IETF Logo Mail Archive

Re: [openpgp] Modelling an abuse-resistant OpenPGP keyserver

Daniel Kahn Gillmor <dkg@fifthhorseman.net> Tue, 16 April 2019 20:45 UTC

Return-Path: <dkg@fifthhorseman.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A3AB41201C5 for <openpgp@ietfa.amsl.com>; Tue, 16 Apr 2019 13:45:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=fifthhorseman.net header.b=i46qnCcZ; dkim=pass (2048-bit key) header.d=fifthhorseman.net header.b=hnIxlbAB
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LPGDSr0g9_9J for <openpgp@ietfa.amsl.com>; Tue, 16 Apr 2019 13:45:51 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [162.247.75.118]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5A43E120169 for <openpgp@ietf.org>; Tue, 16 Apr 2019 13:45:51 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019; t=1555447550; h=from : to : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=QQVuIJiO7IU6+jO5EFvVFBS3ahDNy4+HOcKv2vTnYzw=; b=i46qnCcZywe8Iyyk2ikFgK8VL166OV5JvakoHuVjmBUrcroPMJhNheiI ZMIPX0QMjD84yPTxI2ix6XeMbfEgAg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019rsa; t=1555447550; h=from : to : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=QQVuIJiO7IU6+jO5EFvVFBS3ahDNy4+HOcKv2vTnYzw=; b=hnIxlbAB024/QZVcbhw5MFtn/b4nfPc7yTbZFrCuJ+ZJq/jwa+NVinim DNBwqB4K6Ujq82HwuTEFAJOqdcLYcF/m2jxT7jRR+VTcuHt+SZH9wXhc75 x2FIok50GWk9AX9zhMA6Ozfxw9k2XCST33/d6HrpYB6p+9VFxRVFbb1b5N pTmpHyJBXznRNLSHc0mMJwvjxoDn6Q987Iygzfapqo+i55ro3CcCtnUvID BqhQpIG9UGtAi3CHG31jB7AwvIdafFgo5dS1EwhzEIRQdGU8QfjNf+TMKF Ix3tEr52vUSf0kTYfuW5Ku/K5hXNxGajbW9vfWV9v+KEnLVOS7piCw==
Received: from fifthhorseman.net (unknown [38.109.115.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id 20CC1F99D; Tue, 16 Apr 2019 16:45:48 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000) id 5FE5C20262; Tue, 16 Apr 2019 16:45:46 -0400 (EDT)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: ilf <ilf@zeromail.org>, openpgp@ietf.org
In-Reply-To: <20190416195614.GH1226@zeromail.org>
References: <87v9zt2y2d.fsf@fifthhorseman.net> <20190412201300.GJ1226@zeromail.org> <87ef635hmt.fsf@fifthhorseman.net> <20190416195614.GH1226@zeromail.org>
Autocrypt: addr=dkg@fifthhorseman.net; prefer-encrypt=mutual; keydata= mDMEXEK/AhYJKwYBBAHaRw8BAQdAr/gSROcn+6m8ijTN0DV9AahoHGafy52RRkhCZVwxhEe0K0Rh bmllbCBLYWhuIEdpbGxtb3IgPGRrZ0BmaWZ0aGhvcnNlbWFuLm5ldD6ImQQTFggAQQIbAQUJA8Jn AAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBMS8Lds4zOlkhevpwvIGkReQOOXGBQJcQsbzAhkB AAoJEPIGkReQOOXG4fkBAO1joRxqAZY57PjdzGieXLpluk9RkWa3ufkt3YUVEpH/AP9c+pgIxtyW +FwMQRjlqljuj8amdN4zuEqaCy4hhz/1DbgzBFxCv4sWCSsGAQQB2kcPAQEHQERSZxSPmgtdw6nN u7uxY7bzb9TnPrGAOp9kClBLRwGfiPUEGBYIACYWIQTEvC3bOMzpZIXr6cLyBpEXkDjlxgUCXEK/ iwIbAgUJAeEzgACBCRDyBpEXkDjlxnYgBBkWCAAdFiEEyQ5tNiAKG5IqFQnndhgZZSmuX/gFAlxC v4sACgkQdhgZZSmuX/iVWgD/fCU4ONzgy8w8UCHGmrmIZfDvdhg512NIBfx+Mz9ls5kA/Rq97vz4 z48MFuBdCuu0W/fVqVjnY7LN5n+CQJwGC0MIA7QA/RyY7Sz2gFIOcrns0RpoHr+3WI+won3xCD8+ sVXSHZvCAP98HCjDnw/b0lGuCR7coTXKLIM44/LFWgXAdZjm1wjODbg4BFxCv50SCisGAQQBl1UB BQEBB0BG4iXnHX/fs35NWKMWQTQoRI7oiAUt0wJHFFJbomxXbAMBCAeIfgQYFggAJhYhBMS8Lds4 zOlkhevpwvIGkReQOOXGBQJcQr+dAhsMBQkB4TOAAAoJEPIGkReQOOXGe/cBAPlek5d9xzcXUn/D kY6jKmxe26CTws3ZkbK6Aa5Ey/qKAP0VuPQSCRxA7RKfcB/XrEphfUFkraL06Xn/xGwJ+D0hCw==
Date: Tue, 16 Apr 2019 16:45:45 -0400
Message-ID: <87h8ax3chy.fsf@fifthhorseman.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/fRHfz_WwxZjz2zSdArLe1fz83Yc>
Subject: Re: [openpgp] Modelling an abuse-resistant OpenPGP keyserver
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Apr 2019 20:45:54 -0000

On Tue 2019-04-16 21:56:14 +0200, ilf wrote:
> Daniel Kahn Gillmor:
>> I've only seen a few merge requests, and none of them from "ilf"
>
> Sorry, my Gitlab skills are weak. I created patches but forgot to create 
> merge requests. They are now submitted, but unfortunately against the 
> now-outdated version. I assume that some are fixed, but most should 
> still work to merge easily.

Wow, thanks!  I've reviewed and rebased all of those editorial cleanups,
and closed the series of merge requests.  Much appreciated.

> The "Terminology" section sais:
>
>> "Certificate discovery" is the process whereby a user retrieves an 
>> OpenPGP certificate based on user ID
>> "Certificate update" is the process whereby a user fetches new 
>> information about a certificate
>
> IMHO:
>
>> "Certificate discovery" is the process whereby a user retrieves an 
>> OpenPGP certificate based on the fingerprint (or key ID)

With this proposal, i think you're asking for three distinct changes,
all of them interesting, but which i aim to dispose of differently:

 * you are using the word "retrieve" where i had used either "retrieve"
   or "fetch".  Good catch, i'll use the same word consistently across
   the definitions.

 * You're including lookup by key ID, which wasn't previously mentioned.
   For what this draft defines as certificate update, lookup by key ID
   would be a mistake (because the client already has access to the
   fingerprint of the primary key).

   That said, this identifies a distinct use case, which is retrieval of
   an unknown certificate based on fingerprint or key ID alone (possibly
   of subkeys, not just primary keys!), typically at signature
   verification time, taking its parameter from the Issuer (i.e., keyid)
   or Issuer Fingerprint (full fingerprint) subpacket from the
   signature.  The section titled "Signature Verification and
   Non-append-only Keystores" mentions an architectural change (shipping
   the issuing certificate alongside a signature) that would make this
   use case unnecessary, but this draft should still call it out
   explicitly as it will continue to be relevant.

   I think the next draft will use "certificate discovery" to refer only
   to this third case, and will rename lookup-by-user-id to "certificate
   lookup".  Does that make sense?

 * you've conflated looking up a certificate (or a set of candidate
   certificates) based on their (spoofable) user ID, with retrieving a
   certificate based on cryptographically-verifiable hash.  These two
   use cases have dramatically different consequences for the
   architecture of abuse-resistant keystores themselves, which is part
   of what this draft is trying to tease apart.  So i don't think the
   draft should conflate them.

Let me know what you think, or if you have any objections.

    --dkg

v2.23.0 | Report a Bug | By Email