Re: [openpgp] [openpgp-email] Keyserverless Use of OpenPGP in Email

Vincent Breitmoser <look@my.amazin.horse> Tue, 12 April 2016 14:30 UTC

Return-Path: <look@my.amazin.horse>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D8EF412DE6A for <openpgp@ietfa.amsl.com>; Tue, 12 Apr 2016 07:30:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mbLs6obA6m43 for <openpgp@ietfa.amsl.com>; Tue, 12 Apr 2016 07:30:15 -0700 (PDT)
Received: from mail.mugenguild.com (mugenguild.com [5.135.189.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 43BD812EE59 for <openpgp@ietf.org>; Tue, 12 Apr 2016 07:30:14 -0700 (PDT)
Received: from localhost (unknown [217.13.173.17]) by mail.mugenguild.com (Postfix) with ESMTPSA id 32B695FAE3; Tue, 12 Apr 2016 16:30:13 +0200 (CEST)
Date: Tue, 12 Apr 2016 16:30:09 +0200
From: Vincent Breitmoser <look@my.amazin.horse>
To: Simon Josefsson <simon@josefsson.org>
Message-ID: <20160412143009.GA31049@littlepip.fritz.box>
References: <20160412121549.GB16775@littlepip.fritz.box> <20160412154918.1ca8da7c@latte.josefsson.org>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="45Z9DzgjV8m4Oswq"
Content-Disposition: inline
In-Reply-To: <20160412154918.1ca8da7c@latte.josefsson.org>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/l8oAUDWWJ1PvGSvyhG-czcWKj3c>
Cc: IETF OpenPGP <openpgp@ietf.org>, openpgp-email <openpgp-email@enigmail.net>
Subject: Re: [openpgp] [openpgp-email] Keyserverless Use of OpenPGP in Email
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Apr 2016 14:30:17 -0000

> Now it may be that my usage pattern is a corner case, but I believe it
> is typical for many users today.

Good point. I'll think about this some more.  Two related ideas from the
top of my head:
- keyring synchronization. this is necessary to send an encrypted
  message to a known contact from a new device, so it's going to be a
  thing we will have to worry about somewhere down the line for proper
  support of the multi-device scenario.
- store message-id of the message where the pubkey was last sent on the
  sender side, and add it to the mime header of the signature? for
  reasonably recent messages, clients should be able to make that lookup
  without network in many cases, and it avoids the privacy leak.

> You could put it in the email header too.  It would be bizare for
> larger keys, but at least possible in theory.

Yeah, 10kb header lines don't seem very practical. I also considered the
mime header, but same argument, it's just too unwieldy. :\

> You still have some of the keyserver privacy concerns, and require
> a network connection, but I'd just like to mention it as another option
> to consider.

Indeed: Connectivity, delay, privacy. :)

> I agree it could work.  Write an I-D describing the approach and try to
> get MUA client support for it.

Depending on the resonance I get or further arguments brought up here,
I'm going to implement this in at least K-9 Mail myself. :)

Thanks for the feedback so far!

 - V