[openpgp] Proposal to use Proxy Re-Encryption in a messaging protocol

Phillip Hallam-Baker <phill@hallambaker.com> Mon, 22 August 2016 19:04 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 5F18212D798; Mon, 22 Aug 2016 12:04:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.597
X-Spam-Status: No, score=-2.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id 3mNRk_xNa5nZ; Mon, 22 Aug 2016 12:04:11 -0700 (PDT)
Received: from mail-qk0-x22c.google.com (mail-qk0-x22c.google.com [IPv6:2607:f8b0:400d:c09::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1D61312D5A5; Mon, 22 Aug 2016 12:04:10 -0700 (PDT)
Received: by mail-qk0-x22c.google.com with SMTP id l2so89950829qkf.3; Mon, 22 Aug 2016 12:04:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:from:date:message-id:subject:to; bh=R46glwfuinuQEXLMMrmIX627Z2aZvla+rlJjE7vw5cg=; b=keaCnE+bLsLTjpdMBg/AcCyQ+V0QcBNJ149Y9ZYkfHmMjtapAB16idE5TDII9jRQaS q751gL+9farQVjEOVQZ0prfs+HHDMgGIzEue5e8enNuaYWj/FSn4enD5iS7RhqaaN/nv vbkgzpgtPaPylVBNWdtNgIv7mUR+WcS69KIEUZQeyi1nr30eC4vX9hz0XoxnaP9IYzrc OPJA6N+UQeMeJfMr05fYyzRnQ60jMINPEgyT4riD2w5PRR9KfAVQJo3pR4xlZq83RTaq VwtFaGJcMSlQruUC7wU6gmiJSbekod7q2pe0qjkU1m3gDJQn9D/ypqy3J0IxP3bFym8l UBLg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:from:date:message-id:subject :to; bh=R46glwfuinuQEXLMMrmIX627Z2aZvla+rlJjE7vw5cg=; b=aTxoNnjekXqRWwy9PzGll2tHJt/jh7STP+MblkQf1PRprKpjgDpsz83L7fA0R6f1j4 bLpbfWHxZdpf9DPYpFDFMK5nZgCt/VRXIe4DVIdgxeR+73jLuDJNF7MD27JGgh8UJERy i9mnYyLgbUFuzOQtzoZfKfluViMucW/ta4SaN1YZPyNqbPqwU785PyYofwPlZTANUuhJ d8qHo1KlRpRN0CyP28C8hOvUm1MDv7Utf1TzLDoPyRFSw79yrtV3MTY121rRzq+nUC0U 5L+Tj8z6iRQw1+efDmnnZxGLSofz/WQ/HtvIQ8Gk4fOaMXxzBHLOaOW6EdwEjXbDdmQN p3gg==
X-Gm-Message-State: AEkoouvQKIC7CxVert2ulSeT/mmxwGoWbXVSWCReMY4p06hcAGt78jaCPp+vC9xvsFQVQxnlX/sM3cmHucPVxA==
X-Received: by with SMTP id x186mr25013950qkb.26.1471892649031; Mon, 22 Aug 2016 12:04:09 -0700 (PDT)
MIME-Version: 1.0
Sender: hallam@gmail.com
Received: by with HTTP; Mon, 22 Aug 2016 12:04:08 -0700 (PDT)
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Mon, 22 Aug 2016 15:04:08 -0400
X-Google-Sender-Auth: 2E1H8l7X350QRopIPTuJz1XG-oU
Message-ID: <CAMm+Lwi3e2TCx79bMQJLcegL2fV_L2jkMmvvpD4Q9k4KMsG-SA@mail.gmail.com>
To: endymail <endymail@ietf.org>, "cfrg@irtf.org" <cfrg@irtf.org>, IETF OpenPGP <openpgp@ietf.org>, IETF SMIME <smime@ietf.org>
Content-Type: multipart/alternative; boundary="001a114d38227e3edd053aadb633"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/qgiwCY121yubxdy4iXsKMrz-eG4>
Subject: [openpgp] Proposal to use Proxy Re-Encryption in a messaging protocol
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Aug 2016 19:04:12 -0000

NB: Please direct followups to endymail@ietf.org alone

The draft is at:


At the last IETF, I made a presentation on the use of Proxy Re-Encryption
'recryption' at the CFRG session=. I think that this is a very powerful
technique that solves some real problems we are facing today that were
probably not as apparent when it was first proposed.

In particular, recryption allows end-to-end security to be preserved in
situations where it would normally be lost. For example in a mailing list
application or in a situation where Alice needs to read her email on
multiple devices, some of which might be mobile devices that could get
lost. Recryption also provides the ideal basis for Confidential Document
Control which is an access control system that uses data level encryption,

One slight holdup here is that there is a patent encumbrance that purports
to claim the use of recyption for DRM applications but this will expire
shortly, certainly before any project could get off the ground.

I have written an Internet draft showing how Recryption might be
implemented as a 'clean slate' protocol. Since we don't have anything like
a CDC application yet (Plasma maybe), this is going to be a requirement for
some situations. I am thinking we should probably try to build something
and work out how to get that running before working out how best to fit
these capabilities to S/MIME, OpenPGP, Jabber, etc.

Contrary to my usual practice, there is no code so far, well no
implementation code.I will be filling that in once I finish a few things
ahead of this in the queue, specifically using the Mesh to manage SSH keys.

The one technical holdup I see here is that if we are going to get people
to use it, usability can't be 'OK' or 'not bad'. The only way to get a new
crypto system off the ground is to design something that delivers usability
that is iPhone level perfect. I think that the Mesh makes that possible of
course but I will probably have to prove that with some demos. Which is why
I want to get the Mesh to manage SSH keys.