[lamps] advertising multiple S/MIME encryption-capable keys [was: Re: On the need for standardization of software-based interoperable private keys]
Daniel Kahn Gillmor <dkg@fifthhorseman.net> Sun, 15 August 2021 00:57 UTC
Return-Path: <dkg@fifthhorseman.net>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A93A73A1B5F for <spasm@ietfa.amsl.com>; Sat, 14 Aug 2021 17:57:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.306
X-Spam-Level:
X-Spam-Status: No, score=-1.306 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RDNS_NONE=0.793, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=fifthhorseman.net header.b=R7/0XMnl; dkim=pass (2048-bit key) header.d=fifthhorseman.net header.b=VWyrWWR7
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Wcl0_DEYo6N5 for <spasm@ietfa.amsl.com>; Sat, 14 Aug 2021 17:57:52 -0700 (PDT)
Received: from che.mayfirst.org (unknown [162.247.75.117]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EE4B33A1B5C for <spasm@ietf.org>; Sat, 14 Aug 2021 17:57:51 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019; t=1628989070; h=from : to : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=i9C0w6JJHyGMKuLm11sV4BLMil6GWKnCUIy2Xl15wkU=; b=R7/0XMnlF400C+MVf5YeXFxa9fQpFHw4XOuwP3+JaBnzI8P/8gx+Ryz5Kcsn6HL9l9YLC YJvkcMgd91miuE/Aw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019rsa; t=1628989070; h=from : to : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=i9C0w6JJHyGMKuLm11sV4BLMil6GWKnCUIy2Xl15wkU=; b=VWyrWWR74C0MdxV+EVUtdWIvCeCAndfz9xaNb2A3aWFTdGvCSI0wqZ6QitfdrRwANkiKY c8VchfazRGHuTCtXQIDrnIfoTP7k3c51IPOuLvpiOEeJNhxUrfzP9z/eNXuG0nKEf97uJKD YXJiaXCuosf15mxqA0Yjw5KaEASNLJi9uKKoM0Uqw7hia6jcqCvXw/hZ3G1+Ns/LBL/9qWC sZaiGr2X4JgOGyva+MLxkyBBYE5cjknHNpueSNLF4dNkTFbwNlotscZ7Bi5+wiH6DYhBQxz b8Br2voV4xuA+jQfULJuqvjiYddJW678lnoBrErriFo2WaWsb7CzHcWrlCvQ==
Received: from fifthhorseman.net (lair.fifthhorseman.net [108.58.6.98]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id 597DAF9A5 for <spasm@ietf.org>; Sat, 14 Aug 2021 20:57:50 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000) id 7C54F204B3; Fri, 13 Aug 2021 12:13:08 -0400 (EDT)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: LAMPS WG <spasm@ietf.org>
In-Reply-To: <D25538B7-C8D7-4B89-9A5E-EA95FAD1BAE4@redhoundsoftware.com>
References: <87czr0ww0d.fsf@fifthhorseman.net> <FF939B28-528B-47F9-9C0C-6585D1B02FBE@vigilsec.com> <87mtq3ukk0.fsf@fifthhorseman.net> <CAErg=HHQMZ1jk+bVxA=MzVvW+9ucie7bu-N6O8Asnp0V8Rf9Bg@mail.gmail.com> <30546.1627850836@localhost> <CAErg=HHKL-E5yT0UnPKcLfMQU41iDg7GGgjsSXs3eRg8daJRkg@mail.gmail.com> <87wnp347iu.fsf@fifthhorseman.net> <1388.1627996026@localhost> <87pmuu42hf.fsf@fifthhorseman.net> <20862.1628113377@localhost> <656985A5-BED4-4BA8-9233-B3C93966016C@ll.mit.edu> <877dh03x35.fsf@fifthhorseman.net> <722a1f15-8ac8-54f2-3c7a-14c7ed92c6ef@cs.tcd.ie> <SA2PR22MB2537BB784F2327052238317FE8F29@SA2PR22MB2537.namprd22.prod.outlook.com> <FAEBE63D-1CCC-4F76-B064-BD2DD4F02357@redhoundsoftware.com> <f0ac754b-18c4-8fdb-fff3-4d8675a9cefb@sandelman.ca> <156EE38A-6688-435C-9191-8D577EDCA251@redhoundsoftware.com> <9843.1628180697@localhost> <2213A8F8-D7DA-458A-96A8-1EC9A43FE900@redhoundsoftware.com> <CAGgd1Of2-ztnfJJV90wxuEvewb6j759EYSBK=cQQPNUup7R8WQ@mail.gmail.com> <D25538B7-C8D7-4B89-9A5E-EA95FAD1BAE4@redhoundsoftware.com>
Autocrypt: addr=dkg@fifthhorseman.net; prefer-encrypt=mutual; keydata= mDMEX+i03xYJKwYBBAHaRw8BAQdACA4xvL/xI5dHedcnkfViyq84doe8zFRid9jW7CC9XBiI0QQf FgoAgwWCX+i03wWJBZ+mAAMLCQcJEOCS6zpcoQ26RxQAAAAAAB4AIHNhbHRAbm90YXRpb25zLnNl cXVvaWEtcGdwLm9yZ/tr8E9NA10HvcAVlSxnox6z62KXCInWjZaiBIlgX6O5AxUKCAKbAQIeARYh BMKfigwB81402BaqXOCS6zpcoQ26AADZHQD/Zx9nc3N2kj13AUsKMr/7zekBtgfSIGB3hRCU74Su G44A/34Yp6IAkndewLxb1WdRSokycnaCVyrk0nb4imeAYyoPtBc8ZGtnQGZpZnRoaG9yc2VtYW4u bmV0PojRBBMWCgCDBYJf6LTfBYkFn6YAAwsJBwkQ4JLrOlyhDbpHFAAAAAAAHgAgc2FsdEBub3Rh dGlvbnMuc2VxdW9pYS1wZ3Aub3JnL0Gwxvypz2tu1IPG+yu1zPjkiZwpscsitwrVvzN3bbADFQoI ApsBAh4BFiEEwp+KDAHzXjTYFqpc4JLrOlyhDboAAPkXAP0Z29z7jW+YzLzPTQML4EQLMbkHOfU4 +s+ki81Czt0WqgD/SJ8RyrqDCtEP8+E4ZSR01ysKqh+MUAsTaJlzZjehiQ24MwRf6LTfFgkrBgEE AdpHDwEBB0DkKHOW2kmqfAK461+acQ49gc2Z6VoXMChRqobGP0ubb4kBiAQYFgoBOgWCX+i03wWJ BZ+mAAkQ4JLrOlyhDbpHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3Jnfvo+ nHoxDwaLaJD8XZuXiaqBNZtIGXIypF1udBBRoc0CmwICHgG+oAQZFgoAbwWCX+i03wkQPp1xc3He VlxHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnaheiqE7Pfi3Atb3GGTw+ jFcBGOaobgzEJrhEuFpXREEWIQQttUkcnfDcj0MoY88+nXFzcd5WXAAAvrsBAIJ5sBg8Udocv25N stN/zWOiYpnjjvOjVMLH4fV3pWE1AP9T6hzHz7hRnAA8d01vqoxOlQ3O6cb/kFYAjqx3oMXSBhYh BMKfigwB81402BaqXOCS6zpcoQ26AADX7gD/b83VObe14xrNP8xcltRrBZF5OE1rQSPkMNy+eWpk eCwA/1hxiS8ZxL5/elNjXiWuHXEvUGnRoVj745Vl48sZPVYMuDgEX+i03xIKKwYBBAGXVQEFAQEH QIGex1WZbH6xhUBve5mblScGYU+Y8QJOomXH+rr5tMsMAwEICYjJBBgWCgB7BYJf6LTfBYkFn6YA CRDgkus6XKENukcUAAAAAAAeACBzYWx0QG5vdGF0aW9ucy5zZXF1b2lhLXBncC5vcmcEAx9vTD3b J0SXkhvcRcCr6uIDJwic3KFKxkH1m4QW0QKbDAIeARYhBMKfigwB81402BaqXOCS6zpcoQ26AAAX mwD8CWmukxwskU82RZLMk5fm1wCgMB5z8dA50KLw3rgsCykBAKg1w/Y7XpBS3SlXEegIg1K1e6dR fRxL7Z37WZXoH8AH
Date: Fri, 13 Aug 2021 12:13:07 -0400
Message-ID: <877dgpxqzw.fsf@fifthhorseman.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/bxYt0pJZjoqN7Dy3H5irjJN3xoY>
Subject: [lamps] advertising multiple S/MIME encryption-capable keys [was: Re: On the need for standardization of software-based interoperable private keys]
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Aug 2021 00:57:58 -0000
On Thu 2021-08-12 07:19:08 -0400, Carl Wallace wrote: > [CW] I can have a mail server send an out of office note. Why can’t I > have a mail server send a set of keys? Maybe for some well-known + > appendage, as an example. I don’t know, as I am not saying I have a > fleshed out an answer. Four years ago, the IETF specified RFC 8162 as an experiment in distributing S/MIME certificates via the DNS using the SMIMEA RR type. The value of an SMIMEA record is a structure identical to TLSA records. The RFC explicitly references §2.1 of RFC 6698 for the wire format, despite the fact the definitions in that section of 6698 have multiple references to "the end entity certificate given by the server", which doesn't make sense in the context of S/MIME. But hopefully some S/MIME implementers have figured out what it's supposed to mean? 8162 does some handwaving around that requirement, and also seems to treat the DNS record as a way to *confirm* a peer's cert as received from another MUA. But of course it could also be used as a way to advertise S/MIME certs for a peer in advance of contacting them. If used for the purposes of certificate advertising, it seems critical that the SMIMEA records all use selector 0 (full X.509 certificate), because without the keyUsage and extendedKeyUsage markers are necessary to know how to apply the keys. SPKI alone *might* be sufficient to distinguish CFRG curves (e.g. OBJECT IDENTIFIER curveEd25519 (1 3 101 112) for signing vs OBJECT IDENTIFIER curveX25519 (1 3 101 110) for encryption) but for EC and RSA, you'd definitely need the full cert. Each SMIMEA record distributes at most a single certificate (selector 0) or SPKI (selector 1). To distribute a set of S/MIME certificates for a given address via the DNS, you'd need to publish multiple SMIMEA records for a given address. This is necessary for the expected case of two certs per user anyway (one for signing and one for encryption), and seems simple to extend to multiple certs for encryption, *but* implementers would need to understand that they should encrypt to both certificates instead of choosing one. Has anyone done any work with this experiment (or with other experiments) to see how existing S/MIME implementations deal with sending a message in the face of multiple encryption-capable keys for the intended user? This is an interesting line of inquiry, but unless we can show some clear, obvious (and surprising!) already-implemented wins here, i don't think it's a plausible replacement for standardized interoperable private keys in the near term. --dkg
- [lamps] draft-ietf-lamps-samples: PKCS12 expertis… Daniel Kahn Gillmor
- Re: [lamps] draft-ietf-lamps-samples: PKCS12 expe… Ryan Sleevi
- Re: [lamps] draft-ietf-lamps-samples: PKCS12 expe… Russ Housley
- Re: [lamps] draft-ietf-lamps-samples: PKCS12 expe… Daniel Kahn Gillmor
- Re: [lamps] draft-ietf-lamps-samples: PKCS12 expe… Ryan Sleevi
- Re: [lamps] draft-ietf-lamps-samples: PKCS12 expe… Salz, Rich
- Re: [lamps] draft-ietf-lamps-samples: PKCS12 expe… Russ Housley
- Re: [lamps] draft-ietf-lamps-samples: PKCS12 expe… Blumenthal, Uri - 0553 - MITLL
- Re: [lamps] draft-ietf-lamps-samples: PKCS12 expe… Michael Richardson
- Re: [lamps] draft-ietf-lamps-samples: PKCS12 expe… Ryan Sleevi
- Re: [lamps] draft-ietf-lamps-samples: PKCS12 expe… Deb Cooley
- Re: [lamps] draft-ietf-lamps-samples: PKCS12 expe… Daniel Kahn Gillmor
- Re: [lamps] draft-ietf-lamps-samples: PKCS12 expe… Tomas Gustavsson
- Re: [lamps] draft-ietf-lamps-samples: PKCS12 expe… David Woodhouse
- Re: [lamps] draft-ietf-lamps-samples: PKCS12 expe… Dmitry Belyavsky
- Re: [lamps] draft-ietf-lamps-samples: PKCS12 expe… Michael Richardson
- Re: [lamps] draft-ietf-lamps-samples: PKCS12 expe… Daniel Kahn Gillmor
- Re: [lamps] draft-ietf-lamps-samples: PKCS12 expe… Daniel Kahn Gillmor
- Re: [lamps] draft-ietf-lamps-samples: PKCS12 expe… Ryan Sleevi
- Re: [lamps] draft-ietf-lamps-samples: PKCS12 expe… Michael Richardson
- Re: [lamps] draft-ietf-lamps-samples: PKCS12 expe… Blumenthal, Uri - 0553 - MITLL
- Re: [lamps] draft-ietf-lamps-samples: PKCS12 expe… Daniel Kahn Gillmor
- [lamps] On the need for standardization of softwa… Daniel Kahn Gillmor
- Re: [lamps] On the need for standardization of so… Stephen Farrell
- Re: [lamps] On the need for standardization of so… Tomas Gustavsson
- Re: [lamps] draft-ietf-lamps-samples: PKCS12 expe… Dmitry Belyavsky
- Re: [lamps] On the need for standardization of so… Carl Wallace
- Re: [lamps] On the need for standardization of so… Dmitry Belyavsky
- Re: [lamps] On the need for standardization of so… Carl Wallace
- Re: [lamps] On the need for standardization of so… Blumenthal, Uri - 0553 - MITLL
- Re: [lamps] On the need for standardization of so… Eliot Lear
- Re: [lamps] draft-ietf-lamps-samples: PKCS12 expe… Ryan Sleevi
- Re: [lamps] On the need for standardization of so… Blumenthal, Uri - 0553 - MITLL
- Re: [lamps] On the need for standardization of so… Michael Richardson
- Re: [lamps] On the need for standardization of so… Michael Richardson
- Re: [lamps] On the need for standardization of so… Michael Richardson
- Re: [lamps] On the need for standardization of so… Carl Wallace
- Re: [lamps] On the need for standardization of so… Salz, Rich
- Re: [lamps] On the need for standardization of so… Blumenthal, Uri - 0553 - MITLL
- Re: [lamps] On the need for standardization of so… Michael Richardson
- Re: [lamps] On the need for standardization of so… Michael Richardson
- Re: [lamps] On the need for standardization of so… Bernie Hoeneisen
- Re: [lamps] On the need for standardization of so… Carl Wallace
- Re: [lamps] On the need for standardization of so… Ryan Sleevi
- Re: [lamps] On the need for standardization of so… Michael Richardson
- Re: [lamps] On the need for standardization of so… Daniel Kahn Gillmor
- Re: [lamps] On the need for standardization of so… Daniel Kahn Gillmor
- Re: [lamps] On the need for standardization of so… Daniel Kahn Gillmor
- Re: [lamps] draft-ietf-lamps-samples: PKCS12 expe… Daniel Kahn Gillmor
- [lamps] Transferring cryptographic information in… Daniel Kahn Gillmor
- Re: [lamps] draft-ietf-lamps-samples: PKCS12 expe… Dmitry Belyavsky
- Re: [lamps] On the need for standardization of so… David Woodhouse
- Re: [lamps] On the need for standardization of so… David Woodhouse
- Re: [lamps] On the need for standardization of so… Stephen Farrell
- Re: [lamps] On the need for standardization of so… Ryan Sleevi
- Re: [lamps] On the need for standardization of so… Michael Richardson
- Re: [lamps] Transferring cryptographic informatio… Michael Richardson
- Re: [lamps] On the need for standardization of so… Dmitry Belyavsky
- Re: [lamps] On the need for standardization of so… Michael Richardson
- Re: [lamps] draft-ietf-lamps-samples: PKCS12 expe… Daniel Kahn Gillmor
- Re: [lamps] draft-ietf-lamps-samples: PKCS12 expe… Blumenthal, Uri - 0553 - MITLL
- Re: [lamps] draft-ietf-lamps-samples: PKCS12 expe… Daniel Kahn Gillmor
- Re: [lamps] draft-ietf-lamps-samples: PKCS12 expe… Ryan Sleevi
- Re: [lamps] On the need for standardization of so… Jonathan Hammell
- Re: [lamps] On the need for standardization of so… Russ Housley
- Re: [lamps] draft-ietf-lamps-samples: PKCS12 expe… Russ Housley
- Re: [lamps] draft-ietf-lamps-samples: PKCS12 expe… Daniel Kahn Gillmor
- Re: [lamps] On the need for standardization of so… Daniel Kahn Gillmor
- Re: [lamps] On the need for standardization of so… Russ Housley
- Re: [lamps] On the need for standardization of so… Deb Cooley
- Re: [lamps] On the need for standardization of so… Carl Wallace
- Re: [lamps] On the need for standardization of so… Deb Cooley
- Re: [lamps] On the need for standardization of so… Russ Housley
- Re: [lamps] On the need for standardization of so… Dmitry Belyavsky
- [lamps] advertising multiple S/MIME encryption-ca… Daniel Kahn Gillmor