On Wed, Mar 25, 2015 at 08:58:37AM -0700, =JeffH wrote: > some of us have been around this overall block before back in the > mid-to-late '90s.
Oh yes, I remember sendmail fuzzy matching. > from my personal perspective, based on past experience, here's what > I think would be viable for standardization from a high-level > non-DANE-specific perspective.. > > ### > 1. given email addr of "[email protected]" > > 2. find a "local-part lookup service" at "example.org" [eg using > SRV lookup in DNS] And how to authenticate the service using DANE. > 3. query example.org's local-part lookup service for info (eg public > key) mapped to "foobar" > > 4. this results in an answer (eg public key) or not [eg "not found" status > code] > ### Yes. A lookup service. And if we're going to do this, then there's no much point to putting local-part -> public keys in DNS. Problem: DNS (even with DNSPRIV) is much more light-weight than any service that uses TLS. Solution: Make a light-weight lookup (idempotent) protocol. To start we could use TLS. (Since we're talking about a lookup protocol, there are TLS features that are not needed, such as replay protection, session resumption, and so on. At minimum server authentication [via public keys published in the DNS] and confidentiality and integrity protection are all that's needed.) Nico -- _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
