[Endymail] Another view of the problem and what the IETF could do
Tim Bray <tbray@textuality.com> Wed, 27 August 2014 16:22 UTC
Return-Path: <tbray@textuality.com>
X-Original-To: endymail@ietfa.amsl.com
Delivered-To: endymail@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DCC5C1A0B0B for <endymail@ietfa.amsl.com>; Wed, 27 Aug 2014 09:22:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.725
X-Spam-Level:
X-Spam-Status: No, score=0.725 tagged_above=-999 required=5 tests=[BAYES_50=0.8, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, URIBL_DBL_ABUSE_REDIR=0.001, URIBL_DBL_REDIR=0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ei1E7AaP9B2K for <endymail@ietfa.amsl.com>; Wed, 27 Aug 2014 09:22:18 -0700 (PDT)
Received: from mail-yh0-f44.google.com (mail-yh0-f44.google.com [209.85.213.44]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5484C1A0233 for <endymail@ietf.org>; Wed, 27 Aug 2014 09:22:18 -0700 (PDT)
Received: by mail-yh0-f44.google.com with SMTP id f73so455024yha.17 for <endymail@ietf.org>; Wed, 27 Aug 2014 09:22:17 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to :content-type; bh=BUIEE/39MXOw/FJ8o/QOfQbErPgyDxmuGrL0C7nWHBM=; b=mLTccKtcLrpd1pybYmBKyVQerHoJkn8+vvrb51lpr6plafvPoCFI6eNh0yRll9Q/31 ee9vaQWVFO+T20s8dYUipEMsyNGoIcgKcrSxJTT76wQfzpZRVm7p87On6BAob6DE2Nn6 SqucobBGWIB5m9tbhsUWS7TvrOnW434pz4aa16XlTKPXkf8tG5i9BEVEAlhotD3fzFMt Q/fPgqseWrh6CZQ9mW82VT3uo9SoXFtM/L0X3zBxFC588tWAzf7NuJQexEQfCoczKLnk HT3qzII3Noee5vjEcjK84vZs4kNwsT79KId1UGIMJwpykxqnFwYOaBLNOH69Grf7xrLW 3QLQ==
X-Gm-Message-State: ALoCoQm/HEjGOKvpbTdwGbh4rMM3L45R6D3rqMqwFOGThhgnZzfCcUgxfSqJNKSvsBybHZ+Az+iJ
X-Received: by 10.220.59.138 with SMTP id l10mr1693012vch.59.1409156536234; Wed, 27 Aug 2014 09:22:16 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.221.49.194 with HTTP; Wed, 27 Aug 2014 09:21:56 -0700 (PDT)
X-Originating-IP: [24.84.235.32]
From: Tim Bray <tbray@textuality.com>
Date: Wed, 27 Aug 2014 09:21:56 -0700
Message-ID: <CAHBU6iuxfqs9RszSaJLaTV_obKBCJ9Pzii+t9XANN3q+bJm-3Q@mail.gmail.com>
To: endymail@ietf.org
Content-Type: multipart/alternative; boundary="001a11c25182c691cd05019ed267"
Archived-At: http://mailarchive.ietf.org/arch/msg/endymail/ypdaT2xJrz87KM4T4EBZrmqJ1dQ
Subject: [Endymail] Another view of the problem and what the IETF could do
X-BeenThere: endymail@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <endymail.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/endymail>, <mailto:endymail-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/endymail/>
List-Post: <mailto:endymail@ietf.org>
List-Help: <mailto:endymail-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/endymail>, <mailto:endymail-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Aug 2014 16:22:21 -0000
I think the inclusion of the string “mail” in the list title is perhaps unduly limiting. I exchange a lot of messages on the Internet and, yeah, some are email but a lot aren’t; various social-media and chat messaging services. It seems to me that more or less anything that can interchange text between humans in an end-to-end way should be able to carry an end-to-end encrypted payload, and that the IETF should help facilitate this. Suppose a piece of messaging software wants to make it easy for me to encrypt something for a particular recipient at the other end. The following steps are necessary: 1. Find a public key for the user that the sender’s prepared to trust. 2. Encrypt the message 3. Get the message there, then… 4. The recipient uses their private key to decrypt the message 5. Display the message appropriately, depending what it is I think it’s important that this is not a hypothetical. Right now on Android, there are crypto apps (in particular I know of OpenKeychain, but there are others) that use Android’s “Sharing” system to good effect, so you can do this: a. Start with anything: Some text, a picture, a video, whatever, in some app b. Hit the app’s “Share” button c. In the list of Share targets is “Encrypt with <crypto app>” d. <Crypto app> pops up, you pick a recipient from the list of public keys you’ve stored e. <Crypto app> encrypts, asks you how you want to share the encrypted message (mail, chat, whatever) f. Person receives encrypted message. Hits “share”. Sends it to <crypto app>. Crypto app asks for private-key passphrase, decrypts, either displays result or lets them share it to a more appropriate app. This works. Nobody ever sees a hex digit. Going back to the first list: 1. Find a public key for the user that the sender’s prepared to trust. This is a big problem. The PGP Web of Trust has failed, and we’ve all heard the griping about the CA biz. Joe Hildebrand mentioned POSH & WebFinger and they’re both interesting. I’m also interested in the notion of a key directory with associated proofs that you don’t have to trust, for example the one from https://keybase.io. In particular see https://keybase.io/docs/server_security WORK FOR IETF: Get pro-active on key discovery/trust work? Standardize key search APIs? 2. Encrypt the message and 4. The recipient uses their private key to decrypt the message These are sort of solved by various OpenPGP implementations, and also see https://minilock.io/ Except for, many people live in the browser and their lives would be improved if they could do the crypto there. This means trusting network-delivered JavaScript code, which is a conundrum; I wrote about it at some length at http://goo.gl/KsKe6u WORK FOR IETF: Well, maybe, but it feels more like W3C or WHAT or TC39 stuff. Could we help with code-signature specs? 3. Get the message there, then… Solved nicely by all sorts of internet tools. WORK FOR IETF: Nope. 5. Display the message appropriately, depending what it is This is a problem. Lots of the messages I want to send are movies or songs or pictures, and if there’s no way to communicate the Media Type, it’s less useful to the recipient. WORK FOR IETF: Maybe revive draft-moscaritolo-openpgp-literal ? -- - Tim Bray (If you’d like to send me a private message, see https://keybase.io/timbray)
- [Endymail] Another view of the problem and what t… Tim Bray
- Re: [Endymail] Another view of the problem and wh… Werner Koch
- Re: [Endymail] Another view of the problem and wh… Arnt Gulbrandsen
- Re: [Endymail] Another view of the problem and wh… Phillip Hallam-Baker
- Re: [Endymail] Another view of the problem and wh… Eliot Lear
- Re: [Endymail] Another view of the problem and wh… Tim Bray
- Re: [Endymail] Another view of the problem and wh… Werner Koch
- Re: [Endymail] Another view of the problem and wh… Werner Koch
- Re: [Endymail] Another view of the problem and wh… Steffen Nurpmeso
- Re: [Endymail] Another view of the problem and wh… Leo Vegoda
- Re: [Endymail] Another view of the problem and wh… Stephen Farrell
- Re: [Endymail] Another view of the problem and wh… Leo Vegoda
- Re: [Endymail] Another view of the problem and wh… Adam Caudill
- Re: [Endymail] Another view of the problem and wh… Phillip Hallam-Baker
- Re: [Endymail] Another view of the problem and wh… Tim Bray
- Re: [Endymail] Another view of the problem and wh… Werner Koch
- Re: [Endymail] Another view of the problem and wh… Stephen Farrell
- Re: [Endymail] Another view of the problem and wh… Werner Koch
- Re: [Endymail] Another view of the problem and wh… Kathleen Moriarty
- Re: [Endymail] Another view of the problem and wh… Phillip Hallam-Baker
- Re: [Endymail] Another view of the problem and wh… Michael Kjörling
- Re: [Endymail] Another view of the problem and wh… Leo Vegoda