[openpgp] OpenPGP-CA at Proton
Aron Wussler <aron@wussler.it> Fri, 28 October 2022 11:09 UTC
Return-Path: <aron@wussler.it>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D998C14CF1E for <openpgp@ietfa.amsl.com>; Fri, 28 Oct 2022 04:09:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=wussler.it
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ga7UmvS348Tr for <openpgp@ietfa.amsl.com>; Fri, 28 Oct 2022 04:09:28 -0700 (PDT)
Received: from mail-40136.proton.ch (mail-40136.proton.ch [185.70.40.136]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 04B87C14CF02 for <openpgp@ietf.org>; Fri, 28 Oct 2022 04:09:27 -0700 (PDT)
Date: Fri, 28 Oct 2022 11:09:16 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wussler.it; s=protonmail3; t=1666955364; x=1667214564; bh=+Y3K4n5kqCbxyPXxsmAxO27TAJyT1LXVq+B/qCYDk9I=; h=Date:To:From:Subject:Message-ID:Feedback-ID:From:To:Cc:Date: Subject:Reply-To:Feedback-ID:Message-ID:BIMI-Selector; b=bDN9abBC+ZdXE5W84pClcGx8AUOPv2oZTTtCVEkdNseMw8kStR6renOGwCPaj2901 I2iZhf5xOQVRyCrM4cx+HLjyua8NwLxCkqlwKyw5fMzn42zHyy+DG7qhjysIzXt8Zu UWw+OM0ECdRaf5SChXp0xn3uXCpy/UGiWfKXGkhsPPrKLOVbBWijoAadHYwsZR2txO c+Cbe5HF0uXcN7DAbRkonWBLAcXHgwy5UMTzdBHjdAseRpr1PTOA/GBAO+uW34nitx ymKSBpirPh+zQZRCU7Q6XKpCimVHwcfIf4eF8DTM0j/5ekd6IAOADR1d3PbqfYOcXV qKn4Oa+rlmIaw==
To: "openpgp@ietf.org" <openpgp@ietf.org>
From: Aron Wussler <aron@wussler.it>
Message-ID: <CUXlLtkiGtye-Jp5TpmQrDxcA1mcdfo30HTYwzyJrKTFxjlCy2srGS1Ns9EMxq4nBz85zvUpMTdjHxfU_jqmbGOQZifembqeHbFfVHe_osY=@wussler.it>
Feedback-ID: 10883271:user:proton
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="pgp-sha512"; boundary="------ce53aeceea547087d5cc2343ce3b486d8a5796a5391e8de08e215962d2fe700d"; charset="utf-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/PhCP2Ucb4vE6NlSkNLjrvTNXKW0>
Subject: [openpgp] OpenPGP-CA at Proton
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Oct 2022 11:09:34 -0000
Hi all, as promised at the summit we've been working on a CA to sign Proton users' keys. We're following the OpenPGP-CA [1] idea, adding a generic certification on the public keys that can be retrieved from WKD or PKS. Signatures last 6 months, and will be extended maintaining the original creation, to allow de-duplication (the duration of the new signature will be a strict superset of the previous). Furthermore signatures contain the Issuer ID, to locate the CA key in an easier way. I personally would like to thank all the developers of OpenPGP-CA for creating the project, even though we can't run the code directly because of scalability issues, the idea is great and I wish it a wide deployment! On this note, we also added support for external certifications onto imported keys: if you are running your own CA you can import your private key directly signed and those signatures will be seamlessly made available on the public key. You can fetch the CA key at the WKD address openpgp-ca@proton.me or via PKS at [2] . We're still finishing to sign all the backlog of keys, so don't worry if some keys are not signed yet. The official announcement can be found at [3]. Cheers and happy verification, Aron [1] https://openpgp-ca.org/ [2] https://api.protonmail.ch/pks/lookup?search=openpgp-ca@proton.me&op=get [3] https://proton.me/blog/why-we-created-protonca -- Aron Wussler Sent with ProtonMail, OpenPGP key 0x7E6761563EFE3930
- [openpgp] OpenPGP-CA at Proton Aron Wussler
- Re: [openpgp] OpenPGP-CA at Proton Heiko Schäfer