IETF Logo Mail Archive

[openpgp] Re: Certificate discovery over HKP

Bart Butler <bart+ietf@pm.me> Wed, 09 April 2025 11:35 UTC

Return-Path: <bart+ietf@pm.me>
X-Original-To: openpgp@mail2.ietf.org
Delivered-To: openpgp@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 92822197F702 for <openpgp@mail2.ietf.org>; Wed, 9 Apr 2025 04:35:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=pm.me
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EabMeY6nqJpD for <openpgp@mail2.ietf.org>; Wed, 9 Apr 2025 04:35:51 -0700 (PDT)
Received: from mail-4316.protonmail.ch (mail-4316.protonmail.ch [185.70.43.16]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id AB709197F699 for <openpgp@ietf.org>; Wed, 9 Apr 2025 04:35:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pm.me; s=protonmail3; t=1744198546; x=1744457746; bh=ZeU+ckM3/MGsfMuHGxri9m0/qKyzEj5qk7xWcXmdnUI=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector:List-Unsubscribe:List-Unsubscribe-Post; b=sJKwtJG2WT1ri4dqBcQrgLaqthDottwkiVCIkV2Wo+UiMRQtshSQWu9avvNeOruG2 t51QlRkw5DKHAt1k/1WBKCUKrTF+Ay7q/fX7I7t+/9ALz+3RYDGQlKBtmu/eHI7LqL wslP/8PCaiCIUqnrK9EfXQ2o4V5b2jc2qhkXazrjCD/xI9QHLAKaMEtJdaZaENzQl6 voLhKzjZHXOkRtPAkEtjZY/aWpHBuRMsMVYbB69etoPGQXOls53Rn9/jKcOr0eL2Fo Z29J2UvVwg8xQqfB9VyubD07Xb4hjE3aQEb9yCmV3erJwDG6h9GJpSHIx3dRVqESTt zO8TPWvw+bVjg==
Date: Wed, 09 Apr 2025 11:35:43 +0000
To: Andrew Gallagher <andrewg=40andrewg.com@dmarc.ietf.org>
From: Bart Butler <bart+ietf@pm.me>
Message-ID: <xkUv7_eibLgJYnt2q9RghjHQfOiDbC_eX2zSMGLOLSLdm2pt9qAdU8YEd27Mrphz6vmlFgatTbtjKYey3INxk8HE7oeiN0OWxVaiR8hixcc=@pm.me>
In-Reply-To: <B955FA52-7286-4BDF-9E67-34A29CE5BC2B@andrewg.com>
References: <-0Idgc9O4unvMWFMaXJXFqwK7IJCVXnK2ElLGWK8XjHd3juaDt-bShTiuu0V8KCDR_Uubqjr33I4F-A8xp9KpZkoJcORRXSHII9NXNaU64s=@protonmail.com> <64E8EDAE-CCD3-483C-BB7D-B08499253752@andrewg.com> <ywsjaFv5IFyH29E5KNpWJkz3HN2HJG6-YpLDB7kdCrmq7SpjM5m0ufn-bkD6p05nwYMYtw-eiNEO8wdcNqnLI9Xp2CgHlWq7g3D0zvCtNY0=@protonmail.com> <B955FA52-7286-4BDF-9E67-34A29CE5BC2B@andrewg.com>
Feedback-ID: 5683226:user:proton
X-Pm-Message-ID: 32f48879ec8a7c013bda272855cbb6746e40b685
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="pgp-sha512"; boundary="------015a4cb92fc21fd1b9c8ae076c3097bdc74c74cad7a17c2c1190e4ac4c875c57"; charset="utf-8"
Message-ID-Hash: XDMFOHS3QCXR7RW42MN7JSARIHXCRR3Q
X-Message-ID-Hash: XDMFOHS3QCXR7RW42MN7JSARIHXCRR3Q
X-MailFrom: bart+ietf@pm.me
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-openpgp.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: IETF OpenPGP WG <openpgp@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [openpgp] Re: Certificate discovery over HKP
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/1ifUyT1WZCq1YlzWU0khwV-jE_Q>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Owner: <mailto:openpgp-owner@ietf.org>
List-Post: <mailto:openpgp@ietf.org>
List-Subscribe: <mailto:openpgp-join@ietf.org>
List-Unsubscribe: <mailto:openpgp-leave@ietf.org>

Hi Andrew,


> And I do appreciate that the same argument applies to DANE etc. over DNS-non-SEC. But it's a regression when compared to WKD over TLS.

We could give clients the discretion to only consider DNSSEC-secured WKD paths if they want, or to indicate this differently in their key discovery UI. Or even require it--at this point, the vast majority of TLDs are DNSSEC-enabled and deploying it for domain owners is as easy as using CloudFlare as their DNS provider and hitting a switch. The world is in a very different position for DNSSEC deployment today than it was even 3 or 4 years ago.

https://stats.dnssec-tools.org/#/?top=dane&trend_tab=0

If we did require DNSSEC (and client verification of it) this makes the client's work slightly harder, and life harder for certain TLDs/deployers. On the other hand, my bet is that it makes it much easier for many, many other domains to deploy domain-based key discovery. I'd take that tradeoff: there are many fewer client implementers than domains that would benefit from this, so that shift in complexity is a good thing.

-Bart


On Wednesday, April 9th, 2025 at 11:56 AM, Andrew Gallagher <andrewg=40andrewg.com@dmarc.ietf.org> wrote:

> On 9 Apr 2025, at 10:40, Daniel Huigens <d.huigens@protonmail.com> wrote:
> 

> > 

> > So the only difference here is that the attack is silent also for the
> > sender, in the sense that they will still see that the message will be
> > encrypted, if they trust the keyserver. Perhaps that's still significant
> > in the sense that they might be more willing to send sensitive data in
> > an encrypted email (but then again, you could argue that in that case
> > they should verify the key first).
> 

> 

> Agreed, but we’ve spent enough time telling people to look for lock icons that a significant number of them will behave differently when the lock icon appears - in which case we’re giving them a false sense of security. Sure, they *should* verify out of band, but how many will in practice?
> 

> And I do appreciate that the same argument applies to DANE etc. over DNS-non-SEC. But it's a regression when compared to WKD over TLS.
> 

> A
>

v2.30.2 | Report a Bug | By Email | System Status