From: Grant Taylor via TUHS <tuhs@minnie.tuhs.org>
To: tuhs@minnie.tuhs.org
Subject: Re: [TUHS] off-topic list
Date: Mon, 25 Jun 2018 12:48:33 -0600 [thread overview]
Message-ID: <5da463dd-fb08-f601-68e3-197e720d5716@spamtrap.tnetconsulting.net> (raw)
In-Reply-To: <20180625161052.6PXXL%steffen@sdaoden.eu>
[-- Attachment #1: Type: text/plain, Size: 2820 bytes --]
On 06/25/2018 10:10 AM, Steffen Nurpmeso wrote:
> DKIM reuses the *SSL key infrastructure, which is good.
Are you saying that DKIM relies on the traditional PKI via CA
infrastructure? Or are you saying that it uses similar technology that
is completely independent of the PKI / CA infrastructure?
> (Many eyes see the code in question.) It places records in DNS, which
> is also good, now that we have DNS over TCP/TLS and (likely) DTLS.
> In practice however things may differ and to me DNS security is all in
> all not given as long as we get to the transport layer security.
I believe that a secure DNS /transport/ is not sufficient. Simply
security the communications channel does not mean that the entity on the
other end is not lying. Particularly when not talking to the
authoritative server, likely by relying on caching recursive resolvers.
> I personally do not like DKIM still, i have opendkim around and
> thought about it, but i do not use it, i would rather wish that public
> TLS certificates could also be used in the same way as public S/MIME
> certificates or OpenPGP public keys work, then only by going to a TLS
> endpoint securely once, there could be end-to-end security.
All S/MIME interactions that I've seen do use certificates from a well
know CA via the PKI.
(My understanding of) what you're describing is encryption of data in
flight. That does nothing to encrypt / protect data at rest.
S/MIME /does/ provide encryption / authentication of data in flight
/and/ data at rest.
S/MIME and PGP can also be used for things that never cross the wire.
> I am not a cryptographer, however. (I also have not read the TLS v1.3
> standard which is about to become reality.) The thing however is that
> for DKIM a lonesome user cannot do anything -- you either need to have
> your own SMTP server, or you need to trust your provider.
I don't think that's completely accurate. DKIM is a method of signing
(via cryptographic hash) headers as you see (send) them. I see no
reason why a client can't add DKIM headers / signature to messages it
sends to the MSA.
Granted, I've never seen this done. But I don't see anything preventing
it from being the case.
> But our own user interface is completely detached. (I mean, at least
> if no MTA is used one could do the DKIM stuff, too.)
I know that it is possible to do things on the receiving side. I've got
the DKIM Verifier add-on installed in Thunderbird, which gives me client
side UI indication if the message that's being displayed still passes
DKIM validation or not. The plugin actually calculates the DKIM hash
and compares it locally. It's not just relying on a header added by
receiving servers.
--
Grant. . . .
unix || die
[-- Attachment #2: S/MIME Cryptographic Signature --]
[-- Type: application/pkcs7-signature, Size: 3982 bytes --]
next prev parent reply other threads:[~2018-06-25 18:48 UTC|newest]
Thread overview: 100+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-21 22:44 [TUHS] core Nelson H. F. Beebe
2018-06-21 23:07 ` Grant Taylor via TUHS
2018-06-21 23:38 ` Toby Thain
2018-06-21 23:47 ` [TUHS] off-topic list Warren Toomey
2018-06-22 1:11 ` Grant Taylor via TUHS
2018-06-22 3:53 ` Robert Brockway
2018-06-22 4:18 ` Dave Horsfall
2018-06-22 11:44 ` Arthur Krewat
2018-06-22 14:28 ` Larry McVoy
2018-06-22 14:46 ` Tim Bradshaw
2018-06-22 14:54 ` Larry McVoy
2018-06-22 15:17 ` Steffen Nurpmeso
2018-06-22 17:27 ` Grant Taylor via TUHS
2018-06-22 19:25 ` Steffen Nurpmeso
2018-06-22 21:04 ` Grant Taylor via TUHS
2018-06-23 14:49 ` Steffen Nurpmeso
2018-06-23 15:25 ` Toby Thain
2018-06-23 18:49 ` Grant Taylor via TUHS
2018-06-23 21:05 ` Tom Ivar Helbekkmo via TUHS
2018-06-23 21:21 ` Michael Parson
2018-06-23 23:31 ` Grant Taylor via TUHS
2018-06-23 23:36 ` Larry McVoy
2018-06-23 23:37 ` Larry McVoy
2018-06-24 0:20 ` Grant Taylor via TUHS
2018-06-25 2:53 ` Dave Horsfall
2018-06-25 5:40 ` Grant Taylor via TUHS
2018-06-25 6:15 ` arnold
2018-06-25 7:27 ` Bakul Shah
2018-06-25 12:52 ` Michael Parson
2018-06-25 13:41 ` arnold
2018-06-25 13:56 ` arnold
2018-06-25 13:59 ` Adam Sampson
2018-06-25 15:05 ` Grant Taylor via TUHS
2018-06-26 9:05 ` Derek Fawcus
2018-06-28 14:25 ` [TUHS] email filtering (was Re: off-topic list) Perry E. Metzger
2018-06-23 22:38 ` [TUHS] off-topic list Steffen Nurpmeso
2018-06-24 0:18 ` Grant Taylor via TUHS
2018-06-24 10:04 ` Michael Kjörling
2018-06-25 16:10 ` Steffen Nurpmeso
2018-06-25 18:48 ` Grant Taylor via TUHS [this message]
2018-06-25 0:43 ` [TUHS] mail (Re: " Bakul Shah
2018-06-25 1:15 ` Lyndon Nerenberg
2018-06-25 2:44 ` George Michaelson
2018-06-25 3:04 ` Larry McVoy
2018-06-25 3:15 ` Bakul Shah
2018-06-25 16:26 ` Steffen Nurpmeso
2018-06-25 18:59 ` Grant Taylor via TUHS
2018-06-25 14:18 ` [TUHS] " Clem Cole
2018-06-25 15:28 ` [TUHS] off-topic list [ really mh ] Jon Steinhart
2018-06-26 7:49 ` Ralph Corderoy
2018-06-25 15:51 ` [TUHS] off-topic list Steffen Nurpmeso
2018-06-25 18:21 ` Grant Taylor via TUHS
2018-06-26 20:38 ` Steffen Nurpmeso
2018-06-22 16:07 ` Tim Bradshaw
2018-06-22 16:36 ` Steve Johnson
2018-06-22 20:55 ` Bakul Shah
2018-06-22 14:52 ` Ralph Corderoy
2018-06-22 15:13 ` SPC
2018-06-22 16:45 ` Larry McVoy
2018-06-22 15:28 ` Clem Cole
2018-06-22 17:17 ` Grant Taylor via TUHS
2018-06-22 18:00 ` Dan Cross
2018-06-22 17:29 ` Cág
2018-06-22 2:21 Noel Chiappa
2018-06-22 22:23 Doug McIlroy
2018-06-22 23:20 ` John P. Linderman
2018-06-23 0:22 ` Warren Toomey
2018-06-24 3:08 Norman Wilson
2018-06-24 13:14 Noel Chiappa
2018-06-25 1:38 ` Dave Horsfall
2018-06-25 1:46 ` Grant Taylor via TUHS
2018-06-25 16:44 ` Steffen Nurpmeso
2018-06-25 12:45 ` Tony Finch
2018-06-25 16:41 ` Steffen Nurpmeso
2018-06-25 14:44 Noel Chiappa
2018-06-25 15:44 ` Clem Cole
2018-06-25 16:03 ` Paul Winalski
2018-06-25 17:22 ` Clem Cole
2018-06-25 16:10 Noel Chiappa
2018-06-25 17:37 ` Clem Cole
2018-06-25 19:35 ` Grant Taylor via TUHS
2018-06-25 20:09 ` Clem Cole
2018-06-25 20:47 ` Grant Taylor via TUHS
2018-06-25 21:15 ` Clem Cole
2018-06-26 7:01 ` arnold
2018-06-26 8:57 ` Derek Fawcus
2018-06-26 11:29 ` Tim Bradshaw
2018-06-26 13:09 ` Tony Finch
2018-06-26 18:04 ` Warner Losh
2018-06-26 21:16 ` Clem Cole
2018-06-27 21:33 ` Michael Parson
2018-06-27 22:27 ` Clem cole
2018-06-28 5:57 ` arnold
2018-06-28 18:36 ` Michael Parson
2018-06-26 15:57 ` Michael Kjörling
2018-06-26 21:09 ` Steffen Nurpmeso
2018-06-26 21:18 ` Clem Cole
2018-06-26 23:45 ` George Michaelson
2018-06-25 20:15 ` Lyndon Nerenberg
2018-06-26 8:27 ` Tony Finch
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5da463dd-fb08-f601-68e3-197e720d5716@spamtrap.tnetconsulting.net \
--to=tuhs@minnie.tuhs.org \
--cc=gtaylor@tnetconsulting.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).