Re: [openpgp] Stateless OpenPGP command line interface proposal

Santiago Torres-Arias <santiago@archlinux.org> Mon, 28 October 2019 20:41 UTC

Return-Path: <santiago@archlinux.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7A94A120096 for <openpgp@ietfa.amsl.com>; Mon, 28 Oct 2019 13:41:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.821
X-Spam-Level:
X-Spam-Status: No, score=-1.821 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_NEUTRAL=0.779] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SIN28hgugfj5 for <openpgp@ietfa.amsl.com>; Mon, 28 Oct 2019 13:41:34 -0700 (PDT)
Received: from mx1.riseup.net (mx1.riseup.net [198.252.153.129]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 43DBA120072 for <openpgp@ietf.org>; Mon, 28 Oct 2019 13:41:34 -0700 (PDT)
Received: from bell.riseup.net (bell-pn.riseup.net [10.0.1.178]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.riseup.net", Issuer "Sectigo RSA Domain Validation Secure Server CA" (not verified)) by mx1.riseup.net (Postfix) with ESMTPS id 47267v1NXhzFcNP; Mon, 28 Oct 2019 13:41:31 -0700 (PDT)
X-Riseup-User-ID: F884FB1A4840A646EF4732DD72576C4F8BE181B0812FC97C55B303121A9F7845
Received: from [127.0.0.1] (localhost [127.0.0.1]) by bell.riseup.net (Postfix) with ESMTPSA id 47266p41xFzJsrf; Mon, 28 Oct 2019 13:40:34 -0700 (PDT)
Date: Mon, 28 Oct 2019 16:40:33 -0400
From: Santiago Torres-Arias <santiago@archlinux.org>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Cc: openpgp@ietf.org
Message-ID: <20191028204032.bubbzueti2ebpobm@LykOS.localdomain>
References: <87ftjck4fc.fsf@fifthhorseman.net>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="22z5hniabnxgprq3"
Content-Disposition: inline
In-Reply-To: <87ftjck4fc.fsf@fifthhorseman.net>
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/MoqZ5zWc3dxUeSP_OhAZ57VIpxw>
Subject: Re: [openpgp] Stateless OpenPGP command line interface proposal
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Oct 2019 20:41:36 -0000

On Mon, Oct 28, 2019 at 04:20:39PM -0400, Daniel Kahn Gillmor wrote:
> Hi OpenPGP folks--
> 
> The recently-announced OpenPGP test suite [0] inspired me to try
> drafting a spec for a purely-functional, stateless OpenPGP command line
> interface.  The idea is that different implementers could provide the
> same interface, focusing specifically on the object security aspect of
> OpenPGP (leaving aside identity management).
> 
> An example (using "sop" as the command, short for "Stateless OpenPGP"):
> 
>     sop generate 'Alice Lovelace <alice@openpgp.example>' > alice.sec
>     sop convert < alice.sec > alice.pgp
> 
>     sop sign --as=text alice.sec < announcement.txt > announcement.txt.asc
>     sop verify announcement.txt.asc alice.pgp < announcement.txt
> 
>     sop encrypt --sign-with=alice.sec --as=mime bob.pgp < msg.eml > encrypted.asc
>     sop decrypt alice.sec < ciphertext.asc > cleartext.out
> 

I think this is a *phenomenal* idea. I wonder if this could mature in a
well-defined API that e.g., gpgme could adopt?
 
> I've just published an initial draft of this specification here:
> 
>     https://datatracker.ietf.org/doc/draft-dkg-openpgp-stateless-cli/
> 
> It's tracked as markdown source in git at:
> 
>     https://gitlab.com/dkg/openpgp-stateless-cli
> 
> But i'd very much like other contributions or authors.  If you're an
> implementer of an OpenPGP toolkit, and you think you might take a crack
> at implementing part of it, i'd love your feedback.  If there's
> sufficient interest in the community, i'd be happy to move the `sop`
> spec over to https://gitlab.com/openpgp-wg/ so that it's clearly not
> something that i'd be a blocker on.

I'll definitely take a look, as we implement bits and pieces of
rfc4880/rfc4880bis on NYU's securesystemslib.

Thanks!
-Santiago.