Re: [Medup] On Extra Keys in pEp (Neal H. Walfield)
Metin Savignano <ms@savignano.net> Fri, 31 March 2023 08:19 UTC
Return-Path: <ms@savignano.net>
X-Original-To: medup@ietfa.amsl.com
Delivered-To: medup@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6EAC9C14CE44 for <medup@ietfa.amsl.com>; Fri, 31 Mar 2023 01:19:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LHh81Bkt75uu for <medup@ietfa.amsl.com>; Fri, 31 Mar 2023 01:19:21 -0700 (PDT)
Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.126.187]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 96ABDC14F73F for <medup@ietf.org>; Fri, 31 Mar 2023 01:19:20 -0700 (PDT)
Received: from smtpclient.apple ([62.54.177.99]) by mrelayeu.kundenserver.de (mreue010 [213.165.67.97]) with ESMTPSA (Nemesis) id 1Mgvev-1qMyqZ2cfd-00hLmQ for <medup@ietf.org>; Fri, 31 Mar 2023 10:19:18 +0200
From: Metin Savignano <ms@savignano.net>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.500.231\))
Date: Fri, 31 Mar 2023 10:19:07 +0200
References: <mailman.84.1680202803.50554.medup@ietf.org>
To: medup@ietf.org
In-Reply-To: <mailman.84.1680202803.50554.medup@ietf.org>
Message-Id: <B15EED08-30E1-4EEF-BAFE-43625B60CA82@savignano.net>
X-Mailer: Apple Mail (2.3731.500.231)
X-Provags-ID: V03:K1:w8dNSM8ySpdkcHvRAqXsQ6q08hQvXQt7favU+KFXNUf4IElbQXR tAWZNKNL8GrXgSG/FYw7uHYKEwRvyZjAVhGfMGtb/GQH/E2Clf5l3kr4h7I4NbDYqQnJ8Q2 y3hPvQHAAOTvgV564jDnhGf0OqkZ4SHr5lFnTojmfdwc7PyLgp+wVNRs0DFwzsb6arQk+/+ /EBQ1rjMnvFZO2EZN2ecQ==
UI-OutboundReport: notjunk:1;M01:P0:IcGkVhQ665Q=;sBM0aF4100BnvfZv3udO1tT+gel XV/GY5GNsyqng1+vKZ4nrsRTu77XqrdwmJ7GMxworbvVqu8nDR7d9olPB3XkcPW19E2tG2DWg IYoZbg6/pt3o7G3BYm8sYdYrs9BOr9yiWa+ErI51ECVQUGiDXVXIuvkxSI2h2xIHHwB41DxHu ABLLuRAWHSopS79h2uoHrAsM5A1k8q7S2btAy6Meg65329QWaByBqRV7aBET027FiNp4cb/NV 1PcsPEzX43gl1oUmWjPrpYdfYLdt3i+GdO7d/zyvFl9MQLANa/22raySvFxeJTzOI7+muxvBO 4dlfgRFbRas21UF4Ulb6AYWhDPgcL9mJQpJkZocHQdXpOcXHx57ivZuWyU3bb2j+9P7Tffplq fugniJwNNngwWwLqkPDkqK+0s7JVBlRA0ImlHPHfEvQmGNvDuP7tDTeDIwCBw3VIwYWTZjx8i hid3fBI6n1XUpksqkTENC6ByXRXyNij55ucZ9zXSXNl1+RBJ49Hkx1tkoqZmhP4blIQiGa9hH rEo/J+D0FJfgv6E6qJvMzyqY/yKz331Y8WIZM1+zLcuToIcr5v+fEx4XfwVA6OqHpwat7IxvL PkSM9OrRiAfkV9HLyoPWpFGUEdOJu+aQw6pXD8gmtmSf0zTWiRU1QGo0Fnw0Wni/0Jvp72+Ef OZQdKfKpp1ufbNZliS317oLj5dfLvIEZOjHuTmYY9g==
Archived-At: <https://mailarchive.ietf.org/arch/msg/medup/cD5MnKQSbAD8kpF75cJls_XGfJs>
Subject: Re: [Medup] On Extra Keys in pEp (Neal H. Walfield)
X-BeenThere: medup@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Missing Elements for Decentralized and Usable Privacy <medup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/medup>, <mailto:medup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/medup/>
List-Post: <mailto:medup@ietf.org>
List-Help: <mailto:medup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/medup>, <mailto:medup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Mar 2023 08:19:25 -0000
Hi everyone, I hope it's okay when I jump in to share my thoughts. >> [snip] >> >> // Ensure we don't encrypt to extra keys if this is a non-org account >> if (!(target_id->flags & PEP_idf_org_ident)) >> extra = NULL; >> >> [/snip] > > Can you explain what a non-org account is, please. > >> Any thoughts on that approach? > > I see two aspects to this problem: when internal users (e.g., > employees) send an encrypted message, and when external users send an > encrypted message (e.g., customers). > > When an internal user sends a message, they can be trained to accept > the additional key. That's easy. > > But,when a customer sends an encrypted message to an employee, do they > automatically use the additional key? If they have to opt in, how > does an organization decrypt messages for employees who are sick or on > vacation? Neal definitely has a valid point here. However, I’d like to make one step back and ask: why do we need the extra key for that scenario? The reason I’m asking is that this requirement is not new at all, and the solution to it that I am aware of is that the organization must keep a copy of the private key of all its users. That’s why it's recommended to split keys between signing keys and encryption keys: so the organization can keep a copy of the private key, but not of the signing key, which allows it to decrypt messages, but not to step into the user’s identity. So I think the solution should be to allow the organization to get the private key, shouldn’t it? Or am I missing something here? Thanks Metin
- Re: [Medup] On Extra Keys in pEp (Neal H. Walfiel… Metin Savignano
- Re: [Medup] On Extra Keys in pEp (Neal H. Walfiel… Neal H. Walfield