Re: [openpgp] Web Key Directory and advanced lookup method
Daniel Kahn Gillmor <dkg@fifthhorseman.net> Fri, 19 April 2019 13:39 UTC
Return-Path: <dkg@fifthhorseman.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C17691202E9 for <openpgp@ietfa.amsl.com>; Fri, 19 Apr 2019 06:39:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=fifthhorseman.net header.b=rt6xtmAq; dkim=pass (2048-bit key) header.d=fifthhorseman.net header.b=3emvdRm6
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VKe868DKU2lX for <openpgp@ietfa.amsl.com>; Fri, 19 Apr 2019 06:39:19 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [IPv6:2001:470:1:116::7]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1442F1202E6 for <openpgp@ietf.org>; Fri, 19 Apr 2019 06:39:18 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019; t=1555681157; h=from : to : cc : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=zQjJNNMf3JlT+93Ip972g7WTW0sYIlbEdoSYz17xrhA=; b=rt6xtmAq5W4SRZ5nuu6s+YqSBJXktj7Hrxs7kf6NcWva8UeuloSXuCHz W3Q7eyb2QGloIwuxex3/nThg2W8cBg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019rsa; t=1555681156; h=from : to : cc : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=zQjJNNMf3JlT+93Ip972g7WTW0sYIlbEdoSYz17xrhA=; b=3emvdRm6BpmlF8mQhCIHGoSnawAiofdrNITEQsUJE3FPdIt7VMPRos/e bhOqr/QB4bNHLaqwE52IWwP7ClBXZ0ths1KzmUwnM6ur53GlIwFnOdf+HG DLjxQJ6e4u2Ht/Vc/PUvLVR7EwJrC7zXgsfrqBK4kv9Ylxf/RjYXFcFgco MqDakuLI9GkyRRva9A2tuHUfCFAjH15Qi9wCmaDe/aHs5+WAdLAx3ijKyn Dof/nkVn1yFDU6r2BIcfovs5K23nI//3GN1JajEqQJOqp31b4FAfgc3iwU 9HoqT/5F6X6rNIxqyaLTTv6SbNNCpfxbiIZaAUh2fe5YIWJJ9gCA1w==
Received: from fifthhorseman.net (unknown [38.109.115.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id 31F68F99D; Fri, 19 Apr 2019 09:39:15 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000) id 64BDB2030E; Fri, 19 Apr 2019 03:27:44 -0400 (EDT)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Wiktor Kwapisiewicz <wiktor=40metacode.biz@dmarc.ietf.org>, Bart Butler <bartbutler@protonmail.com>
Cc: "openpgp@ietf.org" <openpgp@ietf.org>
In-Reply-To: <083fd6b7-6f8f-bed9-6666-6dddae121656@metacode.biz>
References: <e4b26d9c-5942-3214-a9e4-caad42e682ee@metacode.biz> <dCPoM33MfSao7HK_yYlAA2P0JoYuacknsS8b4cwdQIeH1KaZ94TixvqxJBhny2rFZ6WK097aj72bUvZqJmny1yDQslsQ3hFKrJvvR1b-3Zo=@protonmail.com> <083fd6b7-6f8f-bed9-6666-6dddae121656@metacode.biz>
Autocrypt: addr=dkg@fifthhorseman.net; prefer-encrypt=mutual; keydata= mDMEXEK/AhYJKwYBBAHaRw8BAQdAr/gSROcn+6m8ijTN0DV9AahoHGafy52RRkhCZVwxhEe0K0Rh bmllbCBLYWhuIEdpbGxtb3IgPGRrZ0BmaWZ0aGhvcnNlbWFuLm5ldD6ImQQTFggAQQIbAQUJA8Jn AAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBMS8Lds4zOlkhevpwvIGkReQOOXGBQJcQsbzAhkB AAoJEPIGkReQOOXG4fkBAO1joRxqAZY57PjdzGieXLpluk9RkWa3ufkt3YUVEpH/AP9c+pgIxtyW +FwMQRjlqljuj8amdN4zuEqaCy4hhz/1DbgzBFxCv4sWCSsGAQQB2kcPAQEHQERSZxSPmgtdw6nN u7uxY7bzb9TnPrGAOp9kClBLRwGfiPUEGBYIACYWIQTEvC3bOMzpZIXr6cLyBpEXkDjlxgUCXEK/ iwIbAgUJAeEzgACBCRDyBpEXkDjlxnYgBBkWCAAdFiEEyQ5tNiAKG5IqFQnndhgZZSmuX/gFAlxC v4sACgkQdhgZZSmuX/iVWgD/fCU4ONzgy8w8UCHGmrmIZfDvdhg512NIBfx+Mz9ls5kA/Rq97vz4 z48MFuBdCuu0W/fVqVjnY7LN5n+CQJwGC0MIA7QA/RyY7Sz2gFIOcrns0RpoHr+3WI+won3xCD8+ sVXSHZvCAP98HCjDnw/b0lGuCR7coTXKLIM44/LFWgXAdZjm1wjODbg4BFxCv50SCisGAQQBl1UB BQEBB0BG4iXnHX/fs35NWKMWQTQoRI7oiAUt0wJHFFJbomxXbAMBCAeIfgQYFggAJhYhBMS8Lds4 zOlkhevpwvIGkReQOOXGBQJcQr+dAhsMBQkB4TOAAAoJEPIGkReQOOXGe/cBAPlek5d9xzcXUn/D kY6jKmxe26CTws3ZkbK6Aa5Ey/qKAP0VuPQSCRxA7RKfcB/XrEphfUFkraL06Xn/xGwJ+D0hCw==
Date: Fri, 19 Apr 2019 03:27:43 -0400
Message-ID: <87tveuxxn4.fsf@fifthhorseman.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/aLcO7e-xZ7RvD472Sy5b2jZ7ylA>
Subject: Re: [openpgp] Web Key Directory and advanced lookup method
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Apr 2019 13:39:21 -0000
On Thu 2019-04-18 22:27:19 +0200, Wiktor Kwapisiewicz wrote:
> Oh, I was not suggesting adding TXTs - believe me I'd like to have a
> good Web compatibility too (that's why I asked about CORS previously,
> and well... added support for WKD to OpenPGP.js :).
The interesting thing about MTA-STS's fix is not that it was a TXT
record, but rather that offers a gating mechanism for a domain to
explicitly opt into the protocol, rather than everyone being
automatically opted-in (and therefore potentially spoofed in the way
that Wiktor is concerned about).
Is there some analogous semantics that we can offer that would still be
accessible from the browser?
Or, if we decide to gate WKD by a TXT record, can a javascript
in-browser implementation use something like DoH to do the TXT lookup?
> Got it, thank you for your remarks! I was thinking about using just the
> bare domain lookup (without subdomain) that avoids the issue
> altogether.
I'm pretty sure i don't like the bare domain lookup, and would prefer
that that fallback was removed from the draft. If i give you the
ability to place files on my website, i don't expect you to be able to
assert e-mail identity information for me or for my users.
> And if someone wants to delegate hosting keys to someone else adding
> permanent redirect in HTTP server is usually simple (Nginx example):
>
> location ~ /.well-known/openpgpkey/(.*) {
> return 301 https://example.com/.well-known/openpgpkey/$1;
> }
The draft doesn't seem to mention whether clients should follow HTTP
redirects, or what the privacy/security/performance impacts of such a
practice are.
For example, should a WKD client follow an HTTP redirect to an http://
(not https://) site? If the other site redirects, how many layers of
redirection should be followed?
--dkg
- [openpgp] Web Key Directory and advanced lookup m… Wiktor Kwapisiewicz
- Re: [openpgp] Web Key Directory and advanced look… Bart Butler
- Re: [openpgp] Web Key Directory and advanced look… Wiktor Kwapisiewicz
- Re: [openpgp] Web Key Directory and advanced look… Daniel Kahn Gillmor
- Re: [openpgp] Web Key Directory and advanced look… Daniel Kahn Gillmor