IETF Logo Mail Archive

Re: [openpgp] Transport public keys inside the message body

Simon Josefsson <simon@josefsson.org> Thu, 15 February 2024 13:45 UTC

Return-Path: <simon@josefsson.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7C910C14CE22; Thu, 15 Feb 2024 05:45:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=josefsson.org header.b="FRsPlyuh"; dkim=pass (2736-bit key) header.d=josefsson.org header.b="YZI3yoic"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Qf8XOm8bec_x; Thu, 15 Feb 2024 05:45:36 -0800 (PST)
Received: from uggla.sjd.se (uggla.sjd.se [IPv6:2001:9b1:8633::107]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5AE0EC151553; Thu, 15 Feb 2024 05:45:29 -0800 (PST)
DKIM-Signature: v=1; a=ed25519-sha256; q=dns/txt; c=relaxed/relaxed; d=josefsson.org; s=ed2303; h=Content-Type:MIME-Version:Message-ID:In-Reply-To :Date:References:Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding :Content-ID:Content-Description; bh=IAHs4Se/9cHwIPi+PJ25bsi3ZwHpSRgBQWamdH/1MfU=; t=1708004727; x=1709214327; b=FRsPlyuhA8f6yGEs1OuN+wN37axu+7SrLxzYqUIkXn5alLo9D4m9igc58DgOIgoGZ0ml16W9KXB vfOZkFFboBQ==;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=josefsson.org; s=rsa2303; h=Content-Type:MIME-Version:Message-ID: In-Reply-To:Date:References:Subject:Cc:To:From:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=IAHs4Se/9cHwIPi+PJ25bsi3ZwHpSRgBQWamdH/1MfU=; t=1708004727; x=1709214327; b=YZI3yoicSbE//TFngAdrisLoYAFN5ndETThC8PV9hjDPc4OaVzAsTAgWnRfYKH2MD+1r//80c00 9FC7WPLv4gpdNwzBxRcCl+CuIqV31CvWWkihWfPnM+Y89oyhog/hWCXvDRV5flnN7ytHNPoEqU7/r 1EqlvqGCdFyqshdouMDM1rGKIn1JaxgvC8pwF+3OlrR+JAAqgWO3y8c2jaFlFwVjV9hHE16LstctU RVMTTT2eACEdVfCPZ4qJGJ3BpzUVhrbjqKNCZstD+OaImOVqQ61ujFOJBElJ83lG4dCjnZXy+ugBe BAQyz4jW7/bWlpnSN87u2LRFhr289kQMp96VKv+6u541TH0avPdrRkoFn7aChe+kcnHGn3lmGcsty IxAL31y87NZZ6rmvjIpjVDRDfOeJqGScy2+fuxEF4Io2GHa/eWMQNYZznfDntQQFk7fcxmHX5;
Received: from [2001:9b1:41ac:ff00:823f:5dff:fe09:16ac] (port=43074 helo=kaka) by uggla.sjd.se with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from <simon@josefsson.org>) id 1rac3G-001tze-Me; Thu, 15 Feb 2024 13:45:22 +0000
From: Simon Josefsson <simon@josefsson.org>
To: Kai Engert <kaie@kuix.de>
Cc: Simon Josefsson <simon=40josefsson.org@dmarc.ietf.org>, "openpgp@ietf.org" <openpgp@ietf.org>
References: <33b847dd-2dfc-4741-a415-d4636642fef1@kuix.de> <871q9e40lg.fsf@kaka.sjd.se> <56d49119-6633-4a25-a520-8ceaebe6c63a@kuix.de>
OpenPGP: id=B1D2BD1375BECB784CF4F8C4D73CF638C53C06BE; url=https://josefsson.org/key-20190320.txt
X-Hashcash: 1:23:240215:simon=40josefsson.org@dmarc.ietf.org::aH4alsIWl4cIbSrZ:wuG
X-Hashcash: 1:23:240215:openpgp@ietf.org::9Y/9CfNQ//Ifdu+D:gxMw
X-Hashcash: 1:23:240215:kaie@kuix.de::IJ5gXQz5omT/QS46:j5SH
Date: Thu, 15 Feb 2024 14:45:42 +0100
In-Reply-To: <56d49119-6633-4a25-a520-8ceaebe6c63a@kuix.de> (Kai Engert's message of "Thu, 15 Feb 2024 10:15:29 +0100")
Message-ID: <87sf1t3kop.fsf@kaka.sjd.se>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/yuVvM-ciVZ4Ijz6-rqgE7Y4l1RE>
Subject: Re: [openpgp] Transport public keys inside the message body
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Feb 2024 13:45:42 -0000

Kai Engert <kaie@kuix.de> writes:

> Hi Simon,
>
> On 15.02.24 09:02, Simon Josefsson wrote:
>> I re-read RFC 3156 and one way to do this is "extend" it by allowing
>> putting a public key block before or after the '-----BEGIN PGP
>> MESSAGE-----' block, and say that MUAs can parse those blocks to find
>> keys.  Yes, that is a bit ugly, but overall complexity is lower than
>> having multipart MIME blobs with an extra application/pgp-keys
>> component, and solves the problem of locating which public key was (by
>> the sender) intended for use with the signature.
>
> As I understand it, your proposed solution is limited to transport the
> key in signed and/or encrypted messages.
>
> It might be useful to specify a mechanism to transport the key in
> messages that are neither signed nor encrypted, and which don't
> include a "BEGIN PGP MESSAGE".
>
> A more general solution could allow users to include their public key
> in all messages they send.

Are you aware of application/pgp-keys?

It can be included anywhere as a MIME part with any size of keys
already, see:

https://datatracker.ietf.org/doc/html/rfc3156#section-7

I assumed that you knew about it, were frustrated with its poor
semantics, and wanted to explore alternatives.

I recall seeing some people send their signed e-mails with an additional
application/pgp-keys MIME part to distribute the keys, but don't have
any direct example.

In many receivers, this practice leads to poor UX, but maybe that is the
problem rathern than use of application/pgp-keys.

>> Maybe the old OpenPGP: e-mail header with fingerprint and URL should be
>> revived...  https://josefsson.org/openpgp-header/ and
>> https://datatracker.ietf.org/doc/html/draft-josefsson-openpgp-mailnews-header
>
> I don't mind encouraging MUAs to include this header, if possible, but
> it seems the header couldn't solve the goal for a significant number
> of users, who may not know how to make their public key accessible at
> an URL.

MUAs can upload the user's key to a key server, and then include a
OpenPGP: header with a URL pointing to that key server.  Upload to a key
server and recording the URL as a OpenPGP annotation inside the key
(which MUAs could use to populate the OpenPGP: header) could be an
optional step during private key creation.

/Simon

v2.23.0 | Report a Bug | By Email