Re: [dispatch] Work for IETF114
Martin Thomson <mt@lowentropy.net> Thu, 16 June 2022 02:19 UTC
Return-Path: <mt@lowentropy.net>
X-Original-To: dispatch@ietfa.amsl.com
Delivered-To: dispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AF711C157B57 for <dispatch@ietfa.amsl.com>; Wed, 15 Jun 2022 19:19:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.11
X-Spam-Level:
X-Spam-Status: No, score=-2.11 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=w58FLsVp; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=mKlrTqMg
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tXZVTAkUDj3R for <dispatch@ietfa.amsl.com>; Wed, 15 Jun 2022 19:19:20 -0700 (PDT)
Received: from wout1-smtp.messagingengine.com (wout1-smtp.messagingengine.com [64.147.123.24]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 727D5C15790C for <dispatch@ietf.org>; Wed, 15 Jun 2022 19:19:20 -0700 (PDT)
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.west.internal (Postfix) with ESMTP id 58D523200A2D for <dispatch@ietf.org>; Wed, 15 Jun 2022 22:19:17 -0400 (EDT)
Received: from imap41 ([10.202.2.91]) by compute3.internal (MEProxy); Wed, 15 Jun 2022 22:19:17 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=cc:content-type:date:date:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to; s=fm3; t=1655345956; x=1655432356; bh=9wOT3Y4GGd 8QSLlBjpJc/f2QjKKw2lHurug7lmEWMxc=; b=w58FLsVpPeYHvFE6zN89TUXpHY ctDK6/X2JD+l+a2R72CdwUy8mknbblRgnJxtSYmae42+HmsyJ4R2OpxbWnmHX+6n GDeWdYqbhrr8JYbAq8eNmRagxRgxRsduiGi8FaXDHXVDbU42F1TSEeh0IeWXGhRe u+gr396RAKaJg2Df4XBGDfHrtOBiVAZC1g9ADWkJobbhWMBPnXF5ZXwhDvXJiT1T 0qgJaCuvTTD7hp69E+taZwhnSvuSF/oiYiFjcYZJmBFI/EA7GGfPKzCs6KPNw3gr chFTNIUB/StHnh73SY2mZdLim9emTCZ41EErZ5Ib6cJrPBvjjtwtQ/TmoWjw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:date:feedback-id :feedback-id:from:from:in-reply-to:in-reply-to:message-id :mime-version:references:reply-to:sender:subject:subject:to:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm2; t=1655345956; x=1655432356; bh=9wOT3Y4GGd8QSLlBjpJc/f2QjKKw 2lHurug7lmEWMxc=; b=mKlrTqMgKcoq6R0lDeGRVjusdCntYiM21qAjAcDFr5M6 wlDJ2POMUivvNv6Zkq/CFCX6EcAoXoDlbMxzvpi1xjpeiHFJ5P+EykBPOpPuTFvP uhKFRNaZVaOswCJm2qHEbyEPMFYbOY7WMdAd1XbmPA3VLtxaXW6w88epFUyTYFvb XhMryVfWzF/Ud2LCE4yIomFOLkH0b86WTF0RLG45tISjaTE/bZCajtjCJfchzvpy YJCOQF4bIhOdZVAppuxYtbSI33i8qPMtAT9A70kANHKUXuZz7n97VDs/0hOFoLy3 lwXvuadJcYkKSUUzF61JFqTI4kJ+JhGg3fj3UxJ6cw==
X-ME-Sender: <xms:JJOqYlGC9eMAEpTyV11ltdtOAVjLDBkmRMDgNNZ4vFQNNg4NXgTJKw> <xme:JJOqYqVeP0vB1Bp1nlCAYu7iUDwZz_GWvoixe__fTqorh5ykrumqNO36fM8737TNk tyokw7ro1vrR9cmgPI>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvfedruddvvddgheeiucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfgjfhffhffvufgtsehttd ertderredtnecuhfhrohhmpedfofgrrhhtihhnucfvhhhomhhsohhnfdcuoehmtheslhho figvnhhtrhhophihrdhnvghtqeenucggtffrrghtthgvrhhnpeevieffhfeffeeggeekle euheeuveevffduudeivefhfeejhfehteettdfhgfelleenucffohhmrghinhepvgigrghm phhlvgdrtghomhdpihgvthhfrdhorhhgpdgvgigrmhhplhgvrdhorhhgpdhmnhhothdrnh gvthenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehm theslhhofigvnhhtrhhophihrdhnvght
X-ME-Proxy: <xmx:JJOqYnLif0Z6n1Wo0r5uE5mZdI5aN-v1MYanPl19atvYUvF57Qs7_Q> <xmx:JJOqYrFC4cvT_hcI50jZbzi_Kz37vOsDvYNgsncHrWxJGMzXAM5MmQ> <xmx:JJOqYrUvRGa7EvY6Qnqk1RU3R7rHwRDBJ3pTlUkigZ3L73a75SId8w> <xmx:JJOqYjiGm484Zud98MO2RP-u9nhL7VvkoU1MrtgNERLSJWcz2GuMFA>
Feedback-ID: ic129442d:Fastmail
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 98F53234007B; Wed, 15 Jun 2022 22:19:16 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.7.0-alpha0-712-gb9e94258b0-fm-20220610.001-gb9e94258
Mime-Version: 1.0
Message-Id: <b8720cce-5312-4320-874d-afad8db3721c@beta.fastmail.com>
In-Reply-To: <CAHBU6ivOnYghs8OVnuSM2_qt5ypTyXjG3E2ZEG3Zb4Qd1CCx4Q@mail.gmail.com>
References: <ec38343d-6c89-4c8a-82c0-484375bd89b1@www.fastmail.com> <CAHBU6iuKpV-GTyOTHaytg9_MxDtrNNuSF88WWsTp3wfLmpfsQQ@mail.gmail.com> <5639B870-AC11-4111-B58A-BC02E7172D7C@mnot.net> <CAHBU6ivOnYghs8OVnuSM2_qt5ypTyXjG3E2ZEG3Zb4Qd1CCx4Q@mail.gmail.com>
Date: Thu, 16 Jun 2022 12:19:06 +1000
From: Martin Thomson <mt@lowentropy.net>
To: dispatch@ietf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/dispatch/j4BHVQj5MBsEY2fZHMTwTi2XyFc>
Subject: Re: [dispatch] Work for IETF114
X-BeenThere: dispatch@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: DISPATCH Working Group Mail List <dispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dispatch>, <mailto:dispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dispatch/>
List-Post: <mailto:dispatch@ietf.org>
List-Help: <mailto:dispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dispatch>, <mailto:dispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Jun 2022 02:19:24 -0000
Likewise. Like Mark, I think that this is far more tractable. I'll also point at RFC 9180 for the encryption piece. It might be too much, and it certainly isn't enough, but it is worth avoiding attempts to roll your own. (I'll point out that the whole "check the hash" piece is what we use authenticated encryption for, so don't fixate on that part. As long as the key can be conveyed (by value or reference), the rest is fairly straightforward. I am not sure about use of key identifiers vs. keys. On Thu, Jun 16, 2022, at 12:09, Tim Bray wrote: > If someone convinced me that there was any actual appetite for such a > thing and it'd have a chance of being implemented, I'd help with an I-D. > > On Wed, Jun 15, 2022 at 6:57 PM Mark Nottingham <mnot@mnot.net> wrote: >> Tim's approach is the direction I'd encourage you to go in -- being able to reusing an existing scheme has a lot of merit. >> >> Cheers, >> >> >> > On 11 Jun 2022, at 2:06 am, Tim Bray <tbray@textuality.com> wrote: >> > >> > You know, you wouldn't have to invent *that* much new. When you retrieve https://example.com/foo#bar, the "#bar" part isn't sent to the server, and the rules say it is interpreted with respect to the content-type of whatever you get. It's called the Fragment Identifier (https://datatracker.ietf.org/doc/html/rfc3986#section-3.5) and normally used to identify a fragment within the resource representation, but let's ignore that. So suppose you invent a new media type, say app/encrypted-file. Then you invent a tiny little language to go in the fragment identifier. E.g. >> > >> > https://example.com/#KeyID=48954289574239 >> > >> > or possibly even >> > >> > https://example.com/#KeyHost=tbray.org&KeyID=48954289574239 >> > >> > When this thing is retrieved (without the #fragment) you get something with Content-type: app/encrypted-file >> > >> > Now, there'd need to be serious thinking about chain of trust. Obviously you'd require trust and encryption for the channel over which the URI-with-fragment is transmitted. Then there's the matter of where the key comes from. In the second form, one assumes the key is in example.org//.well-known/something and the receiver only really needs to decide to trust example.org. The first form, where there's a pre-existing out-of-band arrangement about where to get keys from, is attractive. I think you still need the KeyID thing. >> > >> > Wouldn't be that hard to implement. >> > >> > >> > On Fri, Jun 10, 2022 at 6:22 AM Bron Gondwana <brong@fastmailteam.com> wrote: >> > Yep, me again with something new that's bubbling up out of the "large files over email" problem. >> > >> > I'm not quite sure the shape of this, but I'd like some time to talk about something which might be a media type, might be a URI scheme, might be... I dunno. I'm sure the group will have zillions of opinions about both what the work should be, and what it should look like. I can give you the user experience and use-case that I want anyway. >> > >> > ... >> > >> > Use case: user wants to store a file encrypted on a server, and provide a link such that their recipient can get the decrypted file, without the server ever seeing the plaintext content. >> > >> > Which basically means - the URL/URI that the sender provides to the recipient contains the key data to decrypt the content, encoded into the URI in such a way that it's not provided to the server. There are pros and cons of different approaches, but ideally the operating system / browser / library transparently does the decryption as part of the fetching such that a piece of client software doesn't care if the data is stored in plaintext and transferred over HTTPS (or whatever), or stored encrypted on the server with zero knowledge - either way the client program / library gets the raw data plaintext and doesn't have to care what the sender intended. >> > >> > Obviously, this only works if the recipient supports it, so bootstrapping is going to be a pain. But I haven't seen something like this existing, and it would be SOOOOOO much nicer to have this transparently able to be embedded in the URI and handled by lower levels rather than having to design and specify an optional encryption layer in the email large file handling stuff. >> > >> > ... >> > >> > I'll put together a better proposal in the next couple of weeks, but just requesting the agenda time now :) >> > >> > And I would LOVE it if someone already knows that such a thing exists and can point me to it instead of having to reinvent the wheel. >> > >> > Cheers, >> > >> > Bron. >> > >> > -- >> > Bron Gondwana, CEO, Fastmail Pty Ltd >> > brong@fastmailteam.com >> > >> > >> > _______________________________________________ >> > dispatch mailing list >> > dispatch@ietf.org >> > https://www.ietf.org/mailman/listinfo/dispatch >> > _______________________________________________ >> > dispatch mailing list >> > dispatch@ietf.org >> > https://www.ietf.org/mailman/listinfo/dispatch >> >> -- >> Mark Nottingham https://www.mnot.net/ >> > _______________________________________________ > dispatch mailing list > dispatch@ietf.org > https://www.ietf.org/mailman/listinfo/dispatch
- [dispatch] Work for IETF114 Bron Gondwana
- Re: [dispatch] Work for IETF114 Julian Reschke
- Re: [dispatch] Work for IETF114 John C Klensin
- Re: [dispatch] Work for IETF114 Tim Bray
- Re: [dispatch] Work for IETF114 message external … John Levine
- Re: [dispatch] Work for IETF114 message external … John C Klensin
- Re: [dispatch] Work for IETF114 worley
- Re: [dispatch] Work for IETF114 Mark Nottingham
- Re: [dispatch] Work for IETF114 Tim Bray
- Re: [dispatch] Work for IETF114 Martin Thomson
- Re: [dispatch] Work for IETF114 Tim Bray
- Re: [dispatch] Work for IETF114 Martin Thomson
- Re: [dispatch] Work for IETF114 Bron Gondwana
- Re: [dispatch] Work for IETF114 Richard Barnes
- Re: [dispatch] Work for IETF114 Richard Barnes