Re: [openpgp] Web Key Directory I-D -07

azul <azul@riseup.net> Thu, 15 November 2018 09:13 UTC

Return-Path: <azul@riseup.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B9571277D2 for <openpgp@ietfa.amsl.com>; Thu, 15 Nov 2018 01:13:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=riseup.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yDX8klClUjoM for <openpgp@ietfa.amsl.com>; Thu, 15 Nov 2018 01:13:38 -0800 (PST)
Received: from mx1.riseup.net (mx1.riseup.net [198.252.153.129]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 40639126BED for <openpgp@ietf.org>; Thu, 15 Nov 2018 01:13:38 -0800 (PST)
Received: from piha.riseup.net (piha-pn.riseup.net [10.0.1.163]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.riseup.net", Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK)) by mx1.riseup.net (Postfix) with ESMTPS id E737B1A016D for <openpgp@ietf.org>; Thu, 15 Nov 2018 01:13:36 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1542273217; bh=IdgjwGPcxMOic1nlO5XpWjrJELIKToGXPuHf8EnISU4=; h=To:References:From:Subject:Date:In-Reply-To:From; b=KZsjJda1oMDnboNFKlS9kfqHPtebqjAy0CBCbV6MqT1+bKf7ub8d37sxVQ6q/soir waMKCdXgOgryshHvPTlefs3RIxd8vmjpvwG61kdgCCkMdvCgcBR3Ewhyv0Dy7E/B2a kKNJMPmw/p+4QFwvzMAC6qeh0MIa2iJhckvPf3D8=
X-Riseup-User-ID: 833EC5BB846701233525FB4419287739319F5004F75DED45E59E2DC4656556EE
Received: from [127.0.0.1] (localhost [127.0.0.1]) by piha.riseup.net with ESMTPSA id 180A666C67 for <openpgp@ietf.org>; Thu, 15 Nov 2018 01:13:35 -0800 (PST)
To: openpgp@ietf.org
References: <878t1xoz37.fsf@wheatstone.g10code.de> <9J2v287mmh9FWFLrXjxZGnVjA8HNCHpPc2wyEDDqhGeKAhE7grR6JKFMRoHJfKSq9qcjDGRNfoJ5sEODERtP0Q==@protonmail.com> <875zx0n0j9.fsf@wheatstone.g10code.de> <lVvFGxVUkBNCpL2ek6IOg0IR5V0Y94sscgd72rcoZ_obkE-9WZ6L-wz9BXlxclZ8dXoc9dCMLndA8-LVMG5vcA==@protonmail.com> <87sh04km1x.fsf@wheatstone.g10code.de>
From: azul <azul@riseup.net>
Openpgp: preference=signencrypt
Autocrypt: addr=azul@riseup.net; prefer-encrypt=mutual; keydata= xsFNBE7u/F4BEADNkng1S+8C/llxQ7DP+pTr9DkYHt+e2zz2WthTgcRxZD7dPut1T2i/5gr7 BYuOqrJZVc7L5BwMt+xr6J+jovhbtvC6bpIC61WpCB66vrDgFb9lfb8gwKPAjvxsnei6SytU YPSYGzuuTofh7Zjc2J/uimhuEYz1BC0Nu9tIenyxCy9433rZWA+qfNL4F+ltGD+LJxlbu1TB qfmv7oPSZdlFGrwI1O/FsIVnObbWvj/gA9ahyxxFcFz0wffMwywpCcPO9H3HVpL20nFpTb5v j4NZ/HGHpGxxTssqJmY++MefrWDqpzVLRmGq87HWauUo+G3w2Gv6ZSrZHpllzi/YQXyPhcr8 a4U/TpXOyzAycMyiudcpWHGqBFHjp1P4YA9u3WIFVvlgSkFuie3Ypa3LL89hg9FxCclH3Zq3 GD3uKZIZkHoPCs6EbQDaVFriPKTUCixy139/U4FlEfMFV769h4KZoDECURaI+vEtBz9TzFU9 SS7xe5Fw+KTuu+VCoypL4pmQGCRol6IKfjp0LDZtMI6AZDPJFAaNIyVonEBm5T+yaflN9rqH WOyyMKP9cEKAxiDs1IlHHr9EMoZagxt4UaiaQS/Jx8RcSYUiOHgHruT6L+FN4nkHuhSDXh/j J2zNcn/oieeKkIffK0mF09hSQRiLp69tuVeBDE7Fu+B2CYA4gQARAQABzRdBenVsLiA8YXp1 bEByaXNldXAubmV0PsLBlwQTAQoAQQIbIwIeAQIXgAIZAQULCQgHAwUVCgkICwUWAgMBABYh BLtwsBYESQEKAK9J6Hhghawg00V9BQJbs4LRBQkOpbnzAAoJEHhghawg00V9FggP/0KWzd9R Lk7XZL2yZbLzlxyjM7bvkNjwHIoH2ko+axRFEtlsudFDpVfF7InZ6wZ8AI2L/OWBT7AEdTUX ig5IdUKtk5AI2hp5TycuQqxapJuXME/3hLxvuwHfKGFDj8CPf52CvAACGoN0hAaBO7ZUwKbQ hSB8lwYSsPxXvQMoU/Jyl2Dm5Wq4qGJaw829QGGIGgOKb8uZlR6Mk0Fmf/JGkuwEwHsCpsuF rxeSh8HtY32yDRtsRqd23IrYZpJ2tJpheWtKstOrzcGtFQ2m3/gsi8J03B1Oc5iIOJ223muE A1FOxVh1c5TTf7aP30EyQbe88M4tU3PTN/n9lfgtJAEFyeOlm7tYg2F1ZzyxiRC1Q4Xq1kdH Of3D/FqBR8OPbqDJY3eAnuUUI+DRLiCK+r2SMLcz15bZup1mHlxh0z9nKUDHbct7JAWFOpNz VFPZY0j4FWf3LXB3gvqrVbZ5JW3D+QDoIEgSOab4y/4t4M6FBRtkmu6PhZhuAoDBgmhV7zgd ieHAUjvbepLStimy4BqtCjgA07V+M33HYD07r9r4joGGlGwUwRz0DSGvgMSRO5P/fG7HewB3 X7Yl0XYCF1swIaUm/qy12Ar/NS3Bby+tGe/WYv/tlDYpsTZ8MmxE+/WMieXpYWNp/z1W9Jf6 1bxAstuB0QFE+24yaPKZPspWubNDzsFNBFn62gUBEAC4w0+lWkDqB3UdchGx3Y8jwDmWckbA 1AYlDEgkTP+FgIOJLdBP8gvI8S76DtDn6UMyFGFemTwL6S2BiWebMWORyrQWBblw9/QJn4g6 Fb8z920BsBxR/iIymww2HoY2CDC/4lyUEmbqVn1zYnYY2zLgLHq/z48vI9c3XxGW2miuBWfj m+rQmADyJ2nTFbQvgDYeoPTKm1ZAvuXt0gEOPRHExXXkiiWv6seBwjf9tTUq1GCuVqDN39L7 C/3jhm3ITeHIqyPYyLdLtAAf+ycm/2sP7i7Y7UqZlCtWgf/Gbt5vZuo5Oa6MCodrZzqH2gqh /fmzcChsVp8r9VsTol2LjWUKjBonwsqgXe4H5Rph6fWPE6SBm+c1fmBtUn9wvGpyuGklYWG2 jgtx/+Cg3ESh72M1sINnSyseSYJX5gB+4cCjPhs2DJhrByasyDBa1mXZZIuDZL01wJYeY2G3 pJjU/gDt7mg310dgPiChTL78cbji3cr1GrlDdiGoVTOZd/P3mueQ/p+8B+rwJklHWaWCVztX XYUduaneB5q9gpI43YCYBy/PzbEADreOTC9wcqcQC27oz1YB9zH27d1Z2rmsU6v79h1pyA8u jfsOy0vcdhcx6p/LvXnCpw9hy5sxFJgLJWLDsUt2n7celQaVM8wnkProsDXLIZDnyZqt5Aa0 D6GA5wARAQABwsF8BBgBCgAmAhsMFiEEu3CwFgRJAQoAr0noeGCFrCDTRX0FAluzgwUFCQOZ 3IAACgkQeGCFrCDTRX3i4Q/7B6pOSudvI8KKNqlYlazGcD0wDV5u15oU84FeesD82ONxY/7n 2CZCd/62vQyCj61kfPqcH7TE/ktBOw049uZzSQZO7xR1hPf55hAB4g/ZheygDtQWT48RI5Y+ QEMCLd4zXtIllv8WZHXU8SqTLUG0NdBj1stKM47tBpvoeAom4pmljH/88HCqM02BDrvu4wgr jTY8Qt5uuonlk2MTUrbWZEWTkJpyDSVsuSIKmPnbKhpkkjGu/+2aKjz4HHoV8XDQhLM45rxt 8NY4hGqbUUv7tnL/Rk45V0qv/QOG6b5DFywswGwR7NLwWI4g0jbgawXdUg8sg2IupP2MdW3u 5Hl2YEtV0wNS6A5hUsqnBWSZ79s0N4e2A5fy2uWgKyVV/ojN7mXwNDQR4urvdO2GL1pWqHvT Aiag807r3m9ioHq4YWK4QuDwuQT9kSLZq5ElCe0Goab6UDHukbqTJ+vF6FufSE5IOM0/P7ey 6ofT9kVbY6X6V7ozFC7WkmTp0fyA3YQIN75Xgo7SOfQKIqluyXo217aQ0g3ulSERtoJXliEu VR1TnZgweE9/V6anq7cIcOUwH6xbaEtIwvC48dLkp7Nl3QAwuRcoVoLi5Qft0OEFWfyEmiYP c9R3pR0HVlPQq4qMTbUpudmtzTvuIu04krwK2a+dGT+HYMLVek1rtKAiBv8=
Message-ID: <0a788c9c-cd3f-76df-4f65-754b0e08eb24@riseup.net>
Date: Thu, 15 Nov 2018 10:13:21 +0100
MIME-Version: 1.0
In-Reply-To: <87sh04km1x.fsf@wheatstone.g10code.de>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/Uuao6Yb9cfkwdU75OR5QhSNjOBE>
Subject: Re: [openpgp] Web Key Directory I-D -07
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Nov 2018 09:13:41 -0000

Hello,

Am 14.11.18 um 11:09 schrieb Werner Koch:
> On Tue, 13 Nov 2018 22:37, bartbutler=40protonmail.com@dmarc.ietf.org
> said:
>
>> "The key MUST carry a User ID packet ([RFC4880]) containing the email address to which mail sent to the queried email address will be routed."
> You are talking about how mail is routed, the spec is about discovering
> the one and only key to be used for a given mail address.  And by key I
> mean the OpenPGP keyblock, that is the public key plus one user ID (or
> several if they have the same addrspec part).
>
> A mail address is here considered as an identifier for an entity and not
> as an addressing scheme for mails.  An entity may have several
> identifiers like Werner.Koch@foo, Werner_Koch@foo, wernerkoch@foo,
> wk@foo, koch@foo.  That is a pretty normal but there is no way a sender
> can decide whether they are all the same; for example the last two of
> the list could also identify my brother.
>
> A sender gets hold of one mail address and that must have been relayed
> (direct or indirectly) to them by the owner of that mail address.  The
> recipient needs to take care that a key exists for that very mail
> address.
I think the last sentence exactly captures the difference between the
two approaches.
Who needs to take care that a key exists / pick an existing key for a
different email address routed to the same mailbox.

One of the use cases I have for the '+' syntax is registering to
services with email addresses that allow me to remember where i used
them and filter mails based on them.

One example would be using 'azul+conference_name@riseup.net'; to register
to a conference.
It's low overhead. I can just come up with a addition to my email
address when filling in a web form. If I later receive spam to that
address I know who leaked my email address.

Providing a key for the new address or even publish all those addresses
in my key do not seem like an option for me. Therefor the party I
submitted the form to will not be able to get back to me with an
encrypted email even if i have a key in the wkd.

I don't quite understand the downside of relaxing the spec in this
regard. As far as i understand it it would not require implementations
to lookup which mailbox an address would route to. It would just allow
it. For some providers / implementations this may be trivial and other
may choose to not do it.

Where does the need for the matching user_id come from?

One downside I see is that the mechanism could be used to detect where
an email address routes to. In the case of azul+conf this may be easy to
guess. But for aliases users do not expect them to be linkable without
any interaction on their side.

Cheers,
 Azul