Re: dane-openpgp 2nd LC resolution

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, 12 Mar 2016, Doug Barton wrote:

On 03/12/2016 01:00 AM, John C Klensin wrote:
 The IETF should not be encouraging experiments on the public
 Internet that could be harmful to the Internet or to existing
 deployed applications, especially standards-track ones.  Several
 people with significant email operational experience have made
 the claim that this experiment could be harmful to the
 Internet's email infrastructure, if only by encouraging a
 violation of a fairly explicit (and very important, IMO)
 provision of SMTP.  As far as I can tell from reviewing the
 discussions, there has not even been effort to refute those
 claims or explain why they are not relevant.

Has anyone laid out the perceived dangers in an easily digestible format? I would be interested to see that discussion.

Given that the DNS RR in question is something the end user has to explicitly request, the danger is not immediately obvious to me.

That is not clear to me either, since the _delivery_ is unchanged, and
still goes to the local-part _exactly_ as specified by the user. So the
risks here are:

1 Failure to find an existing OPENPGPKEY record, email goes out in plaintext just as
  if this draft never existed.

2 In an email server has paul@xxxxxxxxx and Paul@xxxxxxxxx, AND these
  are different users, then instead of JUST mailing the wrong user in
  plaintext, the wrong user is emailed encrypted to that user. This is
  functionaly still better than the current deployment, since only 1
  wrong user can see the (encrypted) email instead of everyone on the
  path plus the user who can see the never-encrypted email.

However, the email community experts themselves have already stated that
finding an email server compliant to case 2 is a theoretical exercise
only.

Paul




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]