ietf
[Top] [All Lists]

Re: PGP security models, was Summary of IETF LC for draft-ietf-dane-openpgpkey

2015-09-23 15:32:01
On Wed, 23 Sep 2015, John R Levine wrote:

I do consider this proposal's handling of this case superior to the key
servers.

A key you get from the key servers might be real or might be bogus. A key you get through DANE might be real or might be bogus. What's the difference? A key from DANE implicitly has an endorsement from the domain, but a key from key servers can have endorsements via WoT signatures. In each case. unless you know the endorser, the endorsement is useless.

Again, once DANE confirms your keyid/fingerprint, you can still try and
find endorsements by pulling the key from keyservers, if you find you
need endorsements before encrypting it (and would not sent the email
plaintext otherwise)

The draft consists of a key lookup mechanism and a key fetching
mechanism. You keep insisting it is only a key fetching mechanism.

You can never solely pull a key from a keyserver and then use it, as it
is trivial to DOS the recipient by adding bogus keys to the keyserver
pools.

A key from DANE implicitly has an endorsement from the domain AND it can
contain further endorsements that the keyholder finds adding value.

Paul

<Prev in Thread] Current Thread [Next in Thread>