Re: PGP security models, was Summary of IETF LC for draft-ietf-dane-open

Eliot Lear <lear(_at_)cisco(_dot_)com> writes:

> On 9/23/15 9:00 PM, John R Levine wrote:
> > I should have been clearer, the assertion is "this is my user's key".
> >
> > > Let's focus on the case where it's completely false, yet it's still
> > > reasonable to trust the domain to publish the right MX records.  I'm not
> > > seeing that case at all, so I'd appreciate some help.
> > A straightforward example is that the mail system, through malice or
> > outside pressure, does an MITM attack on users who have their own
> > keys, so it publishes a key it controls and re-encrypts mail on the
> > way through to the user's own key.  An outsider who had the old key
> > might notice that the key changed, or if he didn't have the old key,
> > probably not.
> The good news is that this should be observable by the user.  That is,
> he should be able to query the domain for his own public key and
> compare.
The user can't detect it reliably, I believe, at least not until we have
something like a Certificate Transparency project for DNSSEC data.

/Simon

signature.asc
Description: PGP signature