>>>>> "John" == John R Levine <johnl@xxxxxxxxx> writes:
>> I think this is OK. That's what you get for using a domain who
>> does this sort of thing as your email provider.
John> Right. But again, if I'm trying to find your key, I have no
John> way to know how sleazy your mail provider is, so I have no way
John> to tell whether to trust the keys they publish.
Yeah, but I believe for most users the only reasonable default for
things you get from the key servers is don't trust without additional
evidence.
For most users for most domains, I believe a reasonable default for this
dane record is trust if you otherwise would have sent plaintext mail.
>> I do consider this proposal's handling of this case superior to
>> the key servers.
John> A key you get from the key servers might be real or might be
John> bogus. A key you get through DANE might be real or might be
John> bogus. What's the difference?
It's all in the probabilities.
I'm making a judgment based on how I've seen PGP used over the last 20
years or so.
It seems like other people I believe to have used PGP a lot are making
the same judgment on this proposal.
Yes, that's appeal to authority.
The only thing I can think to do beyond this is consider the sorts of
examples you're bringing up.
You think they argue that the key servers and this proposal are the
same.
I think they are interesting experiments that validate the utility of
this trust model in interesting cases.
John> A key from DANE implicitly has
John> an endorsement from the domain, but a key from key servers can
John> have endorsements via WoT signatures. In each case. unless
John> you know the endorser, the endorsement is useless.
There we disagree.
I think implicit endorcement from the domain is valuable even if I don't
know much about the domain.