Re: [openpgp] [openpgp-email] Keyserverless Use of OpenPGP in Email
"Neal H. Walfield" <neal@walfield.org> Tue, 12 April 2016 13:58 UTC
Return-Path: <neal@walfield.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DFF8A12E17E for <openpgp@ietfa.amsl.com>; Tue, 12 Apr 2016 06:58:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3_3OfpwYrmm8 for <openpgp@ietfa.amsl.com>; Tue, 12 Apr 2016 06:58:31 -0700 (PDT)
Received: from mail.dasr.de (mail.dasr.de [217.69.77.164]) by ietfa.amsl.com (Postfix) with ESMTP id 540A912D661 for <openpgp@ietf.org>; Tue, 12 Apr 2016 06:58:31 -0700 (PDT)
Received: from p5ddf9109.dip0.t-ipconnect.de ([93.223.145.9] helo=grit.huenfield.org.walfield.org) by mail.dasr.de with esmtpsa (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from <neal@walfield.org>) id 1apypm-0000DY-QV; Tue, 12 Apr 2016 13:58:27 +0000
Date: Tue, 12 Apr 2016 15:58:27 +0200
Message-ID: <87ziszq67w.wl-neal@walfield.org>
From: "Neal H. Walfield" <neal@walfield.org>
To: OpenPGP-based Email Encryption <openpgp-email@enigmail.net>
In-Reply-To: <20160412154918.1ca8da7c@latte.josefsson.org>
References: <20160412121549.GB16775@littlepip.fritz.box> <20160412154918.1ca8da7c@latte.josefsson.org>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM/1.14.9 (Gojō) APEL/10.8 EasyPG/1.0.0 Emacs/24.5 (x86_64-pc-linux-gnu) MULE/6.0 (HANACHIRUSATO)
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset="US-ASCII"
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/bQe_KJRvYpKPwaPL_hoyGeNKc8U>
Cc: IETF OpenPGP <openpgp@ietf.org>, Vincent Breitmoser <look@my.amazin.horse>
Subject: Re: [openpgp] [openpgp-email] Keyserverless Use of OpenPGP in Email
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Apr 2016 13:58:33 -0000
On Tue, 12 Apr 2016 15:49:18 +0200,
Simon Josefsson wrote:
> > I'd like to discuss a thought that has come up in my work on k9 mail:
> > Using OpenPGP in E-Mail without relying on keyservers.
>
> Important use-case.
>
> > If we don't have bandwidth constraints, we can solve this by sticking
> > the public key block right next to every signature we make, which
> > effectively eliminates the need for keyservers (with the possible
> > exception of the distribution of revocation certs). However, it also
> > adds ~10kb of size to every signature. This is a rather extreme
> > approach, and although 10kb are not a lot these days, they add up.
>
> Not necessarily -- I don't think you have to add all signatures to the
> key for this use-case to work, do you? If you just include a stripped
> public key, verification of the signature will work. It should be max
> 1-2kb I would guess.
I think 10kb is accurate. If you have a primary and three subkeys and
all four have a self-signature, then you are about 10k:
$ gpg2 -k 0xAACB3243630052D9
pub rsa3744/0xAACB3243630052D9 2015-04-07 [SC] [expires: 2025-04-04]
Key fingerprint = 8F17 7771 18A3 3DDA 9BA4 8E62 AACB 3243 6300 52D9
uid [ultimate] Neal H. Walfield <neal@walfield.org>
uid [ultimate] Neal H. Walfield <neal@gnupg.org>
uid [ultimate] Neal H. Walfield <neal@g10code.com>
sub rsa2048/0x7223B56678E02528 2015-04-07 [S] [expires: 2017-04-06]
sub rsa2048/0xC2B819056C652598 2015-04-07 [E] [expires: 2017-04-06]
sub rsa2048/0xA3506AFB820ABD08 2015-04-07 [A] [expires: 2017-04-06]
$ gpg2 --export-options=export-minimal --export 0xAACB3243630052D9 | wc -c
9622
Of course, we can leave off the authorization key in this case. But,
we need the primary key to verify the self-signatures, we need to the
signing key to verify signatures and we need the encryption key to
encrypt. So, this is pretty minimal.
:) Neal
- [openpgp] Keyserverless Use of OpenPGP in Email Vincent Breitmoser
- Re: [openpgp] Keyserverless Use of OpenPGP in Ema… Paul Wouters
- Re: [openpgp] Keyserverless Use of OpenPGP in Ema… Vincent Breitmoser
- Re: [openpgp] [openpgp-email] Keyserverless Use o… Simon Josefsson
- Re: [openpgp] [openpgp-email] Keyserverless Use o… Neal H. Walfield
- Re: [openpgp] [openpgp-email] Keyserverless Use o… Vincent Breitmoser
- Re: [openpgp] [openpgp-email] Keyserverless Use o… Ruben Pollan
- Re: [openpgp] Keyserverless Use of OpenPGP in Ema… Derek Atkins
- Re: [openpgp] [openpgp-email] Keyserverless Use o… Neal H. Walfield
- Re: [openpgp] Keyserverless Use of OpenPGP in Ema… Werner Koch
- Re: [openpgp] [openpgp-email] Keyserverless Use o… Werner Koch
- Re: [openpgp] [openpgp-email] Keyserverless Use o… Vincent Breitmoser
- Re: [openpgp] [openpgp-email] Keyserverless Use o… Ruben Pollan