Re: [openpgp] saltpack on OpenPGP message format problems
Phillip Hallam-Baker <phill@hallambaker.com> Tue, 01 March 2016 19:12 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9115D1B3FE6 for <openpgp@ietfa.amsl.com>; Tue, 1 Mar 2016 11:12:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ar7eu0mh7LM2 for <openpgp@ietfa.amsl.com>; Tue, 1 Mar 2016 11:12:38 -0800 (PST)
Received: from mail-lf0-x235.google.com (mail-lf0-x235.google.com [IPv6:2a00:1450:4010:c07::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 680C81B3A19 for <openpgp@ietf.org>; Tue, 1 Mar 2016 11:12:38 -0800 (PST)
Received: by mail-lf0-x235.google.com with SMTP id j186so45712943lfg.2 for <openpgp@ietf.org>; Tue, 01 Mar 2016 11:12:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to; bh=s8N9gMeyF2tYqYbeF7+1CU/k738nlJ3xNaz3YA+kbJc=; b=mBM6n8lpAEe+QoNSXMx4CljgvFOZu8qi2wTR5xmK2tr80MxxXk+RZiySpixX9vCfbw 93AmBuqiv8IETmXQ8toe4WWNhtJvYRytMkZdna1MJQAxwYr19e7+k22EeMR528NbiSbJ mY4H4d1sNaHO+VHlX02fSAP4qrueathbbpqbDZbGUdB6oKrvr5JPutwZvlP5fSaWHY5T 0qkBv26m1QFBuelWbIc+N0rmMheIxOsQs8QE22xe3w9MDWudADEerfEmW/nQCsyiGAnH MuD05ZAMSTQm+4WeFFIsuSAQ+80vDdqTtOjr5OSdnyhdrypjgJmYy/2iJromvYww4bP7 HJ5Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:date :message-id:subject:from:to; bh=s8N9gMeyF2tYqYbeF7+1CU/k738nlJ3xNaz3YA+kbJc=; b=EF+fxIOrO6nAVQzCvbSzRNKfHuEs3xFgWmnHk+KltfBv40CfxH4jg77YO3OTUvwFm1 G/JsAU1Uewf0ynHPXJ4LnqPvRhwmY/4GtZV8wRGJPr1i6ZSZS0xDCkketZ2OGwMYucwH diIMsHY1Kaj3SAyzF/q5g9eSBkmDulSJ0sm3nJVTCUWzVkokRDjHnGJIz8SrssGj7CKK 050Unc49NHMwYaJ3JSwq6njBWpkUEHOt4MrK85oh0CTlAduPMneDu0I4LXcY0d9P2wku 4H6Q8QgLrulFQKo5UU2dF6S7zHhQT6qThekC6C3/RrY8Yl91Xs6whg8bo7kaFe18/zRo tjzA==
X-Gm-Message-State: AD7BkJJ9JC+zrHCd9Yc0VDqC2wdQwC+DRpHYeSPx7ioxmhDdagbd4wdXOULg45QJBzOOHZQoC446NgpZoeMcPw==
MIME-Version: 1.0
X-Received: by 10.25.205.7 with SMTP id d7mr8525585lfg.70.1456859556458; Tue, 01 Mar 2016 11:12:36 -0800 (PST)
Sender: hallam@gmail.com
Received: by 10.112.151.67 with HTTP; Tue, 1 Mar 2016 11:12:36 -0800 (PST)
In-Reply-To: <87d1s27wwa.fsf@vigenere.g10code.de>
References: <56BB0308.8020504@iang.org> <20160210160641.GA3090@singpolyma-liberty> <9A043F3CF02CD34C8E74AC1594475C73F4BED18C@uxcn10-5.UoA.auckland.ac.nz> <87lh6rbp5n.fsf@vigenere.g10code.de> <9A043F3CF02CD34C8E74AC1594475C73F4BEE527@uxcn10-5.UoA.auckland.ac.nz> <87d1s27wwa.fsf@vigenere.g10code.de>
Date: Tue, 01 Mar 2016 14:12:36 -0500
X-Google-Sender-Auth: XC4oNLsR_wEw9iG-OEyrfrBgxxA
Message-ID: <CAMm+LwgyXQeymwkip-piHftA95K1RyzYYCUYt_X43zf_CLU5bA@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>, Stephen Paul Weber <singpolyma@singpolyma.net>, "openpgp@ietf.org" <openpgp@ietf.org>, ianG <iang@iang.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/ITHJro8hSOCpFi9VnqDAgYJlnds>
Subject: Re: [openpgp] saltpack on OpenPGP message format problems
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Mar 2016 19:12:39 -0000
Reconsidering this issue in the wake of the Apple/FBI set to... I think one point that has been massively overlooked by traditional crypto applications is the need to store private keys securely. In particular, it should be possible to fix private keys to a device such that the key can be used on that device but it is not possible to remove the key from the device and install it on another device without 'heroic' efforts (e.g. uncapping the CPU and reading it with a scanning electron microscope). In particular, this has tended to be something that it is 'assumed' is merely a platform issue. But having tried to implement such, I am very sure that it is not and that you really need to consider the use of trustworthy security features such as the iOS Secure Enclave or Microsoft's TPM. when designing the protocol. And I have no doubt that the NSA BULLRUN shills have been assiduously stroking anti-DRM ideology as a way of discouraging implementation of strong hardware security measures. Now that we are seeing machine compromise as a vector for poisoning open source projects with malware, we need to change our approach. What would help perhaps is some better info as to what features are out there and widely supported. The NSA has been very successful in discouraging people from pushing for these features. But they are very much needed.
- [openpgp] saltpack on OpenPGP message format prob… ianG
- Re: [openpgp] saltpack on OpenPGP message format … Neal H. Walfield
- Re: [openpgp] saltpack on OpenPGP message format … Stephen Paul Weber
- Re: [openpgp] saltpack on OpenPGP message format … Neal H. Walfield
- Re: [openpgp] saltpack on OpenPGP message format … Stephen Paul Weber
- Re: [openpgp] saltpack on OpenPGP message format … Neal H. Walfield
- Re: [openpgp] saltpack on OpenPGP message format … Vincent Breitmoser
- Re: [openpgp] saltpack on OpenPGP message format … Neal H. Walfield
- Re: [openpgp] saltpack on OpenPGP message format … Vincent Breitmoser
- Re: [openpgp] saltpack on OpenPGP message format … Peter Gutmann
- Re: [openpgp] saltpack on OpenPGP message format … Werner Koch
- Re: [openpgp] saltpack on OpenPGP message format … Ben Laurie
- Re: [openpgp] saltpack on OpenPGP message format … Peter Gutmann
- Re: [openpgp] saltpack on OpenPGP message format … Werner Koch
- Re: [openpgp] saltpack on OpenPGP message format … Derek Atkins
- Re: [openpgp] saltpack on OpenPGP message format … ianG
- Re: [openpgp] saltpack on OpenPGP message format … Phillip Hallam-Baker
- Re: [openpgp] saltpack on OpenPGP message format … Rick van Rein