[Trans] end to end email encryption using CT gossip protocol

Paul Wouters <paul@nohats.ca> Thu, 28 August 2014 15:16 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id C52E81A7D84 for <trans@ietfa.amsl.com>; Thu, 28 Aug 2014 08:16:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.668
X-Spam-Status: No, score=-2.668 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.668] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id 731IyK_lZOBu for <trans@ietfa.amsl.com>; Thu, 28 Aug 2014 08:16:29 -0700 (PDT)
Received: from bofh.nohats.ca (bofh.nohats.ca []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4649F1A8704 for <trans@ietf.org>; Thu, 28 Aug 2014 08:16:02 -0700 (PDT)
Received: from bofh.nohats.ca (bofh.nohats.ca []) by bofh.nohats.ca (Postfix) with ESMTP id 90190813B2 for <trans@ietf.org>; Thu, 28 Aug 2014 11:16:01 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1409238961; bh=SAChpxAPafNBddQzkurDym3AJDj/Gew4oc8BvIE4cLA=; h=Date:From:To:Subject; b=YTAO4+EvNuvQD3zScCKFwo9B0NBHGSdT2AyAgCbV/h/qdWkh1SaLh24Xr71wxyynf wKwfZS5wt/yL2vWjfD6PpuOamhWZcnAUzb30sROFbSUZRcV4U1SwGLvXml8AvIzNbo lLD5d6gbUGkYluioB4AGW5v7xq5Vti5I1WrWo3QQ=
Received: from localhost (paul@localhost) by bofh.nohats.ca (8.14.7/8.14.7/Submit) with ESMTP id s7SFG11r019115 for <trans@ietf.org>; Thu, 28 Aug 2014 11:16:01 -0400
X-Authentication-Warning: bofh.nohats.ca: paul owned process doing -bs
Date: Thu, 28 Aug 2014 11:16:01 -0400 (EDT)
From: Paul Wouters <paul@nohats.ca>
To: Trans <trans@ietf.org>
Message-ID: <alpine.LFD.2.10.1408281115500.17182@bofh.nohats.ca>
User-Agent: Alpine 2.10 (LFD 1266 2009-07-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Archived-At: http://mailarchive.ietf.org/arch/msg/trans/IGv1YhBaR6-MPrZUWS4WnaK81PA
Subject: [Trans] end to end email encryption using CT gossip protocol
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Aug 2014 15:16:34 -0000

---------- Forwarded message ----------
Date: Thu, 28 Aug 2014 11:15:38
From: Paul Wouters <paul@nohats.ca>
To: Trans <trans-bounces@ietf.org>
Subject: end to end email encryption using CT gossip protocol



 	For End-To-End, our current approach to key distribution, is to use a
 	model similar to Certificate Transparency, and use the email messages
 	themselves as a gossip protocol, which allow the users themselves to
 	keep the centralized authorities honest. This approach allows users to
 	not have to know about keys, but at the same time, be able to make sure
 	that the servers involved aren't doing anything malicious behind the
 	users' back.

 	To allow the system to be easily distributed (across multiple identity
 	providers), key servers can authenticate the user via existing 
 	identity protocols (with OpenID Connect for example). The model of a 
 	server with a transparency backend is based on the premise that a user
 	is willing to trust the security of a centralized service, as long as 
 	is subject to public scrutiny, and that can be easily discovered if 
 	compromised (so it is still possible to compromise the user's account,
 	but the user will be able to know that as soon as possible).

 	It's worth noting that End-to-End is still under active development, 
 	we might change our approach to key distribution if we find weaknesses
 	in this model, or if we find something else that is as easy to use, and
 	as likely to work. Part of the reason we release this document is to
 	seek early feedback from the community, and adapt as needed.

 	We also want to point out we will do our very best to continue to
 	support existing OpenPGP users who want to manually manage and verify
 	keys and fingerprints manually, as we understand that system has been
 	around for a long time, and has been more battle tested than what we