Re: emailselfdefense.fsf.org indirectly recommends a proprietary service through a new Enigmail defaults

2019-07-21 Thread Dmitry Alexandrov 
Werner Koch  wrote:
> On Wed, 17 Jul 2019 14:37, 321...@gmail.com said:
>>> A problem is the single-point-of-validation (done via mail confirmation) 
>>> which puts [keys.openpgp.org] in a position like X.509 CAs.
>>
>> That is, mister Brunschwig is willing to add other keyservers on a par with 
>> keys.openpgp.org?  Who will be an auditor (like webtrust.org)?
>
> I don't understand.

There are _many_ X.509 root certificates shipped by operating systems and 
user-agents and equally respected by them by default.  webtrust.org are those 
who audits CAs and advises OS / UA developers whether they can trust their 
users’ security to a certain CA or not.  While keys.openpgp.org is now the 
_only one_ proprietary keyserver network used in Enigmail by default.

>> And Enigmail is like a software that encourages any user to get a CAcert 
>> certificate ‘in two clicks’, not even informing him, that they not 
>> univarsally accepted
>
> How is that different from software uploading to SKS.

In two major points:

1. SKS is (or was, prior this diversion) a de-facto standard, so those who 
unilaterally switched from it had broken the compatibility with GPG and other 
GPG-compatible tools.  This is bad enough, but not so bad as the second point.

2. SKS is a peered network (if you do not like the word ‘distributed’), while 
keys.openpgp.org is a proprietary service.

>> [keys.openpgp.org is] a part (as of now, the only part) of a proprietary 
>> network — just like, say, Facebook.  While SKS is a distributed network — 
>> like Usenet.
>
> Nope.  To use the distributed (actually replicated) SKS you need to get onto 
> Kristian's list.  Kristian has certain rules on what servers he puts on the 
> list.  This currently means you need to have several SKS instances running 
> behind a loadbalancer.

I need to get onto list to do what?  To use as in ‘user’?  Definitely not.  To 
massively download keys?  No, I do not.  To massively upload keys?  Well, I 
never tried, but if I need to get an approval to to this, who have flooded the 
network with fake signatures then?  I have to meet some technical requirements 
to be admitted into the community in order to become a first-class peer of the 
network?  So with Usenet, so the analogy was perfectly valid.

> For year now this had the effect that there are only two persons running SKS 
> keyservers.

>> Unless you mean an entity that controls root DNS of the Internet, for sure, 
>> DNS of SKS *network* is _not_ under control of a single person.
>
> Nope, it is.  The network is DNS and certificate based and there is one 
> person controlling it.

I really do not understand you.  Under whose control 
https://keyserver.ubuntu.com is?  And https://pgp.mit.edu?  Or 
https://pgp.neopost.com and https://peegeepee.com?  Are they under Kristian’s 
or that second person’s?

> I pretty sure everyone in the community trusts Kristian to do the Right Thing 
> as most users also trust Patrick, me, or any other GNU author.

This is not about trust or mistrust to some specific person.  Decentralisation 
is about freedom not to rely upon a good will, abilities or even the fact of 
existence (do not underrate the so called ‘bus factor’) of _any_ single person.

> In fact, keys.openpgp.org has some advantages for some user and those who do 
> not understand the goal of the GDPR

So Facebook has _lots_ of advantages for _lots_ of users.  Advantages is not 
what I am trying to speak about here.

> Enigmail has its own policy and I do not like some of them ... but ... they 
> all have defaults which are set to best serve their users.

It seems, that you are not of very high opinion of Enigmail users, if you 
believe, that proprietary service is the best for them. :-)

>> With SKS, when the default entry point is down, I can simply choose the 
>> other one, and if I am paranoid I can command GPG to check several 
>> keyservers — results must be identical, am I right?
>
> You can do the very same in Enigmail.

Oh...  What does it matter, what users of Enigmail can or cannot do?

As some wise person on this thread pointed out: “If you want get something in 
use you need to have it has default.  Virtually nobody changes options”.  :-)

So what matters is what they are _in fact_ going to do.

First, they are going to cease look keys up on the SKS Net.  Actually, I bet, 
100 % of those who installed their Enigmail from addons.thunderbird.net had 
already ceased, as there was no any questions on whether they want to switch to 
a proprietary service or stick with the standard one — keyserver had been 
rewritten, even it was manually configured.  And secondly, after updating to 
Thunderbird 68 + Enigmail 2.1 they will start to bring their new keys to an 
isolated server.

So neither Enigmail users will be any longer able to find keys of those who 
stays on GPG defaults, nor the latter — to find keys of trustful Enigmailers 
without becoming users (anonymous, yet users) of a specific proprietary service.

That’s w

Re: emailselfdefense.fsf.org indirectly recommends a proprietary service through a new Enigmail defaults

2019-07-18 Thread Werner Koch 
On Wed, 17 Jul 2019 14:37, 321...@gmail.com said:

> And I did not. ;-) I called keys.openpgp.org a proprietary *service*,
> not a proprietary server [software].  I. e. a service, that has an
> owner = proprietor, who solely controls it.

Agreed.

>> This keyserver is not more proprietary than any other key servers.
>
> Yes, but it’s a part (as of now, the only part) of a proprietary
> network — just like, say, Facebook.  While SKS is a distributed
> network — like Usenet.

Nope.  To use the distributed (actually replicated) SKS you need to get
onto Kristian's list.  Kristian has certain rules on what servers he
puts on the list.  This currently means you need to have several SKS
instances running behind a loadbalancer.  For year now this had the
effect that there are only two persons running SKS keyservers.  There
are other pools he also manages - but those are using plain HTTP and not
HTTPS and re rarely used.

>> A problem is the single-point-of-validation (done via mail
>> confirmation) which puts them in a position like X.509 CAs.
>
> That is, mister Brunschwig is willing to add other keyservers on a par
> with keys.openpgp.org?  Who will be an auditor (like webtrust.org)?

I don't understand.  The thing is that Patrick decided to switch away
from the GnuPG default (hkps://hkps.pool.sks-keyservers.net) to a single
keyserver which is controlled by Vincent Breitmoser (keys.openpgp.org)
and which can't work like the SKS pool due to their requirement for mail
verification of all keys.  Vincent is one of the authors of
OpenKeychain, a widely used free OpenPGP implementation for Android.

> And Enigmail is like a software that encourages any user to get a
> CAcert certificate ‘in two clicks’, not even informing him, that they

How is that different from software uploading to SKS.  In fact,
keys.openpgp.org has some advantages for some user and those who do not
understand the goal of the GDPR: They can request the removal of their
key.

Enigmail has its own policy and I do not like some of them (e.g. the
MemoryHole crap) but in that regard it is not different from GnuPG or
any other free software, they all have defaults which are set to best
serve their users.  One might have different opinions about this, but I
am sure that Enigmail's tries its best to further end-to-end encryption
without neglecting the 4 freedoms.

> Unless you mean an entity that controls root DNS of the Internet, for
> sure, DNS of SKS *network* is _not_ under control of a single person.

Nope, it is.  The network is DNS and certificate based and there is one
person controlling it.  I pretty sure everyone in the community trusts
Kristian to do the Right Thing as most users also trust Patrick, me, or
any other GNU author.

> With SKS, when the default entry point is down, I can simply choose
> the other one, and if I am paranoid I can command GPG to check several
> keyservers — results must be identical, am I right?

You can do the very same in Enigmail.

> And even if it has none.  How a credibility of the owner of
> round-robin DNS that randomly chooses a node in distributed network
> pool can be compared to a credibility required from a single owner of
> the whole network?

As I noted, for more than a year we have only two persons running
actualy used SKS keyservers with one person having the enire control
over it.  How is that different from keys.openpgp.org or gnupg?

> He’s in fact in a halfway of doing that.  Enigmail 2.1 (for
> Thunderbird 68, now in beta) primarily advertising itself not as a
> GPG-frontend or an OpenPGP-compatible tool, but as a PEP [2] software.

pEp now is a very different story than keyservers and I am with you that
it is not a good descision of Patrick to make that highly proprietary
pEp that visible.  Despite of the well intention of its founder, the pEp
conglomerate has only one goal: Burst its market value and sell itself
at the peak.

> Yes, by elimination, the second one, despite that it does not even
> mention neither GPG nor OpenPGP!

Surely they don't want to use copyleft because that makes it harder to
seel the company.

> Back to our topic now: what’s about keyserver?  Suppose, you did not
> get rid of PEP (cannot find out how, or even do not want), how do you
> switch an outcoming keyserver?  My answer is: no idea!  I did not find

In theory by editing dirmngr.conf; unfortunately Enigmail does not use
outr default API but calls gpg with a keyserver and even worse implemens
parts of GnuPG itself.  I have not looked at the latest Enigmail and
can't tell whether the gnupg configure options have been removed.  That
would, in contrast to the keys.openppg.org default, indeed be a problem.

> Now you apparently would like to try the innovative PEP-enhanced
> Enigmail 2.1 by yourself to see all these fancy things with your own
> eyes, so I must warn you: *it mangles ~/.gnupg/gpg.conf and
> ~/.gnupg/gpg-agent.conf*, so take precautions.

That is okay, all frontends can do that and we even provide an inter

Re: emailselfdefense.fsf.org indirectly recommends a proprietary service through a new Enigmail defaults

2019-07-17 Thread Dmitry Alexandrov 
Werner Koch  wrote:
> On Tue, 16 Jul 2019 07:43, 321...@gmail.com said:
>
>> describes, changed the default keyserver from the SKS round-robin pool, to a 
>> *proprietary centralized service* [2], “one of whose
>
> Although I have some concerns with those validating keyservers, like 
> keys.openpgp.org, it is wrong and unfair to call this one proprietary.

And I did not. ;-)  I called keys.openpgp.org a proprietary *service*, not a 
proprietary server [software].  I. e. a service, that has an owner = 
proprietor, who solely controls it.

If you do not like the word ‘proprietary’ in its original meaning [1], let’s 
call it simply ‘private’ (though I prefer the former since ‘private’ may also 
stand for ‘personal’ = run by me for myself).

[1] https://en.wikipedia.org/wiki/Proprietary

> This keyserver is not more proprietary than any other key servers.

Yes, but it’s a part (as of now, the only part) of a proprietary network — just 
like, say, Facebook.  While SKS is a distributed network — like Usenet.

> In fact the code is under the AGPL so some may consider this even a benefit 
> (I have a different view but that is not the topic here).

Yes, I positively agree with you.   What software some service runs on their 
machines hardly makes any difference for its user.

> A problem is the single-point-of-validation (done via mail confirmation) 
> which puts them in a position like X.509 CAs.

That is, mister Brunschwig is willing to add other keyservers on a par with 
keys.openpgp.org?  Who will be an auditor (like webtrust.org)?

> However, in this case more like CAcert.

Like CAcert installed as the _only_ CA on a system as of now.  Enigmail does 
not perform searches on SKS anymore.

And Enigmail is like a software that encourages any user to get a CAcert 
certificate ‘in two clicks’, not even informing him, that they are not 
universally accepted.  To repeat, Enigmail does neither upload keys to SKS 
anymore by default, _nor ask a user where to upload_ them.  Unless he is 
competent enough to edit the settings beforehand, they are silently sent to 
keys.openpgp.org; and keys.openpgp.org is unwilling to share the data collected 
from unsuspecting users with anyone else.

> BTW, although the SKS keyserver network is distributed, its DNS is under the 
> control of a single person too.

Unless you mean an entity that controls root DNS of the Internet, for sure, DNS 
of SKS *network* is _not_ under control of a single person.  And that’s the key 
difference!  GnuPG is configured by default to use some _entry point_ to a 
distributed network, while Enigmail is now configured to use a proprietary 
centralized network.

With SKS, when the default entry point is down, I can simply choose the other 
one, and if I am paranoid I can command GPG to check several keyservers — 
results must be identical, am I right?

> Thus the default keyserver in GnuPG has a similar SPoF but in this case the 
> guy running this has quite some long term credibility.

And even if it has none.  How a credibility of the owner of round-robin DNS 
that randomly chooses a node in distributed network pool can be compared to a 
credibility required from a single owner of the whole network?

> If Patrick (Enigmail author) wants to use keys.openpgp.org as default he can 
> of course do that.

It’s hard to argue.  Even if he wanted to switch from OpenPGP to some other 
protocol, he could of course do that too.

He’s in fact in a halfway of doing that.  Enigmail 2.1 (for Thunderbird 68, now 
in beta) primarily advertising itself not as a GPG-frontend or an 
OpenPGP-compatible tool, but as a PEP [2] software.  And for PEP OpenPGP is 
_not_ the preferred backend protocol, it prefer to use OTR, if possible. [3]

[2] https://pep.software
[3] :
| — How does p≡p select the most secure way of sending an email or a message?
|
| When a p≡p user is communicating with another p≡p user:
|
| 1. if online communication available: OTR through GNUnet.
| 2. if online communication not available:
| a. if anonymizing platform available, OpenPGP through anonymizing platform 
(i.e. Qabel),
| b. if anonymizing platform not available, fallback to OpenPGP.
|
| When a p≡p user is communicating with a non-p≡p user then depending on the 
capabilities of the non-p≡p user:
| 1. if anonymizing and forward secrecy is possible, use that (i.e. OTR over 
GNUnet).
| 2. if anonymizing but no forward secrecy is possible, use that (i.e. OpenPGP 
over Qabel).
| 3. if forward secrecy is possible, use that (i.e. OTR).
| 4. if hard cryptography but no forward secrecy is possible, use that (i.e. 
OpenPGP)
| 5. if only weak cryptography is possible, use that (i.e. S/MIME with 
commercial CAs)
| 6. send unencrypted.

It’s not possible with Enigmail yet, but the PEP-targeted interface and mode of 
operation are already default for all new installations.  And to get back to 
the classic one, that has various features, apparently believed to be useless 
now (cr

Re: emailselfdefense.fsf.org indirectly recommends a proprietary service through a new Enigmail defaults

2019-07-16 Thread Werner Koch 
Hi!

On Tue, 16 Jul 2019 07:43, 321...@gmail.com said:

> describes, changed the default keyserver from the SKS round-robin
> pool, to a *proprietary centralized service* [2], “one of whose

Although I have some concerns with those validating keyservers, like
keys.openpgp.org, it is wrong and unfair to call this one proprietary.
This keyserver is not more proprietary than any other key servers.  In
fact the code is under the AGPL so some may consider this even a benefit
(I have a different view but that is not the topic here).

A problem is the single-point-of-validation (done via mail confirmation)
which puts them in a position like X.509 CAs.  However, in this case
more like CAcert.

BTW, although the SKS keyserver network is distributed, its DNS is under
the control of a single person too.  Thus the default keyserver in GnuPG
has a similar SPoF but in this case the guy running this has quite some
long term credibility.

If Patrick (Enigmail author) wants to use keys.openpgp.org as default he
can of course do that.  In particular in the light of the SKS keyserver
performance problems, we are seeing for a year now, and because Patrick
wants to support older GnuPG versions (which is a bad idea, but that is
again up to him).

Keyservers are actually useless these days and I wish they could go
away.  Looking up key at a keyserver does not give you any indication
that the key belongs to the claimed mail address.  A validating key
server tries to fix this by claiming authority to check the mail.
However, this gets us back into the X.509 centralized world.

What we actually need is a service to distribute revocations.
Distributed keyservers can do this but they need to be fixed to avoid
DoS which makes them righty now unreliable for revocation distribution.
We are actually now at the same problems X.509 CRLs are ahing for many
years.  However, this is not baked into the protocol but we are abale to
fix the problem.  If someone would write a distributed keyserver which
implements crypto to check the self-integrity of the key but does not
try to force users to confirm their mail address with the entity running
the keyserver.

Rough idea for a revocation distributing network: Use N bits of the
fingerprint to distribute keys to 2^N keyservers. Each keyserver is
responsible for that subset of keys and will be replicated worldwide.
This allows to keep on using DNS round-robin as well as Onion-balancing
to check for revocations and maybe even for subkey updates.


Salam-Shalom,

   Werner

--
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


signature.asc
Description: PGP signature
___
gnu-misc-discuss mailing list
gnu-misc-discuss@gnu.org
https://lists.gnu.org/mailman/listinfo/gnu-misc-discuss

emailselfdefense.fsf.org indirectly recommends a proprietary service through a new Enigmail defaults

2019-07-15 Thread Dmitry Alexandrov 
Hello.  FSF’s ‘Email Self-Defence Guide’ [1] teaches those who are not yet 
familiar with OpenPGP to use Thunderbird + Enigmail and features the following 
text:

| In your email program's menu, select Enigmail → Key Management.
|
| Right click on your key and select Upload Public Keys to Keyserver. Use the 
default keyserver in the popup.
|
| Now someone who wants to send you an encrypted message can download your 
public key from the Internet. There are multiple keyservers that you can select 
from the menu when you upload, but they are all copies of each other, so it 
doesn't matter which one you use.

However, since the last week this is no longer true, as Patrick Brunschwig 
, an author of Enigmail, making use of a recently 
exploited security flaw in SKS network, which the guide describes, changed the 
default keyserver from the SKS round-robin pool, to a *proprietary centralized 
service* [2], “one of whose initiators” he was, and which does _not_ share the 
base with with SKS: as of now, it provides info for about 5 000 email’s (SKS — 
for about 5 000 000 keys).

Some more details are in the correspondence below.

WDYT?

[1] https://emailselfdefense.fsf.org
[2] https://keys.openpgp.org


--- Begin Message ---
On 10.07.2019 05:55, Dmitry Alexandrov wrote:
> Patrick Brunschwig  wrote:
>> I am happy to announce Enigmail v2.0.12 for Thunderbird 60.*
> 
>> This release sets the default keyserver to keys.openpgp.org in order to 
>> mitigate the SKS Keyserver Network Attack [1]. This change is applied 
>> unconditionally for all installations, except if the default keyserver is 
>> set to an ldap server.
> 
> Given that the issue is now mitigated in GPG, when will reverting this back 
> be scheduled?

I won't revert this change for two reasons:

1. It will take weeks to months until the majority of the Windows and
macOS systems will have updated (which first requires the availability
of new versions of gpg4win, GPGTools, GpgOSX etc).

2. As I already said publicly, the default in Enigmail 2.1 will be
keys.openpgp.org. The change is now just a little earlier than anticipated.

If you want a different default keyserver, you can change that manually
in the Enigmail preferences.

-Patrick



signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---
Patrick Brunschwig  wrote:
> On 10.07.2019 05:55, Dmitry Alexandrov wrote:
>> Patrick Brunschwig  wrote:
>>> I am happy to announce Enigmail v2.0.12 for Thunderbird 60.*
>> 
>>> This release sets the default keyserver to keys.openpgp.org in order to 
>>> mitigate the SKS Keyserver Network Attack [1]. This change is applied 
>>> unconditionally for all installations, except if the default keyserver is 
>>> set to an ldap server.
>> 
>> Given that the issue is now mitigated in GPG, when will reverting this back 
>> be scheduled?
>
> I won't revert this change for two reasons:
>
> 1. It will take weeks to months until the majority of the Windows and macOS 
> systems will have updated (which first requires the availability of new 
> versions of gpg4win, GPGTools, GpgOSX etc).

Well, that’s exactly the kind of answer I hoped to get: a stub will be reverted 
when such and such updates are published.  But I see now, I was too optimistic. 
 :-\

> 2. As I already said publicly, the default in Enigmail 2.1 will be 
> keys.openpgp.org. The change is now just a little earlier than anticipated.

So, just to clarify, you intentionally replaced the standard distributed 
network with some freshly established private service, where centralized 
control is _not_ a child illness, but a design:

| Several folks offered to help out by "running a Hagrid server instance". We 
very much appreciate the offer, but we will probably never have an "open" 
federation model like SKS, where everyone can run an instance and become part 
of a "pool".
— https://keys.openpgp.org/about/faq

moreover, pushed that change to setups of the most old users, — and found all 
of that absolutely okay?

> If you want a different default keyserver, you can change that manually in 
> the Enigmail preferences.

Please, do not say it like the question is about choosing a default 
colour-scheme or some other trifle!  It’s not a ‘different keyserver’ in a 
sense, that became usual for all those years of SKS (that is, whether it 
pgp.mit.edu, keys.ubuntu.com or even keybase.io).  You have driven the whole 
userbase to a *different network* — a network consisting of a single server.


signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
On 10.07.2019 10:43, Dmitry Alexandrov wrote:
> Patrick Brunschwig  wrote:
>> On 10.07.2019 05:55, Dmitry Alexandrov wrote:
>>> Patrick Brunschwig  wrote:
 I am happy to announce Enigmail v2.0.12 for Thunderbird 60.*
>>>
 This release sets the default keyserver to keys.openpgp.org in order to 
 mitigate the SKS Keyserver Network Attack [1]. This change is applied 
 unconditionally for all installations,