[openpgp] Keyserverless Use of OpenPGP in Email
Vincent Breitmoser <look@my.amazin.horse> Tue, 12 April 2016 12:15 UTC
Return-Path: <look@my.amazin.horse>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 89EA112DF40 for <openpgp@ietfa.amsl.com>; Tue, 12 Apr 2016 05:15:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t3rOdYWsqD51 for <openpgp@ietfa.amsl.com>; Tue, 12 Apr 2016 05:15:54 -0700 (PDT)
Received: from mail.mugenguild.com (mugenguild.com [5.135.189.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7D0C612D10E for <openpgp@ietf.org>; Tue, 12 Apr 2016 05:15:53 -0700 (PDT)
Received: from localhost (dhcp176-217.wlan.rz.tu-bs.de [134.169.176.217]) by mail.mugenguild.com (Postfix) with ESMTPSA id 03D085FA25; Tue, 12 Apr 2016 14:15:51 +0200 (CEST)
Date: Tue, 12 Apr 2016 14:15:49 +0200
From: Vincent Breitmoser <look@my.amazin.horse>
To: IETF OpenPGP <openpgp@ietf.org>, openpgp-email <openpgp-email@enigmail.net>
Message-ID: <20160412121549.GB16775@littlepip.fritz.box>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="FkmkrVfFsRoUs1wW"
Content-Disposition: inline
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/y9fIT5kAA8xig5loqSHBLCHSEIQ>
Subject: [openpgp] Keyserverless Use of OpenPGP in Email
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Apr 2016 12:15:56 -0000
Hi, (crossposting to openpgp-email and openpgp-wg, the lists where I expect the highest rates of interested people) I'd like to discuss a thought that has come up in my work on k9 mail: Using OpenPGP in E-Mail without relying on keyservers. As a motivation, just consider someone spins up their botnet to add 1000 or more keys per second to the pool - aaaaand it's gone. Other aspects are that a keyserver lookup requires network connectivity, introduces noticable delay, and has privacy implications which prevent us from doing the lookup in an automated fashion. First, some basic considerations: To obtain the public key of a communication partner, we obviously have to rely on said communication partner to make their key available to us one way or another. The only deployed lookup mechanism are keyservers, but we said we don't have that. The alternative is sending the key in-band with the particular communication protocol: No problem for synchronous communication such as XMPP because we can simply request them, more difficult for e-mail where that option is not available. If we don't have bandwidth constraints, we can solve this by sticking the public key block right next to every signature we make, which effectively eliminates the need for keyservers (with the possible exception of the distribution of revocation certs). However, it also adds ~10kb of size to every signature. This is a rather extreme approach, and although 10kb are not a lot these days, they add up. To counteract this, we can significantly reduce the number of attached public keys if we are just a little bit clever about the decision of when to add it. Roughly, it makes sense to attach the public key to the first message of a conversation with each recipient. Another question is, where to place the key. In email, we have two options: in a separate mime part, or directly next to the pgp signature data. I favor the second option, for two reasons: - the email client has to know a lot less about openpgp for this to work, the public key is naturally handed to the openpgp-implementation together with the signature data. - there isn't yet another weird attachment for recipients who don't have openpgp support - the intended purpose of the key is clear, because there are no other circumstances where a key might end up in this position. The drawback with this approach is implementation support. If an implementation doesn't expect a public key next to the signature data, it's just bloat (or even worse, produces a warning about trailing data. I did some tests and this is the case in mutt, but not enigmail), and does not even show an option for the user to manually import the key. I think that this approach might be a way to overcome the need for a click from the user (whether it's "Retrieve from Keyserver" or "Import from Attachment") to be able to import and work with a public key. It's unacceptable to import a key from keyservers automatically for various reasons, but I think an opt-out behavior of importing keys retrieved as part of a message is fine, if that key also signed the message. I'll leave it at this for now. I'd be delighted about comments and thoughts, in particular from those of you who are involved in the decision making of other implementations. - V
- [openpgp] Keyserverless Use of OpenPGP in Email Vincent Breitmoser
- Re: [openpgp] Keyserverless Use of OpenPGP in Ema… Paul Wouters
- Re: [openpgp] Keyserverless Use of OpenPGP in Ema… Vincent Breitmoser
- Re: [openpgp] [openpgp-email] Keyserverless Use o… Simon Josefsson
- Re: [openpgp] [openpgp-email] Keyserverless Use o… Neal H. Walfield
- Re: [openpgp] [openpgp-email] Keyserverless Use o… Vincent Breitmoser
- Re: [openpgp] [openpgp-email] Keyserverless Use o… Ruben Pollan
- Re: [openpgp] Keyserverless Use of OpenPGP in Ema… Derek Atkins
- Re: [openpgp] [openpgp-email] Keyserverless Use o… Neal H. Walfield
- Re: [openpgp] Keyserverless Use of OpenPGP in Ema… Werner Koch
- Re: [openpgp] [openpgp-email] Keyserverless Use o… Werner Koch
- Re: [openpgp] [openpgp-email] Keyserverless Use o… Vincent Breitmoser
- Re: [openpgp] [openpgp-email] Keyserverless Use o… Ruben Pollan