Re: [openpgp] Encryption and signature context parameter

Michael Richardson <mcr+ietf@sandelman.ca> Fri, 14 October 2022 19:29 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 48B29C14F738 for <openpgp@ietfa.amsl.com>; Fri, 14 Oct 2022 12:29:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.107
X-Spam-Level:
X-Spam-Status: No, score=-7.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sandelman.ca
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ER9jszRdqGnI for <openpgp@ietfa.amsl.com>; Fri, 14 Oct 2022 12:29:42 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 013FEC14F719 for <openpgp@ietf.org>; Fri, 14 Oct 2022 12:29:41 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 5D47E1800D; Fri, 14 Oct 2022 15:52:51 -0400 (EDT)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id X9_Z5MoCGx1F; Fri, 14 Oct 2022 15:52:50 -0400 (EDT)
Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id D3EEB1800C; Fri, 14 Oct 2022 15:52:49 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sandelman.ca; s=mail; t=1665777169; bh=FOf6OiurBkpnOq/GAFD/UdPH5pfGW0VeD7ouNqavHec=; h=From:To:Subject:In-Reply-To:References:Date:From; b=VTV09eg35Yc752aJjzAd3logHzsZy6P1xKq2ch3WcnsBtCeqs5/+ER5Lf72mrx2Iv rxwXRe8+I/6gARf2DII0lPjWiVlCadZqY9E393c6eKtAeeCquyi5mgk5dhMxh2Quhv WtAswDAgx0OEM/HBHBMTbHHHEk9O4aB9iumDbHaDVnNiMacaUVzsS4venSD9AqCU1B KYquIiuGyd4PCuNWRULyIx+nEn+Xbzg3knmuBS1DDLsmuAmiEb4ffgP2OSbikMTBKn WCPFHP//r8MBIuzGfTK2sbCvK/6hbHtII49idlOIoppNwNpLYq52nbbIBDgby4Yl8b loV8Ogetgh04g==
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 4886661; Fri, 14 Oct 2022 15:29:38 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, openpgp@ietf.org
In-Reply-To: <87lepj3uk3.fsf@fifthhorseman.net>
References: <TTJa-QE7jZWshZLtu4wDR8N6DRYsKWd1S6cV-ze8q9DVO8wzAm5T4fpIEXNsoEU2Psq2oG9HWnH_0bfbzBFVvk2ROMwPNXwlinPnnKw57pM=@protonmail.com> <53ECC178-1B3D-40AE-A684-6469BEBB1426@rub.de> <foDBX2xUSvUd4BeEwZNyqSpI7BySuweSXZD7QFww4_sGWbCRdrwR_uqaQef5POcChWtRYAAYMs9_FB1uTvwTGRhqN9mOYsmfADPoWYv5PQw=@protonmail.com> <0846A2FB-E47F-41BB-BE40-0F4C8014D0FB@rub.de> <i6P0E3xBS_J4u4AFSVcRSWr3NFYghskkodZsfxM82rpjIvoHwbMcDaHGO0DJ7LhNRen6XprDItHKS8wzJYUdET1kJk6rwGtyLK2EwycqkFg=@protonmail.com> <87k0555xo4.fsf@fifthhorseman.net> <4yxVm8UNEdrTDo15mpEtWetpyqBTE0Kex_yLJ1Rk2iMVj_gNyneLZmaptfDRYsTEGca8LJ_8wEwHzMrdy-Sk573XR4QodUb57O97dbfvLE4=@protonmail.com> <B2C0F14D-1657-4B72-A3E1-3B687536D34A@rub.de> <87lepj3uk3.fsf@fifthhorseman.net>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 27.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Fri, 14 Oct 2022 15:29:38 -0400
Message-ID: <28816.1665775778@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/ozczuivT4GHzrGg4yax4UoMONsE>
Subject: Re: [openpgp] Encryption and signature context parameter
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Oct 2022 19:29:46 -0000

Daniel Kahn Gillmor <dkg@fifthhorseman.net> wrote:
> Hi Marcus, Daniel, and the rest of the WG--

what a whirlwind email. Thank you.

    > Also, if we're going to use a distinct signalling mechanism, then it
    > smells like the moral equivalent to a v3 SEIPD, but focused on the
    > particular domain in question, which means it *doesn't* need to be
    > defined now.

    > For example, a future specification could (a) introduce v3 SEIPD, which
    > is identical to v2 SEIPD plus the context parameter, but indicating that
    > it MUST NOT be used in any domain without well-defined, signalled
    > support, (b) define exactly how it is used in the domain of e-mail
    > messages (maybe even declaring a fixed policy), and (c) claim one of the
    > bits in the feature packet to mean "I can do v3 SEIPD in the domain of
    > e-mail messages, using this exact policy".

I can't say that I really understood more than half of the technical details
of your email.   I did understand the part about leaking metadata to the
transports, and how hiding stuff matters to filters, and the Usenix/ORCA
paper is half-read and on my way-to-deep reading Q.

The above solution sure seems like a good idea.
I admit that I am less interested these days in email encryption.

I am mostly interested in email signatures, and despite existence of DKIM
(and claims from some IETF email gurus), I do not find that it's an
ubiquitous enough that I can, for instance, delete all email not DKIM signed
as spam.  (and I can't get my backup relay to do DKIM signatures, and it
turns out I never properly deployed it for my domain until a few weeks ago)

But, my point about signatures is that I really would prefer that every email
was PGP (or SMIME) signed, and that my MUA would therefore learn who signs
their email via TOFU, and enforce that.  Also, this means that I'm much more
likely to received their secure email information before I need to use it.
That's my model.

    > That still doesn't solve the problem of getting Bob's MUAs to all agree
    > that it's OK to set that bit in his cert, but it is at least a clear
    > deployment strategy that won't block us from getting real-world
    > practical experience with v2 SEIPD.

Yeah, I also use multiple MUAs, and my primary one is old enough to have
grandchildren in college.  But, I also use fancy new-fangled stuff on my
smartphone.

    > And it doesn't need us to change anything in the crypto-refresh draft,
    > to get the proximate revision to RFC 4880 out the door.

    > --dkg

    > PS i would be seriously happy to include work on something like the "v3
    > SEIPD + e-mail message policy for decryption context + signalling"
    > spec i sketched above as an item in a potential WG recharter if folks
    > are interested.

Sounds good.


--
Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
           Sandelman Software Works Inc, Ottawa and Worldwide