IETF Logo Mail Archive

[openpgp] Modelling an abuse-resistant OpenPGP keyserver

Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 04 April 2019 22:41 UTC

Return-Path: <dkg@fifthhorseman.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2E17212027A for <openpgp@ietfa.amsl.com>; Thu, 4 Apr 2019 15:41:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=fifthhorseman.net header.b=TyBhM/s4; dkim=pass (2048-bit key) header.d=fifthhorseman.net header.b=sIEBGrya
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e4sGK6zWSgzp for <openpgp@ietfa.amsl.com>; Thu, 4 Apr 2019 15:41:21 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [162.247.75.118]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DD016120233 for <openpgp@ietf.org>; Thu, 4 Apr 2019 15:41:20 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019; t=1554417679; h=from : to : cc : subject : date : message-id : mime-version : content-type : from; bh=knLWZNeIptDtVI+Zkoh9grofI1V0qeke8nJoH98bKCI=; b=TyBhM/s4ad30RNPP78L67abzUNXjWRkgSXrr6gq/klvYy5g1qpQIUyCe oW5MMh9At1mH3vOvfvTfl5m/lxcVCw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019rsa; t=1554417679; h=from : to : cc : subject : date : message-id : mime-version : content-type : from; bh=knLWZNeIptDtVI+Zkoh9grofI1V0qeke8nJoH98bKCI=; b=sIEBGryauc8kDsjwPW01Bcgy84S0l7QfnXHgJm9Z7Lf9whQQDhyG7hic DFmJfPsZvWyHBqaEPGS2LPavuVuEVy5E0N84huDbU4egLmdOBElx9FGnk1 I0LvvnIIlIjF9EsmyFTkv5JIT3yGTyQDCkgdovsakAf2cKqQp4QNS1AhbT gKi9mYtpqn0r2+GdnNAj+aXNv+N6JvkNgU1xqyJ7/2EQsbt92tMIWWCvWI l/lrouswIDsm0z8b2qNvUK8kN5MYe8bs2OQMiQ4EQp6ejhRYZj9yIqBQKN g1zYYemXAcqacLShscvyray3eF7plbwIZwUKCjnOIgWQ2N2IuIDdyg==
Received: from fifthhorseman.net (unknown [38.109.115.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id 129BAF99D; Thu, 4 Apr 2019 18:41:18 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000) id 7B5132022A; Thu, 4 Apr 2019 18:41:15 -0400 (EDT)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: openpgp@ietf.org
Cc: SKS development list <sks-devel@nongnu.org>
Autocrypt: addr=dkg@fifthhorseman.net; prefer-encrypt=mutual; keydata= mDMEXEK/AhYJKwYBBAHaRw8BAQdAr/gSROcn+6m8ijTN0DV9AahoHGafy52RRkhCZVwxhEe0K0Rh bmllbCBLYWhuIEdpbGxtb3IgPGRrZ0BmaWZ0aGhvcnNlbWFuLm5ldD6ImQQTFggAQQIbAQUJA8Jn AAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBMS8Lds4zOlkhevpwvIGkReQOOXGBQJcQsbzAhkB AAoJEPIGkReQOOXG4fkBAO1joRxqAZY57PjdzGieXLpluk9RkWa3ufkt3YUVEpH/AP9c+pgIxtyW +FwMQRjlqljuj8amdN4zuEqaCy4hhz/1DbgzBFxCv4sWCSsGAQQB2kcPAQEHQERSZxSPmgtdw6nN u7uxY7bzb9TnPrGAOp9kClBLRwGfiPUEGBYIACYWIQTEvC3bOMzpZIXr6cLyBpEXkDjlxgUCXEK/ iwIbAgUJAeEzgACBCRDyBpEXkDjlxnYgBBkWCAAdFiEEyQ5tNiAKG5IqFQnndhgZZSmuX/gFAlxC v4sACgkQdhgZZSmuX/iVWgD/fCU4ONzgy8w8UCHGmrmIZfDvdhg512NIBfx+Mz9ls5kA/Rq97vz4 z48MFuBdCuu0W/fVqVjnY7LN5n+CQJwGC0MIA7QA/RyY7Sz2gFIOcrns0RpoHr+3WI+won3xCD8+ sVXSHZvCAP98HCjDnw/b0lGuCR7coTXKLIM44/LFWgXAdZjm1wjODbg4BFxCv50SCisGAQQBl1UB BQEBB0BG4iXnHX/fs35NWKMWQTQoRI7oiAUt0wJHFFJbomxXbAMBCAeIfgQYFggAJhYhBMS8Lds4 zOlkhevpwvIGkReQOOXGBQJcQr+dAhsMBQkB4TOAAAoJEPIGkReQOOXGe/cBAPlek5d9xzcXUn/D kY6jKmxe26CTws3ZkbK6Aa5Ey/qKAP0VuPQSCRxA7RKfcB/XrEphfUFkraL06Xn/xGwJ+D0hCw==
Mail-Followup-To: openpgp@ietf.org
Date: Thu, 04 Apr 2019 18:41:14 -0400
Message-ID: <87v9zt2y2d.fsf@fifthhorseman.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="==-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/fH29WI7QLmaN3gO-T222G8LPCNE>
Subject: [openpgp] Modelling an abuse-resistant OpenPGP keyserver
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Apr 2019 22:41:25 -0000

[ mail sent to both OpenPGP and SKS mailing lists; please respect
  Mail-Followup-To: openpgp@ietf.org, since it is more than just SKS ] 

Hi OpenPGP and SKS folks--

As you may or may not have heard, the venerable OpenPGP keyserver
network is dying.  This has implications for key discovery, revocation,
subkey rollover, expiration update, etc. across the ecosystem of tools
that use OpenPGP.

The keyserver network dying because of several reasons, some of which
are discussed in a thread over at [0] -- but one main
issue is that the SKS keyserver network allows anyone to attach
arbitrary data to any OpenPGP certificate, bloating that certificate to
the point of being impossible to effectively retrieve.  SKS isn't the
only keyserver that is vulnerable to this kind of attack either [1].

I wanted to put forward a "simple proposal" (ha ha) about how to think
about a keyserver (or other public keystore) that would be more
resistant to this kind of abuse.

Such a keystore is unlikely to be able to synchronize with the existing
keyserver network, and need not be a synchronizing keyserver at all --
these rules could just as well apply to a centralized keyserver that
valdiates e-mail addresses, or any other authority.

I've documented some thoughts on how to resist this abuse in a new
Internet Draft:

   https://datatracker.ietf.org/doc/draft-dkg-openpgp-abuse-resistant-keystore/

That's being developed in git at:

   https://gitlab.com/dkg/draft-openpgp-abuse-resistant-keystore

I welcome feedback and edits.

The markdown source of the current draft is attached below.

Regards,

        --dkg

[0] https://lists.riseup.net/www/arc/monkeysphere/2019-04
[1] https://github.com/mailvelope/keyserver/issues/85

v2.23.0 | Report a Bug | By Email