IETF Logo Mail Archive

[openpgp] Re: Certificate discovery over HKP

Vincent Breitmoser <look@my.amazin.horse> Tue, 08 April 2025 19:40 UTC

Return-Path: <look@my.amazin.horse>
X-Original-To: openpgp@mail2.ietf.org
Delivered-To: openpgp@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 26216192A497 for <openpgp@mail2.ietf.org>; Tue, 8 Apr 2025 12:40:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (1024-bit key) header.d=my.amazin.horse
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SE_NX5tJ3fix for <openpgp@mail2.ietf.org>; Tue, 8 Apr 2025 12:40:28 -0700 (PDT)
Received: from my.amazin.horse (my.amazin.horse [5.181.49.53]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 8881D192A490 for <openpgp@ietf.org>; Tue, 8 Apr 2025 12:40:28 -0700 (PDT)
Received: from [127.0.0.1] (p54b80e11.dip0.t-ipconnect.de [84.184.14.17]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (prime256v1) server-digest SHA256) (No client certificate requested) by my.amazin.horse (Postfix) with ESMTPSA id 038606E886 for <openpgp@ietf.org>; Tue, 08 Apr 2025 21:40:26 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=my.amazin.horse; s=2020; t=1744141227; bh=iowkh6C+YJL3+MdsYGv9H7RUC5xAmY6g8JmykRQnbQo=; h=Date:From:To:Subject:In-Reply-To:References; b=ES6+u4pOgKOix5yN4K5M8eu2z0PiBKIdI0n0TBtedMXodiLEx+BZA1+EqH9KqoMoh cwR3TTSEz6SZh1W/Twxrpen/rEXaDQJSETGWReJUp9MgOlW/yATafo4k6U/6Lsor+h ZErV3AJgMg2Bo03fDGDik3pSAbszN6tGTaxo4Ecc=
Date: Tue, 08 Apr 2025 21:40:25 +0200
From: Vincent Breitmoser <look@my.amazin.horse>
To: openpgp@ietf.org
User-Agent: K-9 Mail for Android
In-Reply-To: <F51333E5-1AC3-4216-B720-4EBEFA3B6AAB@andrewg.com>
References: <F51333E5-1AC3-4216-B720-4EBEFA3B6AAB@andrewg.com>
Message-ID: <A748070A-4774-41F9-92E8-55F724B8834C@my.amazin.horse>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----SIR6O87P1GPGCK8CA6CY76C9SKRUE6"
Content-Transfer-Encoding: 7bit
Autocrypt: addr=look@my.amazin.horse; keydata= mQINBFAB3UABEADCyB/vbIBA3m1BwcyjTieEMLySwYgt54EQ2hglOocdtIhqC+b05t6sLSkwx2uk xrU2cegnCBkdyF/FZ/+Et638CUEBbf4bjplwpt2IPLazQgjkwjMuhz0OcYDpMhwimTvh3mIl+0wz pOts6mEmMw0QZdl3RXvIW+NSynOn7qmz/fAv4Htt6lv2Ka0s6R2voyi+5U7CcIqizPad5qZVn2ux movcFreTzFt6nk37ZbbTfvA3e5F0bRRQeH3viT5XxpJF4Y76v/Ua+5N3Kd18K0sX85rD1G7cmxR2 CZ5gW1X24sDqdYZdDbf10N39UIwjJHPTeuVMQqry792Ap0Etyj135YFCE0loDnZYKvy2Y1i0RuEd TUIonIHrLhe2J0bXQGbQImHIyMgB9/lva8D+yvy2gyf2vjRhmJEEco7w9FdzP7p3PhKrUiTjRsjH w8iV8LOCFx9njZOq9mism9ZZ16tZpx9mXOf11HcH1RtVuyyQRS/4ytQPzwshXdSDDW6Btkmo9AbZ QKC54/hSyzpp3Br2T2xDH7ecnonDB/jv8rWuKXSTbX3xWAIrNBNDcTYaNe4jkms4HF7jJE19eRlq sXMMx6Fxvrh4TtKICwJYJ3AUmXrK3XTi/mjqYfJ1fpBn54rWs8nhSR1fuZPD+aMlcP8BDUPlNKPK tj0DGSh3/VlnnwARAQABtClWaW5jZW50IEJyZWl0bW9zZXIgPGxvb2tAbXkuYW1hemluLmhvcnNl PokCMAQTAQgAGgQLCQgHAhUIAhYBAhkBBYJmN1JlAp4BApsDAAoJEHvRgyDerfoR8zEQAL5F9au6 ay9ZFnR8dyo5v5rm1E/Dhf+fRtB0vY2656A5dcP3/RZRvfgAyW+12e22tHxqzfKlLUQFksgO4qPn /xwm4P3espfnqqYS/r5Ru9xySzoIFK3xHKmdjZ5raeANux1gPiGywhd/JJo7I67RmmHM/WXG/As4 77lkquOakfqgN+zFkEqmVZHznr/tvtif6tsK8P7GDCiLVWnDZtUqpIqLl6P4lO/v39BGyaQXlPXx lMEZvkdsmPhyarIMu2I0/hDA5yH7sGB9obEDcsGNxZEj2iobR4yPTFYE3d/LY2J8sM4lNDyeAHKU 6MekPp0jhpeQIAMiFvXqlDATT7tbI/LxMWIgmOrkK694PdJjtcsQmRoQQnHEXuczx8Bc526PZmeM FPY4q1DX1d/MxIe3OGXR/AtQ33M1ivIre6yX96sOywT9eubBho0gPKX037daYOBPJAjM/P3OOalt GMAtLSMbLz+CuMQhzF1D4iqwjztjolyI5Eaikb4id+lTWRbYgMee8PNLrRRuHosaztenw4+wLTix swkZUK44HA2PqTSHWyHxAcd3b4Ii2cFbg9aQnzh8oEMiEWj+qy4G3KNoL/wWou8VdKGmr/5fjeW/ 01b8Hhw3ohU6y4y5NbfBk6PXxJG6E0tbcquBuCntURzrKA2Q+pHEn5SLRzT3Jy5q+qmquQINBFQ7 zoEBEACyW8v87ZYk6BhLtZbJb1kFEOrXimVVEO4cvWzODfNxtABi2rVAR7WOj5CQXuF5CMN7Cuy6 BQldluBkreM1qfZfpBt/yfDsOxBYzdBew6woNDNJTIPXUM/Y2EqAUfLJGh9wUcwqvQCiFSlfeKaC /xuudvPS+8ygx6GZ58hamwbXnWGYq9EmcfpIqLmdap5sUT2mJh9n5Lorr2BAMsywy2DPBeYEIXWT OGFbbr0iAmD3rdM+Ag4iV/72Zg4twM86BFWingDP9B/X/TYueOydvvHWUpZYE6wPn6tGjCVUnADm yMUwELRKtA6DQcz6Va5ltdG+G5oHj6wLzZIn6kq+UrcpkgYML6HluhqyYsjeF4aCzmnWc8II6oqE dZ18ObV7a6+bGHZGdOm9Vlh5MbbtYRU3Swu0WDcWNO8rSzTPgtpaZQsAsJVge0cCPQS9Q4a3uJL/ Lmml9hpLGqvZg3/TEg1qkNEyf0QIsDBpha8wRGCNSdjsnrIYv3aluPzomQLpDiJcTp7ervM1Nii+ kI8aqp2tKE20uGb930XWJLlAi+ggxCXZLkQIlvhsPpSnDI16gKRKosYWg5KAf5MLbvtoCBU8wMTH 8BTdWLTXNJCWVpxZBiFjK68E3DsABc5Rc+8J/xMjBbYPhEXKjF9PqJVw8DPDDgyNvgc7pT7hAxLX gsNPYQARAQABiQI2BBgBAgAJBQJUO86BAhsMACEJEHvRgyDerfoRFiEE1KsZKWT3an+Pips1e9GD IN6t+hFjuQ//UQyg49f8TytUYQaBb8R0UfI+KhQFs1Nsz2z8a30CD1MeiHHYWdAcomVvTkg4g5Lb nYHVDrj/XagY3FN/AIE97usFbsTG+rsWAOLi7N2dN2ehWZ634kMvrgyC9uTiOdkw31+B8K5MpyyS gD8e6SAzRfiu06/bcQOUyJifw8Hudpj9by4uyGhSH+kHu4afrpOduUighbsGFtcuRwwQ/w/oSk68 XvPUgiOQWMZh/pVoXdFyFvrt/hgArCi8dfy5UPK58nl7jPnu/IuQXrJ50nNAFIIxPVeo2/B83KAn EZPU+qWZsdba0V+FIIQQVizLtQFMuJJk4/UTAOfJ2tBpQ9PADX6/scqDE7unXNWdxcHTjK7KmWjX C8CyhGOx8V/rb7Ial4mZo4cTED6SNlO7dV1XYwnSctL2HCYNM3RUe4eJ7JWuu7/Nbf6yip2eq7BQ KZ9hAH/se/OSZNYsEkZ4pxUc8W5U3uAZImUwC6L74SM0jBZIuDmQhOYX6sZZ6urIn/MYlj4/hqSB FS4vTK7nXRLmtr7+5T5U5srVseUiYc+l9pu9/XD8zGIu+M2xEd41NwP44GDQTQm0bFljRv5fSblw mi56YHPFQUIh2RZNX3kOJgeyQ3enw5uY+7ocKRVP38hpnffliLlJcO6TtHWnElS3pACbTQM0RHJo x3zqU3q6K3c=
Message-ID-Hash: UDFESJGC5JKBJSRIWQ2YA5CDIG4I5S2Z
X-Message-ID-Hash: UDFESJGC5JKBJSRIWQ2YA5CDIG4I5S2Z
X-MailFrom: look@my.amazin.horse
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-openpgp.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [openpgp] Re: Certificate discovery over HKP
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/oCeRHG14CJBxERMghwnhs7Tj4oo>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Owner: <mailto:openpgp-owner@ietf.org>
List-Post: <mailto:openpgp@ietf.org>
List-Subscribe: <mailto:openpgp-join@ietf.org>
List-Unsubscribe: <mailto:openpgp-leave@ietf.org>

Hey Andrew and list,

I read the document you linked, and the first question I have is - what exactly is the "thing to be done" here that we are trying to solve? It is unclear to me both what the exact goals are, and how HKP is the best way achieve them. 

"OpenPGP certificate discovery over HKP" sounds like we are designing a technical alternative to WKD, but what are the properties we want?

If it's to allow "recursive" lookups, we could just add a line to the wkd policy file that allows it. Or, even easier, servers could just do it without asking, since certificates available via WKD must be considered public info (modulo enumeration) anyways.

I apologize if I'm just missing context from discussions at the summit (I would really have liked to attend :)


 - V

v2.30.2 | Report a Bug | By Email | System Status