ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [openpgp] [dane] The DANE draft

2015-08-06 03:50:19
from [Hosnieh Rafiee] [Permanent Link] 
-----Original Message-----
From: dane [mailto:dane-bounces(_at_)ietf(_dot_)org] On Behalf Of Paul Wouters

On Wed, 5 Aug 2015, Carsten Strotmann wrote:


for OPENPGPKEY/SMIMECERT zones, operators could (maybe SHOULD) use
NSEC/NSEC3 "narrow" signing to prevent "zone-walking".


email addresses are not secret. That is not the privacy you can protect
at all. Anyone can either do a internet search or just attempt to
deliver an email to figure out if the email address is valid.


Disagree! This really depends on the person and scenarios. 
For some people maybe it is not a problem to share their email addresses or put 
them on their public websites because it is a part of their job. For example a 
company shares its email to others so that other can contact them. But for 
someone like a president of a country or a politician  it is important because 
a criminal can bug them by threatening them, try to hack their email by sending 
messages with fake links to do phishing attack or send codes inside html body 
of the email to access their computer and infect it. Therefore, from privacy 
point of view, as much information as I can have about a victim, the chance of 
attack is higher. 



The only realy privacy concern is learning who is querying, meaning who
is interested in mailing a particular user - assuming everything else
on the email path is secureb by TLS, and the domain is large enough to
actually hide the userbase (that is, nohats.ca is already a lost cause,
because everyone knows a TLS connection to mx.nohats.ca means you are
going to email me)


Nope, some people who really care about their privacy uses different emails for 
different purposes (business, family, friends).


Breaking hashes requires much more "willful intent" than decoding

BASE32.

But that difference these days is basically zero as soon as someone
puts up a module for johntheripper or hashcat or something on github.



Again disagree. 

 
Hosnieh

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [openpgp] [dane] The DANE draft, Paul Wouters
Next by Date:  Re: [openpgp] [dane] The DANE draft, Paul Wouters
Previous by Thread:  Re: [openpgp] [dane] The DANE draft, Paul Wouters
Next by Thread:  Re: [openpgp] [dane] The DANE draft, Vincent Breitmoser
Indexes:  [Date] [Thread] [Top] [All Lists]