Re: [openpgp] [openpgp-email] Keyserverless Use of OpenPGP in Email

Ruben Pollan <meskio@sindominio.net> Wed, 13 April 2016 21:54 UTC

Return-Path: <meskio@sindominio.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E84EB12DFDA for <openpgp@ietfa.amsl.com>; Wed, 13 Apr 2016 14:54:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.897
X-Spam-Level:
X-Spam-Status: No, score=-2.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Va2J3L6x4uG8 for <openpgp@ietfa.amsl.com>; Wed, 13 Apr 2016 14:54:16 -0700 (PDT)
Received: from eternauta.sindominio.net (eternauta.sindominio.net [80.81.122.47]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4DF8D12DFBE for <openpgp@ietf.org>; Wed, 13 Apr 2016 14:54:16 -0700 (PDT)
Received: from localhost (localhost.localdomain [127.0.0.1]) by lesnaus.sindominio.net (Postfix) with ESMTP id A6AC3403C75; Wed, 13 Apr 2016 23:54:13 +0200 (CEST)
Received: from eternauta.sindominio.net ([127.0.0.1]) by localhost (lesnaus.sindominio.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FqxXnnlB3MLi; Wed, 13 Apr 2016 23:54:10 +0200 (CEST)
Received: from localhost (unknown [95.63.56.146]) (using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by lesnaus.sindominio.net (Postfix) with ESMTPSA id B016B403C51; Wed, 13 Apr 2016 23:54:09 +0200 (CEST)
Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="pgp-sha512"; boundary="===============6280268847554879418=="
MIME-Version: 1.0
Content-Disposition: inline
To: Vincent Breitmoser <look@my.amazin.horse>
From: Ruben Pollan <meskio@sindominio.net>
In-Reply-To: <20160413171922.GB4283@littlepip.fritz.box>
References: <20160412121549.GB16775@littlepip.fritz.box> <20160412154918.1ca8da7c@latte.josefsson.org> <146047167027.5102.16171502176440717800@KingMob> <20160413171922.GB4283@littlepip.fritz.box>
Message-ID: <146058444780.3366.15556575961859224432@KingMob>
Date: Wed, 13 Apr 2016 23:54:07 +0200
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/OUh59RoiVvSMf8lliJuHfa3WqJw>
Cc: Simon Josefsson <simon@josefsson.org>, IETF OpenPGP <openpgp@ietf.org>, openpgp-email <openpgp-email@enigmail.net>
Subject: Re: [openpgp] [openpgp-email] Keyserverless Use of OpenPGP in Email
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Apr 2016 21:54:19 -0000

Quoting Vincent Breitmoser (2016-04-13 19:19:22)
> Ruben Pollan(meskio@sindominio.net)@Tue, Apr 12, 2016 at 04:34:30PM +0200:
> > In bitmask we do some of the things you propose Vincent. We attach public keys 
> > to all sent emails until we get an email encrypted to this public key. We attach 
> > the key as a mime part, because enigmail already have support for that and is 
> > one click to import it in your keyring.
> 
> That's nice for interoperability but is also, imo, simply one click too
> much.

Yes, that is why we automate the key fetch from this attachments and there is no 
user action involved.

> > We also add the OpenPGP header to all the sent emails and use it to discover 
> > keys from the 'url' field if it's https and from the same domain than the 
> > email address.
> 
> I don't think the URI field can gain any reach as long as it has to rely
> on users manually uploading the key somewhere. If an email provider did
> provided this service and added the header, that might work... but then
> the DANE approach probably works better for that scenario.

If I understood correctly DANE your are making public the list of all the email 
addresses (with OpenPGP keys) in your provider. I'm not sure how much I like 
that. But it's probably not worst that uploading the keys to the key servers 
anyway.

We do upload the keys to the provider automatically and publish them in a 
normalized url.

> > We need to be able to revoke, extend expiration, rotate subkeys, ...
> 
> Timed updates from keyservers aren't as affected by the the
> connectivity, delay, and privacy problem as on-the-fly lookup while
> reading mail.

Agree :)

-- 
Ruben Pollan  | http://meskio.net/
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
 My contact info: http://meskio.net/crypto.txt
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Nos vamos a Croatan.