IETF Logo Mail Archive

Re: [openpgp] Manifesto - who is the new OpenPGP for?

Phillip Hallam-Baker <phill@hallambaker.com> Wed, 25 March 2015 15:16 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1FD1E1B2A2B for <openpgp@ietfa.amsl.com>; Wed, 25 Mar 2015 08:16:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0mmULj4W6QBt for <openpgp@ietfa.amsl.com>; Wed, 25 Mar 2015 08:16:30 -0700 (PDT)
Received: from mail-la0-x231.google.com (mail-la0-x231.google.com [IPv6:2a00:1450:4010:c03::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 403C61B2A2C for <openpgp@ietf.org>; Wed, 25 Mar 2015 08:16:16 -0700 (PDT)
Received: by labe2 with SMTP id e2so22468288lab.3 for <openpgp@ietf.org>; Wed, 25 Mar 2015 08:16:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=eP7D7AwDwCMpGfogJ4bipEROK4dC5+/UuMXxozWOVXM=; b=SKB6zxXbryxC6HfqRx12zzMWDW9Il07Sk3NSJMZxE8XAy7FioIUB+HeUp6KdKMsayS PqW5J61Z602sBrVhV5gTwLlUXtdF6rtmP0+n1IBBI9bXvaoD7VUHer3BaISZOs8vfmCh 0r8xiyEIc83cVFZQwZt8iqy2nzBBKG1Zk9wqIPNPjLZejeDb8HhAOt0A9HrWhpFDTP+w GHudPrtUuDqHILTb/UwsfdPg3eJTIUkpPxIYbmk0Ib2ojMMmUekJ6AZn8YPjjzSw82wK dBKqNSlg5DMqOYfj3bRqJNVWyzGCBxky+myPrVO1zilx2fCFwP5TjQy6QzEuJUQpIeSf EYuA==
MIME-Version: 1.0
X-Received: by 10.112.147.163 with SMTP id tl3mr3677521lbb.118.1427296574686; Wed, 25 Mar 2015 08:16:14 -0700 (PDT)
Sender: hallam@gmail.com
Received: by 10.112.45.203 with HTTP; Wed, 25 Mar 2015 08:16:14 -0700 (PDT)
In-Reply-To: <55126C0D.30807@iridiumlinux.org>
References: <CAA7UWsUz65C0GAQo8Yf7ZOeT9BYy+NLV5pbbPg+Ok0-72ca1eA@mail.gmail.com> <1426721882.4249.72.camel@scientia.net> <5510578A.80304@iang.org> <1427140788.10191.75.camel@scientia.net> <5510B7CF.8060308@iang.org> <1427168189.10191.241.camel@scientia.net> <5511FE82.6010807@iang.org> <CAMm+Lwho7Ri0X6hDBoN4gJvBLkNJ+0UufKketgSK3FFBbgtFUg@mail.gmail.com> <55126C0D.30807@iridiumlinux.org>
Date: Wed, 25 Mar 2015 05:16:14 -1000
X-Google-Sender-Auth: pBFMvjmeBPY688kDIzF3XhHWpnY
Message-ID: <CAMm+Lwh=9oum6Wc9gfAuKcGpNGtd_XC19og2__EHFqGkqkYvtw@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: Falcon Darkstar Momot <falcon@iridiumlinux.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/8--jOXg9W7ka7V2Y9PVW97VdIFg>
Cc: IETF OpenPGP <openpgp@ietf.org>
Subject: Re: [openpgp] Manifesto - who is the new OpenPGP for?
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Mar 2015 15:16:32 -0000

On Tue, Mar 24, 2015 at 10:04 PM, Falcon Darkstar Momot
<falcon@iridiumlinux.org> wrote:
> In all seriousness, attempts to create useability for any target
> audience by committee are probably doomed (even though what we have now
> is balked at even by a lot of security professionals).  PoC something first.

Take a look at the work on http://prismproof.org/

I have done security usability in the past and the bit with the
testing lab and one way mirrors. After a while I realized that I
didn't need any of it. All that we need to do to achieve usable email
security is to make using the secure mail exactly as easy as using
insecure.

Think that is impossible? I have running code on SourceForge that
works with existing mail clients with no plug ins. It is based on
S/MIME of course because that is the message format that the clients
support. The trust model I am using is actually PGP fingerprints.


The configuration tool essentially has only one option, whether to
select a CA or not and if so the DNS name of the CA. (Right now the CA
registration code is incomplete due to the ACME situation).

Regardless of what the user chooses, the tool creates a personal PKI
for the user, complete with a self signed root, intermediate, split
encryption/decryption keys and a device key for use in key rollovers.
This is the CostCo strategy, instead of selling 20 different models
with different features, CostCo tells the vendor to provide all the
features of the top of the line model at the base model price.

Giving every user a 'standard' trust environment allows us to get to a
pretty good compromise between security and convenience from the
start. Expert users can always enroll supplemental keys which make
different security tradeoffs, not escrowing the key provides some
protection against a subpoena but introduces a real risk of data loss.


To send mail, users just send and receive as normal. The only time a
user has to be aware of the encryption is if they want to require the
message to be encrypted.


As I said, right now the code only supports S/MIME. But I have always
planned to add OpenPGP support so I can make use of the PGP keys as
well.

The key bit of technology is basically taking a bit of design for the web

"Take all the information you need to establish a connection and pack
it into one identifier that can be cut and pasted".


aed9ef23-12393764-64931237?alice@example.com

v2.23.0 | Report a Bug | By Email