IETF Logo Mail Archive

Re: [openpgp] [Gpg4win-users-en] WKD for OpenPGP certificate "Intevation File Distribution Key <distribution-key@intevation.de>"

Daniel Kahn Gillmor <dkg@fifthhorseman.net> Tue, 06 August 2019 17:08 UTC

Return-Path: <dkg@fifthhorseman.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 38A5212049A for <openpgp@ietfa.amsl.com>; Tue, 6 Aug 2019 10:08:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=fifthhorseman.net header.b=WrhWPzqK; dkim=pass (2048-bit key) header.d=fifthhorseman.net header.b=N9EXstis
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S7dI0NI_3kZh for <openpgp@ietfa.amsl.com>; Tue, 6 Aug 2019 10:08:41 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [162.247.75.118]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F3EA5120478 for <openpgp@ietf.org>; Tue, 6 Aug 2019 10:08:40 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019; t=1565111320; h=from : to : cc : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=cnRhOmAAM7UNVf7n8ZNyc7W0W90qCiMS7q3ycMxB/W8=; b=WrhWPzqKO0LOjE0BjpFKP5xygRJAGz7N4A44OWrvvHRwjZrAeiJSIrNF 4djfSRYdgRxs+X9a8SpwcQ9uMHvJAQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019rsa; t=1565111319; h=from : to : cc : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=cnRhOmAAM7UNVf7n8ZNyc7W0W90qCiMS7q3ycMxB/W8=; b=N9EXstisYi29ZiTriy2Yg+dWEd1KyKPkd9nogWOU8Uc8u3+Bp5h1Rgz1 mIm9VoaNkZLmh/ZdObpmefUNKb9GpHiDmh9CuLhaTAnRqvYZyrV5EOwsFi zCul/NrRE/UGAXXW8QF+njHK9MDyaTeWBZp+t/V1HjF3rj2bFOSyng1nxY BeyHTDROGlNAs2NjE7PntBWhPtcn5PKMJUe/qUXWeQaeh+NhmDP/AIVK2O lHdXlvf/vNdT1qBY1QQkRsEvAv2s2cBBwoOHs4rkItbijNN+5UbbdHQIEr X/TJoASfWKQNoA341SHnYQSsT3pelBo1WDdnEZXi4R/QrrUGZs3HOQ==
Received: from fifthhorseman.net (unknown [98.11.158.111]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id 72C69F99D; Tue, 6 Aug 2019 13:08:39 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000) id 16532203F8; Tue, 6 Aug 2019 12:25:39 -0400 (EDT)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Bernhard Reiter <bernhard@intevation.de>, gpg4win-users-en@wald.intevation.org
Cc: Thomas Arendsen Hein <thomas@intevation.de>, openpgp@ietf.org
In-Reply-To: <201908061658.09774.bernhard@intevation.de>
References: <87ftmnro0l.fsf@fifthhorseman.net> <20190805132446.482087064.thomas@intevation.de> <87sgqepjks.fsf@fifthhorseman.net> <201908061658.09774.bernhard@intevation.de>
Autocrypt: addr=dkg@fifthhorseman.net; prefer-encrypt=mutual; keydata= mDMEXEK/AhYJKwYBBAHaRw8BAQdAr/gSROcn+6m8ijTN0DV9AahoHGafy52RRkhCZVwxhEe0K0Rh bmllbCBLYWhuIEdpbGxtb3IgPGRrZ0BmaWZ0aGhvcnNlbWFuLm5ldD6ImQQTFggAQQIbAQUJA8Jn AAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBMS8Lds4zOlkhevpwvIGkReQOOXGBQJcQsbzAhkB AAoJEPIGkReQOOXG4fkBAO1joRxqAZY57PjdzGieXLpluk9RkWa3ufkt3YUVEpH/AP9c+pgIxtyW +FwMQRjlqljuj8amdN4zuEqaCy4hhz/1DbgzBFxCv4sWCSsGAQQB2kcPAQEHQERSZxSPmgtdw6nN u7uxY7bzb9TnPrGAOp9kClBLRwGfiPUEGBYIACYWIQTEvC3bOMzpZIXr6cLyBpEXkDjlxgUCXEK/ iwIbAgUJAeEzgACBCRDyBpEXkDjlxnYgBBkWCAAdFiEEyQ5tNiAKG5IqFQnndhgZZSmuX/gFAlxC v4sACgkQdhgZZSmuX/iVWgD/fCU4ONzgy8w8UCHGmrmIZfDvdhg512NIBfx+Mz9ls5kA/Rq97vz4 z48MFuBdCuu0W/fVqVjnY7LN5n+CQJwGC0MIA7QA/RyY7Sz2gFIOcrns0RpoHr+3WI+won3xCD8+ sVXSHZvCAP98HCjDnw/b0lGuCR7coTXKLIM44/LFWgXAdZjm1wjODbg4BFxCv50SCisGAQQBl1UB BQEBB0BG4iXnHX/fs35NWKMWQTQoRI7oiAUt0wJHFFJbomxXbAMBCAeIfgQYFggAJhYhBMS8Lds4 zOlkhevpwvIGkReQOOXGBQJcQr+dAhsMBQkB4TOAAAoJEPIGkReQOOXGe/cBAPlek5d9xzcXUn/D kY6jKmxe26CTws3ZkbK6Aa5Ey/qKAP0VuPQSCRxA7RKfcB/XrEphfUFkraL06Xn/xGwJ+D0hCw==
Date: Tue, 06 Aug 2019 12:25:38 -0400
Message-ID: <87k1bqp8fx.fsf@fifthhorseman.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/BB2BVKRBlk48X6opVJJPtST5ZJE>
Subject: Re: [openpgp] [Gpg4win-users-en] WKD for OpenPGP certificate "Intevation File Distribution Key <distribution-key@intevation.de>"
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Aug 2019 17:08:43 -0000

On Tue 2019-08-06 16:58:05 +0200, Bernhard Reiter wrote:
> Am Dienstag 06 August 2019 14:25:07 schrieb Daniel Kahn Gillmor:
>> I don't see any constraint like "MUST NOT return multiple non-revoked
>> keyblocks",
>
> This could be clarified in the next revision.
> Implicitely from the intentions as written down in section
>   3.  Web Key Directory
> it is understandable to have one public key delivered and that is considered 
> the currently associated pubkey for the email address that should be taken 
> for encryption.

I agree that this should be clarified one way or the other.

> Display that sending the email will be less secure (towards evesdropping)
> as something is strange (against the WKD specification). It is up to the user 
> to decide if the email should still be send in this case. If the contents is 
> highly sensitive, the user will decide to not send. Otherwise the user will 
> not care, not paying attention to the display and send anyway (not caring if 
> it is encrypted or not).

I'd love to see some studies about the usability of such a warning.  how
many fine gradations of "valid" is the user able to distinguish between
in an actionable way?

fwiw, i agree that more explicit and opinionated guidance for
implementers would be useful here too.  I would be pretty sad if that
guidance was to specify some sort of "you should be worried, but
probably you can't do anything differently to address that worry" alarm.
Alarm fatigue is a real and well-studied thing:

   https://en.wikipedia.org/wiki/Alarm_fatigue

> The idea with the current WKD is to solve the main use case first and
> well. And simple to implement. Other use cases can be considered afterwards.

Here we have a concrete use case for an important vendor of
OpenPGP-related software, who has found that WKD didn't align with their
standard practice until an outside party brought it to their attention.
I am in complete agreement with you that we should focus on the main use
case, but if it's clear that the implemnentation doesn't work for
important real-world cases, we ought to be able to reconsider it (or
recommend some other approach that *does* match that use case).

          --dkg

v2.23.0 | Report a Bug | By Email