Re: Last Call: <draft-ietf-dane-openpgpkey-07.txt>

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 02/15/2016 04:04 PM, Viktor Dukhovni wrote:
On Feb 15, 2016, at 2:29 PM, John Levine <johnl@xxxxxxxxx> wrote:

There are perfectly reasonable ways to do DANE-secured lookups of
mailbox keys.  A simple one would be a per-domain SRV or URI record
that points at an RFC 4387 key server, with its certs secured by TLSA.
It's just as secure, just as DANE-ful, and has none of the semantics
and scaling problems of trying to shove mailbox keys into the DNS.
Its realistic security is better, since the mailbox names don't get
relayed through DNS caches of unknown snoopiness.
Sadly Keith Moore's addrquery draft seems to have stalled:

    https://tools.ietf.org/html/draft-moore-email-addrquery-01

I agree that was a promising direction...  Yes I quibbled over
the details, but certainly not with the intention of blocking it,
rather I wanted it to be more realistically deployable...
It's not dead. I'm still working on it and will try to get a revision out this coming weekend.

Keith




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]