Re: [openpgp] mailing list: managing the subscriber list
"Neal H. Walfield" <neal@walfield.org> Mon, 11 January 2016 22:46 UTC
Return-Path: <neal@walfield.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B84B91AC400 for <openpgp@ietfa.amsl.com>; Mon, 11 Jan 2016 14:46:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.151
X-Spam-Level:
X-Spam-Status: No, score=-0.151 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, HELO_EQ_DE=0.35, SPF_HELO_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id srdiIqb-fPCK for <openpgp@ietfa.amsl.com>; Mon, 11 Jan 2016 14:46:20 -0800 (PST)
Received: from mail.dasr.de (mail.dasr.de [217.69.77.164]) by ietfa.amsl.com (Postfix) with ESMTP id 2A89F1AC3FD for <openpgp@ietf.org>; Mon, 11 Jan 2016 14:46:19 -0800 (PST)
Received: from p5ddfb0fc.dip0.t-ipconnect.de ([93.223.176.252] helo=mail.huenfield.org) by mail.dasr.de with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from <neal@walfield.org>) id 1aIlE5-0003D1-Bo; Mon, 11 Jan 2016 22:46:13 +0000
Received: from [192.168.54.11] (helo=chu.huenfield.org) by mail.huenfield.org with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <neal@walfield.org>) id 1aIlE1-00007x-Ax; Mon, 11 Jan 2016 23:46:13 +0100
Received: from localhost ([::1] helo=chu.huenfield.org.walfield.org) by chu.huenfield.org with esmtp (Exim 4.84) (envelope-from <neal@walfield.org>) id 1aIlDx-0002mb-Q2; Mon, 11 Jan 2016 23:46:05 +0100
Date: Mon, 11 Jan 2016 23:46:05 +0100
Message-ID: <87r3hn4tw2.wl-neal@walfield.org>
From: "Neal H. Walfield" <neal@walfield.org>
To: Rick van Rein <rick@openfortress.nl>
In-Reply-To: <56938B98.7000707@openfortress.nl>
References: <87ziwd3yrn.wl-neal@walfield.org> <56938B98.7000707@openfortress.nl>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM/1.14.9 (Gojō) APEL/10.8 EasyPG/1.0.0 Emacs/24.5 (x86_64-pc-linux-gnu) MULE/6.0 (HANACHIRUSATO)
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset="BIG5"
Content-Transfer-Encoding: base64
X-SA-Exim-Connect-IP: 192.168.54.11
X-SA-Exim-Mail-From: neal@walfield.org
X-SA-Exim-Version: 4.2.1 (built Mon, 26 Dec 2011 17:06:47 +0000)
X-SA-Exim-Scanned: Yes (on mail.huenfield.org)
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/m4HKb59xDGYQskUToTgKlZAeVwE>
Cc: openpgp@ietf.org, Matthew Green <matthewdgreen@gmail.com>
Subject: Re: [openpgp] mailing list: managing the subscriber list
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Jan 2016 22:46:22 -0000
Hi Rick, Thanks for your thoughtful response! At Mon, 11 Jan 2016 12:01:44 +0100, Rick van Rein wrote: > You are getting into a topic that has my interest. To me, a mailing > list is just an example of encryption things to a group. > > I read your proposal of back-then, but it is not wholly clear to me: > * You want to protect the list of subscribers you say; are these the > email addresses or key identities that you wish to protect? Using SMTP, it is clearly effectively impossible to protect the email addresses [1]. But, the difference between the resources required to downgrade TLS connections and passively observe SMTP traffic and the resources to casually traverse some publically and permanently stored data decades later is huge. Thus, even though I realize it is not possible to completely protect the email addresses, I don't want to make it too easy to get them. [1] "Neither Snow Nor Rain Nor MITM... An Empirical Analysis of Email Delivery Security" by Zakir Durumeric, David Adrian, Ariana Mirian, James Kasten, Elie Bursztein, Nicolas Lidzborski, Kurt Thomas, Vijay Eranti, Michael Bailey, and J. Alex Halderman. IMC’15, October 28–30, 2015. http://conferences2.sigcomm.org/imc/2015/papers/p27.pdf Likewise, I want to make it possible to protect the key ids as much as possible, which can be done using hidden recipients (i.e., using 0x0 for the key id in the PK-ESK packet). > * You say that you don't like re-encryption; is this for reasons of > efficiency, or for reasons of passing the plaintext through the control > of the list owner (who is likely to subscribe and therefore receive the > text anyway)? There are two types of re-encryption that I think are inappropriate: - when the mailing list software decrypts and reencrypts each message before forwarding it on to the list of subscriber, and, - using cryptographic reencryption (ala SELS [2], i.e., the mailing list owner has a secret key, each subscriber has a secret key that is an offset of that secret key, and the mailing list software adjusts encrypted messages by each recipient's offset to re-encrypt it). [2] http://sels.ncsa.illinois.edu/ The problem with the mailing list software having access to the cleartext is that the mailing list server becomes part of the trusted computing base (TCB), which is often undesirable, because we'd like to have some untrusted party provide and manage our infrastructure. Note: this has nothing to do with the list owner, who, I assume, is part of the TCB. The problem with reencryption algorithms is that a subscriber can't reuse her own secret key. Instead, she gets a new secret key (sent via email, which she has to import) for each mailing list subscription. This means she can't easily use a smartcard; it makes it harder to read the mail on multiple devices; and, it encourages what are, IMHO, bad security practices (it normalizes using a secret key provided by a third party). Finally, it is possible to recover the mailing list's secret key if the mailing list software and a subscriber collude. > Since mailing lists are sort-of a hack in the mail system, you might > consider doing it entirely differently. For instance, downloading list > mail over IMAP, which gives subscribers the initiative so they don't > need to present an email address. Sending might be done over SMTP or > even over IMAP. Being searchable, this also makes for a great document > repository :) > > As for re-encryption efficiency, you could decide to re-package the > session key to (only authorized) public keys; one way you could find > those is from STARTTLS with an OpenPGP credential, but that would impose > restrictions on the mail client, or require it go through a SOCKS proxy > or such. Towards the latter, we are working on a TLS Pool that could > make it straightforward to build such a proxy, http://tlspool.arpa2.net > and which implements OpenPGP over TLS. (I'm not clear on what you mean by repackaging the session key. Do you have some pointers?) These are good suggestions and I appreciate the tips! You're probably right that a good solution can more easily be found by disregarding backwards compatibility. But, in this project, I'm trying to determine the best mechanism that doesn't require users to change their habits or upgrade their software (other than their OpenPGP implementation and then, only for posters, not list subscribers). I hope my response doesn't sound too destructive; it was not the intent. I really appreciate your comments and the opportunity to formulate some previously implicit arguments. Thanks! :) Neal
- [openpgp] mailing list: managing the subscriber l… Neal H. Walfield
- Re: [openpgp] mailing list: managing the subscrib… Rick van Rein
- Re: [openpgp] mailing list: managing the subscrib… Neal H. Walfield
- Re: [openpgp] mailing list: managing the subscrib… Rick van Rein
- Re: [openpgp] mailing list: managing the subscrib… Werner Koch
- Re: [openpgp] mailing list: managing the subscrib… Neal H. Walfield
- Re: [openpgp] mailing list: managing the subscrib… Neal H. Walfield
- Re: [openpgp] mailing list: managing the subscrib… vedaal
- Re: [openpgp] mailing list: managing the subscrib… Phillip Hallam-Baker