Re: [openpgp] [openpgp-email] Keyserverless Use of OpenPGP in Email

Vincent Breitmoser <look@my.amazin.horse> Wed, 13 April 2016 17:19 UTC

Return-Path: <look@my.amazin.horse>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0466512B029 for <openpgp@ietfa.amsl.com>; Wed, 13 Apr 2016 10:19:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BnBMBcjwy-3i for <openpgp@ietfa.amsl.com>; Wed, 13 Apr 2016 10:19:26 -0700 (PDT)
Received: from mail.mugenguild.com (mugenguild.com [5.135.189.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8A7F012D57F for <openpgp@ietf.org>; Wed, 13 Apr 2016 10:19:26 -0700 (PDT)
Received: from localhost (dhcp183-119.wlan.rz.tu-bs.de [134.169.183.119]) by mail.mugenguild.com (Postfix) with ESMTPSA id 959265FB6A; Wed, 13 Apr 2016 19:19:24 +0200 (CEST)
Date: Wed, 13 Apr 2016 19:19:22 +0200
From: Vincent Breitmoser <look@my.amazin.horse>
To: Ruben Pollan <meskio@sindominio.net>
Message-ID: <20160413171922.GB4283@littlepip.fritz.box>
References: <20160412121549.GB16775@littlepip.fritz.box> <20160412154918.1ca8da7c@latte.josefsson.org> <146047167027.5102.16171502176440717800@KingMob>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="oLBj+sq0vYjzfsbl"
Content-Disposition: inline
In-Reply-To: <146047167027.5102.16171502176440717800@KingMob>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/cf4NQKRVB8pO4ombTFQvIoPP2nc>
Cc: Simon Josefsson <simon@josefsson.org>, IETF OpenPGP <openpgp@ietf.org>, openpgp-email <openpgp-email@enigmail.net>
Subject: Re: [openpgp] [openpgp-email] Keyserverless Use of OpenPGP in Email
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Apr 2016 17:19:29 -0000

Ruben Pollan(meskio@sindominio.net)@Tue, Apr 12, 2016 at 04:34:30PM +0200:
> In bitmask we do some of the things you propose Vincent. We attach public keys 
> to all sent emails until we get an email encrypted to this public key. We attach 
> the key as a mime part, because enigmail already have support for that and is 
> one click to import it in your keyring.

That's nice for interoperability but is also, imo, simply one click too
much.

> We also add the OpenPGP header to all the sent emails and use it to discover 
> keys from the 'url' field if it's https and from the same domain than the email 
> address.

I don't think the URI field can gain any reach as long as it has to rely
on users manually uploading the key somewhere. If an email provider did
provided this service and added the header, that might work... but then
the DANE approach probably works better for that scenario.

> We need to be able to revoke, extend expiration, rotate subkeys, ...

Timed updates from keyservers aren't as affected by the the
connectivity, delay, and privacy problem as on-the-fly lookup while
reading mail.

 - V