IETF Logo Mail Archive

[lamps] On the need for standardization of software-based interoperable private keys [was: Re: draft-ietf-lamps-samples: PKCS12 expertise needed (including objects for comparison)]

Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 05 August 2021 12:17 UTC

Return-Path: <dkg@fifthhorseman.net>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BCF903A0E6B for <spasm@ietfa.amsl.com>; Thu, 5 Aug 2021 05:17:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.306
X-Spam-Level:
X-Spam-Status: No, score=-1.306 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RDNS_NONE=0.793, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=fifthhorseman.net header.b=flIhWPgS; dkim=pass (2048-bit key) header.d=fifthhorseman.net header.b=bhMGUinZ
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q2jbExdatO2L for <spasm@ietfa.amsl.com>; Thu, 5 Aug 2021 05:17:09 -0700 (PDT)
Received: from che.mayfirst.org (unknown [162.247.75.117]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EC1893A0E71 for <spasm@ietf.org>; Thu, 5 Aug 2021 05:17:08 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019; t=1628165827; h=from : to : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=OwPWzfkLFSvqE9vUtjAgbfbP6NeSbPpRKYXCbVP54Y4=; b=flIhWPgSPCauz6eEih/4i+Qj4NWenLU2rFUXn7mEa+NuAbrOE9q9dCCAGHrsNyDYDLSPc P+CNglcYje4tGLrCw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019rsa; t=1628165827; h=from : to : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=OwPWzfkLFSvqE9vUtjAgbfbP6NeSbPpRKYXCbVP54Y4=; b=bhMGUinZ6gZn1tehIEHp4nHPZkHiNoBISbSNPmqUHvRtk6UBb6d2VPsWTylEJQZdxsF5/ McglScuyyQPopzrgw5BkptsAzIosx9cfXaswbhxuUuEyy2+o5ZGOymwyaB3FGSfn5WkqYPh 4S60BdgJD/WHdWb4vs0y4+QgJB6xjakdQvAe4oajZ0JTkDtuHUVxyvduZfwwyKS6+RkoRHi qtD0jO7HIkL4raaIVqPmrsIpTRWYODop/mu6eNIi8DMSigOLmobrdeDp8dEdkK+m9/XpFhv 7/dF126uOVe4toBA6vWt/CUyDblgzWbJYVLPfjfFfkORaqAjSq/d9MvwrEeg==
Received: from fifthhorseman.net (lair.fifthhorseman.net [108.58.6.98]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id EFF97F9A5 for <spasm@ietf.org>; Thu, 5 Aug 2021 08:17:06 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000) id 9BC16203DC; Thu, 5 Aug 2021 08:17:03 -0400 (EDT)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: LAMPS WG <spasm@ietf.org>
In-Reply-To: <656985A5-BED4-4BA8-9233-B3C93966016C@ll.mit.edu>
References: <87czr0ww0d.fsf@fifthhorseman.net> <FF939B28-528B-47F9-9C0C-6585D1B02FBE@vigilsec.com> <87mtq3ukk0.fsf@fifthhorseman.net> <CAErg=HHQMZ1jk+bVxA=MzVvW+9ucie7bu-N6O8Asnp0V8Rf9Bg@mail.gmail.com> <30546.1627850836@localhost> <CAErg=HHKL-E5yT0UnPKcLfMQU41iDg7GGgjsSXs3eRg8daJRkg@mail.gmail.com> <87wnp347iu.fsf@fifthhorseman.net> <1388.1627996026@localhost> <87pmuu42hf.fsf@fifthhorseman.net> <20862.1628113377@localhost> <656985A5-BED4-4BA8-9233-B3C93966016C@ll.mit.edu>
Autocrypt: addr=dkg@fifthhorseman.net; prefer-encrypt=mutual; keydata= mDMEX+i03xYJKwYBBAHaRw8BAQdACA4xvL/xI5dHedcnkfViyq84doe8zFRid9jW7CC9XBiI0QQf FgoAgwWCX+i03wWJBZ+mAAMLCQcJEOCS6zpcoQ26RxQAAAAAAB4AIHNhbHRAbm90YXRpb25zLnNl cXVvaWEtcGdwLm9yZ/tr8E9NA10HvcAVlSxnox6z62KXCInWjZaiBIlgX6O5AxUKCAKbAQIeARYh BMKfigwB81402BaqXOCS6zpcoQ26AADZHQD/Zx9nc3N2kj13AUsKMr/7zekBtgfSIGB3hRCU74Su G44A/34Yp6IAkndewLxb1WdRSokycnaCVyrk0nb4imeAYyoPtBc8ZGtnQGZpZnRoaG9yc2VtYW4u bmV0PojRBBMWCgCDBYJf6LTfBYkFn6YAAwsJBwkQ4JLrOlyhDbpHFAAAAAAAHgAgc2FsdEBub3Rh dGlvbnMuc2VxdW9pYS1wZ3Aub3JnL0Gwxvypz2tu1IPG+yu1zPjkiZwpscsitwrVvzN3bbADFQoI ApsBAh4BFiEEwp+KDAHzXjTYFqpc4JLrOlyhDboAAPkXAP0Z29z7jW+YzLzPTQML4EQLMbkHOfU4 +s+ki81Czt0WqgD/SJ8RyrqDCtEP8+E4ZSR01ysKqh+MUAsTaJlzZjehiQ24MwRf6LTfFgkrBgEE AdpHDwEBB0DkKHOW2kmqfAK461+acQ49gc2Z6VoXMChRqobGP0ubb4kBiAQYFgoBOgWCX+i03wWJ BZ+mAAkQ4JLrOlyhDbpHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3Jnfvo+ nHoxDwaLaJD8XZuXiaqBNZtIGXIypF1udBBRoc0CmwICHgG+oAQZFgoAbwWCX+i03wkQPp1xc3He VlxHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnaheiqE7Pfi3Atb3GGTw+ jFcBGOaobgzEJrhEuFpXREEWIQQttUkcnfDcj0MoY88+nXFzcd5WXAAAvrsBAIJ5sBg8Udocv25N stN/zWOiYpnjjvOjVMLH4fV3pWE1AP9T6hzHz7hRnAA8d01vqoxOlQ3O6cb/kFYAjqx3oMXSBhYh BMKfigwB81402BaqXOCS6zpcoQ26AADX7gD/b83VObe14xrNP8xcltRrBZF5OE1rQSPkMNy+eWpk eCwA/1hxiS8ZxL5/elNjXiWuHXEvUGnRoVj745Vl48sZPVYMuDgEX+i03xIKKwYBBAGXVQEFAQEH QIGex1WZbH6xhUBve5mblScGYU+Y8QJOomXH+rr5tMsMAwEICYjJBBgWCgB7BYJf6LTfBYkFn6YA CRDgkus6XKENukcUAAAAAAAeACBzYWx0QG5vdGF0aW9ucy5zZXF1b2lhLXBncC5vcmcEAx9vTD3b J0SXkhvcRcCr6uIDJwic3KFKxkH1m4QW0QKbDAIeARYhBMKfigwB81402BaqXOCS6zpcoQ26AAAX mwD8CWmukxwskU82RZLMk5fm1wCgMB5z8dA50KLw3rgsCykBAKg1w/Y7XpBS3SlXEegIg1K1e6dR fRxL7Z37WZXoH8AH
Date: Thu, 05 Aug 2021 08:17:02 -0400
Message-ID: <877dh03x35.fsf@fifthhorseman.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/v-xapjceJ4i6uvCgUAe_nOhYbm8>
Subject: [lamps] On the need for standardization of software-based interoperable private keys [was: Re: draft-ietf-lamps-samples: PKCS12 expertise needed (including objects for comparison)]
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Aug 2021 12:17:14 -0000

On 8/4/21, 17:44, Michael Richardson wrote:
>     I would be happy if pkcs12 just died.

On Wed 2021-08-04 22:28:17 +0000, Blumenthal, Uri - 0553 - MITLL wrote:
> - PKCS#12 cannot "just die" because there's a ton of software that cannot import private keys, unless they're in .p12 or such.
> - I concur that interoperation for private keys is nonsense.

I think i understand the sentiment about wanting PKCS#12 to die, given
what a disaster the implementations are and how poorly we collectively
understand the format.

However, i don't understand how interoperation for private keys is
nonsense.

Many people with e-mail accounts use multiple mail user agents to access
the same account (e.g. one MUA on their phone, another on a laptop).  If
those accounts are supposed to be able to use end-to-end secure
communication then at least one of them needs to be able to export its
private key material and the other needs to be able to import it.

For myself, I only use a single MUA.  So my personal workflow would be
entirely satisfied if we as a standards body were to declare that there
is no interop need for private keys.  But if we want to ensure that
end-to-end cryptographic protections are usable and secure for actual
e-mail users, then we need to figure out the interop issues for private
key material, even if each e-mail user only encounters this interop
scenario once, as they provision their second MUA.

The only way I understand S/MIME to work today is for all the MUAs
attached to a given e-mail account to have access to the same private
keys, at the very least for those private keys used for message
decryption.

Assuming that we want people to be able to read their encrypted e-mail
in any MUA in which they read e-mail, the other two usable architectural
alternatives i see are:

 a) private keys are only ever stored on a hardware token which moves
    between devices with the user.

 b) different MUAs use different private keys for decryption, and the
    sender of an e2e encrypted e-mail encrypts each message to *all* the
    encryption-capable certificates it knows about for the user.

(a) still requires us to standardize private key interop, though it's
more of the PKCS#11-style than PKCS#12.  And it requires work on
hardware interfaces too.

(b) is a major systems change, requiring MUAs to change what
certificates they advertise for the user (each MUA *must* learn about
the other MUAs attached to the account and advertise the corresponding
encryption certificates as well), and all senders to adjust behavior by
sending messages encrypted to multiple keys per recipient.

Compared to either of these, standardizing software-based private key
interop seems like an easy lift.

I sympathize with the grumbling about it, but I'd hope that the experts
in the IETF LAMPS WG can at least come to a consensus that there is
value in standardizing interop for decryption-capable private keys.

       --dkg

v2.23.0 | Report a Bug | By Email