On Sun, 13 Mar 2016, John Levine wrote:
Has anyone laid out the perceived dangers in an easily digestible
format? I would be interested to see that discussion.
See the discussion on this list in the first LC. I tried to sum them
up in one message about a week before the end.
You will also find my arguments against that summary there.
Given that the DNS RR in question is something the end user has to
explicitly request, ...
Uh, what? The DNS is under control of the domain owner, not the end
users. If I'm running mitmmail.com, I can publish keys for all of my
users that I can decode on the way in. If I'm that kind of MITM I
might even re-encode the mail with the users' real keys if I know what
they are, perhaps from the traditional PGP key servers.
So can the Registrar, the Registry and the root key owners, your OS
vendor, and many more. I don't see us blocking TLS or IPsec or PKIX
documents based on that.
Which is why the draft clearly states "not a replacement for Web Of
Trust". Why it has advise on what to do when keys in DNS conflict with
the local key ring. Why it says "still better to use to encrypt than
send in the clear".
This points out one of the problems with this draft: there's no
security model beyond the implicit DANE model that anything that's
signed with DNSSEC must be true.
And as I replied then, the key listed can have trust signatures on them,
or you can get those trust signatures from public key servers (now you
have a key id). The draft mentions these things very clearly because
these arguments keep coming up and I've tried to accomodate things in
various rounds of LC, and you just keep rejecting with hand waving and
refusing to contribute text.
All of this has been said before, and all of this will be said again
it seems.
Paul