On Wed, 25 Mar 2015, Nico Williams wrote:
On Wed, Mar 25, 2015 at 08:45:57PM +0000, Viktor Dukhovni wrote:
On Wed, Mar 25, 2015 at 04:30:36PM -0400, Paul Wouters wrote:
On Wed, 25 Mar 2015, Viktor Dukhovni wrote:
Attacks will just take out the oracle to induce plaintext, or will
spoof causing a lockout of real clients inducing those end up using
plaintext.
Taking out the oracle will not induce plaintext any more than
performing the same attack on the authoritative DNS server for the
domain.
DNS servers are pretty good at withstanding attacks. Entire business
models have sprouted up deploying this. We have redundant DNS servers
and redundant MX hosts. So it's basically mandatory to run redundant
oracle servers. This whole oracle idea is gaining FTE's pretty fast in
both design and implementation and it is an insane cost for a pretty
imaginary use case of typing in an email address that might be wrong
which must be corrected.
User keys would have very short TTLs (positive and negative,
to address cache explosion), so a large fraction of queries will
go end-to-end from the MUA to the authoritative server.
I think you should let cache management policies be decided by the
cache? For privacy reasons, some publishers might want to use a high
TTL. Revocation is not much of a problem since most of these keys
are years or decades old without people updating those keys before using
them again to see if the key was revoked.
Not only that, but it will be easier for MUAs to give the user feedback
as to what went wrong in such a protocol than in DNS.
Which user? openpgpkey-milter operates without an interactive user.
Recursors and Authoritative servers supporting OPENPGPKEY or SMIME could
rate limit the sending of NSEC3 chains if there are too [many] requests for
non-existing records - causing them to need to go back to the current
RCPT TO practise.
Not having to worry about zone walking for this is a plus.
Again, no one is making this mandatory to deploy. If you rather have
your users semi-hidden with plaintext email, keep calm and continue
as you are now.
If there are people who want to design and deploy oracles, go ahead and
write a document. OPENPGPKEY should not _require_ one and still work
without any user mapping. And implementations can later be extended to
use this new oracle protocol.
Paul
_______________________________________________
dane mailing list
dane@ietf.org
https://www.ietf.org/mailman/listinfo/dane
