IETF Logo Mail Archive

Re: [dispatch] Work for IETF114

Tim Bray <tbray@textuality.com> Thu, 16 June 2022 02:48 UTC

Return-Path: <tbray@textuality.com>
X-Original-To: dispatch@ietfa.amsl.com
Delivered-To: dispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BD973C15948E for <dispatch@ietfa.amsl.com>; Wed, 15 Jun 2022 19:48:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.908
X-Spam-Level:
X-Spam-Status: No, score=-1.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=textuality-com.20210112.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 94n0ACpWfbkA for <dispatch@ietfa.amsl.com>; Wed, 15 Jun 2022 19:48:14 -0700 (PDT)
Received: from mail-ed1-x52c.google.com (mail-ed1-x52c.google.com [IPv6:2a00:1450:4864:20::52c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5E9D5C157B57 for <dispatch@ietf.org>; Wed, 15 Jun 2022 19:48:14 -0700 (PDT)
Received: by mail-ed1-x52c.google.com with SMTP id z7so281336edm.13 for <dispatch@ietf.org>; Wed, 15 Jun 2022 19:48:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=textuality-com.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=jM4UEUbsY2CnpfGhOPS0Pan/lX2qQEFKx6f99cpNuHA=; b=5DR+pLvaT4Cf2jHXxvOjzEwAguBAme+WY9iX4RjcPc4yXVhACZm6kgp1nqFKt0jmYf tCfed6kAqYKLNYuSns6WDC5h/0gUPzfsWznW60I/QpyPhAtCZkp92dUm9yCAlbVjm/WE a6yuks9VdbJWAftMiCxSS73k37tfHyhTkCecMTu6TLmTAnD+kh1WBuF5mN6gan9IcTSS ypHLeZTtb4o5DVZnZ+E5q7s/ekB70gImdq/gtzbOyKmlqKaxSsCjLVDHL76f/BtE43Ky 7ysly6Ix3A9v5WFgslBfgq49WbnYVK3gQ1emH5bsFaa5rjio83GJGTTqM5+CxkKNCENi XKoA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=jM4UEUbsY2CnpfGhOPS0Pan/lX2qQEFKx6f99cpNuHA=; b=gQ1nzGajPq8iBCC5Npjxj0k95U3Zp46JlrYiiFPU0Im5hbY3HdplnE78sksrnhNBru TA02+rYQXCQlLZSr4Pm7pQXV0o/vp0kJNzosiogNFLrxXkAGd/NVhyh8GkDJtGR8FImU 7wWOom/xgjSggCDw4dK5PWu/0wxelp5gzbaApDaT/JBVqC8VKw0QY52S2PfOYVdosX+9 66hou/pkXi0X11AIMBJxA2YIpRqaa7w9PQYUgAhGbOtm7f84/H26QmrtiVMMugtXnM6U l0ZftF/O6L3VsbGtcvIfB0066HBDdLIqDNG9PLur5LETJSrOM9QWb7WAUz49cGehu9Rf RNtw==
X-Gm-Message-State: AJIora/BarkFzfZzUwlOEsa1ANTxl31e1SeFzDnEGgiNJ0/w0UZQnilL 6MNugI4FEq0PkNracu1aOTE+7hVZ88+ayew+LQZ8oFiPK5bgmA==
X-Google-Smtp-Source: AGRyM1v25wzMrfBLV5bsxMgPwDjPd6YrA2HIvISANr4BAYK0BEm4fLDPkJMODd6Un/M+IhcLUAe4yEeoNbrZYOqxJRA=
X-Received: by 2002:aa7:cb05:0:b0:431:95b9:6d31 with SMTP id s5-20020aa7cb05000000b0043195b96d31mr3681123edt.56.1655347692707; Wed, 15 Jun 2022 19:48:12 -0700 (PDT)
MIME-Version: 1.0
References: <ec38343d-6c89-4c8a-82c0-484375bd89b1@www.fastmail.com> <CAHBU6iuKpV-GTyOTHaytg9_MxDtrNNuSF88WWsTp3wfLmpfsQQ@mail.gmail.com> <5639B870-AC11-4111-B58A-BC02E7172D7C@mnot.net> <CAHBU6ivOnYghs8OVnuSM2_qt5ypTyXjG3E2ZEG3Zb4Qd1CCx4Q@mail.gmail.com> <b8720cce-5312-4320-874d-afad8db3721c@beta.fastmail.com>
In-Reply-To: <b8720cce-5312-4320-874d-afad8db3721c@beta.fastmail.com>
From: Tim Bray <tbray@textuality.com>
Date: Wed, 15 Jun 2022 19:48:01 -0700
Message-ID: <CAHBU6isW95meqLdM5DNj0T12oG8j=E4tufuxC-vxJKL1DtyraQ@mail.gmail.com>
To: Martin Thomson <mt@lowentropy.net>
Cc: DISPATCH list <dispatch@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000034331705e187ab54"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dispatch/zb2rCP4TbjsTb2WmOJUc4tP0Qk8>
Subject: Re: [dispatch] Work for IETF114
X-BeenThere: dispatch@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: DISPATCH Working Group Mail List <dispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dispatch>, <mailto:dispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dispatch/>
List-Post: <mailto:dispatch@ietf.org>
List-Help: <mailto:dispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dispatch>, <mailto:dispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Jun 2022 02:48:19 -0000

On Wed, Jun 15, 2022 at 7:19 PM Martin Thomson <mt@lowentropy.net> wrote:

 I am not sure about use of key identifiers vs. keys.
>

D'oh, if you're going to send the URI over a secure channel you could just
put the key right there in the fragment (*cough* ed25519 *cough*). And
arguably you shouldn’t be doing this kind of thing without a secure
channel. After all, in Bron's scenario you're emulating the semantic of a
(presumably unencrypted) attached file.


> On Thu, Jun 16, 2022, at 12:09, Tim Bray wrote:
> > If someone convinced me that there was any actual appetite for such a
> > thing and it'd have a chance of being implemented, I'd help with an I-D.
> >
> > On Wed, Jun 15, 2022 at 6:57 PM Mark Nottingham <mnot@mnot.net> wrote:
> >> Tim's approach is the direction I'd encourage you to go in -- being
> able to reusing an existing scheme has a lot of merit.
> >>
> >> Cheers,
> >>
> >>
> >> > On 11 Jun 2022, at 2:06 am, Tim Bray <tbray@textuality.com> wrote:
> >> >
> >> > You know, you wouldn't have to invent *that* much new. When you
> retrieve https://example.com/foo#bar, the "#bar" part isn't sent to the
> server, and the rules say it is interpreted with respect to the
> content-type of whatever you get.  It's called the Fragment Identifier (
> https://datatracker.ietf.org/doc/html/rfc3986#section-3.5) and normally
> used to identify a fragment within the resource representation, but let's
> ignore that.  So suppose you invent a new media type, say
> app/encrypted-file.  Then you invent a tiny little language to go in the
> fragment identifier. E.g.
> >> >
> >> > https://example.com/#KeyID=48954289574239
> >> >
> >> > or possibly even
> >> >
> >> > https://example.com/#KeyHost=tbray.org&KeyID=48954289574239
> >> >
> >> > When this thing is retrieved (without the #fragment) you get
> something with Content-type: app/encrypted-file
> >> >
> >> > Now, there'd need to be serious thinking about chain of trust.
> Obviously you'd require trust and encryption for the channel over which the
> URI-with-fragment is transmitted.  Then there's the matter of where the key
> comes from. In the second form, one assumes the key is in
> example.org//.well-known/something  and the receiver only really needs to
> decide to trust example.org.  The first form, where there's a
> pre-existing out-of-band arrangement about where to get keys from, is
> attractive.  I think you still need the KeyID thing.
> >> >
> >> > Wouldn't be that hard to implement.
> >> >
> >> >
> >> > On Fri, Jun 10, 2022 at 6:22 AM Bron Gondwana <brong@fastmailteam.com>
> wrote:
> >> > Yep, me again with something new that's bubbling up out of the "large
> files over email" problem.
> >> >
> >> > I'm not quite sure the shape of this, but I'd like some time to talk
> about something which might be a media type, might be a URI scheme, might
> be... I dunno.  I'm sure the group will have zillions of opinions about
> both what the work should be, and what it should look like.  I can give you
> the user experience and use-case that I want anyway.
> >> >
> >> > ...
> >> >
> >> > Use case: user wants to store a file encrypted on a server, and
> provide a link such that their recipient can get the decrypted file,
> without the server ever seeing the plaintext content.
> >> >
> >> > Which basically means - the URL/URI that the sender provides to the
> recipient contains the key data to decrypt the content, encoded into the
> URI in such a way that it's not provided to the server.  There are pros and
> cons of different approaches, but ideally the operating system / browser /
> library transparently does the decryption as part of the fetching such that
> a piece of client software doesn't care if the data is stored in plaintext
> and transferred over HTTPS (or whatever), or stored encrypted on the server
> with zero knowledge - either way the client program / library gets the raw
> data plaintext and doesn't have to care what the sender intended.
> >> >
> >> > Obviously, this only works if the recipient supports it, so
> bootstrapping is going to be a pain.  But I haven't seen something like
> this existing, and it would be SOOOOOO much nicer to have this
> transparently able to be embedded in the URI and handled by lower levels
> rather than having to design and specify an optional encryption layer in
> the email large file handling stuff.
> >> >
> >> > ...
> >> >
> >> > I'll put together a better proposal in the next couple of weeks, but
> just requesting the agenda time now :)
> >> >
> >> > And I would LOVE it if someone already knows that such a thing exists
> and can point me to it instead of having to reinvent the wheel.
> >> >
> >> > Cheers,
> >> >
> >> > Bron.
> >> >
> >> > --
> >> >   Bron Gondwana, CEO, Fastmail Pty Ltd
> >> >   brong@fastmailteam.com
> >> >
> >> >
> >> > _______________________________________________
> >> > dispatch mailing list
> >> > dispatch@ietf.org
> >> > https://www.ietf.org/mailman/listinfo/dispatch
> >> > _______________________________________________
> >> > dispatch mailing list
> >> > dispatch@ietf.org
> >> > https://www.ietf.org/mailman/listinfo/dispatch
> >>
> >> --
> >> Mark Nottingham   https://www.mnot.net/
> >>
> > _______________________________________________
> > dispatch mailing list
> > dispatch@ietf.org
> > https://www.ietf.org/mailman/listinfo/dispatch
>
> _______________________________________________
> dispatch mailing list
> dispatch@ietf.org
> https://www.ietf.org/mailman/listinfo/dispatch
>

v2.23.0 | Report a Bug | By Email