Re: [Sml] SML BoF / pEp Use Cases

[Bernie Hoeneisen <bernie@ietf.hoeneisen.ch>]

Hi Jörg

Thanks for your response

On Sat, 25 Mar 2023, Hans-Joerg Happel wrote:

> I did not yet have time to dig too deeply into the documents you reference, 
> but the things you mention could certainly be use cases of structured email.
>
> Would you like to present some slides at the BoF on Tuesday?

Sure. Unfortunately, I am unable to attend the SML BoF in Yokohama (due to 
IETF imposed restrictions for IETF-116). However, my collegue Hernani (in 
CC) is on site and would do the presentation.

Would a 15min slot during the BoF be feasible to present these use cases?


> ps.: I esp. tried to grasp the details of key sychronization (2), but failed 
> to find at which of the process steps (email) messages are used by now. In 
> particular, how do you "address" the different devices in case they are all 
> using the same email account?

In short: The pEp KeySync protocol for email uses the (IMAP-)INBOX as a 
common channel among the clients to exchange "technical" information. The 
sending pEp email devices add structured emails messages to the INBOX, 
where those are read from and processed by the receiving devices. (These 
structured email messages expire after some time.) Such structured email 
messages contain information (e.g. to identify the related transaction) 
for the receiving devices to decide whether or not to process or ignore 
those.

> Beyond that: are there implementations of (1-3) already, and how do they work 
> by now

Yes, all these use cases are implemented for several years already. 
Please find more information on:

   https://pep.foundation/pEp-software/

All our implmementations are open source. The reference implementation 
(pEp Engine), you can find on:

   https://gitea.pep.foundation/pEp.foundation/pEpEngine

cheers
  Bernie




>
> On 25.03.23 01:11, Bernie Hoeneisen wrote:
>> Dear SML List,
>> 
>> As I understand SML (Structured Email), in pEp [1] we have some Use Cases 
>> that may fit into SML. In the following a short description:
>> 
>> 1) Process Attached PGP Key
>> 
>> One Use case may be, where a (PGP) key is attached to an email. By default 
>> the attached Key shall not be shown to the User (as this leads to bad UX). 
>> The Key shall rather be automatically processed by the client as described 
>> in https://datatracker.ietf.org/doc/html/draft-pep-email
>> 
>> 
>> 2) Private Key Synchronization
>> 
>> https://datatracker.ietf.org/doc/html/draft-pep-keysync specifies a 
>> protocol to securely set up a trusted channel to exchange private key 
>> information among clients belonging the same users in a decentralized 
>> manner. The messages for setting up the trusted channel and exchanging keys 
>> over said channel need to be processed automatically and shall not be shown 
>> to the user.
>> 
>> 3) Key Reset
>> 
>> https://datatracker.ietf.org/doc/html/draft-pep-keyreset specifies a 
>> protocol to reset (revoke/replace) Keys. This protocol contains means for 
>> distributing such information to be automatically processed by the clients.
>> 
>> Looking forward to your feedback on whether or not these Use Cases are in 
>> scope of SML.
>> 
>> cheers,
>>  Bernie, pEp Foundation
>> 
>> [1] https://pep.foundation/pEp-software/
>> 
>> -- 
>> 
>> http://ucom.ch/
>> Modern Telephony Solutions and Tech Consulting for Internet Technology
>> 
>