Re: [openpgp] public logging of e-mail certificates [was: Re: OpenPGP private certification]
Phillip Hallam-Baker <phill@hallambaker.com> Wed, 01 April 2015 20:12 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 63DF51A8F4C for <openpgp@ietfa.amsl.com>; Wed, 1 Apr 2015 13:12:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EMZdj8lXsmfl for <openpgp@ietfa.amsl.com>; Wed, 1 Apr 2015 13:12:18 -0700 (PDT)
Received: from mail-lb0-x232.google.com (mail-lb0-x232.google.com [IPv6:2a00:1450:4010:c04::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3C8251A8825 for <openpgp@ietf.org>; Wed, 1 Apr 2015 13:12:18 -0700 (PDT)
Received: by lboc7 with SMTP id c7so44732036lbo.1 for <openpgp@ietf.org>; Wed, 01 Apr 2015 13:12:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=dNgeTbjeO7ol7Qy2ZZKoC/6n4KyVH5FTj7MGEBTj0nM=; b=RK2+6Xn10AwSy210rT+VHm8ijko7PhJgWI5PNmycVqDZW2yuoOw2xbyAXKN0XWxIco 9rFIqmMsDoO9wHxf9Brkybwr0Nm2KK+2BKZS/IHrwHrD8JrivRFB9hw1yOfuBJ5yddtK FThextV+BIQPUs6NiLcC6Zzt2ArtG0jMHYegTkInhEl166hqnN0iCtC7DeL5BmTlfJg2 y2TBWTUvzkacfUTxSLIyEAYUKD7B1yQkrihD2DIrVn3NCOXrpxiWBu0iUb5gSOZC1xgg UhFkrvbBE+zpYfsosKleGELi5SV/QA2BQ2qQHOoCAMHH7zz8AG5bVV6wcamtik2+BIbu +8ZQ==
MIME-Version: 1.0
X-Received: by 10.152.234.42 with SMTP id ub10mr17126894lac.55.1427919136501; Wed, 01 Apr 2015 13:12:16 -0700 (PDT)
Sender: hallam@gmail.com
Received: by 10.112.147.165 with HTTP; Wed, 1 Apr 2015 13:12:16 -0700 (PDT)
In-Reply-To: <87iodfehtu.fsf@alice.fifthhorseman.net>
References: <CAA7UWsUz65C0GAQo8Yf7ZOeT9BYy+NLV5pbbPg+Ok0-72ca1eA@mail.gmail.com> <1426721882.4249.72.camel@scientia.net> <5510578A.80304@iang.org> <1427140788.10191.75.camel@scientia.net> <5510B7CF.8060308@iang.org> <1427168189.10191.241.camel@scientia.net> <5511FE82.6010807@iang.org> <1427243451.10191.375.camel@scientia.net> <5512F137.80702@iang.org> <CAHBU6isgirHnx+gHP+OiHuvhzD+1OTCShCHEkhWcqEmUn9qnzQ@mail.gmail.com> <CAMm+LwiXKf1DvgbHaZoJnKdCVbak-jderv6Z8KDs9xPEbUuYQQ@mail.gmail.com> <1427343948.23692.14.camel@scientia.net> <CAMm+Lwi5bVTujuazTXw7oRty7n5RtsObEfNrJzmbtPiOb-X25g@mail.gmail.com> <m27fu3fsom.fsf@usma1mc-0csx92.kendall.corp.akamai.com> <CAMm+LwjBuZfP4NwRCy23_d9eRtcfUiLKdyZOu+jYT72HfB0g9g@mail.gmail.com> <87vbhlt8tg.fsf@alice.fifthhorseman.net> <CAMm+Lwjo5eyCHNahqWcwUBoaevCw2s3WAeq-2=maW=JEpCFWxA@mail.gmail.com> <87ego3g3v8.fsf@alice.fifthhorseman.net> <CAMm+Lwh3CiHV4L0PJFFnXdjo3prFOY=OZn5yTwW15BXQWU4RFw@mail.gmail.com> <87wq1vemp5.fsf@alice.fifthhorseman.net> <CAMm+LwhkB3cHKe-Y34QbL411qVjdzPhv5e8WFiiRSNmrrD_rGw@mail.gmail.com> <87iodfehtu.fsf@alice.fifthhorseman.net>
Date: Wed, 01 Apr 2015 16:12:16 -0400
X-Google-Sender-Auth: Jw7pXfDikic1FUbLAMDpNwJJJLQ
Message-ID: <CAMm+LwirGjoHwEgR=k1MDbXrGKXv0NZnD7jYcWHac2oGbJDCXA@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/I6cP6VLPg_UhsT7EmBXrm-DsjkY>
Cc: Christoph Anton Mitterer <calestyo@scientia.net>, Brian Sniffen <bsniffen@akamai.com>, IETF OpenPGP <openpgp@ietf.org>
Subject: Re: [openpgp] public logging of e-mail certificates [was: Re: OpenPGP private certification]
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Apr 2015 20:12:19 -0000
On Wed, Apr 1, 2015 at 4:04 PM, Daniel Kahn Gillmor <dkg@fifthhorseman.net> wrote: > On Wed 2015-04-01 14:56:16 -0400, Phillip Hallam-Baker wrote: >> The property we want to get from enrolling the endorsement in a log is >> to fix it in time. So we enroll the hash in the log rather than the >> endorsement itself. > > It sounds to me like what you're aiming for with the log to make a > first-come, first-served arrangement, maybe as a way to distinguish the > "correct" original key from some latecomer spoof that tries to usurp it. > Is that correct? (this is quite different from the goals of CT, as far > as i understand it) > > If FCFS is your goal, how does a user of this scheme considering > multiple keys for e-mail address alice@example.com distinguish the > inevitable legitimate transitions from the would-be usurper? > > Some examples of legitimate transitions: > > * Alice loses her personal root key due to fire/theft/flood/whatever > > * Example Corp. closes down, the example.com domain name goes up for > sale, and the new owner is a different Alice. > > (this is getting pretty far afield of openpgp at this point, i think, so > i'm happy to take this discusion someplace else (therightkey?) if you > prefer). Yeah we could go to RightKey. But I am not arguing for first com first served. I am arguing that the age of an endorsement is significant. An attacker can easily set up an endorsement cartel with 100 people signing each other's keys. But they can't backdate the endorsements to ten years before they decided they needed them.
- Re: [openpgp] New encryption formats for messaging Christoph Anton Mitterer
- Re: [openpgp] New encryption formats for messaging ianG
- Re: [openpgp] New encryption formats for messaging Christoph Anton Mitterer
- Re: [openpgp] New encryption formats for messaging ianG
- Re: [openpgp] New encryption formats for messaging Christoph Anton Mitterer
- [openpgp] Manifesto - who is the new OpenPGP for? ianG
- Re: [openpgp] Manifesto - who is the new OpenPGP … Christoph Anton Mitterer
- Re: [openpgp] Manifesto - who is the new OpenPGP … Phillip Hallam-Baker
- Re: [openpgp] Manifesto - who is the new OpenPGP … Falcon Darkstar Momot
- Re: [openpgp] Manifesto - who is the new OpenPGP … Werner Koch
- Re: [openpgp] Manifesto - who is the new OpenPGP … Stephen Paul Weber
- Re: [openpgp] Manifesto - who is the new OpenPGP … Stephen Paul Weber
- Re: [openpgp] Manifesto - who is the new OpenPGP … Wyllys Ingersoll
- Re: [openpgp] Manifesto - who is the new OpenPGP … Clint Adams
- Re: [openpgp] Manifesto - who is the new OpenPGP … Phillip Hallam-Baker
- Re: [openpgp] Manifesto - who is the new OpenPGP … ianG
- Re: [openpgp] Manifesto - who is the new OpenPGP … ianG
- Re: [openpgp] Manifesto - who is the new OpenPGP … Tim Bray
- Re: [openpgp] Manifesto - who is the new OpenPGP … Phillip Hallam-Baker
- Re: [openpgp] Manifesto - who is the new OpenPGP … Christoph Anton Mitterer
- Re: [openpgp] Manifesto - who is the new OpenPGP … John Kreznar
- Re: [openpgp] Manifesto - who is the new OpenPGP … Werner Koch
- Re: [openpgp] Manifesto - who is the new OpenPGP … Phillip Hallam-Baker
- Re: [openpgp] Manifesto - who is the new OpenPGP … Brian Sniffen
- Re: [openpgp] Manifesto - who is the new OpenPGP … Bill Frantz
- Re: [openpgp] Manifesto - who is the new OpenPGP … Phillip Hallam-Baker
- Re: [openpgp] Manifesto - who is the new OpenPGP … Christoph Anton Mitterer
- Re: [openpgp] Manifesto - who is the new OpenPGP … Christoph Anton Mitterer
- [openpgp] OpenPGP private certification [was: Re:… Daniel Kahn Gillmor
- Re: [openpgp] OpenPGP private certification [was:… Phillip Hallam-Baker
- Re: [openpgp] OpenPGP private certification [was:… Daniel Kahn Gillmor
- Re: [openpgp] OpenPGP private certification [was:… Phillip Hallam-Baker
- [openpgp] public logging of e-mail certificates [… Daniel Kahn Gillmor
- Re: [openpgp] public logging of e-mail certificat… Phillip Hallam-Baker
- Re: [openpgp] public logging of e-mail certificat… Daniel Kahn Gillmor
- Re: [openpgp] public logging of e-mail certificat… Phillip Hallam-Baker
- Re: [openpgp] OpenPGP private certification [was:… Derek Atkins
- Re: [openpgp] public logging of e-mail certificat… Brian Sniffen
- Re: [openpgp] OpenPGP private certification [was:… Phillip Hallam-Baker
- Re: [openpgp] public logging of e-mail certificat… Phillip Hallam-Baker
- Re: [openpgp] Manifesto - who is the new OpenPGP … ianG
- Re: [openpgp] OpenPGP private certification Werner Koch
- Re: [openpgp] OpenPGP private certification Phillip Hallam-Baker
- Re: [openpgp] OpenPGP private certification Christoph Anton Mitterer
- Re: [openpgp] OpenPGP private certification Phillip Hallam-Baker
- Re: [openpgp] OpenPGP private certification Christoph Anton Mitterer
- Re: [openpgp] OpenPGP private certification Werner Koch
- Re: [openpgp] OpenPGP private certification Derek Atkins
- Re: [openpgp] OpenPGP private certification Phillip Hallam-Baker
- Re: [openpgp] OpenPGP private certification Phillip Hallam-Baker
- Re: [openpgp] OpenPGP private certification Christoph Anton Mitterer
- Re: [openpgp] OpenPGP private certification Christoph Anton Mitterer
- Re: [openpgp] OpenPGP private certification Phillip Hallam-Baker
- Re: [openpgp] OpenPGP private certification Christoph Anton Mitterer
- Re: [openpgp] OpenPGP private certification Werner Koch
- Re: [openpgp] OpenPGP private certification ianG
- Re: [openpgp] OpenPGP private certification [was:… ianG
- Re: [openpgp] public logging of e-mail certificat… Phillip Hallam-Baker
- Re: [openpgp] public logging of e-mail certificat… ianG
- [openpgp] New encryption formats for messaging David Leon Gil
- Re: [openpgp] OpenPGP private certification Ben McGinnes