Re: [Endymail] Hashes of key as addresses
Phillip Hallam-Baker <phill@hallambaker.com> Fri, 29 August 2014 13:37 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: endymail@ietfa.amsl.com
Delivered-To: endymail@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id C04881A035F
for <endymail@ietfa.amsl.com>; Fri, 29 Aug 2014 06:37:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 2.121
X-Spam-Level: **
X-Spam-Status: No, score=2.121 tagged_above=-999 required=5
tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, J_CHICKENPOX_14=0.6,
J_CHICKENPOX_41=0.6, MIME_8BIT_HEADER=0.3, SPF_PASS=-0.001]
autolearn=no
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id ki6U7i17sQUM for <endymail@ietfa.amsl.com>;
Fri, 29 Aug 2014 06:37:25 -0700 (PDT)
Received: from mail-la0-x233.google.com (mail-la0-x233.google.com
[IPv6:2a00:1450:4010:c03::233])
(using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id B53861A035D
for <endymail@ietf.org>; Fri, 29 Aug 2014 06:37:24 -0700 (PDT)
Received: by mail-la0-f51.google.com with SMTP id gl10so2722055lab.10
for <endymail@ietf.org>; Fri, 29 Aug 2014 06:37:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
h=mime-version:sender:in-reply-to:references:date:message-id:subject
:from:to:cc:content-type:content-transfer-encoding;
bh=J9e2+NgL1wmbOmIMIXCme+6q+dK9i+nBWQV2b9h1r2w=;
b=yGQYCUTSNnS/9WT6gIPl4EMJ9O38aean85xmOs96TC/x1Fwr+cxZdvrf7iqH27ji0X
eVPbsE+X0lXmh75mtvge589+hP0df59RIA7br6Xw9kTK5foCAQ3ykt0KLytLdudXVzk3
V1ESy3wRVget3/y+ELA0Ge3l6GRk2swSCe4moIiZ/PwHBGWoIaSMtCcgGP9CMEDpsle7
p5Alfd5UN78O8UsgX0CbdLlMoxACs+DrLw27G0RNbhmKFAdNu/XOk2mlQ+Abi02UhwXx
a1tfdqNAMV8+/MFXMEmVl6KI93OR7NYNhofbface7L7AFylZzd5xjuAsqg4Yti097feZ
gTbQ==
MIME-Version: 1.0
X-Received: by 10.152.20.168 with SMTP id o8mr11587323lae.4.1409319442951;
Fri, 29 Aug 2014 06:37:22 -0700 (PDT)
Sender: hallam@gmail.com
Received: by 10.112.122.50 with HTTP; Fri, 29 Aug 2014 06:37:22 -0700 (PDT)
In-Reply-To: <20140829091133.GA25723@yeono.kjorling.se>
References: <CAMm+LwimhUi5uZAgm9erYtMJ9-o6+x__344TwKH4-Pa_-mckfg@mail.gmail.com>
<20140829091133.GA25723@yeono.kjorling.se>
Date: Fri, 29 Aug 2014 09:37:22 -0400
X-Google-Sender-Auth: 2knQookpNi4fo9Lmo7_SDVUJp4A
Message-ID: <CAMm+LwhSYm7e4WevDKqewGuOk=O_Zd7dKa1ctfvBzyF3jz4jtg@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: =?UTF-8?Q?Michael_Kj=C3=B6rling?= <michael@kjorling.se>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Archived-At: http://mailarchive.ietf.org/arch/msg/endymail/2XTLsDwKF28yn9eqkyKEbKlnC2Y
Cc: endymail <endymail@ietf.org>
Subject: Re: [Endymail] Hashes of key as addresses
X-BeenThere: endymail@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <endymail.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/endymail>,
<mailto:endymail-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/endymail/>
List-Post: <mailto:endymail@ietf.org>
List-Help: <mailto:endymail-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/endymail>,
<mailto:endymail-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Aug 2014 13:37:26 -0000
On Fri, Aug 29, 2014 at 5:11 AM, Michael Kjörling <michael@kjorling.se> wrote: > On 28 Aug 2014 19:23 -0400, from phill@hallambaker.com (Phillip Hallam-Baker): >> Using hashes of keys as addresses is very powerful. There are >> basically three types of address in such schemes: >> >> 1) traditional human readable >> >> 2) hash of key >> >> 3) Traditional human readable + hash of key. >> >> >> So in PPE we use all three in different situations: >> >> 1) ACAIEA-FONPAC-5AC6LFA-K4ACHC-EAJWAHN-VPAM4A-COYPAO-VAA >> >> 2) alice@example.com >> >> 3) ACAIEA-FONPAC-5AC6LFA-K4ACHC-EAJWAHN-VPAM4A-COYPAO-VAA?alice@example.com >> >> >> We can apply the same approach with value to other situations. Lets >> say Alice owns example.com. We can create a strong domain name in the >> same way: >> >> ACAIEA-FONPAC-5AC6LFA-K4ACHC-EAJWAHN-VPAM4A-COYPAO-VAA?example.com > > Does this scheme not imply that everyone who wants to validate an > address, or know to where to pass a message given an address, needs to > either (a) query some form of central repository where all address > (hash)es are registered, or (b) have a local cache of all valid > address (hash)es? No, it implies some mechanism for resolving the hashes. But that does not need to be centralized. Right now what the PPE proxy does is to strip out the domain component of the email address and performs a HTTP WKS query for the phingerprint block. So it would look up http://example.com/.well-known/phb/ACAIEAFONPAC5AC6LFAK4ACHCEAJWAHNVPAM4ACOYPAOVAA The dashes are removed as they have no semantic information. They are purely for convenience. > Whether architectured in a distributed or centralized fashion, would > such a registry not become problematic? Lookups would be comparatively > costly (since even though it would be possible to split the storage, > you'd still be looking at what basically amounts to a sequential > search through some, likely relatively large, amount of data), if this > catches on it would soon grow very large, and imagine what spammers > would do if they could get their hands on a copy of that database. > Someone who is in control of such a database would have the potential > for massive (though not necessarily total) insight into who is > communicating with whom. No, the system is no worse than DNS and that scales. No sequential searches, its a hash table lookup and so extremely fast. Should not require more than 6 lookups. Each person's PHB is only a few KB so we are talking about 10 Tb or so of data if everyone has a key. That is very manageable. It would need a business model of course but so does every scheme that proposes infrastructure. > We know that breaches happen, even with the best of intentions (even > the NSA can't keep their data safe from breaches, as evidenced), so it > would appear that an architecture that creates such a valuable target > should be discouraged. \The infrastructure is not trusted except for service. An attacker cannot substitute an end-entity key because the key has to be signed by the master key that matches the hash. > Initial mapping from a human-friendly (no matter what format) to a > hash (no matter what format) address would also seem to present the > problem of ensuring that you are mapping the correct human-friendly > address. You could, given an appropriate design, after that point be > certain that you are communicating with the _same_ person that you > started out communicating with, but could you be certain that you are > communicating with the _intended_ person (as opposed to someone else > by mistake, and as opposed to a MITMer)? If the human-friendly address > is enough to uniquely identify the recipient, then why would we need a > hash-based address scheme at all? If it isn't, then how is Joe R. > User, who wants to send a message securely to Alice Journalist, > expected to pick between "Alice Journalist, ACAIEA FONPAC 5AC6LFA > K4ACHC EAJWAHN VPAM4A COYPAO VAA" and "Alice Journalist, GJEIWO FMCPTE > 9NM2GME X0AZZE XMDLWLF LLCP2K UHXHYM LHE", let alone between the first > and "Alice Journalist, ACAIEA F0NPAC 5AC6LFA K4ACHC EAJWAHN VPAM4A > COYPAO VAA"? That is the trust problem and there are various ways to address it. The first step though is to have a set of addresses that can be used to specify the trust relationship explicitly. Once we have that the trust problem is reduced to achieving the mapping. One way that works very well is to use QR codes in an in-person meeting. Web of Trust never worked the way PhilZ wanted. But we didn't carry supercomputers with cameras (aka smartphones) then. > Compare SMTP where the originating SMTP server can do preliminary > validation (on the order of ensuring that the address is well-formed, > the domain exists and has a MX or address record) while the receiving > SMTP server does final address validation (local-part/hostname pair > exists and points to a valid mailbox) in an interactive dialog between > the servers, allowing reasonably good error reporting back to the > originating sender without any one entity having a complete address > registry. Since DNS is also highly distributed, no one entity even has > a complete list of all valid domain or fully qualified host names. Well what you are doing is proposing the simplest solution to the problem and showing why it is inadequate. There does not need to be a central repository. There does not even need to be global connectivity.
- [Endymail] Hashes of key as addresses Phillip Hallam-Baker
- Re: [Endymail] Hashes of key as addresses Leo Vegoda
- Re: [Endymail] Hashes of key as addresses Phillip Hallam-Baker
- Re: [Endymail] Hashes of key as addresses Michael Kjörling
- Re: [Endymail] Hashes of key as addresses Phillip Hallam-Baker
- Re: [Endymail] Hashes of key as addresses Michael Kjörling
- Re: [Endymail] Hashes of key as addresses Stephen Farrell
- Re: [Endymail] Hashes of key as addresses Phillip Hallam-Baker
- Re: [Endymail] Hashes of key as addresses Steffen Nurpmeso
- Re: [Endymail] Hashes of key as addresses Arnt Gulbrandsen
- Re: [Endymail] Hashes of key as addresses Viktor Dukhovni
- Re: [Endymail] Hashes of key as addresses Phillip Hallam-Baker
- Re: [Endymail] Hashes of key as addresses Viktor Dukhovni