On Fri, Dec 12, 2014 at 05:52:42PM +0000, Viktor Dukhovni wrote: > If queries are sent to an HTTPS service that is deployed with the > (ultimate) inbound MTA for "example.com", then X.509 key lookup is > rather similar to what the MTA already does to validate the inbound > recipient so as not to be a backscatter source.
Yes. It has to be HTTPS because that will go through firewalls. Whereas my chaining through MSAs/MTAs idea is too burdensome on the MSAs/MTAs. For verification of sender signing certs this need not reveal anything about valid local-parts. For recipient encryption cert lookups... avoiding an oracle for local-part validity is harder because the service would have to serve a valid encryption cert (SMIMEA RRs, really) for every query. For PK algorithms where it's cheap to fake random public keys this is not a problem at all. > The main thing this would have to recommend itself is there is no > encoding of the localpart into DNS labels, [...] And thus no canonicalization concerns. > The oracle can query LDAP, ... can make up fake replies for > non-existent addresses to thwart directory harvesting attacks > if desired, ... > > HTTPS, allows the service to be reached from inside corporate > environments that block most other outbound services (possibly > including external DNS). In some environments even HTTPS is subject > to corporate MiTM (that the users are aware of with the HTTP proxy > signing certs trusted by browsers, ...). In such environments > users don't get end-to-end email encryption, just like they don't > get end-to-end HTTPS. Their border email gateway might be able to > play gateway-to-gateway SMIME with the destination. Yeah, and then either the client gives up (hey, if it's in a corporate network that seems fair) or we do the chaining-with-DNSSEC-proof thing I proposed earlier. Nico -- _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
