[Endymail] Secure universal message addressing

Natanael <natanael.l@gmail.com> Mon, 04 April 2016 14:56 UTC

Return-Path: <natanael.l@gmail.com>
X-Original-To: endymail@ietfa.amsl.com
Delivered-To: endymail@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C31012D744 for <endymail@ietfa.amsl.com>; Mon, 4 Apr 2016 07:56:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o89UcctlPGlg for <endymail@ietfa.amsl.com>; Mon, 4 Apr 2016 07:56:26 -0700 (PDT)
Received: from mail-qg0-x233.google.com (mail-qg0-x233.google.com [IPv6:2607:f8b0:400d:c04::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7110112D78A for <endymail@ietf.org>; Mon, 4 Apr 2016 07:56:00 -0700 (PDT)
Received: by mail-qg0-x233.google.com with SMTP id c6so24156200qga.1 for <endymail@ietf.org>; Mon, 04 Apr 2016 07:56:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to; bh=2BkG328G0gBYhTXpqxCxZQKz6cv2FmRv0W3zVqi5Ka4=; b=GmIsKd6mFssRiE/zUYsYzQ1XedH2+1f/IJ+vCycV3ACu5OLnhteiyvcvvsNF0z7giR /5KL1ZtPJS5IjbbwCImI4w+KcCvHlRGV9WPeIoQ+jWW2Y/FFmjL1XjGC+mOQTeOySa4F kmR/07pBgqkOwL5OwzW5aJe4xeWZKyPrI8se/m08BEFI3n1W9vhbFkEMxUDPPoY6qwg6 DyniWxSt+tI588jCHUWuWBh5k0RBqwII00SuAyokThovGxYSqZrkd43XU/Ar6qQivWfa dnsUpAkONGTcXdq+QQTBigNAeY0GFx4qmxCc7KtxdbiJA7UXPXs8uV0sBv3boKPbPoHD qDaA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to; bh=2BkG328G0gBYhTXpqxCxZQKz6cv2FmRv0W3zVqi5Ka4=; b=JT2JD42TmAVbJ0qY70Nujj+bqU5CEHlmRT5+zvm8wZb03SAPz6JZVh/dh9BpjhAGID 3G+l6rIsvv1ICBvTfelCQQmKVYWi0HoATs+QwbyAISk/fiZRbo40iyc1201RU54JsQoQ g9Ria6GXAFhgLI+V3m3kBVImtyj+sYUQ2hc594+Nl5w5L8QKy+krqQb9iLqzb3LGmYb/ qDhjTBKCKJjx313HcSJKD3BUkEcDKbcpDSgRsMWEk3vCpDGfCuc39WF5XWtIxFWNvEL1 Otd2NpFF0ju22aEp4yiDm8c7oH9ibXCku6gngH++i3hWC4aqXeZ6U0B9eb2COKoBgBMV d6tQ==
X-Gm-Message-State: AD7BkJLPT909SHMEOIrnaY+bKQieA5cKQWGXUV2SDuEpD3otsfDyzkSi2Vbx2M9sWmpJOvhdFkc9w7050ngw5Q==
MIME-Version: 1.0
X-Received: by 10.194.174.39 with SMTP id bp7mr13617602wjc.28.1459781759326; Mon, 04 Apr 2016 07:55:59 -0700 (PDT)
Received: by 10.194.23.195 with HTTP; Mon, 4 Apr 2016 07:55:58 -0700 (PDT)
Received: by 10.194.23.195 with HTTP; Mon, 4 Apr 2016 07:55:58 -0700 (PDT)
In-Reply-To: <CAAt2M19TiwGMmtsNyAWwaRk5Kup0for_AV0C=AFd--+kmUYcDw@mail.gmail.com>
References: <CAAt2M1-qLf7HF_zTSgWGH4TKmOuYZH6h9iXL=+JzSwdfk1+HqQ@mail.gmail.com> <CAAt2M1-AtpmREOi1Ex+sLjUqZtbcDOUC_zGd4u5Ot1cW+UT5ug@mail.gmail.com> <CAAt2M18W+k_bNL+WV1pa7dnbgzuThFqrqMcwVk5C20M-b_PrTg@mail.gmail.com> <CAAt2M19ThO-J3awEbKfx--mtpssB-Qk+5rHCcoBD57vytucvMw@mail.gmail.com> <CAAt2M19amebwCsdiNAqrBCD6OwGCUJCpKYkU7kvnRSafywTC=w@mail.gmail.com> <CAAt2M1-HOUjWLZOZycfcmGCgD+DkvsAOzjkd4bCuSjhSLVyDgw@mail.gmail.com> <CAAt2M1_C7OJZLZW7AnK1sYAK9ANpRS-FQ1__guKT7_Zacun+BA@mail.gmail.com> <CAAt2M19TiwGMmtsNyAWwaRk5Kup0for_AV0C=AFd--+kmUYcDw@mail.gmail.com>
Date: Mon, 04 Apr 2016 16:55:58 +0200
Message-ID: <CAAt2M19MWW-4CAoCejwYEZm-YzJ6UUWypeBtfPbWLh0ka=Ta8A@mail.gmail.com>
From: Natanael <natanael.l@gmail.com>
To: endymail <endymail@ietf.org>, Cryptography Mailing List <cryptography@metzdowd.com>, Crypto List <cryptography@randombit.net>, messaging <messaging@moderncrypto.org>, Cryptographers List <crypto-practicum@lists.sonic.net>
Content-Type: multipart/alternative; boundary="089e0149371c36e458052fa9ed9e"
Archived-At: <http://mailarchive.ietf.org/arch/msg/endymail/P0My-ZS_fIeIjt6KhLTqsyKnQSs>
Subject: [Endymail] Secure universal message addressing
X-BeenThere: endymail@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: <endymail.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/endymail>, <mailto:endymail-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/endymail/>
List-Post: <mailto:endymail@ietf.org>
List-Help: <mailto:endymail-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/endymail>, <mailto:endymail-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Apr 2016 14:56:30 -0000

I'm crossposting this to a few lists, a few of the relevant mail archives
are here for those who want to follow the replies on the other lists;

http://www.metzdowd.com/pipermail/cryptography/
http://lists.randombit.net/pipermail/cryptography/
http://www.ietf.org/mail-archive/web/endymail/current/maillist.html
https://moderncrypto.org/mail-archive/messaging/2014/thread.html

#####

After spending way too much time thinking about how to design a secure
universal message passing platform that would work for both IM, email, push
messages and much more, I just ended up with a more complex version of XMPP
that won't really ever have lower latency, be scalable or be simpler to
operate or even be secure at all. So I dropped that idea.

Then I ended up thinking about addressing instead. If building one single
universal communication protocol is too hard, why couldn't it still be
simple to have one single universal protocol for identifying recipients /
users? It would allow each user to have one single unique global identifier
which can be used to find out which communication protocols each other user
supports and how to connect to them.

Email address type identifiers are already familiar and won't go away. We
are practically already heading this way with email too;

Given that we have the combo of protocols like DMARC, DKIM, SPF, TLS,
DNSSEC+DANE and of course the very relevant WebFinger for user profile data
(https://webfinger.net/), and that we have companies like Google, Yahoo and
Microsoft working on SMTP STS, we are already building much of the
infrastructure necessary for secure addressing. Every server / node would
continously check which one's the strongest protocol supported by each
other server / node they've communicated with recently, refusing to connect
over weaker protocols.

#

Add in transparency logs (perhaps Keybase style) and you've got very strong
security for the users. Stopping downgrade attacks suddenly becomes more
than plausible when there are reliable ways to detect if a server truly
supports secure protocols or not, and MITM becomes hard to hide if the
sending client / server / node always logs the recipient's server's
responses (making forged replies trivially provable, hurting the server's
reputation in seconds by publishing the conflicting log entries). A
Perspectives / SSL observatory model would also drastically improve the
detection rate for tampering.

#

That setup just lacks one capability which I consider major - playing well
with P2P networks lacking classical domain names. Not all users will be
using (fixed) servers (or even IPv4/6 addresses), so perhaps the domain
part of email type addresses could be a domain name format that specifies
that it identifies a P2P node and its protocol (like a Namecoin profile or
an I2P node holding your profile data, or a CJDNS node). Including public
key identifiers in the addresses would most likely be necessary, unless
you're dealing with protocols like Namecoin for fetching profile data.

Those who wants to place their own P2P nodes in the domain field could do
that, having that node carry the profile data which explains how to connect
to you (which would of course require that those you communicate with can
connect to your P2P node), instead of using a third party server. Most
people probably won't opt for this, but it should be possible.

Where the users or (end user trusted) servers are identified by public keys
in the addresses, it could be possible to have public translating proxies
for P2P protocols (kind of like i2p.to and the Tor equivalent, "inproxies")
without any loss of security.

#

The user experience would end up looking like Keybase.io, but with their
account ownership proof process looking more like the OAuth process
(usually initiated via the third party service/client by entering your
email to register after logging in), where most likely it would be your
existing email provider offering this addressing service.

Every messaging system you add would be linked to your account, both server
based ones and P2P ones (with their respective unique user identifiers),
allowing anybody who want to message you securely to detect that you
support protocols with better security than the arcane SMTP. If both sides
supports this protocol and a hypothetical email2 protocol that's tagged as
an upgrade over SMTP, no mail between you would ever be sent over SMTP. As
more email servers upgrade they would quickly start to detect that the rest
of them also supports stronger security, and upgrade the security for all
the users silently.

It would behave like account addressing within Google's suite of protocols
such as email + IM via Hangouts + Google Cloud Messaging + Google Docs,
etc, where the same email address is the account identifier for them all,
except that this would be an open universal protocol.

The recipient of a message from a third party service you started using
wouldn't be getting an invite email (invite emails are getting boring,
aren't they?) telling them to register to see the message - instead that
service would see which compatible service the friend is using and connect
to it, and pass it on.

#

We need secure push messaging, IM, mail and much more, and if we can tap
into the existing infrastructure through email and make the user experience
both easier AND more secure, we are much more likely to see secure versions
of all these protocols implemented. If connecting secure protocols to your
account is easy and transparent for everybody involved, there would be much
less resistance towards changing clients.

Another big benefit is that contact management will be much easier (most
likely also hosted via your mail provider like it usually is today, except
now it would make sense to have a single one shared across all your
services), because suddenly you no longer need to be given every single
username for every service a person uses separately. Opening the contact
details for a person would simply show you which protocols you both already
support, and which additional ones they support that you don't.

You only need one single username / address per person, and even if they
were using a server addressed profile (like standard email addresses) and
switch servers, they could set a redirect to the new address that notifies
you about the change the moment you tried to contact them again. It would
be completely effortless.

#

Here's the existing systems I know of which comes close, with comments;

* The mix of email security protocols I mentioned above. There's no clear
standard for how to achieve this with them. One could build on WebFinger,
but how should it look like?
* Namecoin. A public P2P blockchain system, not universal. Requires a full
node or connecting to a trusted third party node for lookups.
* Keybase.io. Not designed for addressing, URL identifiers.
* PHB's Mathematical Mesh (under development). It uses a private blockchain
per user for something resembling transparency logs, and uses identifying
public keys (IIRC), but I haven't read up on the details on how it works. I
don't know if it works with email address based identifiers.

The key idea here is that you get to have *one* identifier for yourself
under your control, that you can use everywhere, securely. Knowing that
people have your real address should provide a strong guarantee that
messages from them to you will go only to you. And you shouldn't need to
change address because you changed messaging services.

How would you guys go about designing a system like what I describe? How
would you get it to play nice with P2P nodes?