Re: [openpgp] Transport public keys inside the message body
Simon Josefsson <simon@josefsson.org> Thu, 15 February 2024 13:45 UTC
Return-Path: <simon@josefsson.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7C910C14CE22; Thu, 15 Feb 2024 05:45:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=josefsson.org header.b="FRsPlyuh"; dkim=pass (2736-bit key) header.d=josefsson.org header.b="YZI3yoic"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Qf8XOm8bec_x; Thu, 15 Feb 2024 05:45:36 -0800 (PST)
Received: from uggla.sjd.se (uggla.sjd.se [IPv6:2001:9b1:8633::107]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5AE0EC151553; Thu, 15 Feb 2024 05:45:29 -0800 (PST)
DKIM-Signature: v=1; a=ed25519-sha256; q=dns/txt; c=relaxed/relaxed; d=josefsson.org; s=ed2303; h=Content-Type:MIME-Version:Message-ID:In-Reply-To :Date:References:Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding :Content-ID:Content-Description; bh=IAHs4Se/9cHwIPi+PJ25bsi3ZwHpSRgBQWamdH/1MfU=; t=1708004727; x=1709214327; b=FRsPlyuhA8f6yGEs1OuN+wN37axu+7SrLxzYqUIkXn5alLo9D4m9igc58DgOIgoGZ0ml16W9KXB vfOZkFFboBQ==;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=josefsson.org; s=rsa2303; h=Content-Type:MIME-Version:Message-ID: In-Reply-To:Date:References:Subject:Cc:To:From:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=IAHs4Se/9cHwIPi+PJ25bsi3ZwHpSRgBQWamdH/1MfU=; t=1708004727; x=1709214327; b=YZI3yoicSbE//TFngAdrisLoYAFN5ndETThC8PV9hjDPc4OaVzAsTAgWnRfYKH2MD+1r//80c00 9FC7WPLv4gpdNwzBxRcCl+CuIqV31CvWWkihWfPnM+Y89oyhog/hWCXvDRV5flnN7ytHNPoEqU7/r 1EqlvqGCdFyqshdouMDM1rGKIn1JaxgvC8pwF+3OlrR+JAAqgWO3y8c2jaFlFwVjV9hHE16LstctU RVMTTT2eACEdVfCPZ4qJGJ3BpzUVhrbjqKNCZstD+OaImOVqQ61ujFOJBElJ83lG4dCjnZXy+ugBe BAQyz4jW7/bWlpnSN87u2LRFhr289kQMp96VKv+6u541TH0avPdrRkoFn7aChe+kcnHGn3lmGcsty IxAL31y87NZZ6rmvjIpjVDRDfOeJqGScy2+fuxEF4Io2GHa/eWMQNYZznfDntQQFk7fcxmHX5;
Received: from [2001:9b1:41ac:ff00:823f:5dff:fe09:16ac] (port=43074 helo=kaka) by uggla.sjd.se with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from <simon@josefsson.org>) id 1rac3G-001tze-Me; Thu, 15 Feb 2024 13:45:22 +0000
From: Simon Josefsson <simon@josefsson.org>
To: Kai Engert <kaie@kuix.de>
Cc: Simon Josefsson <simon=40josefsson.org@dmarc.ietf.org>, "openpgp@ietf.org" <openpgp@ietf.org>
References: <33b847dd-2dfc-4741-a415-d4636642fef1@kuix.de> <871q9e40lg.fsf@kaka.sjd.se> <56d49119-6633-4a25-a520-8ceaebe6c63a@kuix.de>
OpenPGP: id=B1D2BD1375BECB784CF4F8C4D73CF638C53C06BE; url=https://josefsson.org/key-20190320.txt
X-Hashcash: 1:23:240215:simon=40josefsson.org@dmarc.ietf.org::aH4alsIWl4cIbSrZ:wuG
X-Hashcash: 1:23:240215:openpgp@ietf.org::9Y/9CfNQ//Ifdu+D:gxMw
X-Hashcash: 1:23:240215:kaie@kuix.de::IJ5gXQz5omT/QS46:j5SH
Date: Thu, 15 Feb 2024 14:45:42 +0100
In-Reply-To: <56d49119-6633-4a25-a520-8ceaebe6c63a@kuix.de> (Kai Engert's message of "Thu, 15 Feb 2024 10:15:29 +0100")
Message-ID: <87sf1t3kop.fsf@kaka.sjd.se>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/yuVvM-ciVZ4Ijz6-rqgE7Y4l1RE>
Subject: Re: [openpgp] Transport public keys inside the message body
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Feb 2024 13:45:42 -0000
Kai Engert <kaie@kuix.de> writes: > Hi Simon, > > On 15.02.24 09:02, Simon Josefsson wrote: >> I re-read RFC 3156 and one way to do this is "extend" it by allowing >> putting a public key block before or after the '-----BEGIN PGP >> MESSAGE-----' block, and say that MUAs can parse those blocks to find >> keys. Yes, that is a bit ugly, but overall complexity is lower than >> having multipart MIME blobs with an extra application/pgp-keys >> component, and solves the problem of locating which public key was (by >> the sender) intended for use with the signature. > > As I understand it, your proposed solution is limited to transport the > key in signed and/or encrypted messages. > > It might be useful to specify a mechanism to transport the key in > messages that are neither signed nor encrypted, and which don't > include a "BEGIN PGP MESSAGE". > > A more general solution could allow users to include their public key > in all messages they send. Are you aware of application/pgp-keys? It can be included anywhere as a MIME part with any size of keys already, see: https://datatracker.ietf.org/doc/html/rfc3156#section-7 I assumed that you knew about it, were frustrated with its poor semantics, and wanted to explore alternatives. I recall seeing some people send their signed e-mails with an additional application/pgp-keys MIME part to distribute the keys, but don't have any direct example. In many receivers, this practice leads to poor UX, but maybe that is the problem rathern than use of application/pgp-keys. >> Maybe the old OpenPGP: e-mail header with fingerprint and URL should be >> revived... https://josefsson.org/openpgp-header/ and >> https://datatracker.ietf.org/doc/html/draft-josefsson-openpgp-mailnews-header > > I don't mind encouraging MUAs to include this header, if possible, but > it seems the header couldn't solve the goal for a significant number > of users, who may not know how to make their public key accessible at > an URL. MUAs can upload the user's key to a key server, and then include a OpenPGP: header with a URL pointing to that key server. Upload to a key server and recording the URL as a OpenPGP annotation inside the key (which MUAs could use to populate the OpenPGP: header) could be an optional step during private key creation. /Simon
- [openpgp] Transport public keys inside the messag… Kai Engert
- Re: [openpgp] Transport public keys inside the me… Simon Josefsson
- Re: [openpgp] Transport public keys inside the me… Kai Engert
- Re: [openpgp] Transport public keys inside the me… Kai Engert
- Re: [openpgp] Transport public keys inside the me… Bart Butler
- Re: [openpgp] Transport public keys inside the me… Andrew Gallagher
- Re: [openpgp] Transport public keys inside the me… Kai Engert
- Re: [openpgp] Transport public keys inside the me… Simon Josefsson
- Re: [openpgp] Transport public keys inside the me… Bart Butler
- Re: [openpgp] Transport public keys inside the me… Bart Butler
- Re: [openpgp] Transport public keys inside the me… Wyllys Ingersoll
- Re: [openpgp] Transport public keys inside the me… Kai Engert
- [openpgp] Transporting certificates in messages [… Daniel Kahn Gillmor
- Re: [openpgp] Transport public keys inside the me… Steffen Nurpmeso
- Re: [openpgp] Transport public keys inside the me… Werner Koch
- Re: [openpgp] Transport public keys inside the me… Bart Butler
- Re: [openpgp] Transport public keys inside the me… Daniel Kahn Gillmor
- Re: [openpgp] Transporting certificates in messag… Kai Engert
- Re: [openpgp] Transporting certificates in messag… Bart Butler
- Re: [openpgp] Transporting certificates in messag… Orie Steele
- Re: [openpgp] Transporting certificates in messag… Kai Engert
- Re: [openpgp] Transporting certificates in messag… Andrew Gallagher
- Re: [openpgp] Transport public keys inside the me… Simon Josefsson
- Re: [openpgp] Transporting certificates in messag… Peter Gutmann
- Re: [openpgp] Transporting certificates in messag… Andrew Gallagher
- Re: [openpgp] Transporting certificates in messag… Andrew Gallagher
- Re: [openpgp] Transporting certificates in messag… Andrew Gallagher
- Re: [openpgp] Transporting certificates in messag… Andrew Gallagher
- Re: [openpgp] Transporting certificates in messag… Bart Butler
- Re: [openpgp] Transporting certificates in messag… Daniel Kahn Gillmor
- Re: [openpgp] Transport public keys inside the me… Daniel Kahn Gillmor
- Re: [openpgp] Transporting certificates in messag… Kai Engert
- Re: [openpgp] Transporting certificates in messag… Andrew Gallagher
- Re: [openpgp] Transporting certificates in messag… Bart Butler
- Re: [openpgp] Transporting certificates in messag… Daniel Kahn Gillmor
- Re: [openpgp] Transporting certificates in messag… Andrew Gallagher
- [openpgp] Alternate signed-only e-mail structure … Daniel Kahn Gillmor
- Re: [openpgp] Transporting certificates in messag… Daniel Kahn Gillmor
- Re: [openpgp] Alternate signed-only e-mail struct… Stephen Farrell
- Re: [openpgp] Transporting certificates in messag… Michael Richardson
- Re: [openpgp] Alternate signed-only e-mail struct… andrewg
- Re: [openpgp] Alternate signed-only e-mail struct… Daniel Huigens
- Re: [openpgp] Alternate signed-only e-mail struct… Andrew Gallagher
- Re: [openpgp] Transporting certificates in messag… Johannes Roth
- Re: [openpgp] Transporting certificates in messag… Daniel Huigens
- Re: [openpgp] Transporting certificates in messag… Steffen Nurpmeso
- Re: [openpgp] Transporting certificates in messag… Steffen Nurpmeso
- Re: [openpgp] Transporting certificates in messag… Andrew Gallagher
- Re: [openpgp] Transporting certificates in messag… Andrew Gallagher