So what email address are you going to use to do the dane lookup? The one embedded in the PGP key (assuming one exists), the from address? Does this need to be spelled out in both of the drafts (S/MIME and PGP).
Jim > -----Original Message----- > From: James Cloos [mailto:[email protected]] > Sent: Thursday, February 13, 2014 3:05 PM > To: [email protected] > Cc: Osterweil, Eric; Jim Schaad; <[email protected]> > Subject: Re: [dane] Comments on draft-ietf-dane-smime-04 > > >>>>> "OE" == Osterweil, Eric <[email protected]> writes: > > OE> With PGP, I can use a key with a diff email than the account from > OE> which I send it (for ex, I can use my spam account and rely on my > OE> full name and friends who know me to make the logical leap), do we > OE> all want DANE to outlaw this for S/MIME? > > Absolutely not. > > There is no value in forcing the sending email address to match the info in > any signature over the message (or over any part of the message). > > (With emphasis on /forcing/.) > > Those details may be used as *part* of the trust equation, but only as part. > > -JimC > -- > James Cloos <[email protected]> OpenPGP: 1024D/ED7DAEA6 _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
