Re: [openpgp] Web Key Directory I-D -07

Bart Butler <bartbutler@protonmail.com> Fri, 16 November 2018 17:10 UTC

Return-Path: <bartbutler@protonmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5B2FE130ED1 for <openpgp@ietfa.amsl.com>; Fri, 16 Nov 2018 09:10:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=protonmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TBuZaNQdm8-M for <openpgp@ietfa.amsl.com>; Fri, 16 Nov 2018 09:10:39 -0800 (PST)
Received: from mail2.protonmail.ch (mail2.protonmail.ch [185.70.40.22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 18EE6130E4C for <openpgp@ietf.org>; Fri, 16 Nov 2018 09:10:09 -0800 (PST)
Date: Fri, 16 Nov 2018 17:09:54 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=default; t=1542388201; bh=UKPVsA9kwmY5FVM/Exn335/3twHWHl2XHFBj47ElFt4=; h=Date:To:From:Cc:Reply-To:Subject:In-Reply-To:References: Feedback-ID:From; b=BbG7zKutnmZ8CbBJGV8NCu/Y6LDyHzLge9iTAyDesaryr+2WF+ZL3ZtPe4guyeKCu qfotN1A5NyjA07ii9Zva0N0Vx6hh7zjJ0znjQnKENHNFjiD/6VppdNAqTpoP2bheP3 JUcHgALTIpRF7c9+zPtdG54b97SmPsoPePQKHW8s=
To: Paul Wouters <paul@nohats.ca>
From: Bart Butler <bartbutler@protonmail.com>
Cc: Benjamin Kaduk <kaduk@mit.edu>, "openpgp@ietf.org" <openpgp@ietf.org>, azul <azul@riseup.net>
Reply-To: Bart Butler <bartbutler@protonmail.com>
Message-ID: <GLPkR_8soz6ll93PH_ccJLsMMDtdxP0s5n58cBaHkho0EP8Gzh2FcFuNz-Yzh4pHKoLobjCsXIGWIj3Mp1WCJw==@protonmail.com>
In-Reply-To: <alpine.LRH.2.21.1811160201270.12999@bofh.nohats.ca>
References: <878t1xoz37.fsf@wheatstone.g10code.de> <9J2v287mmh9FWFLrXjxZGnVjA8HNCHpPc2wyEDDqhGeKAhE7grR6JKFMRoHJfKSq9qcjDGRNfoJ5sEODERtP0Q==@protonmail.com> <alpine.LRH.2.21.1811141020570.2540@bofh.nohats.ca> <20181115030305.GA14179@osmium.pennocktech.home.arpa> <20181115045743.GE70453@kduck.kaduk.org> <a7263dab-9949-4a75-bd81-9db0dbad0ab8@riseup.net> <20181115194235.GH70453@kduck.kaduk.org> <PeruptDkIor0qwV7S32cKc0e6aezVsIn5Gh9f-Hyp5AdiGdpzPPRs4pAeXZSK1TmaFP2WW45V2K6X0UHYWDHGA==@protonmail.com> <alpine.LRH.2.21.1811160201270.12999@bofh.nohats.ca>
Feedback-ID: XShtE-_o2KLy9dSshc6ANALRnvTQ9U24aqXW2ympbGschdpHbU6GYCTUCtfmGhY9HmOyP1Uweyandwh1AVDFrQ==:Ext:ProtonMail
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha512; boundary="---------------------de676bbe012f3a643eafd20f6fe49331"; charset=UTF-8
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/164G0tFUOJQjRmTApxusvji4loE>
Subject: Re: [openpgp] Web Key Directory I-D -07
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Nov 2018 17:10:44 -0000

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Thursday, November 15, 2018 11:03 PM, Paul Wouters <paul@nohats.ca>; wrote:

> On Thu, 15 Nov 2018, Bart Butler wrote:
> 

> > The MUA could always have some kind of warning in this situation if the UserID match isn't recognized ("recognized" matches could include subaddresses, etc. but would be at the MUA's discretion). I'd leave this up to the MUA implementation.
> 

> Requiring the MUA to do this is wrong. It will break many potential use
> cases. Take for example my phone mail client. It is hard to support PGP,
> but it is easy to send it over TLS to my MTA. My MTA can then do all
> the work to PGP encrypt it. But there are no humans in this process.
> 

> Please ensure this feature works without humans.
> 

> Paul

I'm not proposing that we require the MUA to do anything. All I'm saying is the the MUA could implement such validation if they want to, otherwise the key returned by WKD could just be used, and either way, we don't make any sort of UserID email address matching part of the WKD spec that the server has to enforce.

-Bart