On Sat, 1 Aug 2015, Patrik Löhr wrote:
We think it would be better for the local parts to use hashing.
Our two points:
- The discussion obviously came up because of trying to determine a way
to find entries when users use upper and lower case characters. From our
perspective, this is not a problem that these drafts can solve.
But the choice to solve this point is "allow two lookups" or "lowercase".
- Base encoding equates to plaintext transfer and for a security
feature, privacy should not be disregarded.
Hashing of local parts is definitely a great advance over plaintext
transfer in terms of security. Even if hashing was not initially
intended as a security feature, it is one. In any case, it distinctly
hinders the possibility of simply reading the data in DNS requests -
data that could convey a lot about the communication behaviour of users.
But you would only be obfuscating the query, not the answer. The answer
is actually even more interesting because it contains the entire key,
possibly more email addresses as ID's and signatures. Assuming the key
id the user asked for is present on the key obtained, it's trivial to
hash the keyids and find the original query data.
So you would gain security by hashing only for those you are willing
to send plaintext email to?
DNS privacy would help but then you should also be unwilling to use any
random wifi network's DNS server, and build a VPN to a trusted DNS
server farm.
I would say let DPRIVE solve the DNS privacy for all DNS RRtypes.
Paul
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
