On Tue, 28 Feb 2017, Dale R. Worley wrote:
Well enough. Actually, I thought about this issue some more, and that led to my followup e-mail. I think there is a real desire to not have the DNS provide a direct catalog of valid e-mail addresses, but it conflicts with the weak security of non-salted hashes. As I said in that e-mail, I think this could be improved by providing a hash in a DNS record, which would mean that hashes would be well-justified as providing substantially more privacy/security than direct UTF-8 (or base64 or anything reversible).
I don't think that justifies differentiating the lookups of OPENPGPKEY versus SMIMEA records. So even if I agreed with you, I think it is too late to change this. But I also do not agree :) Email addresses are not secrets. The only difference between publishing or not publishing OPENPGPKEY or SMIMEA records is that the spammer can do an offline versus an online attack. And with easilly available botnets these days, I don't think that makes any meaningful difference. Paul _______________________________________________ dane mailing list dane@ietf.org https://www.ietf.org/mailman/listinfo/dane
