Re: [Trans] end to end email encryption using CT gossip protocol

Eduardo Robles Elvira <edulix@agoravoting.com> Sun, 21 September 2014 09:44 UTC

Return-Path: <edulix@gmail.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D405C1A0072 for <trans@ietfa.amsl.com>; Sun, 21 Sep 2014 02:44:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y50M6qxbtT3C for <trans@ietfa.amsl.com>; Sun, 21 Sep 2014 02:44:23 -0700 (PDT)
Received: from mail-wi0-x230.google.com (mail-wi0-x230.google.com [IPv6:2a00:1450:400c:c05::230]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 14CC81A0068 for <trans@ietf.org>; Sun, 21 Sep 2014 02:44:22 -0700 (PDT)
Received: by mail-wi0-f176.google.com with SMTP id fb4so1436104wid.15 for <trans@ietf.org>; Sun, 21 Sep 2014 02:44:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; bh=77JA9HB4QhhUd02xXuTV6Y6+KfDf5P4wMwe+IaQzxLA=; b=VYoMJVQP0zGCwbXj9DgALRQ8Uryrl1d2o7t1lCWzvjYZA56IU5UhddHS2uuVihpU7h XgVG7aoppfbGOyrlj2nDBEvRyobu/cFaROVvdQMKakF1hVLp+wWN1ZhcKldo0a/qhlMu EQnYGTqDMj9m529Whkp5wjVTn22y1z8FCBayAwTdRfSs7IRidmbPkyYBd+E/RmdzNM/j yTvUEx0ceb72vH7st3a3puR3hawEJSUkoFR1daUzWYPf6gfnZZhdNQhqziZ/IBYExCVO 15365PaAoJyEk5O5PZ489UQ7hirWVge4OgCDlALRR9UmN1JTQoQPr3KB33eoqr7/05Lr JBBA==
X-Received: by 10.180.94.161 with SMTP id dd1mr8396216wib.22.1411292661671; Sun, 21 Sep 2014 02:44:21 -0700 (PDT)
MIME-Version: 1.0
Sender: edulix@gmail.com
Received: by 10.217.67.70 with HTTP; Sun, 21 Sep 2014 02:43:51 -0700 (PDT)
In-Reply-To: <alpine.LFD.2.10.1408281115500.17182@bofh.nohats.ca>
References: <alpine.LFD.2.10.1408281115500.17182@bofh.nohats.ca>
From: Eduardo Robles Elvira <edulix@agoravoting.com>
Date: Sun, 21 Sep 2014 11:43:51 +0200
X-Google-Sender-Auth: i005ZwEyH3Bjfm-NMkEpYOLYKT8
Message-ID: <CAHwZu3cLi_N5jHCUdvBU4JB291Ri_hQBfu1a2SJyYK-4sFDzww@mail.gmail.com>
To: Paul Wouters <paul@nohats.ca>
Content-Type: text/plain; charset=UTF-8
Archived-At: http://mailarchive.ietf.org/arch/msg/trans/n3WacB5K0MVHYSXxU8vEYH8mXLs
Cc: Trans <trans@ietf.org>
Subject: Re: [Trans] end to end email encryption using CT gossip protocol
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 21 Sep 2014 09:47:58 -0000

Hi there:

The way merkle-trees are used in Certificate Transparency is
trustworthy, but at the same convenient, in a way that preserves the
client<>server architecture. This can have many applications in other
protocols and places, that we are only starting to see. It would
probably be quite good in general to try to facilitate the usage this
kind of security architecture design and tools to other projects.

Regards,

On Thu, Aug 28, 2014 at 5:16 PM, Paul Wouters <paul@nohats.ca> wrote:
>
>
> ---------- Forwarded message ----------
> Date: Thu, 28 Aug 2014 11:15:38
> From: Paul Wouters <paul@nohats.ca>
> To: Trans <trans-bounces@ietf.org>
> Subject: end to end email encryption using CT gossip protocol
>
>
> FYI
>
> https://code.google.com/p/end-to-end/wiki/KeyDistribution
>
>         For End-To-End, our current approach to key distribution, is to use
> a
>         model similar to Certificate Transparency, and use the email
> messages
>         themselves as a gossip protocol, which allow the users themselves to
>         keep the centralized authorities honest. This approach allows users
> to
>         not have to know about keys, but at the same time, be able to make
> sure
>         that the servers involved aren't doing anything malicious behind the
>         users' back.
>
>         To allow the system to be easily distributed (across multiple
> identity
>         providers), key servers can authenticate the user via existing
> federated
>         identity protocols (with OpenID Connect for example). The model of a
> key
>         server with a transparency backend is based on the premise that a
> user
>         is willing to trust the security of a centralized service, as long
> as it
>         is subject to public scrutiny, and that can be easily discovered if
> it's
>         compromised (so it is still possible to compromise the user's
> account,
>         but the user will be able to know that as soon as possible).
>
>         It's worth noting that End-to-End is still under active development,
> and
>         we might change our approach to key distribution if we find
> weaknesses
>         in this model, or if we find something else that is as easy to use,
> and
>         as likely to work. Part of the reason we release this document is to
>         seek early feedback from the community, and adapt as needed.
>
>         We also want to point out we will do our very best to continue to
>         support existing OpenPGP users who want to manually manage and
> verify
>         keys and fingerprints manually, as we understand that system has
> been
>         around for a long time, and has been more battle tested than what we
> are
>         proposing.
>
> _______________________________________________
> Trans mailing list
> Trans@ietf.org
> https://www.ietf.org/mailman/listinfo/trans



-- 
Eduardo Robles Elvira     @edulix             skype: edulix2
http://agoravoting.org       @agoravoting     +34 634 571 634