Re: [openpgp] Can the OpenPGP vs. S/MIME situation be fixed?

Jon Callas <joncallas@icloud.com> Tue, 05 July 2016 02:29 UTC

Return-Path: <joncallas@icloud.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4162D12D09C for <openpgp@ietfa.amsl.com>; Mon, 4 Jul 2016 19:29:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=icloud.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k-iXRTI2mWp0 for <openpgp@ietfa.amsl.com>; Mon, 4 Jul 2016 19:29:26 -0700 (PDT)
Received: from st13p27im-asmtp004.me.com (st13p27im-asmtp004.me.com [17.162.190.113]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 870A212B04B for <openpgp@ietf.org>; Mon, 4 Jul 2016 19:29:26 -0700 (PDT)
Received: from process-dkim-sign-daemon.st13p27im-asmtp004.me.com by st13p27im-asmtp004.me.com (Oracle Communications Messaging Server 7.0.5.38.0 64bit (built Feb 26 2016)) id <0O9T00S00L673D00@st13p27im-asmtp004.me.com> for openpgp@ietf.org; Tue, 05 Jul 2016 02:29:25 +0000 (GMT)
Received: from [10.0.23.7] (media.merrymeet.com [173.164.244.98]) by st13p27im-asmtp004.me.com (Oracle Communications Messaging Server 7.0.5.38.0 64bit (built Feb 26 2016)) with ESMTPSA id <0O9T00E2JLKZKL10@st13p27im-asmtp004.me.com> for openpgp@ietf.org; Tue, 05 Jul 2016 02:29:25 +0000 (GMT)
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2016-07-05_01:,, signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 clxscore=1015 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1510270003 definitions=main-1607050022
Content-type: text/plain; charset=us-ascii
MIME-version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Jon Callas <joncallas@icloud.com>
In-reply-to: <5779E086.9000506@brainhub.org>
Date: Mon, 04 Jul 2016 19:29:23 -0700
Content-transfer-encoding: quoted-printable
Message-id: <BAB41369-E007-4342-8E89-1F023EA851E1@icloud.com>
References: <20160701153304.332d2c95@pc1> <874m86xq04.fsf@alice.fifthhorseman.net> <9A043F3CF02CD34C8E74AC1594475C73F4CB97D2@uxcn10-5.UoA.auckland.ac.nz> <5779E086.9000506@brainhub.org>
To: IETF OpenPGP <openpgp@ietf.org>
X-Mailer: Apple Mail (2.3124)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=icloud.com; s=4d515a; t=1467685765; bh=QWw+eXQSWPmgI4X1ntB1U8/gVDq6G7BuREkDaEliKPM=; h=Content-type:MIME-version:Subject:From:Date:Message-id:To; b=UWGFIeUNOOh5yVB8Mw36R2+LOzNawh0Iu6qLTuFwStRZFFO/HNt5C7zGJY75s6sPX AV7lKMzH3SrEri7FLGToU7w8zRRH58iRdtkgIhi5rI2SHqPzjFawizW/8FFCYJK7Db 83dY8a7TdzbGRQzVC+q7VU8obM+TEWbde3kUdRZxQFR83Ziyyt1lZz/oonxojXKDAK ZrFpDoZwEMKTokcDIPfiaGkFGTbTLY87suS/14q3zd/L1kNylh7G6yAIRTNwrCVoFt yt1swimDLSEXZE5FDODhL2j1oecZ86tA6VfHq4mMT57ttaQ1mj8ytosFdVzfkaP4JT NYqbvmqRBCZVw==
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/nHt9qX8DBm9GqrxFblWb_8nw_tA>
Subject: Re: [openpgp] Can the OpenPGP vs. S/MIME situation be fixed?
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Jul 2016 02:29:28 -0000

To chime in with Peter and Andrey, this is something that can done in software.

Not everything needs to be done in protocol. 

Whatever the details, one can (and perhaps should) use the same key material and dress it up in whatever uniform one wants, OpenPGP or S/MIME. 

While on the surface, it kinda seems like a good idea to unify the two in protocol, that's a different task than either group has. A new protocol would want to be a new protocol. Despite each protocol being used in much the same way (especially in email), there are a lot of things that would have to be re-hashed out.

There's how you issue certificates (the whole CA/introducer issue(s)), whether certs contain one key or key sets, how they are transported (S/MIME puts them in the message, OpenPGP in directories etc.), and even the role of the internal layering. Note that OpenPGP is a binary (and UTF-8 is still binary) object protocol with a drizzling of MIME-encoding frosting over the top. That frosting is subject to its own interpretations. S/MIME in contrast *starts* with the email and MIME object and underneath there's CMS, usually almost as an afterthought. (Did you have a momentary "huh?" in your head when you read CMS? Many people do, and that's the point.) S/MIME starts at the top, OpenPGP starts at the bottom.

And oh, there are also other things that have to be re-hashed like ASN.1 all over again and the things it drags along like encoding rules. This is a good deal why perhaps its better to just push the other things up into software. The reason that there are the two standards is that they address different views of the world, technical as well as political. 

At the end of the day, there are many things you *have* to push up into software. Consider the case where I am sending an email (which often happens, but may not even be the primary case in OpenPGP, merely the one that comes first to mind) to Alice, Bob, and Charlie. It's indeed irritating that Alice has an OpenPGP key and Bob an S/MIME certificate, and I am thus  going to have to code up two copies of the message. It is, however, straightforward. I know what to do. The subtlety comes from the fact that Charlie is being BCCed. It doesn't matter what happens with Charlie, whatever encoding we use (even plaintext) we have to send that message separately. You have to handle this at the software level no matter what. Even with a unified crypto standard, messaging isn't just crypto.

Unless the unifying protocol is so compelling that people of all stripes can agree that we should drop the old ones and go to this, we merely have a reification of an XKCD cartoon -- we'll have *three* protocols that have to exercised at the proper software level in exactly the same way you'd have to hand it with two. Trying to simplify will almost certainly just make things more complex.

	Jon