On 05/08/15 09:14, Paul Wouters wrote:
I have no strong preference for base32 vs. digested localpart for the
hostname. Digested localparts require a little bit more work to invert
than base32, but given the low entropy of typical normalized localparts,
they don't provide a lot of protection against a determined attacker.
And as clearly stated, were never meant to provide security.
Hmm.
With no hats, I gotta say I prefer the harder to invert local part
(i.e. hashed) to the reversible one (b32).
If this experiment ends up successful, then I think we'll be setting
a precedent for other per-user identifiers to be used as part of a
DNS name so I do not believe that arguments about this aspect ought
be decided solely based on PGP or SMIME or DANE. We should also
consider that some other protocol is highly likely to follow what
seems to have worked (just as _blah.example.com has been mimicked)
and where we don't now know the privacy consequences of copying
the pattern we're setting here.
For that reason, I really would prefer that we stick to the hash and
not go for the reversible per-user identifier.
(Separately, I also don't buy that there will be much use for actually
reversing the b32 encoding and if there were then the relevant work
could just as easily be done in advance by a server that is willing
to answer for a few known alternatives.)
So sorry to continue an argument but shouldn't this experiment be
a more conservative about privacy just in case it ends up wildly
successful?
Ta,
S.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp