On Sat, Sep 14, 2013 at 9:46 AM, Perry E. Metzger <pe...@piermont.com> wrote: > > However, on the topic of key management itself, my own proposal was > described here: > > http://www.metzdowd.com/pipermail/cryptography/2013-August/016870.html > > In summary, I proposed a way you can map IDs to keys through pure > long term observation/widely witnessed events. The idea is not > original given that to some extent things like Certificate > Transparency already do this in other domains.
Hi Perry, What you're proposing is "multipath probing" of email users' public keys. Certificate Transparency isn't the right comparison, but this has certainly been discussed in other domains: Public Spaces Key Infrastructure / SecSpider (Osterweil et al, 2006, 2007) [1] Perspectives (for HTTPS - Wendlant et al, 2008) [3] Convergence (for HTTPS - Marlinspike, 2011) [4] Vantages (for DNSSSEC - Osterweil et al, 2013) [5] Probing servers is easier than probing email users, and publishing a servername -> key directory is also easier as server names don't have the same privacy concerns as email names. Still, it's an interesting idea. Key changes are a challenge to this approach, which people tend to overlook. One approach is to have the probed party declare a commitment to maintaining its public key constant for some period of time, and have this commitment be detected by the probing parties. This provides some timing guarantees so that the rest of the system can probe and download new results at regular intervals, without having sudden key changes cause glitches. Things like HPKP [6] and TACK [7] explore this option. Trevor [1] http://irl.cs.ucla.edu/papers/pski.pdf [2] http://secspider.cs.ucla.edu/docs.html [3] http://perspectives-project.org/ [4] http://convergence.io/ [5] http://irl.cs.ucla.edu/~eoster/doc/pubdata-tpds13.pdf [6] http://tools.ietf.org/html/draft-ietf-websec-key-pinning-08 [7] http://tack.io _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography