Re: [openpgp] Web Key Directory I-D -07

Werner Koch <wk@gnupg.org> Tue, 13 November 2018 21:15 UTC

Return-Path: <wk@gnupg.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 52142130DCB for <openpgp@ietfa.amsl.com>; Tue, 13 Nov 2018 13:15:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.001
X-Spam-Level:
X-Spam-Status: No, score=-7.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=gnupg.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2djTL_rmWDVj for <openpgp@ietfa.amsl.com>; Tue, 13 Nov 2018 13:15:11 -0800 (PST)
Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B69CA130DE0 for <openpgp@ietf.org>; Tue, 13 Nov 2018 13:15:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnupg.org; s=20181017; h=Content-Type:MIME-Version:Message-ID:In-Reply-To:Date: References:Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=e2vjEm5IBMT5SaJHSLTkRuE5od/j+t8RiUyZS2MtzwY=; b=Dau+SBztjtdYevA722PHf8pM0Q DZqvQKyXPJTGwtAWz3t6zzgeVypIYoHwoGdo/Pqhr9j5UotIKnxLgHj4lftNOVKWt68Hj8FUOxUPa VxI5ddwlnz0Ups0i293xzcDeFgsD87v8xQbcQkzTw68uIlE4zpQVN6IscTwSR0RCxTN8=;
Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.89 #1 (Debian)) id 1gMg1d-0003jp-2G for <openpgp@ietf.org>; Tue, 13 Nov 2018 22:15:09 +0100
Received: from wk by wheatstone.g10code.de with local (Exim 4.84 #3 (Debian)) id 1gMg0I-00059y-KT; Tue, 13 Nov 2018 22:13:46 +0100
From: Werner Koch <wk@gnupg.org>
To: Bart Butler <bartbutler@protonmail.com>
Cc: "openpgp\@ietf.org" <openpgp@ietf.org>
References: <878t1xoz37.fsf@wheatstone.g10code.de> <9J2v287mmh9FWFLrXjxZGnVjA8HNCHpPc2wyEDDqhGeKAhE7grR6JKFMRoHJfKSq9qcjDGRNfoJ5sEODERtP0Q==@protonmail.com>
Organisation: GnuPG e.V.
X-message-flag: Mails containing HTML will not be read! Please send only plain text.
Mail-Followup-To: Bart Butler <bartbutler@protonmail.com>, "openpgp\@ietf.org" <openpgp@ietf.org>
Date: Tue, 13 Nov 2018 22:13:46 +0100
In-Reply-To: <9J2v287mmh9FWFLrXjxZGnVjA8HNCHpPc2wyEDDqhGeKAhE7grR6JKFMRoHJfKSq9qcjDGRNfoJ5sEODERtP0Q==@protonmail.com> (Bart Butler's message of "Tue, 13 Nov 2018 20:35:15 +0000")
Message-ID: <875zx0n0j9.fsf@wheatstone.g10code.de>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=keyhole_morse_SRI_Belknap_Vince_Foster_Bosnia_Merlin_CID_CISU_securi"; micalg=pgp-sha256; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/IqRszOuEw3thAFlitSToG-Lf3Bs>
Subject: Re: [openpgp] Web Key Directory I-D -07
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Nov 2018 21:15:14 -0000

On Tue, 13 Nov 2018 21:35, bartbutler=40protonmail.com@dmarc.ietf.org
said:

> routing in the same way for WKD as it does for incoming mail. As such,
> things like case, subaddresses with +, catch-all, etc. will

We had some internal discussion and came to the conclusion that it is
best to not care about sub-addresses in the protocol.  It should be a
MUA only thing and nobody should create a key for a subaddress.

With the help of Kristian I took a look at the 5.3 million keys on the
SKS servers and we found only 3055 unique mailboxes with a '+' in it.
After removing leading and trailing '+' as well as multiple '+'
(e.g. "c++" or "foo+bar+baz") 2697 were left which seem to be valid
sub-addresses. 

Now this is definitely a minority and there oweners can be asked (or
gpg-wks-client does it on the fly) to create another user-id without the
subaddress.

To help MUAs, I started to change gpg to strip off sub-addresses; at
least for WKD queries.

> So if I request from ProtonMail Bart.Butler@protonmail.com, I would
> get a key back with bartbutler@protonmail.com, and the clients could

I doubt that we can do anything about this except for adding another
user id to the key.  There would be just too many cases and that simple
protocol would be much complex to implement and also fully lose the
property of a simple one to one match.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.