Re: Summary of IETF LC for draft-ietf-dane-openpgpkey
2015-09-16 05:46:27Hi, On 9/16/15 12:14 PM, Philip Homburg wrote:
In your letter dated Tue, 15 Sep 2015 21:11:05 -0400 you wrote:In addition, as Christian more or less pointed out, if the IETF is really making a very strong commitment to privacy, creating an easily-harvestable source of verified email addresses doesn't seem to be a good idea. Perhaps the tradeoffs justify it, but the document would be a lot better if that particular analysis and set of considerations were explained.I'm curious about the attack scenario here. Assuming the DNS zone is properly protected using NSEC3, performing a dictionary attack would mean either one DNS request per try or one NSEC3 hash. I'm assuming here that NSEC3 can be made at least as expensive as any proposed hashing scheme for the LHS of the e-mail address.
When this is true you may be right. And I state this as someone who has deployed DNSSEC. Most haven't. That's a pity.
One DNS request is about as expensive as trying a RCPT TO on the mail server itself.
Perhaps but you seem to think it's an either/or thing. It seems likely that once they're there, someone's going to try to get at them. We simply can't expect otherwise. Eliot
signature.asc
Description: OpenPGP digital signature
| Previous by Date: | Re: Summary of IETF LC for draft-ietf-dane-openpgpkey, Philip Homburg |
|---|---|
| Next by Date: | Re: Summary of IETF LC for draft-ietf-dane-openpgpkey, John C Klensin |
| Previous by Thread: | Re: Summary of IETF LC for draft-ietf-dane-openpgpkey, Philip Homburg |
| Next by Thread: | Re: Summary of IETF LC for draft-ietf-dane-openpgpkey, John C Klensin |
| Indexes: | [Date] [Thread] [Top] [All Lists] |