad agency. They know a lot about the ad business and nothing about e-mail. If it were easy to use encrypted mail, they would, e.g., sending proofs to clients for campaigns for yet to be announced products. But there is absolutely no way no how that they will ever run a key server unless someone else, i.e. Tucows or me, runs it for them. I already know most of their passwords, because they trust me and it makes debugging stuff a lot easier. I think that situation is far more common than the university or enterprise which has a skilled staff and a data center that can set up and maintain a key server and all of the necessary authentication goop. If they do, great, but you can't depend on it. > If the mail domain decides to outsource its DNS also (whether to you or > anybody else), should it be automatically seen as extending that level of > trust to its DNS provider, such that the provider can convincingly offer > bogus information that's associated with an email address? I don't think so. Since the DNS provider can already hijack all their mail, which means that these days he can get signed SSL certs in their name, I'd say that horse left the barn a long time ago. Regards, John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY Please consider the environment before reading this e-mail.
- [Uta] draft-moore-smtp-addrquery Keith Moore
- Re: [Uta] draft-moore-smtp-addrquery John Levine
- Re: [Uta] draft-moore-smtp-addrquery Keith Moore
- Re: [Uta] draft-moore-smtp-addrquery John Levine
- Re: [Uta] draft-moore-smtp-addrquery Keith Moore
- Re: [Uta] draft-moore-smtp-addrquery John R Levine
- Re: [Uta] draft-moore-smtp-addrquery Viktor Dukhovni
- Re: [Uta] draft-moore-smtp-addrquery Keith Moore
- Re: [Uta] draft-moore-smtp-addrquery Viktor Dukhovni
- Re: [Uta] draft-moore-smtp-addrquery Keith Moore
- Re: [Uta] draft-moore-smtp-addrquery Viktor Dukhovni
- Re: [Uta] draft-moore-smtp-addrquery Watson Ladd
- Re: [Uta] draft-moore-smtp-addrquery Viktor Dukhovni
- Re: [Uta] draft-moore-smtp-addrquery Watson Ladd
- Re: [Uta] draft-moore-smtp-addrquery Keith Moore
- Re: [Uta] draft-moore-smtp-addrquery Viktor Dukhovni
- Re: [Uta] draft-moore-smtp-addrquery Keith Moore
- Re: [Uta] draft-moore-smtp-addrquery Viktor Dukhovni
- Re: [Uta] draft-moore-smtp-addrquery Keith Moore
- Re: [Uta] draft-moore-smtp-addrquery Viktor Dukhovni
- Re: [Uta] draft-moore-smtp-addrquery Daniel Kahn Gillmor
- Re: [Uta] draft-moore-smtp-addrquery Daniel Kahn Gillmor
- Re: [Uta] draft-moore-smtp-addrquery Daniel Kahn Gillmor