Re: [dispatch] Work for IETF114
Tim Bray <tbray@textuality.com> Thu, 16 June 2022 02:48 UTC
Return-Path: <tbray@textuality.com>
X-Original-To: dispatch@ietfa.amsl.com
Delivered-To: dispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BD973C15948E for <dispatch@ietfa.amsl.com>; Wed, 15 Jun 2022 19:48:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.908
X-Spam-Level:
X-Spam-Status: No, score=-1.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=textuality-com.20210112.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 94n0ACpWfbkA for <dispatch@ietfa.amsl.com>; Wed, 15 Jun 2022 19:48:14 -0700 (PDT)
Received: from mail-ed1-x52c.google.com (mail-ed1-x52c.google.com [IPv6:2a00:1450:4864:20::52c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5E9D5C157B57 for <dispatch@ietf.org>; Wed, 15 Jun 2022 19:48:14 -0700 (PDT)
Received: by mail-ed1-x52c.google.com with SMTP id z7so281336edm.13 for <dispatch@ietf.org>; Wed, 15 Jun 2022 19:48:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=textuality-com.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=jM4UEUbsY2CnpfGhOPS0Pan/lX2qQEFKx6f99cpNuHA=; b=5DR+pLvaT4Cf2jHXxvOjzEwAguBAme+WY9iX4RjcPc4yXVhACZm6kgp1nqFKt0jmYf tCfed6kAqYKLNYuSns6WDC5h/0gUPzfsWznW60I/QpyPhAtCZkp92dUm9yCAlbVjm/WE a6yuks9VdbJWAftMiCxSS73k37tfHyhTkCecMTu6TLmTAnD+kh1WBuF5mN6gan9IcTSS ypHLeZTtb4o5DVZnZ+E5q7s/ekB70gImdq/gtzbOyKmlqKaxSsCjLVDHL76f/BtE43Ky 7ysly6Ix3A9v5WFgslBfgq49WbnYVK3gQ1emH5bsFaa5rjio83GJGTTqM5+CxkKNCENi XKoA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=jM4UEUbsY2CnpfGhOPS0Pan/lX2qQEFKx6f99cpNuHA=; b=gQ1nzGajPq8iBCC5Npjxj0k95U3Zp46JlrYiiFPU0Im5hbY3HdplnE78sksrnhNBru TA02+rYQXCQlLZSr4Pm7pQXV0o/vp0kJNzosiogNFLrxXkAGd/NVhyh8GkDJtGR8FImU 7wWOom/xgjSggCDw4dK5PWu/0wxelp5gzbaApDaT/JBVqC8VKw0QY52S2PfOYVdosX+9 66hou/pkXi0X11AIMBJxA2YIpRqaa7w9PQYUgAhGbOtm7f84/H26QmrtiVMMugtXnM6U l0ZftF/O6L3VsbGtcvIfB0066HBDdLIqDNG9PLur5LETJSrOM9QWb7WAUz49cGehu9Rf RNtw==
X-Gm-Message-State: AJIora/BarkFzfZzUwlOEsa1ANTxl31e1SeFzDnEGgiNJ0/w0UZQnilL 6MNugI4FEq0PkNracu1aOTE+7hVZ88+ayew+LQZ8oFiPK5bgmA==
X-Google-Smtp-Source: AGRyM1v25wzMrfBLV5bsxMgPwDjPd6YrA2HIvISANr4BAYK0BEm4fLDPkJMODd6Un/M+IhcLUAe4yEeoNbrZYOqxJRA=
X-Received: by 2002:aa7:cb05:0:b0:431:95b9:6d31 with SMTP id s5-20020aa7cb05000000b0043195b96d31mr3681123edt.56.1655347692707; Wed, 15 Jun 2022 19:48:12 -0700 (PDT)
MIME-Version: 1.0
References: <ec38343d-6c89-4c8a-82c0-484375bd89b1@www.fastmail.com> <CAHBU6iuKpV-GTyOTHaytg9_MxDtrNNuSF88WWsTp3wfLmpfsQQ@mail.gmail.com> <5639B870-AC11-4111-B58A-BC02E7172D7C@mnot.net> <CAHBU6ivOnYghs8OVnuSM2_qt5ypTyXjG3E2ZEG3Zb4Qd1CCx4Q@mail.gmail.com> <b8720cce-5312-4320-874d-afad8db3721c@beta.fastmail.com>
In-Reply-To: <b8720cce-5312-4320-874d-afad8db3721c@beta.fastmail.com>
From: Tim Bray <tbray@textuality.com>
Date: Wed, 15 Jun 2022 19:48:01 -0700
Message-ID: <CAHBU6isW95meqLdM5DNj0T12oG8j=E4tufuxC-vxJKL1DtyraQ@mail.gmail.com>
To: Martin Thomson <mt@lowentropy.net>
Cc: DISPATCH list <dispatch@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000034331705e187ab54"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dispatch/zb2rCP4TbjsTb2WmOJUc4tP0Qk8>
Subject: Re: [dispatch] Work for IETF114
X-BeenThere: dispatch@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: DISPATCH Working Group Mail List <dispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dispatch>, <mailto:dispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dispatch/>
List-Post: <mailto:dispatch@ietf.org>
List-Help: <mailto:dispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dispatch>, <mailto:dispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Jun 2022 02:48:19 -0000
On Wed, Jun 15, 2022 at 7:19 PM Martin Thomson <mt@lowentropy.net> wrote: I am not sure about use of key identifiers vs. keys. > D'oh, if you're going to send the URI over a secure channel you could just put the key right there in the fragment (*cough* ed25519 *cough*). And arguably you shouldn’t be doing this kind of thing without a secure channel. After all, in Bron's scenario you're emulating the semantic of a (presumably unencrypted) attached file. > On Thu, Jun 16, 2022, at 12:09, Tim Bray wrote: > > If someone convinced me that there was any actual appetite for such a > > thing and it'd have a chance of being implemented, I'd help with an I-D. > > > > On Wed, Jun 15, 2022 at 6:57 PM Mark Nottingham <mnot@mnot.net> wrote: > >> Tim's approach is the direction I'd encourage you to go in -- being > able to reusing an existing scheme has a lot of merit. > >> > >> Cheers, > >> > >> > >> > On 11 Jun 2022, at 2:06 am, Tim Bray <tbray@textuality.com> wrote: > >> > > >> > You know, you wouldn't have to invent *that* much new. When you > retrieve https://example.com/foo#bar, the "#bar" part isn't sent to the > server, and the rules say it is interpreted with respect to the > content-type of whatever you get. It's called the Fragment Identifier ( > https://datatracker.ietf.org/doc/html/rfc3986#section-3.5) and normally > used to identify a fragment within the resource representation, but let's > ignore that. So suppose you invent a new media type, say > app/encrypted-file. Then you invent a tiny little language to go in the > fragment identifier. E.g. > >> > > >> > https://example.com/#KeyID=48954289574239 > >> > > >> > or possibly even > >> > > >> > https://example.com/#KeyHost=tbray.org&KeyID=48954289574239 > >> > > >> > When this thing is retrieved (without the #fragment) you get > something with Content-type: app/encrypted-file > >> > > >> > Now, there'd need to be serious thinking about chain of trust. > Obviously you'd require trust and encryption for the channel over which the > URI-with-fragment is transmitted. Then there's the matter of where the key > comes from. In the second form, one assumes the key is in > example.org//.well-known/something and the receiver only really needs to > decide to trust example.org. The first form, where there's a > pre-existing out-of-band arrangement about where to get keys from, is > attractive. I think you still need the KeyID thing. > >> > > >> > Wouldn't be that hard to implement. > >> > > >> > > >> > On Fri, Jun 10, 2022 at 6:22 AM Bron Gondwana <brong@fastmailteam.com> > wrote: > >> > Yep, me again with something new that's bubbling up out of the "large > files over email" problem. > >> > > >> > I'm not quite sure the shape of this, but I'd like some time to talk > about something which might be a media type, might be a URI scheme, might > be... I dunno. I'm sure the group will have zillions of opinions about > both what the work should be, and what it should look like. I can give you > the user experience and use-case that I want anyway. > >> > > >> > ... > >> > > >> > Use case: user wants to store a file encrypted on a server, and > provide a link such that their recipient can get the decrypted file, > without the server ever seeing the plaintext content. > >> > > >> > Which basically means - the URL/URI that the sender provides to the > recipient contains the key data to decrypt the content, encoded into the > URI in such a way that it's not provided to the server. There are pros and > cons of different approaches, but ideally the operating system / browser / > library transparently does the decryption as part of the fetching such that > a piece of client software doesn't care if the data is stored in plaintext > and transferred over HTTPS (or whatever), or stored encrypted on the server > with zero knowledge - either way the client program / library gets the raw > data plaintext and doesn't have to care what the sender intended. > >> > > >> > Obviously, this only works if the recipient supports it, so > bootstrapping is going to be a pain. But I haven't seen something like > this existing, and it would be SOOOOOO much nicer to have this > transparently able to be embedded in the URI and handled by lower levels > rather than having to design and specify an optional encryption layer in > the email large file handling stuff. > >> > > >> > ... > >> > > >> > I'll put together a better proposal in the next couple of weeks, but > just requesting the agenda time now :) > >> > > >> > And I would LOVE it if someone already knows that such a thing exists > and can point me to it instead of having to reinvent the wheel. > >> > > >> > Cheers, > >> > > >> > Bron. > >> > > >> > -- > >> > Bron Gondwana, CEO, Fastmail Pty Ltd > >> > brong@fastmailteam.com > >> > > >> > > >> > _______________________________________________ > >> > dispatch mailing list > >> > dispatch@ietf.org > >> > https://www.ietf.org/mailman/listinfo/dispatch > >> > _______________________________________________ > >> > dispatch mailing list > >> > dispatch@ietf.org > >> > https://www.ietf.org/mailman/listinfo/dispatch > >> > >> -- > >> Mark Nottingham https://www.mnot.net/ > >> > > _______________________________________________ > > dispatch mailing list > > dispatch@ietf.org > > https://www.ietf.org/mailman/listinfo/dispatch > > _______________________________________________ > dispatch mailing list > dispatch@ietf.org > https://www.ietf.org/mailman/listinfo/dispatch >
- [dispatch] Work for IETF114 Bron Gondwana
- Re: [dispatch] Work for IETF114 Julian Reschke
- Re: [dispatch] Work for IETF114 John C Klensin
- Re: [dispatch] Work for IETF114 Tim Bray
- Re: [dispatch] Work for IETF114 message external … John Levine
- Re: [dispatch] Work for IETF114 message external … John C Klensin
- Re: [dispatch] Work for IETF114 worley
- Re: [dispatch] Work for IETF114 Mark Nottingham
- Re: [dispatch] Work for IETF114 Tim Bray
- Re: [dispatch] Work for IETF114 Martin Thomson
- Re: [dispatch] Work for IETF114 Tim Bray
- Re: [dispatch] Work for IETF114 Martin Thomson
- Re: [dispatch] Work for IETF114 Bron Gondwana
- Re: [dispatch] Work for IETF114 Richard Barnes
- Re: [dispatch] Work for IETF114 Richard Barnes