Re: [openpgp] Keyserverless Use of OpenPGP in Email
Vincent Breitmoser <look@my.amazin.horse> Tue, 12 April 2016 13:40 UTC
Return-Path: <look@my.amazin.horse>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 64FA712DFAB for <openpgp@ietfa.amsl.com>; Tue, 12 Apr 2016 06:40:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vbsDuaN5Oc4q for <openpgp@ietfa.amsl.com>; Tue, 12 Apr 2016 06:40:26 -0700 (PDT)
Received: from mail.mugenguild.com (mugenguild.com [5.135.189.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3690112DDFD for <openpgp@ietf.org>; Tue, 12 Apr 2016 06:40:26 -0700 (PDT)
Received: from localhost (dhcp176-217.wlan.rz.tu-bs.de [134.169.176.217]) by mail.mugenguild.com (Postfix) with ESMTPSA id 871725FAE3; Tue, 12 Apr 2016 15:40:24 +0200 (CEST)
Date: Tue, 12 Apr 2016 15:40:22 +0200
From: Vincent Breitmoser <look@my.amazin.horse>
To: Paul Wouters <paul@nohats.ca>
Message-ID: <20160412134022.GB20078@littlepip.fritz.box>
References: <20160412121549.GB16775@littlepip.fritz.box> <29B66C8D-BAD3-42C6-A8E7-8D243FF45A02@nohats.ca>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="WYTEVAkct0FjGQmd"
Content-Disposition: inline
In-Reply-To: <29B66C8D-BAD3-42C6-A8E7-8D243FF45A02@nohats.ca>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/WEbwSsYBuMkfpK108W5GQ3smKFU>
Cc: IETF OpenPGP <openpgp@ietf.org>
Subject: Re: [openpgp] Keyserverless Use of OpenPGP in Email
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Apr 2016 13:40:32 -0000
I have, and it indeed solves the ddos-problem of keyservers. It still requires connectivity, introduces an arbitrary lookup delay, leaks metadata, and most importantly - it's not deployed. I would love to see it in action at scale, but even on my most hopeful of days I reckon it will be years until it's commonly supported by mail providers. - V Paul Wouters(paul@nohats.ca)@Tue, Apr 12, 2016 at 10:15:36AM -0300: > Have you looked at the openpgpkey DNS record which is going to be an RFC very soon? > > https://tools.ietf.org/html/draft-ietf-dane-openpgpkey-07 > > Paul > > Sent from my iPhone > > > On Apr 12, 2016, at 09:15, Vincent Breitmoser <look@my.amazin.horse> wrote: > > > > Hi, > > > > (crossposting to openpgp-email and openpgp-wg, the lists where I expect > > the highest rates of interested people) > > > > I'd like to discuss a thought that has come up in my work on k9 mail: > > Using OpenPGP in E-Mail without relying on keyservers. As a motivation, > > just consider someone spins up their botnet to add 1000 or more keys per > > second to the pool - aaaaand it's gone. Other aspects are that a > > keyserver lookup requires network connectivity, introduces noticable > > delay, and has privacy implications which prevent us from doing the > > lookup in an automated fashion. > > > > First, some basic considerations: To obtain the public key of a > > communication partner, we obviously have to rely on said communication > > partner to make their key available to us one way or another. The only > > deployed lookup mechanism are keyservers, but we said we don't have > > that. The alternative is sending the key in-band with the particular > > communication protocol: No problem for synchronous communication such as > > XMPP because we can simply request them, more difficult for e-mail where > > that option is not available. > > > > If we don't have bandwidth constraints, we can solve this by sticking > > the public key block right next to every signature we make, which > > effectively eliminates the need for keyservers (with the possible > > exception of the distribution of revocation certs). However, it also > > adds ~10kb of size to every signature. This is a rather extreme > > approach, and although 10kb are not a lot these days, they add up. > > > > To counteract this, we can significantly reduce the number of attached > > public keys if we are just a little bit clever about the decision of > > when to add it. Roughly, it makes sense to attach the public key to the > > first message of a conversation with each recipient. > > > > Another question is, where to place the key. In email, we have two > > options: in a separate mime part, or directly next to the pgp signature > > data. I favor the second option, for two reasons: > > - the email client has to know a lot less about openpgp for this to > > work, the public key is naturally handed to the openpgp-implementation > > together with the signature data. > > - there isn't yet another weird attachment for recipients who don't have > > openpgp support > > - the intended purpose of the key is clear, because there are no other > > circumstances where a key might end up in this position. > > > > The drawback with this approach is implementation support. If an > > implementation doesn't expect a public key next to the signature data, > > it's just bloat (or even worse, produces a warning about trailing data. > > I did some tests and this is the case in mutt, but not enigmail), and > > does not even show an option for the user to manually import the key. > > > > I think that this approach might be a way to overcome the need for a > > click from the user (whether it's "Retrieve from Keyserver" or "Import > > from Attachment") to be able to import and work with a public key. It's > > unacceptable to import a key from keyservers automatically for various > > reasons, but I think an opt-out behavior of importing keys retrieved as > > part of a message is fine, if that key also signed the message. > > > > I'll leave it at this for now. I'd be delighted about comments and > > thoughts, in particular from those of you who are involved in the > > decision making of other implementations. > > > > - V > > > > _______________________________________________ > > openpgp mailing list > > openpgp@ietf.org > > https://www.ietf.org/mailman/listinfo/openpgp >
- [openpgp] Keyserverless Use of OpenPGP in Email Vincent Breitmoser
- Re: [openpgp] Keyserverless Use of OpenPGP in Ema… Paul Wouters
- Re: [openpgp] Keyserverless Use of OpenPGP in Ema… Vincent Breitmoser
- Re: [openpgp] [openpgp-email] Keyserverless Use o… Simon Josefsson
- Re: [openpgp] [openpgp-email] Keyserverless Use o… Neal H. Walfield
- Re: [openpgp] [openpgp-email] Keyserverless Use o… Vincent Breitmoser
- Re: [openpgp] [openpgp-email] Keyserverless Use o… Ruben Pollan
- Re: [openpgp] Keyserverless Use of OpenPGP in Ema… Derek Atkins
- Re: [openpgp] [openpgp-email] Keyserverless Use o… Neal H. Walfield
- Re: [openpgp] Keyserverless Use of OpenPGP in Ema… Werner Koch
- Re: [openpgp] [openpgp-email] Keyserverless Use o… Werner Koch
- Re: [openpgp] [openpgp-email] Keyserverless Use o… Vincent Breitmoser
- Re: [openpgp] [openpgp-email] Keyserverless Use o… Ruben Pollan