IETF Logo Mail Archive

[lamps] Transferring cryptographic information in a bundle between MUAs [was: Re: On the need for standardization of software-based interoperable private keys]

Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 05 August 2021 18:50 UTC

Return-Path: <dkg@fifthhorseman.net>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB8CB3A1E1A for <spasm@ietfa.amsl.com>; Thu, 5 Aug 2021 11:50:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=fifthhorseman.net header.b=LEnawTAq; dkim=pass (2048-bit key) header.d=fifthhorseman.net header.b=wjx70/Rq
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CXHQIYJZTOAq for <spasm@ietfa.amsl.com>; Thu, 5 Aug 2021 11:50:32 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [IPv6:2001:470:1:116::7]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D2C2F3A1E18 for <spasm@ietf.org>; Thu, 5 Aug 2021 11:50:31 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019; t=1628189431; h=from : to : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=T0f6q3eHYGspOfoKi4BfDTq3/8w12DCuVDy/zwSEMw0=; b=LEnawTAq6jm6EG1SJZzyIpVH6j44exBfwFZdK1zYFzsE58+lIKouVz+8FvyMuHgZq9BBH HaQYSquzQ6WoepEBA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019rsa; t=1628189431; h=from : to : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=T0f6q3eHYGspOfoKi4BfDTq3/8w12DCuVDy/zwSEMw0=; b=wjx70/RqV6UIilgZ6Cuy4TemxqC9oHbpsCq4Eyhkb++RE9GA/soVMi3M4J13x/aKknQtw Wn1jHlMrDWa2R7EdivQ7mJT8pHvOShZ9j3KlJbcmhCPHvingMiQBk/GaRU+nmPZdzu/jbeZ fkTqmZ9wT/Nz7rnergU0FclmDTaFHlEUnLCNvcBQcXP5Yyq/vJ0DWWU0Z35FuoSgG1G37Ny 0Pwphs0C1q+tdWIFy2w3s8aNfZoE1KBMglbjMw/Xke7Mand4cY+Mf4LTgUva7A2Mpq0G/p+ obJ2JsUsWJJ0s6VIzJboztjNGipzKqo72od2cXEo+2ycJUs1+cNgbn3zLlPQ==
Received: from fifthhorseman.net (lair.fifthhorseman.net [108.58.6.98]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id 0F07DF9A5 for <spasm@ietf.org>; Thu, 5 Aug 2021 14:50:31 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000) id 9187D20436; Thu, 5 Aug 2021 14:50:28 -0400 (EDT)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: LAMPS <spasm@ietf.org>
In-Reply-To: <10375.1628180828@localhost>
References: <87czr0ww0d.fsf@fifthhorseman.net> <FF939B28-528B-47F9-9C0C-6585D1B02FBE@vigilsec.com> <87mtq3ukk0.fsf@fifthhorseman.net> <CAErg=HHQMZ1jk+bVxA=MzVvW+9ucie7bu-N6O8Asnp0V8Rf9Bg@mail.gmail.com> <30546.1627850836@localhost> <CAErg=HHKL-E5yT0UnPKcLfMQU41iDg7GGgjsSXs3eRg8daJRkg@mail.gmail.com> <87wnp347iu.fsf@fifthhorseman.net> <1388.1627996026@localhost> <87pmuu42hf.fsf@fifthhorseman.net> <20862.1628113377@localhost> <656985A5-BED4-4BA8-9233-B3C93966016C@ll.mit.edu> <877dh03x35.fsf@fifthhorseman.net> <69d8d53b-d55f-bbe4-076b-3c9db12a9ba9@sandelman.ca> <05F066A5-3977-4A92-A92D-16CB241CFD49@akamai.com> <10375.1628180828@localhost>
Autocrypt: addr=dkg@fifthhorseman.net; prefer-encrypt=mutual; keydata= mDMEX+i03xYJKwYBBAHaRw8BAQdACA4xvL/xI5dHedcnkfViyq84doe8zFRid9jW7CC9XBiI0QQf FgoAgwWCX+i03wWJBZ+mAAMLCQcJEOCS6zpcoQ26RxQAAAAAAB4AIHNhbHRAbm90YXRpb25zLnNl cXVvaWEtcGdwLm9yZ/tr8E9NA10HvcAVlSxnox6z62KXCInWjZaiBIlgX6O5AxUKCAKbAQIeARYh BMKfigwB81402BaqXOCS6zpcoQ26AADZHQD/Zx9nc3N2kj13AUsKMr/7zekBtgfSIGB3hRCU74Su G44A/34Yp6IAkndewLxb1WdRSokycnaCVyrk0nb4imeAYyoPtBc8ZGtnQGZpZnRoaG9yc2VtYW4u bmV0PojRBBMWCgCDBYJf6LTfBYkFn6YAAwsJBwkQ4JLrOlyhDbpHFAAAAAAAHgAgc2FsdEBub3Rh dGlvbnMuc2VxdW9pYS1wZ3Aub3JnL0Gwxvypz2tu1IPG+yu1zPjkiZwpscsitwrVvzN3bbADFQoI ApsBAh4BFiEEwp+KDAHzXjTYFqpc4JLrOlyhDboAAPkXAP0Z29z7jW+YzLzPTQML4EQLMbkHOfU4 +s+ki81Czt0WqgD/SJ8RyrqDCtEP8+E4ZSR01ysKqh+MUAsTaJlzZjehiQ24MwRf6LTfFgkrBgEE AdpHDwEBB0DkKHOW2kmqfAK461+acQ49gc2Z6VoXMChRqobGP0ubb4kBiAQYFgoBOgWCX+i03wWJ BZ+mAAkQ4JLrOlyhDbpHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3Jnfvo+ nHoxDwaLaJD8XZuXiaqBNZtIGXIypF1udBBRoc0CmwICHgG+oAQZFgoAbwWCX+i03wkQPp1xc3He VlxHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnaheiqE7Pfi3Atb3GGTw+ jFcBGOaobgzEJrhEuFpXREEWIQQttUkcnfDcj0MoY88+nXFzcd5WXAAAvrsBAIJ5sBg8Udocv25N stN/zWOiYpnjjvOjVMLH4fV3pWE1AP9T6hzHz7hRnAA8d01vqoxOlQ3O6cb/kFYAjqx3oMXSBhYh BMKfigwB81402BaqXOCS6zpcoQ26AADX7gD/b83VObe14xrNP8xcltRrBZF5OE1rQSPkMNy+eWpk eCwA/1hxiS8ZxL5/elNjXiWuHXEvUGnRoVj745Vl48sZPVYMuDgEX+i03xIKKwYBBAGXVQEFAQEH QIGex1WZbH6xhUBve5mblScGYU+Y8QJOomXH+rr5tMsMAwEICYjJBBgWCgB7BYJf6LTfBYkFn6YA CRDgkus6XKENukcUAAAAAAAeACBzYWx0QG5vdGF0aW9ucy5zZXF1b2lhLXBncC5vcmcEAx9vTD3b J0SXkhvcRcCr6uIDJwic3KFKxkH1m4QW0QKbDAIeARYhBMKfigwB81402BaqXOCS6zpcoQ26AAAX mwD8CWmukxwskU82RZLMk5fm1wCgMB5z8dA50KLw3rgsCykBAKg1w/Y7XpBS3SlXEegIg1K1e6dR fRxL7Z37WZXoH8AH
Date: Thu, 05 Aug 2021 14:50:27 -0400
Message-ID: <87pmur3evg.fsf@fifthhorseman.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/jer8msTe0fu2TgD_g67UPoeku3o>
Subject: [lamps] Transferring cryptographic information in a bundle between MUAs [was: Re: On the need for standardization of software-based interoperable private keys]
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Aug 2021 18:50:37 -0000

On Thu 2021-08-05 12:27:08 -0400, Michael Richardson wrote:
> If we can get the legacy guys to open up their code, why fix PKCS12 if they
> could just move to PKCS8? (or PKCS1 or...?)

afaict, PKCS8 and PKCS1 both only support transporting a single private
key.

PKCS12 is a bundle, which can support not only a private key, but also a
corresponding certificate and potentially other certs in the relevant
chain.

Additionally, since we want an e-mail user to have multiple certs (one
for signing and one for encryption) they may also want to transfer
multiple private keys.  As i wrote elsewhere in this thread the
decryption-capable private key is the highest-priority private key for
transfer, but there are plausible privacy arguments [0] for wanting to
share signing-keys between MUAs as well.  And once you're transferring
one private key it shouldn't be much harder technically to transfer more
than one.

But It is poor user experience to ask someone to export a multiple PKCS8
and PKCS1 objects from device X, transfer them to device Y, and then
reimport them all individually.  Any reasonable user experience for
end-to-end cryptographic MUAs should involve a bundle format.

afaict, that's what PKCS12 is -- a bundle format that specializes in
transporting PKCS8 objects and X.509 certificates.  Would some other
bundle format be better?  or is there a way to bundle PKCS8 and PKCS1
and X509 that i'm not aware of?  Is the counterproposal to PKCS12 just
to offer a series of concatenated PEM-encoded objects in a text file?

I'm definitely not sold on PKCS12, it looks like a disaster to me.  But
I want to understand what the counterproposals are that people are
seriously considering, so i can mock up what draft-ietf-lamps-samples
would look like with some other bundle format replacing PKCS12.

   --dkg

[0] https://anarc.at/blog/2018-07-27-signal-metadata/ is about receipt
    notifications in an instant messenger client, but anyone sending
    mail might prefer to not have their outbound message leak
    information about the device they composed it on.

v2.23.0 | Report a Bug | By Email