[openpgp] OpenPGP Web Key Directory I-D

Ian Jackson <ijackson@chiark.greenend.org.uk> Wed, 07 November 2018 19:49 UTC

Return-Path: <ijackson@chiark.greenend.org.uk>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5394A127B92 for <openpgp@ietfa.amsl.com>; Wed, 7 Nov 2018 11:49:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s261cIfoPBG8 for <openpgp@ietfa.amsl.com>; Wed, 7 Nov 2018 11:49:21 -0800 (PST)
Received: from chiark.greenend.org.uk (v6.chiark.greenend.org.uk [IPv6:2001:ba8:1e3::]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A5098127133 for <openpgp@ietf.org>; Wed, 7 Nov 2018 11:49:21 -0800 (PST)
Received: by chiark.greenend.org.uk (Debian Exim 4.84_2 #1) with local (return-path ijackson@chiark.greenend.org.uk) id 1gKTpI-0001Kv-4q; Wed, 07 Nov 2018 19:49:20 +0000
From: Ian Jackson <ijackson@chiark.greenend.org.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <23523.16831.292658.490356@chiark.greenend.org.uk>
Date: Wed, 7 Nov 2018 19:49:19 +0000
To: openpgp@ietf.org
CC: Werner Koch <wk@gnupg.org>
X-Mailer: VM 8.2.0b under 24.4.1 (i586-pc-linux-gnu)
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/a4ls85C2lalThR7m5QWO9HGD9tQ>
Subject: [openpgp] OpenPGP Web Key Directory I-D
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Nov 2018 19:49:23 -0000

I was referred here
  https://datatracker.ietf.org/doc/draft-koch-openpgp-webkey-service/

I'm not sure exactly what the status of this I-D is or whether the
openpgp ietf list is the right place, but it seems to be the best
place to send comments.


I. URL final pathname component format

It specifies a URL format ending in a base-32-encocded SHA-1 of a
mangled version of the email address associated with the PGP key.

This seems rather odd.

1. SHA-1 is obsolete.

2. The use of a cryptographic hash here makes it harder for a server
   to conduct an appropriate lookup.  For example, if a server defines
   that all email addresses
       alice+<something>@example.com
   are owned by Alice, and Alice tells the server `please advertise
   my one OpenPGP key for all my email addresses', it is not clear how
   the server could implement that.

2a. The cryptographic hash does not, however, provide any significant
   degree of useful obfuscation since a search will usually be able to
   reverse it.

2b. The cryptographic hash is not needed for space reasons since URLs
   can easily be as long as email addresses.

3. Supposing the hash were to be retained, choice of base-32 rather
  than base-64 is unusual and needs to be justified.

4. The lowercasing of the email address is contrary to the Internet
   mail specifications, where case-sensitivity of the email address
   is up to the mail domain in question.  If the email address were
   not obfuscated by hashing it would be easy for the webserver to
   handle case-sensitivity by URL remapping.

Suggested modification: Replace this part of the URL with the
URL-encoded email address.


II. URL domain name part

The mail system for some domain, and its web server, are not
necessarily on the same host or under the same practical
administration.  Often webservers are outsourced.

Trying to provide this .well-known/openpgpkey subpath may therefore
involve complicated interactions between different teams or even
different organisations entirely.

Furthermore, the webserver may be less secure than the mail system;
whereas this protocol assumes that it is at least as secure.

Suggested modification: the domain name part should have a fixed
string prepended.


III. Normative status of this document

I was referred to this I-D from this trail of web pages:
  https://wiki.gnupg.org/EasyGpg2016/PubkeyDistributionConcept
  https://wiki.gnupg.org/WKDDetails
which I reached from someone who asked whether they should
deploy this system.

This seems a bit odd.


Ian.

-- 
Ian Jackson <ijackson@chiark.greenend.org.uk>;   These opinions are my own.

If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.