IETF Logo Mail Archive

Re: [openpgp] public logging of e-mail certificates [was: Re: OpenPGP private certification]

Phillip Hallam-Baker <phill@hallambaker.com> Wed, 01 April 2015 18:56 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 346741A884C for <openpgp@ietfa.amsl.com>; Wed, 1 Apr 2015 11:56:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id csFw-6iZIoIt for <openpgp@ietfa.amsl.com>; Wed, 1 Apr 2015 11:56:21 -0700 (PDT)
Received: from mail-lb0-x22d.google.com (mail-lb0-x22d.google.com [IPv6:2a00:1450:4010:c04::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3A09C1A88B6 for <openpgp@ietf.org>; Wed, 1 Apr 2015 11:56:18 -0700 (PDT)
Received: by lboc7 with SMTP id c7so43283581lbo.1 for <openpgp@ietf.org>; Wed, 01 Apr 2015 11:56:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=Jve7F2ji2GRE/WAvgtWxoY07+oq6URvkfLOZbx+NVJY=; b=Unm244jE/LrAvZwO2NOrSv2nXpbdiY87DRN0hnrWW+l4IaddbUbGtp+UcuhPFzdqvv m3NwEoZ8vmStZwAiGoF+LNAEC7Yxm67lzkM5gQg1STnlziZ0dC8tAeY06zmPkBMB+RiZ 0NzeiE74sP1p7mj1swEj0dq2ldFw0r3McVq75QveFMZ4vCTU6Pe/DX4PSRF3t3hUMQ8X 2khh7wtbXzgeePjWd0TDugTEWmhTTvh6HMEtY3BucVSn6CLHcbdVfYqpraJw96uw3GXf iD8nIBR4ptOsQa5lhQoNHQl4ZQOq21cqR2WICwpc/LExvmnWCA0OkV3SU/wgD+qtUKg5 wIeg==
MIME-Version: 1.0
X-Received: by 10.112.236.68 with SMTP id us4mr10403996lbc.91.1427914576781; Wed, 01 Apr 2015 11:56:16 -0700 (PDT)
Sender: hallam@gmail.com
Received: by 10.112.147.165 with HTTP; Wed, 1 Apr 2015 11:56:16 -0700 (PDT)
In-Reply-To: <87wq1vemp5.fsf@alice.fifthhorseman.net>
References: <CAA7UWsUz65C0GAQo8Yf7ZOeT9BYy+NLV5pbbPg+Ok0-72ca1eA@mail.gmail.com> <1426721882.4249.72.camel@scientia.net> <5510578A.80304@iang.org> <1427140788.10191.75.camel@scientia.net> <5510B7CF.8060308@iang.org> <1427168189.10191.241.camel@scientia.net> <5511FE82.6010807@iang.org> <1427243451.10191.375.camel@scientia.net> <5512F137.80702@iang.org> <CAHBU6isgirHnx+gHP+OiHuvhzD+1OTCShCHEkhWcqEmUn9qnzQ@mail.gmail.com> <CAMm+LwiXKf1DvgbHaZoJnKdCVbak-jderv6Z8KDs9xPEbUuYQQ@mail.gmail.com> <1427343948.23692.14.camel@scientia.net> <CAMm+Lwi5bVTujuazTXw7oRty7n5RtsObEfNrJzmbtPiOb-X25g@mail.gmail.com> <m27fu3fsom.fsf@usma1mc-0csx92.kendall.corp.akamai.com> <CAMm+LwjBuZfP4NwRCy23_d9eRtcfUiLKdyZOu+jYT72HfB0g9g@mail.gmail.com> <87vbhlt8tg.fsf@alice.fifthhorseman.net> <CAMm+Lwjo5eyCHNahqWcwUBoaevCw2s3WAeq-2=maW=JEpCFWxA@mail.gmail.com> <87ego3g3v8.fsf@alice.fifthhorseman.net> <CAMm+Lwh3CiHV4L0PJFFnXdjo3prFOY=OZn5yTwW15BXQWU4RFw@mail.gmail.com> <87wq1vemp5.fsf@alice.fifthhorseman.net>
Date: Wed, 01 Apr 2015 14:56:16 -0400
X-Google-Sender-Auth: de2kbXpsGop69IqXiHbpz56S5RU
Message-ID: <CAMm+LwhkB3cHKe-Y34QbL411qVjdzPhv5e8WFiiRSNmrrD_rGw@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/GYiwND41uzrnDGlH5qaOfssNcaM>
Cc: Christoph Anton Mitterer <calestyo@scientia.net>, Brian Sniffen <bsniffen@akamai.com>, IETF OpenPGP <openpgp@ietf.org>
Subject: Re: [openpgp] public logging of e-mail certificates [was: Re: OpenPGP private certification]
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Apr 2015 18:56:22 -0000

OK, this is what I am planning to do for PrismProof email.

After trying a number of approaches I have concluded that the best
approach today is to insist that each keypair have exactly one
purpose.

So Alice will always have a personal root key and an intermediate key
signing key and the fingerprint of this PKI is the hash of the keyinfo
block of the personal root. to do key endorsement she will also need a
key endorsement key on each device she wants to use for endorsements.

Alice-Personal-Root -> Key Signing Key -> Key Endorsement Key[s]

[One reason for the no sharing rule for KEKs is that it makes dealing
with a stolen phone etc. much easier]

Each cert in this chain would be enrolled in an append-only
cryptographic log which provides proof that it existed at a particular
point in time. But none of these certs requires an email address.

For various reasons, we probably want these certs to be enrolled in a
transparent log that publishes both the block chain and the input
data. It is not necessary for a log to publish the input values to fix
them in time however.


When Alice endorses Bob, this is not an operation currently supported
by PKIX and so the 'no new ASN.1' rule applies. The endorsement is
probably some sort of JSON structure:

{"name":"Bob",
 "email":"bob@example.com",
  fingerprint":"phb:qweflkqwhjdflkjhasdlkjhasdvlkjhlksajvh",
  "date":"2015-04-01:01:23Z",
  "blind":"askfasjkldhkjashdvkjhsadkjh"}
<...Signature data...>

This is of course simply another form of certificate but it is a very
different type of cert so its best to use a different term. Alice is
not going to commit to managing the endorsement lifecycle.

The property we want to get from enrolling the endorsement in a log is
to fix it in time. So we enroll the hash in the log rather than the
endorsement itself.

The value "blind" is a random value that leaks Alice's RNG to the
NSA^h^h^h^h^h^h^h^h prevents dictionary attacks.

v2.23.0 | Report a Bug | By Email