Re: [openpgp] Can the OpenPGP vs. S/MIME situation be fixed?
Andrey Jivsov <openpgp@brainhub.org> Mon, 04 July 2016 04:05 UTC
Return-Path: <openpgp@brainhub.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4505112D1DC for <openpgp@ietfa.amsl.com>; Sun, 3 Jul 2016 21:05:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=comcast.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QnXAfCBmvYRX for <openpgp@ietfa.amsl.com>; Sun, 3 Jul 2016 21:05:28 -0700 (PDT)
Received: from resqmta-po-01v.sys.comcast.net (resqmta-po-01v.sys.comcast.net [IPv6:2001:558:fe16:19:96:114:154:160]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 009CD12D1D3 for <openpgp@ietf.org>; Sun, 3 Jul 2016 21:05:27 -0700 (PDT)
Received: from resomta-po-08v.sys.comcast.net ([96.114.154.232]) by resqmta-po-01v.sys.comcast.net with SMTP id Jv8RbOWdvkzylJv8RbJxRl; Mon, 04 Jul 2016 04:05:27 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net; s=q20140121; t=1467605127; bh=6E3z8u6Z7kbKywWI0UtR0VnTiX186rxaR1KmZFiwATE=; h=Received:Received:Message-ID:Date:From:MIME-Version:To:Subject: Content-Type; b=KvuPUrXF9sAnB8Mc7iPjNJNkONVfpIOrI/ygZlTxTVEBR5WTbvsSCLkDzOdfv/jYI jFTIs8LHs66vq0JMEivP+el5M9OmNd+ml7Dq5AJ3IwBjcoRaliEwAw1j3PnzP+7U+p a1I4sHephjbjB9LX0oophwo+upDxh0zgCmrUD3pDarwVcTuSU8xP8hyoV8xgPOS7Ji 3x9iabsQdtgHPrcjIs4DI4B8WWUK51gXnHwQaeaP7Z4eKWq8C2pKqnb8uW04O/CC2f MofimNy3uYe6MT40F5DE2xj2jwmXD5mIMLXlw434L+lKlfwECEGogvOvZyaJxn6R6V gn6sCef0RKdPQ==
Received: from [192.168.0.10] ([76.103.100.237]) by resomta-po-08v.sys.comcast.net with comcast id EU5S1t00457Jnqc01U5S0x; Mon, 04 Jul 2016 04:05:27 +0000
Message-ID: <5779E086.9000506@brainhub.org>
Date: Sun, 03 Jul 2016 21:05:26 -0700
From: Andrey Jivsov <openpgp@brainhub.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: openpgp@ietf.org
References: <20160701153304.332d2c95@pc1>, <874m86xq04.fsf@alice.fifthhorseman.net> <9A043F3CF02CD34C8E74AC1594475C73F4CB97D2@uxcn10-5.UoA.auckland.ac.nz>
In-Reply-To: <9A043F3CF02CD34C8E74AC1594475C73F4CB97D2@uxcn10-5.UoA.auckland.ac.nz>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/vo5ykkw9T0BH4Ge22NEWtbNx6Fs>
Subject: Re: [openpgp] Can the OpenPGP vs. S/MIME situation be fixed?
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Jul 2016 04:05:30 -0000
On 07/03/2016 08:41 PM, Peter Gutmann wrote: > Daniel Kahn Gillmor <dkg@fifthhorseman.net> writes: > >> I think we should be clear about what it would take to do what you're >> proposing; there are two main angles: >> >> * certificate interoperability (OpenPGP certs vs. X.509 certs) > This is easily solved in a technical spec, just define (to use the approach > I've been using in my code, which as worked more or less seamlessy for some > years), the use of sKID for S/MIME and issuerAndSerialNumber for PGP. Commercial PGP products used this type of "same key, two certificates" paradigm for over a decade. Some of this is documented in http://www.ietf.org/mail-archive/web/openpgp/current/msg01742.html (that's what PGP Corp. did; this write-up is incomplete). One issue with storing OpenPGP KeyID in X.509 Subject Key Identifier (SKI) is that over the last decade and earlier popular S/MIME clients were not using SKI to identify a recipient. Instead, they were using the X.509 cert's Issuer and SN. Therefore, one will have to encode OpenPGP keyID into the SN of the X.509 cert to be able to locate the OpenPGP key later from the encrypted S/MIME message. This works if the ecosystem owns an issuing X.509 Sub-CA, so that it's possible to control the SNs. > >> * message interoperability (PGP/MIME vs. S/MIME) > This can't be solved by a technical spec, it's an application issue which you > resolve by e.g. writing a PGP plugin for Outlook. > > Peter. > > _______________________________________________ > openpgp mailing list > openpgp@ietf.org > https://www.ietf.org/mailman/listinfo/openpgp
- Re: [openpgp] Can the OpenPGP vs. S/MIME situatio… Werner Koch
- Re: [openpgp] Can the OpenPGP vs. S/MIME situatio… Phillip Hallam-Baker
- Re: [openpgp] Can the OpenPGP vs. S/MIME situatio… Derek Atkins
- Re: [openpgp] Can the OpenPGP vs. S/MIME situatio… Phillip Hallam-Baker
- Re: [openpgp] Can the OpenPGP vs. S/MIME situatio… Jon Callas
- Re: [openpgp] Can the OpenPGP vs. S/MIME situatio… Peter Gutmann
- Re: [openpgp] Can the OpenPGP vs. S/MIME situatio… Andrey Jivsov
- Re: [openpgp] Can the OpenPGP vs. S/MIME situatio… Peter Gutmann
- Re: [openpgp] Can the OpenPGP vs. S/MIME situatio… Daniel Kahn Gillmor
- Re: [openpgp] Can the OpenPGP vs. S/MIME situatio… Watson Ladd
- Re: [openpgp] Can the OpenPGP vs. S/MIME situatio… Vincent Breitmoser
- Re: [openpgp] Can the OpenPGP vs. S/MIME situatio… Phillip Hallam-Baker
- Re: [openpgp] Can the OpenPGP vs. S/MIME situatio… Peter Gutmann
- Re: [openpgp] Can the OpenPGP vs. S/MIME situatio… Phillip Hallam-Baker
- Re: [openpgp] Can the OpenPGP vs. S/MIME situatio… Derek Atkins
- Re: [openpgp] Can the OpenPGP vs. S/MIME situatio… Thijs van Dijk
- [openpgp] Can the OpenPGP vs. S/MIME situation be… Hanno Böck
- Re: [openpgp] Can the OpenPGP vs. S/MIME situatio… Phillip Hallam-Baker
- Re: [openpgp] Can the OpenPGP vs. S/MIME situatio… ianG
- Re: [openpgp] Can the OpenPGP vs. S/MIME situatio… Stephen Paul Weber
- Re: [openpgp] Can the OpenPGP vs. S/MIME situatio… Phillip Hallam-Baker
- Re: [openpgp] Can the OpenPGP vs. S/MIME situatio… Derek Atkins