IETF Logo Mail Archive

Re: [ietf-smtp] Public Key Look Up

Ned Freed <ned.freed@mrochek.com> Thu, 13 May 2021 01:05 UTC

Return-Path: <ned.freed@mrochek.com>
X-Original-To: ietf-smtp@ietfa.amsl.com
Delivered-To: ietf-smtp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9341C3A1E59 for <ietf-smtp@ietfa.amsl.com>; Wed, 12 May 2021 18:05:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mrochek.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EIg227oR4UJF for <ietf-smtp@ietfa.amsl.com>; Wed, 12 May 2021 18:05:48 -0700 (PDT)
Received: from mauve.mrochek.com (mauve.mrochek.com [98.153.82.211]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D1CF03A1E58 for <ietf-smtp@ietf.org>; Wed, 12 May 2021 18:05:48 -0700 (PDT)
Received: from dkim-sign.mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01RYYGAK65Y800HSY4@mauve.mrochek.com> for ietf-smtp@ietf.org; Wed, 12 May 2021 18:00:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mrochek.com; s=201712; t=1620867643; bh=r/QNrDQg4mIynyB7UBsZm853QQ6CRh1Awhx7Sv/rRP8=; h=Cc:Date:From:Subject:In-reply-to:References:To:From; b=GnQ4hZ14EMZdIf35fjmHzXkCqrTQZqH8SigJGyckE2LUFILPxj6r9nZbKc6H0Cflj 2+QPGNK9u38t58mrWcJWlsXCSZfdcakt8lvPAikshpyGtjae3bdgBX3J4vHpb8KaM2 sZ3ntpuScdjGzvC9N5biX7JqhqsrNvRcH4ZiE9Ys=
MIME-version: 1.0
Content-transfer-encoding: 8bit
Content-type: TEXT/PLAIN; charset="utf-8"
Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01RYYA7U0D400085YQ@mauve.mrochek.com>; Wed, 12 May 2021 18:00:41 -0700 (PDT)
Cc: Alessandro Vesely <vesely@tana.it>, John R Levine <johnl@taugh.com>, ietf-smtp@ietf.org
Message-id: <01RYYGAIK5W20085YQ@mauve.mrochek.com>
Date: Wed, 12 May 2021 17:45:50 -0700
From: Ned Freed <ned.freed@mrochek.com>
In-reply-to: "Your message dated Wed, 12 May 2021 14:13:19 -0400" <0BA91F445C48DED0E4BB0C99@PSB>
References: <20210511185543.C751179052B@ary.qy> <D7EABCF7E8976BE735927C69@PSB> <65ed77dd-78fb-3f1a-7c21-63977620a510@taugh.com> <85e92b39-4dac-a26e-e85f-8edd1a383b83@tana.it> <0BA91F445C48DED0E4BB0C99@PSB>
To: John C Klensin <john-ietf@jck.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-smtp/_jrTknVWssuTbY10m2mHZlE6nig>
Subject: Re: [ietf-smtp] Public Key Look Up
X-BeenThere: ietf-smtp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of issues related to Simple Mail Transfer Protocol \(SMTP\) \[RFC 821, RFC 2821, RFC 5321\]" <ietf-smtp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-smtp/>
List-Post: <mailto:ietf-smtp@ietf.org>
List-Help: <mailto:ietf-smtp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 May 2021 01:05:54 -0000

Responding late to this thread... I wanted to note that
the need to store and manage lots of keys can be addressed
through the use of identity based encryption, which in effect
reduces the number of keys you need to store from one per
user to 1.

RFCs 5091 and 6508 cover specific IBE schemes, however, for
introductory material you'll need to look elsewhere.

I also note that there can still be advantages to having
a per-user lookup (either in or out of band) for the user's
public key - a lookup has the potential to tell you that
a given user is actually capable of receiving encrypted
mail. 

All that said, making server side implementation easier
does nothing to solve the real problem: All available
evidence says that there won't be sufficient uptake to
matter.

				Ned



> --On Wednesday, May 12, 2021 19:04 +0200 Alessandro Vesely
> <vesely@tana.it> wrote:

> >...
> >> Indeed.  But if the keys include signatures, it doesn't
> >> matter where they come  from, so we're back to asking why
> >> nobody seems to use the key servers that  already exist.
> >
> > Some people has been using those key servers.  However,
> > they're vulnerable to pgp-poisoning attacks[*].
> >...
> > [*] https://github.com/skeeto/pgp-poisoner

> We are getting fairly far off-topic, but ...

> There is an extremely straightforward way to resist such
> attacks, which is to accept key updates only from the
> authenticated key owner or, _maybe_ from one of the existing
> signatories whose key is already in the repository.  There are
> issues there too, but most of them come down to something John
> Levine pointed out earlier in the thread (and that has been
> known since the 1990s), which is that PGP's web of trust concept
> does not scale very well.  I can think of another defense too,
> but, again, we are getting fairly far off-topic.

> But, Ale, it seems to me that almost everyone but you is saying
> things that ultimately lead to the same place: either that it
> would not be a good idea to try to build this into SMTP or that,
> we we did, it either wouldn't work or there would not be enough
> uptake and deployment to make it useful.  That does not
> necessarily mean that we are right and you are wrong, but it
> does suggest that this thread is nearing the end of its useful
> life.

> best,
>     john

> _______________________________________________
> ietf-smtp mailing list
> ietf-smtp@ietf.org
> https://www.ietf.org/mailman/listinfo/ietf-smtp

v2.23.0 | Report a Bug | By Email