IETF Logo Mail Archive

Re: [Endymail] Another view of the problem and what the IETF could do

Phillip Hallam-Baker <hallam@gmail.com> Tue, 02 September 2014 20:36 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: endymail@ietfa.amsl.com
Delivered-To: endymail@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CF0601A0494 for <endymail@ietfa.amsl.com>; Tue, 2 Sep 2014 13:36:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YVjK_LAMsSyv for <endymail@ietfa.amsl.com>; Tue, 2 Sep 2014 13:36:00 -0700 (PDT)
Received: from mail-qg0-x233.google.com (mail-qg0-x233.google.com [IPv6:2607:f8b0:400d:c04::233]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 73CEE1A88C8 for <endymail@ietf.org>; Tue, 2 Sep 2014 13:36:00 -0700 (PDT)
Received: by mail-qg0-f51.google.com with SMTP id i50so7319329qgf.10 for <endymail@ietf.org>; Tue, 02 Sep 2014 13:35:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=AuDDZ/RnAlvRwmY1ehrvVgd6a+aufuGO88DLh4PkoqE=; b=uEABksH9oL1406056wG22MWI9v7MTw/4gEd5kn9LrJ9PNI0O9H9vJ9exUZDvi3AIa4 pmPzRWXOk7ugePOGHDmQKiF82auJvyMcJF6wvFMZC4MxqKyTo+5tU+onR37qQHAnQTUq Ycq0Q09/97ydC3ad2oIywTDyhhyhza7pp9TatLJrXpwS4/IwnHDirFIf/hKZfMIipxIj xqbyp3eYVnJhpMCm7T53yFNuMwlomCDc0nmc/ZyvG79lZ8bTsmmd0NVg6mQ4VW4U7by3 OUZbQg2AalaoFcuVvInuhHvPgkw2/k/JWHXE2uB9+0iEB87vm9BxzxyA4LnCoZH/VDtG lBuA==
X-Received: by 10.224.134.202 with SMTP id k10mr60767820qat.19.1409690159625; Tue, 02 Sep 2014 13:35:59 -0700 (PDT)
Received: from [33.142.53.161] ([172.56.23.23]) by mx.google.com with ESMTPSA id l7sm12537715qae.45.2014.09.02.13.35.58 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 02 Sep 2014 13:35:58 -0700 (PDT)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (1.0)
From: Phillip Hallam-Baker <hallam@gmail.com>
X-Mailer: iPad Mail (11B651)
In-Reply-To: <A8423D66-369A-4511-8A4C-EE4545E49111@adamcaudill.com>
Date: Tue, 2 Sep 2014 16:36:04 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <3093EBC2-B370-4675-B53D-20162E3D0CC9@gmail.com>
References: <CAHBU6iuxfqs9RszSaJLaTV_obKBCJ9Pzii+t9XANN3q+bJm-3Q@mail.gmail.com> <5404A3A3.9050506@cisco.com> <A8423D66-369A-4511-8A4C-EE4545E49111@adamcaudill.com>
To: Adam Caudill <adam@adamcaudill.com>
Archived-At: http://mailarchive.ietf.org/arch/msg/endymail/-thjWSF2e-zLr20Z_ZhuecRF0FE
X-Mailman-Approved-At: Tue, 02 Sep 2014 13:36:54 -0700
Cc: Tim Bray <tbray@textuality.com>, "endymail@ietf.org" <endymail@ietf.org>, Eliot Lear <lear@cisco.com>
Subject: Re: [Endymail] Another view of the problem and what the IETF could do
X-BeenThere: endymail@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <endymail.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/endymail>, <mailto:endymail-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/endymail/>
List-Post: <mailto:endymail@ietf.org>
List-Help: <mailto:endymail-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/endymail>, <mailto:endymail-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Sep 2014 20:36:05 -0000

On the key discovery problem, there are several separate questions:

1) I want to send email to Alice Splunge, what is her email address and what is her trust anchor

2) I know Alice Splunge has email address, alice.splunge@example.com, what is her trust anchor

3) I know Alice's trust anchor and email address, what public key should Bob Cratchet use to send her email?


Some of these questions are easier to answer than others. Which is why I distinguish trust anchor discovery (i.e. discovering the hash of a key that signs a security policy) from key discovery. 

Since spam is a concern, we might well not want to answer question 1, or at least not to just anyone. But we might distribute keys through social networks. So I my might not publish my email address on my Web site (I do actually) but I might put it on my linked in profile complete with my trust anchor.


For in person trust anchor exchange, QR codes are the way to go.

Sent from my iPad

> On Sep 2, 2014, at 4:03 PM, Adam Caudill <adam@adamcaudill.com> wrote:
> 
>> On Sep 1, 2014, at 12:49 PM, Eliot Lear <lear@cisco.com> wrote:
>> 
>>> On 8/27/14, 6:21 PM, Tim Bray wrote:
>>> 
>>> 1. Find a public key for the user that the sender’s prepared to trust.
>>> 
>>> This is a big problem. The PGP Web of Trust has failed, and we’ve all heard the griping about the CA biz.  Joe Hildebrand mentioned POSH & WebFinger and they’re both interesting.  I’m also interested in the notion of a key directory with associated proofs that you don’t have to trust, for example the one from https://keybase.io.  In particular see https://keybase.io/docs/server_security
>>> WORK FOR IETF: Get pro-active on key discovery/trust work? Standardize key search APIs?
>> 
>> If the IETF could solve but this problem such that it scales to the size of the Internet, everything else on your list would I think fall into place.  Unfortunately, key management really wasn't on your list, and that has to be addressed as well.  Also, I suspect that email programs probably need to evolve a bit to cope with all of this.  Case and point: I'm pretty sure I've lot one or two private keys along the way.  And, at least compared to your average Joe, I'm good at this.
> 
> No matter what the path forward is for secure messaging, key discovery (and reasonable key management) will be the cornerstone. If we don’t have solid public key discovery, then I fear we’ll just end up reinventing PGP.  For a system to scale to the same level email as we know it has, there needs to be transparent key discovery so that the average user need not be aware it’s even happening.
> 
> In the design I’ve been working on, it’s the responsibility of the messaging service provider to host a user directory, with signed updates that senders can use to get the proper key for a user (so, example.com would provide the sender with the info they need to send to bob@example.com).
> 
> I really think this needs to be a primary focus, and as Tim pointed out, this is something that makes sense for the IETF to work on. If we can establish a solid solution here, I agree completely with Eliot here, the rest will fall into place - and will open the door to many good options.
> 
> -- 
> Adam Caudill
> adam@adamcaudill.com
> http://adamcaudill.com/
> 
> 
> 
> _______________________________________________
> Endymail mailing list
> Endymail@ietf.org
> https://www.ietf.org/mailman/listinfo/endymail

v2.8.7 | Report a Bug | By Email