Re: [openpgp] public logging of e-mail certificates [was: Re: OpenPGP private certification]
Phillip Hallam-Baker <phill@hallambaker.com> Wed, 01 April 2015 18:56 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 346741A884C for <openpgp@ietfa.amsl.com>; Wed, 1 Apr 2015 11:56:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id csFw-6iZIoIt for <openpgp@ietfa.amsl.com>; Wed, 1 Apr 2015 11:56:21 -0700 (PDT)
Received: from mail-lb0-x22d.google.com (mail-lb0-x22d.google.com [IPv6:2a00:1450:4010:c04::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3A09C1A88B6 for <openpgp@ietf.org>; Wed, 1 Apr 2015 11:56:18 -0700 (PDT)
Received: by lboc7 with SMTP id c7so43283581lbo.1 for <openpgp@ietf.org>; Wed, 01 Apr 2015 11:56:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=Jve7F2ji2GRE/WAvgtWxoY07+oq6URvkfLOZbx+NVJY=; b=Unm244jE/LrAvZwO2NOrSv2nXpbdiY87DRN0hnrWW+l4IaddbUbGtp+UcuhPFzdqvv m3NwEoZ8vmStZwAiGoF+LNAEC7Yxm67lzkM5gQg1STnlziZ0dC8tAeY06zmPkBMB+RiZ 0NzeiE74sP1p7mj1swEj0dq2ldFw0r3McVq75QveFMZ4vCTU6Pe/DX4PSRF3t3hUMQ8X 2khh7wtbXzgeePjWd0TDugTEWmhTTvh6HMEtY3BucVSn6CLHcbdVfYqpraJw96uw3GXf iD8nIBR4ptOsQa5lhQoNHQl4ZQOq21cqR2WICwpc/LExvmnWCA0OkV3SU/wgD+qtUKg5 wIeg==
MIME-Version: 1.0
X-Received: by 10.112.236.68 with SMTP id us4mr10403996lbc.91.1427914576781; Wed, 01 Apr 2015 11:56:16 -0700 (PDT)
Sender: hallam@gmail.com
Received: by 10.112.147.165 with HTTP; Wed, 1 Apr 2015 11:56:16 -0700 (PDT)
In-Reply-To: <87wq1vemp5.fsf@alice.fifthhorseman.net>
References: <CAA7UWsUz65C0GAQo8Yf7ZOeT9BYy+NLV5pbbPg+Ok0-72ca1eA@mail.gmail.com> <1426721882.4249.72.camel@scientia.net> <5510578A.80304@iang.org> <1427140788.10191.75.camel@scientia.net> <5510B7CF.8060308@iang.org> <1427168189.10191.241.camel@scientia.net> <5511FE82.6010807@iang.org> <1427243451.10191.375.camel@scientia.net> <5512F137.80702@iang.org> <CAHBU6isgirHnx+gHP+OiHuvhzD+1OTCShCHEkhWcqEmUn9qnzQ@mail.gmail.com> <CAMm+LwiXKf1DvgbHaZoJnKdCVbak-jderv6Z8KDs9xPEbUuYQQ@mail.gmail.com> <1427343948.23692.14.camel@scientia.net> <CAMm+Lwi5bVTujuazTXw7oRty7n5RtsObEfNrJzmbtPiOb-X25g@mail.gmail.com> <m27fu3fsom.fsf@usma1mc-0csx92.kendall.corp.akamai.com> <CAMm+LwjBuZfP4NwRCy23_d9eRtcfUiLKdyZOu+jYT72HfB0g9g@mail.gmail.com> <87vbhlt8tg.fsf@alice.fifthhorseman.net> <CAMm+Lwjo5eyCHNahqWcwUBoaevCw2s3WAeq-2=maW=JEpCFWxA@mail.gmail.com> <87ego3g3v8.fsf@alice.fifthhorseman.net> <CAMm+Lwh3CiHV4L0PJFFnXdjo3prFOY=OZn5yTwW15BXQWU4RFw@mail.gmail.com> <87wq1vemp5.fsf@alice.fifthhorseman.net>
Date: Wed, 01 Apr 2015 14:56:16 -0400
X-Google-Sender-Auth: de2kbXpsGop69IqXiHbpz56S5RU
Message-ID: <CAMm+LwhkB3cHKe-Y34QbL411qVjdzPhv5e8WFiiRSNmrrD_rGw@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/GYiwND41uzrnDGlH5qaOfssNcaM>
Cc: Christoph Anton Mitterer <calestyo@scientia.net>, Brian Sniffen <bsniffen@akamai.com>, IETF OpenPGP <openpgp@ietf.org>
Subject: Re: [openpgp] public logging of e-mail certificates [was: Re: OpenPGP private certification]
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Apr 2015 18:56:22 -0000
OK, this is what I am planning to do for PrismProof email. After trying a number of approaches I have concluded that the best approach today is to insist that each keypair have exactly one purpose. So Alice will always have a personal root key and an intermediate key signing key and the fingerprint of this PKI is the hash of the keyinfo block of the personal root. to do key endorsement she will also need a key endorsement key on each device she wants to use for endorsements. Alice-Personal-Root -> Key Signing Key -> Key Endorsement Key[s] [One reason for the no sharing rule for KEKs is that it makes dealing with a stolen phone etc. much easier] Each cert in this chain would be enrolled in an append-only cryptographic log which provides proof that it existed at a particular point in time. But none of these certs requires an email address. For various reasons, we probably want these certs to be enrolled in a transparent log that publishes both the block chain and the input data. It is not necessary for a log to publish the input values to fix them in time however. When Alice endorses Bob, this is not an operation currently supported by PKIX and so the 'no new ASN.1' rule applies. The endorsement is probably some sort of JSON structure: {"name":"Bob", "email":"bob@example.com", fingerprint":"phb:qweflkqwhjdflkjhasdlkjhasdvlkjhlksajvh", "date":"2015-04-01:01:23Z", "blind":"askfasjkldhkjashdvkjhsadkjh"} <...Signature data...> This is of course simply another form of certificate but it is a very different type of cert so its best to use a different term. Alice is not going to commit to managing the endorsement lifecycle. The property we want to get from enrolling the endorsement in a log is to fix it in time. So we enroll the hash in the log rather than the endorsement itself. The value "blind" is a random value that leaks Alice's RNG to the NSA^h^h^h^h^h^h^h^h prevents dictionary attacks.
- Re: [openpgp] New encryption formats for messaging Christoph Anton Mitterer
- Re: [openpgp] New encryption formats for messaging ianG
- Re: [openpgp] New encryption formats for messaging Christoph Anton Mitterer
- Re: [openpgp] New encryption formats for messaging ianG
- Re: [openpgp] New encryption formats for messaging Christoph Anton Mitterer
- [openpgp] Manifesto - who is the new OpenPGP for? ianG
- Re: [openpgp] Manifesto - who is the new OpenPGP … Christoph Anton Mitterer
- Re: [openpgp] Manifesto - who is the new OpenPGP … Phillip Hallam-Baker
- Re: [openpgp] Manifesto - who is the new OpenPGP … Falcon Darkstar Momot
- Re: [openpgp] Manifesto - who is the new OpenPGP … Werner Koch
- Re: [openpgp] Manifesto - who is the new OpenPGP … Stephen Paul Weber
- Re: [openpgp] Manifesto - who is the new OpenPGP … Stephen Paul Weber
- Re: [openpgp] Manifesto - who is the new OpenPGP … Wyllys Ingersoll
- Re: [openpgp] Manifesto - who is the new OpenPGP … Clint Adams
- Re: [openpgp] Manifesto - who is the new OpenPGP … Phillip Hallam-Baker
- Re: [openpgp] Manifesto - who is the new OpenPGP … ianG
- Re: [openpgp] Manifesto - who is the new OpenPGP … ianG
- Re: [openpgp] Manifesto - who is the new OpenPGP … Tim Bray
- Re: [openpgp] Manifesto - who is the new OpenPGP … Phillip Hallam-Baker
- Re: [openpgp] Manifesto - who is the new OpenPGP … Christoph Anton Mitterer
- Re: [openpgp] Manifesto - who is the new OpenPGP … John Kreznar
- Re: [openpgp] Manifesto - who is the new OpenPGP … Werner Koch
- Re: [openpgp] Manifesto - who is the new OpenPGP … Phillip Hallam-Baker
- Re: [openpgp] Manifesto - who is the new OpenPGP … Brian Sniffen
- Re: [openpgp] Manifesto - who is the new OpenPGP … Bill Frantz
- Re: [openpgp] Manifesto - who is the new OpenPGP … Phillip Hallam-Baker
- Re: [openpgp] Manifesto - who is the new OpenPGP … Christoph Anton Mitterer
- Re: [openpgp] Manifesto - who is the new OpenPGP … Christoph Anton Mitterer
- [openpgp] OpenPGP private certification [was: Re:… Daniel Kahn Gillmor
- Re: [openpgp] OpenPGP private certification [was:… Phillip Hallam-Baker
- Re: [openpgp] OpenPGP private certification [was:… Daniel Kahn Gillmor
- Re: [openpgp] OpenPGP private certification [was:… Phillip Hallam-Baker
- [openpgp] public logging of e-mail certificates [… Daniel Kahn Gillmor
- Re: [openpgp] public logging of e-mail certificat… Phillip Hallam-Baker
- Re: [openpgp] public logging of e-mail certificat… Daniel Kahn Gillmor
- Re: [openpgp] public logging of e-mail certificat… Phillip Hallam-Baker
- Re: [openpgp] OpenPGP private certification [was:… Derek Atkins
- Re: [openpgp] public logging of e-mail certificat… Brian Sniffen
- Re: [openpgp] OpenPGP private certification [was:… Phillip Hallam-Baker
- Re: [openpgp] public logging of e-mail certificat… Phillip Hallam-Baker
- Re: [openpgp] Manifesto - who is the new OpenPGP … ianG
- Re: [openpgp] OpenPGP private certification Werner Koch
- Re: [openpgp] OpenPGP private certification Phillip Hallam-Baker
- Re: [openpgp] OpenPGP private certification Christoph Anton Mitterer
- Re: [openpgp] OpenPGP private certification Phillip Hallam-Baker
- Re: [openpgp] OpenPGP private certification Christoph Anton Mitterer
- Re: [openpgp] OpenPGP private certification Werner Koch
- Re: [openpgp] OpenPGP private certification Derek Atkins
- Re: [openpgp] OpenPGP private certification Phillip Hallam-Baker
- Re: [openpgp] OpenPGP private certification Phillip Hallam-Baker
- Re: [openpgp] OpenPGP private certification Christoph Anton Mitterer
- Re: [openpgp] OpenPGP private certification Christoph Anton Mitterer
- Re: [openpgp] OpenPGP private certification Phillip Hallam-Baker
- Re: [openpgp] OpenPGP private certification Christoph Anton Mitterer
- Re: [openpgp] OpenPGP private certification Werner Koch
- Re: [openpgp] OpenPGP private certification ianG
- Re: [openpgp] OpenPGP private certification [was:… ianG
- Re: [openpgp] public logging of e-mail certificat… Phillip Hallam-Baker
- Re: [openpgp] public logging of e-mail certificat… ianG
- [openpgp] New encryption formats for messaging David Leon Gil
- Re: [openpgp] OpenPGP private certification Ben McGinnes