ietf
[Top] [All Lists]

Re: dane-openpgp 2nd LC resolution

2016-03-13 13:54:30


--On Sunday, March 13, 2016 1:48 PM -0400 Viktor Dukhovni
<ietf-dane(_at_)dukhovni(_dot_)org> wrote:

On Mar 13, 2016, at 1:11 PM, John Levine <johnl(_at_)taugh(_dot_)com>
wrote:

Given that the DNS RR in question is something the end user
has to  explicitly request, ...

Uh, what?  The DNS is under control of the domain owner, not
the end users. 

A misreading of the comment.  The "end-user" in question is
the one doing the lookup, not the one whose key is published.
Paul is making no claim about how the published key got
there...

I understood that, and I assume John L. did too.  The problem,
again, is that we are conflating several issues, including
whether the right key is going to be found to correspond to a
given address and whether and how it can be trusted.  A
problematic domain owner (and, unless the nominal domain owner
is paying a lot of attention, a problematic registrar or other
third-party domain administrator) can provide bogus,
self-serving keys.

"Making no claim about how the key got there" is almost
certainty true, but that misses the point.  The document more or
less claims that, if one finds a key in the DNS associated with
a particular mailbox string, then that key has some association
with the person who owns/controls (not necessarily the same
thing) that mailbox.  -07 was actually more clear about the
issues with that than -08 is, but neither goes far enough, IMO,
in detailing the risks that the community perfectly well knows
about.

The requirement is still that the I-D be clear about either
known risks, restricting the experiment to those who are very
familiar with those risks and accept them, or both.

    john