On Tue, Sep 01, 2015 at 02:44:37PM -0400, Olafur Gudmundsson wrote:
> We received some questions about the selection.
> In the discussions on the different ways to represent the left hand sides as
> DNS names there are number of ways the three ways we have been discussing are:
> a) HEX( SHA256( LHS) [:28])) i.e. 28 left most bytes of SHA256 hash hexified
Once we're hashing, there's no point in making the hashes needlessly
long, so if we're hashing "a" of course.
> b) HEX( SHA256( str2lower(LHS))[:28]) i.e. the same as before but the
> email name is lower cased before digesting, this will help mainly email
> addresses written in Latin-1
No, this would be a second lookup, if the original input in "a" is
not lower-case, and if MUAs choose to do that.
> c) split_lables(HEX(LHS), 60)) i.e. encode the email as a HEX, there are
> two drawbacks and one advantage see below
This is the "low-privacy" unhashed option, which supports hypothetical
nameservers that can canonicalize the address and perform on-the-fly
signing. If such servers are unlikely to materialize, then "a" is
better. If, on the contrary, large providers are likely to implement
such nameservers, then "c" is better.
I thought that there was a recent rough consensus to hash, but if
there's not, it is not clear that we have enought information to
choose between "a" and "c".
I'll be at M3AAWG35 in Atlanta in late October, and will be askin
the large providers what they think about all this, and also Keith
Moore's "addrquery" draft by comparison.
Of course that's still 7 weeks away, and I may not get any feedback
to report...
--
Viktor.
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
