Re: [Endymail] Hashes of key as addresses
Michael Kjörling <michael@kjorling.se> Thu, 04 September 2014 13:30 UTC
Return-Path: <michael@kjorling.se>
X-Original-To: endymail@ietfa.amsl.com
Delivered-To: endymail@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id AE76A1A88B5
for <endymail@ietfa.amsl.com>; Thu, 4 Sep 2014 06:30:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.919
X-Spam-Level:
X-Spam-Status: No, score=-1.919 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, HELO_EQ_SE=0.35, MIME_8BIT_HEADER=0.3,
RP_MATCHES_RCVD=-0.668, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id LAxTBHec8muX for <endymail@ietfa.amsl.com>;
Thu, 4 Sep 2014 06:30:08 -0700 (PDT)
Received: from nekare.kjorling.se (nekare.kjorling.se [89.221.249.175])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 8389F1A889F
for <endymail@ietf.org>; Thu, 4 Sep 2014 06:30:07 -0700 (PDT)
Received: by nekare.kjorling.se (Postfix, from userid 1001)
id D04ED114075; Thu, 4 Sep 2014 13:30:05 +0000 (UTC)
X-Spam-Details: BAYES_00=-1.9, SPF_FAIL=0.001 (nekare.kjorling.se)
Received: from yeono.kjorling.se (h-9-65.a328.priv.bahnhof.se [46.59.9.65])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client CN "yeono", Issuer "yeono" (not verified))
by nekare.kjorling.se (Postfix) with ESMTPS id DB7CE114073
for <endymail@ietf.org>; Thu, 4 Sep 2014 13:29:56 +0000 (UTC)
Received: from yeono.kjorling.se (localhost [127.0.0.1])
(using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits))
(Client did not present a certificate)
by yeono (Postfix) with ESMTPS id 736D7140031
for <endymail@ietf.org>; Thu, 4 Sep 2014 15:29:56 +0200 (CEST)
Date: Thu, 4 Sep 2014 13:29:55 +0000
From: Michael =?utf-8?B?S2rDtnJsaW5n?= <michael@kjorling.se>
To: endymail@ietf.org
Message-ID: <20140904132955.GN603@yeono.kjorling.se>
References: <CAMm+LwimhUi5uZAgm9erYtMJ9-o6+x__344TwKH4-Pa_-mckfg@mail.gmail.com>
<20140829091133.GA25723@yeono.kjorling.se>
<CAMm+LwhSYm7e4WevDKqewGuOk=O_Zd7dKa1ctfvBzyF3jz4jtg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <CAMm+LwhSYm7e4WevDKqewGuOk=O_Zd7dKa1ctfvBzyF3jz4jtg@mail.gmail.com>
Archived-At: http://mailarchive.ietf.org/arch/msg/endymail/o26Z6e1nEj6Nb5wKx4otZeD6oCM
Subject: Re: [Endymail] Hashes of key as addresses
X-BeenThere: endymail@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <endymail.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/endymail>,
<mailto:endymail-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/endymail/>
List-Post: <mailto:endymail@ietf.org>
List-Help: <mailto:endymail-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/endymail>,
<mailto:endymail-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Sep 2014 13:30:09 -0000
On 29 Aug 2014 09:37 -0400, from phill@hallambaker.com (Phillip Hallam-Baker): > On Fri, Aug 29, 2014 at 5:11 AM, Michael Kjörling <michael@kjorling.se> wrote: >> On 28 Aug 2014 19:23 -0400, from phill@hallambaker.com (Phillip Hallam-Baker): >>> Using hashes of keys as addresses is very powerful. There are >>> basically three types of address in such schemes: >>> >>> 1) traditional human readable >>> >>> 2) hash of key >>> >>> 3) Traditional human readable + hash of key. >>> >>> >>> So in PPE we use all three in different situations: >>> >>> 1) ACAIEA-FONPAC-5AC6LFA-K4ACHC-EAJWAHN-VPAM4A-COYPAO-VAA >>> >>> 2) alice@example.com >>> >>> 3) ACAIEA-FONPAC-5AC6LFA-K4ACHC-EAJWAHN-VPAM4A-COYPAO-VAA?alice@example.com >> >> Does this scheme not imply that everyone who wants to validate an >> address, or know to where to pass a message given an address, needs to >> either (a) query some form of central repository where all address >> (hash)es are registered, or (b) have a local cache of all valid >> address (hash)es? > > No, it implies some mechanism for resolving the hashes. But that does > not need to be centralized. Fair enough, but how would you resolve such a hash without connectivity? We know that traffic analysis is being done on a massive scale, and have good reason to believe that encrypted traffic is routinely and specifically targeted for storage for possible later analysis. As it stands, with SMTP, assuming transport security (_proper_ STARTTLS, for example), it seems about the most someone listening in can figure out is that someone is sending e-mail to a particular domain (say, by matching DNS MX RR lookups with subsequent SMTP TCP connections). This leaks a small amount of metadata, but that can be mitigated by sharing SMTP hosting and email address domains with others. I would argue that any replacement (the purpose of which is end-to-end security) should not leak _more_ metadata to any reasonable attacker, ideally including an active attacker able to do network packet injection. > One way that works very well is to use QR codes in an in-person > meeting. Web of Trust never worked the way PhilZ wanted. But we didn't > carry supercomputers with cameras (aka smartphones) then. Far from everyone does, even today. [1] Should the protocol be designed to essentially require such? > There does not need to be a central repository. There does not even > need to be global connectivity. Then how would you propose to validate a hash, or given a hash, send a message to it, without some sort of connectivity to some sort of hash repository? [1] Thu, 4 Sep 2014 13:18:56 +0000, http://mailarchive.ietf.org/arch/msg/endymail/qIjDw--NOtG0JFbqHJHvbHKVPeM -- Michael Kjörling • https://michael.kjorling.se • michael@kjorling.se OpenPGP B501AC6429EF4514 https://michael.kjorling.se/public-keys/pgp “People who think they know everything really annoy those of us who know we don’t.” (Bjarne Stroustrup)
- [Endymail] Hashes of key as addresses Phillip Hallam-Baker
- Re: [Endymail] Hashes of key as addresses Leo Vegoda
- Re: [Endymail] Hashes of key as addresses Phillip Hallam-Baker
- Re: [Endymail] Hashes of key as addresses Michael Kjörling
- Re: [Endymail] Hashes of key as addresses Phillip Hallam-Baker
- Re: [Endymail] Hashes of key as addresses Michael Kjörling
- Re: [Endymail] Hashes of key as addresses Stephen Farrell
- Re: [Endymail] Hashes of key as addresses Phillip Hallam-Baker
- Re: [Endymail] Hashes of key as addresses Steffen Nurpmeso
- Re: [Endymail] Hashes of key as addresses Arnt Gulbrandsen
- Re: [Endymail] Hashes of key as addresses Viktor Dukhovni
- Re: [Endymail] Hashes of key as addresses Phillip Hallam-Baker
- Re: [Endymail] Hashes of key as addresses Viktor Dukhovni