IETF Logo Mail Archive

[lamps] advertising multiple S/MIME encryption-capable keys [was: Re: On the need for standardization of software-based interoperable private keys]

Daniel Kahn Gillmor <dkg@fifthhorseman.net> Sun, 15 August 2021 00:57 UTC

Return-Path: <dkg@fifthhorseman.net>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A93A73A1B5F for <spasm@ietfa.amsl.com>; Sat, 14 Aug 2021 17:57:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.306
X-Spam-Level:
X-Spam-Status: No, score=-1.306 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RDNS_NONE=0.793, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=fifthhorseman.net header.b=R7/0XMnl; dkim=pass (2048-bit key) header.d=fifthhorseman.net header.b=VWyrWWR7
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Wcl0_DEYo6N5 for <spasm@ietfa.amsl.com>; Sat, 14 Aug 2021 17:57:52 -0700 (PDT)
Received: from che.mayfirst.org (unknown [162.247.75.117]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EE4B33A1B5C for <spasm@ietf.org>; Sat, 14 Aug 2021 17:57:51 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019; t=1628989070; h=from : to : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=i9C0w6JJHyGMKuLm11sV4BLMil6GWKnCUIy2Xl15wkU=; b=R7/0XMnlF400C+MVf5YeXFxa9fQpFHw4XOuwP3+JaBnzI8P/8gx+Ryz5Kcsn6HL9l9YLC YJvkcMgd91miuE/Aw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019rsa; t=1628989070; h=from : to : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=i9C0w6JJHyGMKuLm11sV4BLMil6GWKnCUIy2Xl15wkU=; b=VWyrWWR74C0MdxV+EVUtdWIvCeCAndfz9xaNb2A3aWFTdGvCSI0wqZ6QitfdrRwANkiKY c8VchfazRGHuTCtXQIDrnIfoTP7k3c51IPOuLvpiOEeJNhxUrfzP9z/eNXuG0nKEf97uJKD YXJiaXCuosf15mxqA0Yjw5KaEASNLJi9uKKoM0Uqw7hia6jcqCvXw/hZ3G1+Ns/LBL/9qWC sZaiGr2X4JgOGyva+MLxkyBBYE5cjknHNpueSNLF4dNkTFbwNlotscZ7Bi5+wiH6DYhBQxz b8Br2voV4xuA+jQfULJuqvjiYddJW678lnoBrErriFo2WaWsb7CzHcWrlCvQ==
Received: from fifthhorseman.net (lair.fifthhorseman.net [108.58.6.98]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id 597DAF9A5 for <spasm@ietf.org>; Sat, 14 Aug 2021 20:57:50 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000) id 7C54F204B3; Fri, 13 Aug 2021 12:13:08 -0400 (EDT)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: LAMPS WG <spasm@ietf.org>
In-Reply-To: <D25538B7-C8D7-4B89-9A5E-EA95FAD1BAE4@redhoundsoftware.com>
References: <87czr0ww0d.fsf@fifthhorseman.net> <FF939B28-528B-47F9-9C0C-6585D1B02FBE@vigilsec.com> <87mtq3ukk0.fsf@fifthhorseman.net> <CAErg=HHQMZ1jk+bVxA=MzVvW+9ucie7bu-N6O8Asnp0V8Rf9Bg@mail.gmail.com> <30546.1627850836@localhost> <CAErg=HHKL-E5yT0UnPKcLfMQU41iDg7GGgjsSXs3eRg8daJRkg@mail.gmail.com> <87wnp347iu.fsf@fifthhorseman.net> <1388.1627996026@localhost> <87pmuu42hf.fsf@fifthhorseman.net> <20862.1628113377@localhost> <656985A5-BED4-4BA8-9233-B3C93966016C@ll.mit.edu> <877dh03x35.fsf@fifthhorseman.net> <722a1f15-8ac8-54f2-3c7a-14c7ed92c6ef@cs.tcd.ie> <SA2PR22MB2537BB784F2327052238317FE8F29@SA2PR22MB2537.namprd22.prod.outlook.com> <FAEBE63D-1CCC-4F76-B064-BD2DD4F02357@redhoundsoftware.com> <f0ac754b-18c4-8fdb-fff3-4d8675a9cefb@sandelman.ca> <156EE38A-6688-435C-9191-8D577EDCA251@redhoundsoftware.com> <9843.1628180697@localhost> <2213A8F8-D7DA-458A-96A8-1EC9A43FE900@redhoundsoftware.com> <CAGgd1Of2-ztnfJJV90wxuEvewb6j759EYSBK=cQQPNUup7R8WQ@mail.gmail.com> <D25538B7-C8D7-4B89-9A5E-EA95FAD1BAE4@redhoundsoftware.com>
Autocrypt: addr=dkg@fifthhorseman.net; prefer-encrypt=mutual; keydata= mDMEX+i03xYJKwYBBAHaRw8BAQdACA4xvL/xI5dHedcnkfViyq84doe8zFRid9jW7CC9XBiI0QQf FgoAgwWCX+i03wWJBZ+mAAMLCQcJEOCS6zpcoQ26RxQAAAAAAB4AIHNhbHRAbm90YXRpb25zLnNl cXVvaWEtcGdwLm9yZ/tr8E9NA10HvcAVlSxnox6z62KXCInWjZaiBIlgX6O5AxUKCAKbAQIeARYh BMKfigwB81402BaqXOCS6zpcoQ26AADZHQD/Zx9nc3N2kj13AUsKMr/7zekBtgfSIGB3hRCU74Su G44A/34Yp6IAkndewLxb1WdRSokycnaCVyrk0nb4imeAYyoPtBc8ZGtnQGZpZnRoaG9yc2VtYW4u bmV0PojRBBMWCgCDBYJf6LTfBYkFn6YAAwsJBwkQ4JLrOlyhDbpHFAAAAAAAHgAgc2FsdEBub3Rh dGlvbnMuc2VxdW9pYS1wZ3Aub3JnL0Gwxvypz2tu1IPG+yu1zPjkiZwpscsitwrVvzN3bbADFQoI ApsBAh4BFiEEwp+KDAHzXjTYFqpc4JLrOlyhDboAAPkXAP0Z29z7jW+YzLzPTQML4EQLMbkHOfU4 +s+ki81Czt0WqgD/SJ8RyrqDCtEP8+E4ZSR01ysKqh+MUAsTaJlzZjehiQ24MwRf6LTfFgkrBgEE AdpHDwEBB0DkKHOW2kmqfAK461+acQ49gc2Z6VoXMChRqobGP0ubb4kBiAQYFgoBOgWCX+i03wWJ BZ+mAAkQ4JLrOlyhDbpHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3Jnfvo+ nHoxDwaLaJD8XZuXiaqBNZtIGXIypF1udBBRoc0CmwICHgG+oAQZFgoAbwWCX+i03wkQPp1xc3He VlxHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnaheiqE7Pfi3Atb3GGTw+ jFcBGOaobgzEJrhEuFpXREEWIQQttUkcnfDcj0MoY88+nXFzcd5WXAAAvrsBAIJ5sBg8Udocv25N stN/zWOiYpnjjvOjVMLH4fV3pWE1AP9T6hzHz7hRnAA8d01vqoxOlQ3O6cb/kFYAjqx3oMXSBhYh BMKfigwB81402BaqXOCS6zpcoQ26AADX7gD/b83VObe14xrNP8xcltRrBZF5OE1rQSPkMNy+eWpk eCwA/1hxiS8ZxL5/elNjXiWuHXEvUGnRoVj745Vl48sZPVYMuDgEX+i03xIKKwYBBAGXVQEFAQEH QIGex1WZbH6xhUBve5mblScGYU+Y8QJOomXH+rr5tMsMAwEICYjJBBgWCgB7BYJf6LTfBYkFn6YA CRDgkus6XKENukcUAAAAAAAeACBzYWx0QG5vdGF0aW9ucy5zZXF1b2lhLXBncC5vcmcEAx9vTD3b J0SXkhvcRcCr6uIDJwic3KFKxkH1m4QW0QKbDAIeARYhBMKfigwB81402BaqXOCS6zpcoQ26AAAX mwD8CWmukxwskU82RZLMk5fm1wCgMB5z8dA50KLw3rgsCykBAKg1w/Y7XpBS3SlXEegIg1K1e6dR fRxL7Z37WZXoH8AH
Date: Fri, 13 Aug 2021 12:13:07 -0400
Message-ID: <877dgpxqzw.fsf@fifthhorseman.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/bxYt0pJZjoqN7Dy3H5irjJN3xoY>
Subject: [lamps] advertising multiple S/MIME encryption-capable keys [was: Re: On the need for standardization of software-based interoperable private keys]
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Aug 2021 00:57:58 -0000

On Thu 2021-08-12 07:19:08 -0400, Carl Wallace wrote:
> [CW] I can have a mail server send an out of office note. Why can’t I
> have a mail server send a set of keys? Maybe for some well-known +
> appendage, as an example. I don’t know, as I am not saying I have a
> fleshed out an answer.

Four years ago, the IETF specified RFC 8162 as an experiment in
distributing S/MIME certificates via the DNS using the SMIMEA RR
type. The value of an SMIMEA record is a structure identical to TLSA
records.  The RFC explicitly references §2.1 of RFC 6698 for the wire
format, despite the fact the definitions in that section of 6698 have
multiple references to "the end entity certificate given by the server",
which doesn't make sense in the context of S/MIME.  But hopefully some
S/MIME implementers have figured out what it's supposed to mean?  8162
does some handwaving around that requirement, and also seems to treat
the DNS record as a way to *confirm* a peer's cert as received from
another MUA.  But of course it could also be used as a way to advertise
S/MIME certs for a peer in advance of contacting them.

If used for the purposes of certificate advertising, it seems critical
that the SMIMEA records all use selector 0 (full X.509 certificate),
because without the keyUsage and extendedKeyUsage markers are necessary
to know how to apply the keys.  SPKI alone *might* be sufficient to
distinguish CFRG curves (e.g. OBJECT IDENTIFIER curveEd25519 (1 3 101
112) for signing vs OBJECT IDENTIFIER curveX25519 (1 3 101 110) for
encryption) but for EC and RSA, you'd definitely need the full cert.

Each SMIMEA record distributes at most a single certificate (selector 0)
or SPKI (selector 1). To distribute a set of S/MIME certificates for a
given address via the DNS, you'd need to publish multiple SMIMEA records
for a given address.

This is necessary for the expected case of two certs per user anyway
(one for signing and one for encryption), and seems simple to extend to
multiple certs for encryption, *but* implementers would need to
understand that they should encrypt to both certificates instead of
choosing one.

Has anyone done any work with this experiment (or with other
experiments) to see how existing S/MIME implementations deal with
sending a message in the face of multiple encryption-capable keys for
the intended user?

This is an interesting line of inquiry, but unless we can show some
clear, obvious (and surprising!) already-implemented wins here, i don't
think it's a plausible replacement for standardized interoperable
private keys in the near term.

         --dkg

v2.23.0 | Report a Bug | By Email