John, Thank you for your input we will take your textual suggestion under advisement,
Thanks Olafur > On Nov 9, 2016, at 8:32 PM, John Levine <jo...@taugh.com> wrote: > > This draft is still a bad idea for all the reasons I described the > last time it came around. Nothing has changed. > > If you do publish it, I'd suggest much stronger language in the first > sentence of section 9 on security considerations. The security model > for S/MIME certs has always been that the trust flows from the CA to > the user without involving the user's mail operator. Now the domain > is the trust source for all of its users. Sometimes that's > reasonable, sometimes not, and there's no way you can tell without > knowing information about the domain that's not in the DNS. > > The fifth paragraph, on mail operator MITM attacks on user mail, is > also much too weak. If the domain is a bank that is required by law > to archive its employee communications, MITM is reasonable. If it's a > public mail operator that uses MITM to compile dossiers of user info > to sell to marketers, and to edit ads and web bugs into the messages > into mail before re-encrypting them, all without user permission, it's > not. If the mail is from another user on the same system, it'll > re-sign the mail, too. Of course, the mail operator will assure you > it's "required to be able to read everyone's encrypted email" by its > business plan. > > R's, > John _______________________________________________ dane mailing list dane@ietf.org https://www.ietf.org/mailman/listinfo/dane
