On 03/13/2016 10:11 AM, John Levine wrote:
Has anyone laid out the perceived dangers in an easily digestible
format? I would be interested to see that discussion.
See the discussion on this list in the first LC. I tried to sum them
up in one message about a week before the end.
Can you provide a URL? You have sent 98 messages to the DANE list (to
date). I read all the ones that looked like they might apply to the
topic and was unable to find the kind of tidy summary I was hoping for.
Sorry if I missed it.
Given that the DNS RR in question is something the end user has to
explicitly request, ...
Uh, what? The DNS is under control of the domain owner, not the end
users.
I was referring to the end user sending the mail. Sorry I wasn't more
clear.
If I'm running mitmmail.com, I can publish keys for all of my
users that I can decode on the way in. If I'm that kind of MITM I
might even re-encode the mail with the users' real keys if I know what
they are, perhaps from the traditional PGP key servers.
That is an interesting threat model, however I don't see how that's any
worse than the status quo. If you're the operator of evilmail.com and
the sending user doesn't already have and/or cannot find a PGP key for
your receiving user they will almost certainly send the message in the
clear. Therefore still have access to it, and your receiving user is
still none the wiser.
If your receiving user has no PGP key that you are aware of, your scheme
fails, and your user receives an unexplained encrypted message that will
likely cause them to investigate why it happened.
Either way, your actions have not negatively affected security for
either party.
This points out one of the problems with this draft: there's no
security model beyond the implicit DANE model that anything that's
signed with DNSSEC must be true.
To a rather limited extent I agree with you on this. I will elaborate in
another message.
Doug