Re: Modernizing Web-of-trust for Organizations

On 02/18/2018 05:55 PM, Ben McGinnes wrote: > So you took a system built from the outset on a security model founded > entirely on public key exchanges between distributed and federated > (both self-determining and self-governing) nodes ... and then spent a > considerable amount of time and effort

Re: Modernizing Web-of-trust for Organizations

On Fri, Jan 05, 2018 at 08:47:29AM -0800, Lou Wynn wrote: > On 01/04/2018 02:28 PM, Ben McGinnes wrote: > > It seems to me, though, that the idea was to provide a means for the > > company to repudiate an employee's key even if the employee was no > > longer available. > > This is just one of the

Re: Modernizing Web-of-trust for Organizations

On 01/06/2018 12:23 AM, Lou Wynn wrote: > On 01/05/2018 12:54 PM, Kristian Fiskerstrand wrote: >> On 01/05/2018 05:29 PM, Lou Wynn wrote: >>> The auditing key is certified by the root key and stays with the latter >>> in my design. Only the administrator can make policy to turn on/off >>>

Re: Modernizing Web-of-trust for Organizations

On 01/05/2018 12:54 PM, Kristian Fiskerstrand wrote: > On 01/05/2018 05:29 PM, Lou Wynn wrote: >> The auditing key is certified by the root key and stays with the latter >> in my design. Only the administrator can make policy to turn on/off >> auditing, the client plugin takes corresponding

Re: Modernizing Web-of-trust for Organizations

On 01/05/2018 05:29 PM, Lou Wynn wrote: > On 01/05/2018 01:10 AM, Kristian Fiskerstrand wrote: >> There are easily scenarios where a customer forgets to add the "auditing >> key", making the data unavailable to the organization, in particular in >> context of loss of employee. >> > The auditing

Re: Modernizing Web-of-trust for Organizations

On 01/04/2018 02:28 PM, Ben McGinnes wrote: > It seems to me, though, that the idea was to provide a means for the > company to repudiate an employee's key even if the employee was no > longer available. This is just one of the benefits enabled by my goals which I stated at the beginning, and it

Re: Modernizing Web-of-trust for Organizations

On 01/05/2018 01:10 AM, Kristian Fiskerstrand wrote: > There are easily scenarios where a customer forgets to add the "auditing > key", making the data unavailable to the organization, in particular in > context of loss of employee. > The auditing key is certified by the root key and stays with

Re: Modernizing Web-of-trust for Organizations

On 01/05/2018 10:13 AM, Andrew Gallagher wrote: > >> On 5 Jan 2018, at 08:41, Lou Wynn wrote: >> >> The only need for an >> organization to access their data is decrypting the encrypted data, >> which is satisfied by the auditing key. > > The standard way of doing this

Re: Modernizing Web-of-trust for Organizations

> On 5 Jan 2018, at 08:41, Lou Wynn wrote: > > The only need for an > organization to access their data is decrypting the encrypted data, > which is satisfied by the auditing key. The standard way of doing this without allowing for impersonation is escrow of the encryption

Re: Modernizing Web-of-trust for Organizations

On 01/05/2018 09:41 AM, Lou Wynn wrote: > On 01/05/2018 12:18 AM, Kristian Fiskerstrand wrote: >> Businesses have reasonable need to access their data, so they need to >> have access to his private keys, which contradicts "which >> is meant to prevent others from using his private keys", although

Re: Modernizing Web-of-trust for Organizations

On 01/05/2018 12:18 AM, Kristian Fiskerstrand wrote: > Businesses have reasonable need to access their data, so they need to > have access to his private keys, which contradicts "which > is meant to prevent others from using his private keys", although > reading it again I presume you're limiting

Re: Modernizing Web-of-trust for Organizations

On 01/05/2018 01:46 AM, Lou Wynn wrote: > On 01/04/2018 04:15 PM, Kristian Fiskerstrand wrote: >> On 01/05/2018 01:12 AM, Lou Wynn wrote: >>> I guess that you've missed somewhere I said in my previous posts that >>> the end user chooses his own password to protect his key password, which >>> is

Re: Modernizing Web-of-trust for Organizations

On 01/04/2018 04:15 PM, Kristian Fiskerstrand wrote: > On 01/05/2018 01:12 AM, Lou Wynn wrote: >> I guess that you've missed somewhere I said in my previous posts that >> the end user chooses his own password to protect his key password, which >> is meant to prevent others from using his private

Re: Modernizing Web-of-trust for Organizations

On 01/04/2018 04:31 PM, Lou Wynn wrote: > I think that I simplified my original description too much. The two > levels of protection works like this. > 1. The employee chooses his own password, which is used to encrypt his > private key. > > 2. Then the encrypted key is encrypted with the guard

Re: Modernizing Web-of-trust for Organizations

On 01/04/2018 02:28 PM, Ben McGinnes wrote: > On Wed, Jan 03, 2018 at 05:34:30PM -0800, Lou Wynn wrote: >> The management of users' private key is a little more complicated. I >> use two levels of protection. One level is at the organization. An >> organization actually has a fourth key, which I

Re: Modernizing Web-of-trust for Organizations

On 01/05/2018 01:12 AM, Lou Wynn wrote: > I guess that you've missed somewhere I said in my previous posts that > the end user chooses his own password to protect his key password, which > is meant to prevent others from using his private keys. At which point I'm wondering about your priorities,

Re: Modernizing Web-of-trust for Organizations

On 01/04/2018 04:06 PM, Kristian Fiskerstrand wrote: > But in the end it doesn't matter, as the organization anyways has access > to the private key material of the employee. So a third party "auditing > key" is irrespective of any access goals. > I guess that you've missed somewhere I said in my

Re: Modernizing Web-of-trust for Organizations

On 01/05/2018 01:04 AM, Lou Wynn wrote: > On 01/04/2018 02:57 PM, Kristian Fiskerstrand wrote: >> On 01/04/2018 11:24 PM, Lou Wynn wrote: >> but you add the requirement that all end users sending email to you >> require to validate the auditing key as well (auditing is likely wrong >> word,

Re: Modernizing Web-of-trust for Organizations

On 01/04/2018 02:57 PM, Kristian Fiskerstrand wrote: > On 01/04/2018 11:24 PM, Lou Wynn wrote: > but you add the requirement that all end users sending email to you > require to validate the auditing key as well (auditing is likely wrong > word, archiving is more likely relevant). for auditing you

Re: Modernizing Web-of-trust for Organizations

On 01/04/2018 02:59 PM, Kristian Fiskerstrand wrote: > On 01/04/2018 11:14 PM, Lou Wynn wrote: >> Compared to using two CAs, my design introduces two properties to a >> certificate. One is the certificate type, which is "p" for a partner and >> "e" for an employee. > why not make it compatible

Re: Modernizing Web-of-trust for Organizations

On 01/04/2018 11:14 PM, Lou Wynn wrote: > Compared to using two CAs, my design introduces two properties to a > certificate. One is the certificate type, which is "p" for a partner and > "e" for an employee. why not make it compatible with rfc4880 directly? your proposal would require client

Re: Modernizing Web-of-trust for Organizations

On 01/04/2018 11:24 PM, Lou Wynn wrote: > I guess that you missed the auditing key part. I introduced it to meet > auditing requirements or scanning of messages without using end user's > private keys. but you add the requirement that all end users sending email to you require to validate the

Re: Modernizing Web-of-trust for Organizations

On Wed, Jan 03, 2018 at 05:34:30PM -0800, Lou Wynn wrote: > > The management of users' private key is a little more complicated. I > use two levels of protection. One level is at the organization. An > organization actually has a fourth key, which I call the guard key, > to encrypt the password

Re: Modernizing Web-of-trust for Organizations

On 01/04/2018 02:08 PM, Kristian Fiskerstrand wrote: > no, there isn't necessarily a client plugin, the gateway decrypts the > message before it hits the internal email server, so end-user sees > un-encrypted message, this is protecting transport, but security of > on-site is ensures through

Re: Modernizing Web-of-trust for Organizations

On 01/04/2018 02:04 PM, Kristian Fiskerstrand wrote: >> I don't think it necessary to use business unit level certifying keys in >> my design. It introduces management overhead which shadows its benefits. >> If you understand the concept of trust realm/trust group and its >> verification methods I

Re: Modernizing Web-of-trust for Organizations

On 01/04/2018 10:58 PM, Lou Wynn wrote: > It's doable, but I'd like to make sure that I understand what you > mean by "within corporate infrastructure?" Do you mean the client > plugin sends requests to the server to decrypt and verify received > messages? no, there isn't necessarily a client

Re: Modernizing Web-of-trust for Organizations

On 01/04/2018 10:38 PM, Lou Wynn wrote: > On 01/04/2018 03:02 AM, Kristian Fiskerstrand wrote: >> On 01/04/2018 02:34 AM, Lou Wynn wrote: >>> No, there is no business unit level certifying key. An enterprise only >>> has one root key, which is the ultimate certificate authority for its >>> own

Re: Modernizing Web-of-trust for Organizations

On 01/04/2018 01:04 PM, Ben McGinnes wrote: > On Thu, Jan 04, 2018 at 12:40:59AM +, MFPA wrote: >> For example, my ISP [0] says "All staff keys are signed using the >> company signing key. This is very much like a traditional company >> seal. Only the director has access to this key and it is

Re: Modernizing Web-of-trust for Organizations

On 01/04/2018 01:31 PM, Kristian Fiskerstrand wrote: > On 01/04/2018 10:21 PM, Lou Wynn wrote: >> After a client plugin logs in successfully, the server sends the user's >> encrypted email key to the client. > Aren't you better off with a gateway solution like PGP Universal / > Symantec Encryption

Re: Modernizing Web-of-trust for Organizations

On 01/04/2018 10:21 PM, Lou Wynn wrote: > After a client plugin logs in successfully, the server sends the user's > encrypted email key to the client. Aren't you better off with a gateway solution like PGP Universal / Symantec Encryption Server (or for that matter if GPGRelay is still alive) ?

Re: Modernizing Web-of-trust for Organizations

On 01/04/2018 12:25 AM, Andrew Gallagher wrote: >> On 4 Jan 2018, at 04:42, Lou Wynn wrote: >> >> It has a client key and uses it to log into the server, which is >> similar to SSH key authentication, to retrieve the private key after >> authentication. > This bit confuses me.

Re: Modernizing Web-of-trust for Organizations

On Thu, Jan 04, 2018 at 12:40:59AM +, MFPA wrote: > > For example, my ISP [0] says "All staff keys are signed using the > company signing key. This is very much like a traditional company > seal. Only the director has access to this key and it is only used > for signing other keys. If/when a

Re: Modernizing Web-of-trust for Organizations

On 01/04/2018 02:34 AM, Lou Wynn wrote: > No, there is no business unit level certifying key. An enterprise only > has one root key, which is the ultimate certificate authority for its > own employees and business partners. I normally recommend separating those, as the value for external parties

Re: Modernizing Web-of-trust for Organizations

> On 4 Jan 2018, at 04:42, Lou Wynn wrote: > > It has a client key and uses it to log into the server, which is > similar to SSH key authentication, to retrieve the private key after > authentication. This bit confuses me. If you already store a private key locally, why use

Re: Modernizing Web-of-trust for Organizations

On 01/03/2018 04:40 PM, MFPA wrote: >> It is already the case that an organisation does not need to depend on >> third-party CAs to certify its staff's OpenPGP keys. >> It's true for OpenPGP because OpenPGP is a distributed system, there is no single CA, or it doesn't have the concept of CA at

Re: Modernizing Web-of-trust for Organizations

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Thursday 4 January 2018 at 1:46:55 AM, in , Lou Wynn wrote:- > When I said for "both," I might have misunderstood what you meant by > a shared keyring? Can you explain it a little bit?

Re: Modernizing Web-of-trust for Organizations

On 01/03/2018 05:34 PM, Lou Wynn wrote: >> Are you talking about something like a shared keyring? Or just　managing >> trust relationships by issuing key certifications and >> revocations? > The short answer is for both. End users do not need to manage their When I said for "both," I might have

Re: Modernizing Web-of-trust for Organizations

Hi On Wednesday 3 January 2018 at 7:02:08 AM, in , Lou Wynn wrote:- > 1. Goals of the system > a. An organization does not depend on third-party certificate > authorities. It is already the case that an organisation does not need to depend

Re: Modernizing Web-of-trust for Organizations

I just realized that I overloaded the meaning of signature verification. Here, signature verification, both in my previous discussion and in the receiver's UI, also includes the certificate verification described in 2.b, in addition to traditional signature verification. Thanks, Lou On

Re: Modernizing Web-of-trust for Organizations

On 01/03/2018 11:21 AM, Daniel Kahn Gillmor wrote: > Hi Lou-- > > On Tue 2018-01-02 23:02:08 -0800, Lou Wynn wrote: >> b. Its employees and business partners do not manually manage their own >> keys and trust relationship, and the administrator centrally manages all >> certificates and

Re: Modernizing Web-of-trust for Organizations

Hi Lou-- On Tue 2018-01-02 23:02:08 -0800, Lou Wynn wrote: > b. Its employees and business partners do not manually manage their own > keys and trust relationship, and the administrator centrally manages all > certificates and trustworthiness for the organization. backing up a bit here -- what