Re: Proposal of OpenPGP Email Validation
Hi all--- On Mon 2015-07-27 01:55:03 -0400, n...@enigmail.net wrote: In the past months I tried to come up with a concrete proposal. I discussed it already with some people and this is what I/we propose so far. Sorry to take a while to respond to this thread. I think a proposal for an e-mail-validating keyserver/mail-loop can be evaluated in several different ways. unfortunately, none of them look to me like they'll solve the concerns of the c't editor automatically without introducing other problems. Some ways of looking at the problem: 0) is it OK to run an autonomous validating OpenPGP certification agent? I think the answer here is clearly yes. OpenPGP keys make certifications based on their own policies, and if you set up something like this, you can set the policy to whatever you like. Some people might even use it, like people used their PGP Global Directory as a public attestation service. 1) What (if any) technical structure should there be for an autonomous validating OpenPGP certification agent? This thread discussed several options, including e-mail pingbacks, requirements of PoW, notation data, etc. I don't have a strong opinion on this, and i tend to think that a bit of experimentation with actually running such an agent would be more fruitful than abstract discussion. 2) Should existing OpenPGP clients be willing to rely on certifications made by such an autonomous validating OpenPGP certification agent? if so, which one(s) ? This is now asking the same question as should browsers/OSes come with a built-in list of X.509 trust anchors? From the perspective of the global network, where many people use the same tools but have different and non-aligned goals and interests, the answer is clearly no to me. But of course the practical answer to most deployed software installations is yes, because even extremely technically-sophisticated people don't understand how to (or have a way to) configure their trust anchors to align with their own interests. Should OpenPGP implementations follow this model? I'm not convinced it should: it creates high-value targets (the widely-relied-upon certification agents), and provides little to no mechanisms for oversight/auditing of those targets. That said, the possibility of assigning marginal ownertrust to such an agent, coupled with the existence and common usage of the keyserver network makes it possible provide a bit more oversight on the use of these high-valued keys than we have in the (current CT-less) X.509 ecosystem. -- In summary, i would not want the responsibility of running one of these agents myself. If one existed, i would be fine submitting my own OpenPGP certificate to it for its certification, assuming its certifications don't bloat my cert too much, and i'd be happy to give feedback about its workflow/security posture to whoever is operating it. I don't think that any special notations are necessary for such a use. Just treat it as a special certification-only OpenPGP cert, and document its certification policy clearly. I'd be disappointed if GnuPG or other OpenPGP tools were to decide that they trusted such an agent on behalf of all users. So, does this solve the problem that the c't folks had? Not without a lot of other tooling and incentives that don't exist yet. Could such an agent be a useful contribution to a larger certification ecosystem? Possibly, but we won't know that until someone is willing to step up to be responsible for such an agent, and to try it out. --dkg signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal of OpenPGP Email Validation
The problem with most e-mail reform proposals (this one included) is that they don't address what is the primary problem of essential users of the encrypted communication: that to their attackers the knowledge of who communicates with whom is of greater value than the content of the message. Without solving that primary problem, the motivation for the adoption of any new scheme is either low or non-existent. Listo Factor ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal of OpenPGP Email Validation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Friday 31 July 2015 at 8:15:23 AM, in mid:55bb208b.6090...@mail.ru, listo factor wrote: The problem with most e-mail reform proposals (this one included) is that they don't address what is the primary problem of essential users of the encrypted communication: that to their attackers the knowledge of who communicates with whom is of greater value than the content of the message. Taken in the round for general surveillance purposes, yes. But for a relatively small number of messages, it's the content that is more valuable. For example, if Bob emails Alice his credit card details (or commercial secrets). Without solving that primary problem, the motivation for the adoption of any new scheme is either low or non-existent. One scheme that does address the metadata issue is Confidant Mail https://confidantmail.org/. - -- Best regards MFPA mailto:2014-667rhzu3dc-lists-gro...@riseup.net Editing is a rewording activity -BEGIN PGP SIGNATURE- iQF8BAEBCgBmBQJVu06gXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2 QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwCBEIALXYGEGvGxGs8xYLq1LDekON FNqOeZzhUGzdfxP4Os8isSQ5X3g53Ffz1rG5RnoQpob1bbn8FqogonWp5IMcogdL TRyBuAftzVlUybMweqavaeQZ8QuegUnnKZ0FolqVYMHyDL2q1TMT9djln6nbltfD xq1jGOZFTKolaaxTbyJG3N6B93Jd8ETrWjRqkPIaMvkmtiMFFJ/tTWfxwqm54nPz s2vTYbA8+wSAK20UOzA0lajoETQAhuqTgFezq+kbbqvDf4XfbptauUyTmJptdyp4 sfaSy3qJMa3QVp12ewGhtLRm/rDM/QLdZQf73bNxIJqtXobQxPBT0Y6R6NTfyCGI vgQBFgoAZgUCVbtPFV8UgAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45NywAP4qRDGwXwazn3s6rEnVmvpiHyoY dRh2UVMrHCxkmUOIdQEAuOFcDGCa/7jRxwdXdgZKBTOzz2x9JdK9xLcvMFR9tQ4= =vbCb -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal of OpenPGP Email Validation
Indeed, as written in the proposal key 8B5A ABB1 A033 21CE C2FF C35F 3BA0 E844 EDEB DFE9 https://hkps.pool.sks-keyservers.net/pks/lookup?op=vindexsearch=0x3BA0E844EDEBDFE9 is a faked key which is signed by a faked CA. THAT's exactly the problem I want to fix! And note that for ordinary users it is not that easy to find out Yes, people could in this case double check with the web site of the magazine. But they simply don't do that (including me and a couple of other people here in this forum!). As a result Jürgen aganin and again gets emails with the wrong key. And I dind't get an answer from Jürgen ... And ... I want to avoid this unnessecary burdon. BTW, as another example, several keys of t...@gpgtools.org are faked (search for these keys and the the interesting result). Am 30.07.2015 um 12:23 schrieb MFPA: Hi On Thursday 30 July 2015 at 9:27:37 AM, in mid:55b9dff9.6080...@gmail.com, Viktor Dick wrote: On 2015-07-30 10:17, Ingo Klöcker wrote: I'm sorry to tell you that you have fallen into the trap. There is only one genuine pg...@ct.heise.de key the fingerprint of which is printed in each issue of the c't magazine. The other one is a fake. And the fact that the fake key with the author's email address is signed by different keys only means that a lot of people have signed this fake key without following the proper procedure of key validation (or that the trolls created even more fake keys to sign the author's fake key to make it look more credible). Not according to http://www.heise.de/security/dienste/PGP-Schluessel-der-c-t-CA-473386.html where three different keys are listed (two DSS and one RSA). I concur that the keys 38EA4970 and E1374764 both look likely to be genuine. One has signatures from B3B2A12C, the other from DAFFB000. The link above lists as ct magazine CERTIFICATE pg...@ct.heise.de keys B3B2A12C and DAFFB000, as well as a third key BB1D9F6D. As for the other non-revoked keys I found by searching for schmidt juergen heise de:- all four are signed by a ct magazine CERTIFICATE pg...@ct.heise.de key F6ADD6C2 that is not listed on the magazine's page. all four are also signed by a ct magazine CERTIFICATE ct magazine CERTIFICATE key FB4DFDC6. one of the four has a UID claiming itself to be another ct magazine CERTIFICATE pg...@ct.heise.de as well as being Juergen Schmidt's key. Also all four have the same creation date. I guess anybody being fooled didn't look at the page linked above, or they would have used key 2C26A309 ct magazine pgpCA CommunicationKey 2015 pg...@ct.heise.de when contacting the magazine. (-; ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users -- Nicolai M. Josuttis www.josuttis.de mailto:n...@enigmail.net PGP fingerprint: CFEA 3B9F 9D8E B52D BD3F 7AF6 1C16 A70A F92D 28F5 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal of OpenPGP Email Validation
Hi On Thursday 30 July 2015 at 7:04:28 AM, in mid:55b9be6c.1050...@gmail.com, Viktor Dick wrote: On 2015-07-29 18:24, n...@enigmail.net wrote: So, could somebody explain in a bit more detail how a PoW approach works? As far as I understand it, for any key that you have - regardless whether you have access to the mail address in the uid - you can add some signature where anyone with the public key can quickly check that the person that posesses the private key has spent a specific amount of computing power (p.e., 1 week with an average PC) to create this signature. It is hard to create the signature (impossible without the private key, a lot of computing power with it) but easy to check. That's my understanding, too. Essentially, you create the possibility to make a key 'premium' by spending this time and hope that trolls who flood the keyservers with fake keys will be deterred by the costs. You can hope so, but is it reasonable to expect? Anyone who does not have any problem with trolls can of course still upload a non-premium key. And anybody who doesn't trust Proof of Work as a validation could trust only encrypted-mail validations. It would be simple, as PoW validation signatures would be self-certs whereas enc-mail validation certs would come from a validation server's key. I myself find the idea not so appealling. I would not like it if after creating a key my machine had high CPU load for a couple of weeks. And I doubt that many trolls will be deterred by it - the number of fake keys per time interval will go down, but since they are anyhow going out of their way to create problems for others without any gain for themselves, I think a significant portion will still do it even if it costs more. I think a week of computing for the PoW is excessive. But if the troll's CPU time is on a botnet, they won't care about the cost or about slowing down their machine for a week. I rather like the idea of servers that offer to sign your key (or rather a specific UID) and send it to your email, encrypted to you. For the user this just means that if he has the problem of trolls using his address he has to send his key to such a server or upload it in a webinterface, then receive the mail, decrypt it and import the contained signatures to his key, and optionally upload his new key to a keyserver - with enigmail, for example, everything done within a few clicks. I prefer this method rather than clicking a link in an email. But people are used to that scenario from website registrations, as long as the email arrives within a couple of minutes of them registering on the website. Anyone who looks for a key to a specific mail address on a keyserver will probably, when faced with multiple results, take the one that has most signatures (and isn't expired) - especially if some of the signatures are from email-verification-sounding hostnames. Surely, all signatures from keys that you do not already trust are just ambient noise. Therefore, there is no necessity to create a whitelist of servers (but it can be done, if a user decides to trust signatures of a specific server) and it is still decentralized - anyone can set up such a verification server. If it can be done without Big Brother creating a whitelist, it should be. Of course with a lot of effort, a troll could still try to create a complete fake network and cross-sign different keys. But here the amount of work to be done for a troll is much bigger than that for a genuine user, so hopefully it will not be a problem. I imagine it would not be much of a problem for a troll to automate most of the work. But unless they compromise some keys from genuine validators, it's all in vain if people bother to check signatures. Hold on, the magazine writer's problem is that people encrypt his emails to the wrong key because they do not bother to check signatures. -- Best regards MFPA mailto:2014-667rhzu3dc-lists-gro...@riseup.net A closed mouth gathers no foot ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal of OpenPGP Email Validation
On 2015-07-30 16:39, MFPA wrote: On Thursday 30 July 2015 at 1:43:35 PM, in mid:55ba1bf7.4090...@enigmail.net, n...@enigmail.net wrote BTW, as another example, several keys of t...@gpgtools.org are faked (search for these keys and the the interesting result). Sorry, I don't see a result that leaps out at me as interesting. Are you willing to elaborate? I'd say if one searches on a keyserver, it is pretty clear which key is real. I'm a bit worried because when I search with Enigmail it does not show the signatures, so from there they all seem equally valid. Regards, Viktor signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal of OpenPGP Email Validation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Thursday 30 July 2015 at 1:43:35 PM, in mid:55ba1bf7.4090...@enigmail.net, n...@enigmail.net wrote: BTW, as another example, several keys of t...@gpgtools.org are faked (search for these keys and the the interesting result). Sorry, I don't see a result that leaps out at me as interesting. Are you willing to elaborate? - -- Best regards MFPA mailto:2014-667rhzu3dc-lists-gro...@riseup.net Teamwork is essential - it allows you to blame someone else -BEGIN PGP SIGNATURE- iQF8BAEBCgBmBQJVujcxXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2 QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwooMH/0C6TwqvvV4x7JoCk2ovnO7i SlGcm9LdRESIRbk0WNqfaBkINP/pimVRhmLAgvmt8aBmBD5mk19QZqyUwHR5JJP4 z4Q3OkfXFcXr6KWqgHgAkXxghFtnp8MJj/5TLQ4ICO5bPee4yN6L2NElPIrN1M6a PA17OZdCpTVuQXOU84b4XyvFkADNM5xJLX22lNYkm/NX2YMbJ89IlntfjBksCP8I xh9xUjQaNsOnXHv16iNLskrWmdGeCG3gvGq0QX53bLc/ExHMhy7p7GOHt0TT+Guh qpCbQdlyil7FGsUTl/5hawkFA4Xy5SOaieIQFkURV2V/H07DiUb4U1LI36XaT2+I vgQBFgoAZgUCVbo3Nl8UgAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45ISoAQDffuI/eHQ4N6RnAfAI0WR9m/YO xLD1KPSvkv30D+ZflgEAzVSctYlMpt2xk6HozQGCeaKEG+H0JEgNswYH5yx0xAU= =O+Gs -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal of OpenPGP Email Validation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 07/30/2015 05:12 PM, Viktor Dick wrote: On 2015-07-30 16:39, MFPA wrote: On Thursday 30 July 2015 at 1:43:35 PM, in mid:55ba1bf7.4090...@enigmail.net, n...@enigmail.net wrote BTW, as another example, several keys of t...@gpgtools.org are faked (search for these keys and the the interesting result). Sorry, I don't see a result that leaps out at me as interesting. Are you willing to elaborate? I'd say if one searches on a keyserver, it is pretty clear which key is real. I'm a bit worried because when I search with Enigmail it does not show the signatures, so from there they all seem equally valid. Instinctively this sounds flawed, the point is there is no way without downloading the key and verifying the validation path through other existing known good keys. If you rely solely on the number of signatures that can easily be constructed, either through generating new keys or due to the keyservers not doing any cryptographic verification that the signatures themselves are correct. ... and that is intended behavior ... - -- - Kristian Fiskerstrand Blog: http://blog.sumptuouscapital.com Twitter: @krifisk - Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 - Nil satis nisi optimum Nothing but the best is good enough -BEGIN PGP SIGNATURE- iQEcBAEBCgAGBQJVukObAAoJECULev7WN52FowoH/RPkEUy5LiIXqqKZaNPvLno1 7KB4vTCSVQwj/RHfCUYCCF5mqZ5mkLA6czdKOCslaZP6YqjrgPhzDxJ65mzZ2enG Xv8neTWgnjVbotkQ0tauNqlw7mcTSLG8FwxXpuyrAilAKmOEeV1/JN2pHZBp/0u2 2LPfcc2QNMaXwKK5Ri5vpOTieFlmeLEj/lt+HCF3AikilIKv8L7grG+jADTda5kw VlQ3Sn+NbUUMrRMUjMwtwgN58jtM8uGtflsveouFsQEs9eH5bPbw/nj1ZVtAyjeS hcs2KyMqHj5JAhKpySkhgvqID7gr3LxOSB1xCkgvAz3LHhQu39OD6iOGFT4fLBc= =yklt -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal of OpenPGP Email Validation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Friday 31 July 2015 at 12:11:35 AM, in mid:957598505.20150731001135@my_localhost, MFPA wrote: However, what would be different if one of the keys found happened to carry one of your proposed? Sorry, that should have been:- What would be different if one of the keys found in the search happened to carry one of the proposed email address validation signatures? - -- Best regards MFPA mailto:2014-667rhzu3dc-lists-gro...@riseup.net No matter what a man's past may have been, his future is spotless. -BEGIN PGP SIGNATURE- iQF8BAEBCgBmBQJVurK6XxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2 QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwbCcH/1sWY/2Gah5tOrppI71SYMZ4 pTXghWR5ahYDZuKyMJHpSJ6Vy+QKEYrdEqGhCXgHa4npBmkal3OlUlwSaktO9WJO ubJzP5QP3vwvd2c8hbHA49/oKbTRoNcPQRNfTkteQU1gLvwiklTYbeu6uhaNy7oc okvTHQvJ47Vzb9t+Vt2Wj3vOA5qnwJtDIw9PnBqxKRYqNyJ+BzhTvsVxlgyifp8Q Y/2M8Jko8L0TN+BbCNTYi9MRXDmc3nCfWyn/0T9g4RQCciyNVc5eDuDi1KM/kzm6 oK9wpfxwtwuZ7B8dhrZS4AWSRZ/6Vv2lFpUU45FfvKNQU3e9VtG0bIykp4pUH02I vgQBFgoAZgUCVbqyy18UgAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45H74AP9YIHPPdKMxRWMDSg8WWFSwCsv1 ThEwttSwRmcVZ4mFJQD+M9OBBkk31ksmUMxZRyk0GZsga5p8E9nguH+hJ9hDqA8= =U6Vd -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal of OpenPGP Email Validation
On 31.07.2015 01:11, MFPA wrote: Only if you download the key from the GPGTools website and find the key-id first. (If the GPGTools team shows their key ID or Fingerprint on their website, I failed to find it.) On the front page they have 'to verify the signature, please download and import our updated key' right below the download button. There is no fingerprint, but the whole key is there. But I was talking about the fact that of the six results, one has hundreds of signatures. Sure, in the web of trust concept this doesn't mean anything unless there is a (short) trust chain from me to one of these, but in practice this still significantly rises the chance that it is the correct key (and it is, I checked with the one on their homepage). My output from searching a keyserver for gpgtools.org:- 'gpg --search-keys' does not seem to give a list of signatures (which explains why enigmail also doesn't), I was searching using a web interface. I guess this is because it is assumed that signatures do not mean anything without a trust chain. But if I had to bet money on one of the keys, I would still take the one with hundreds of signatures. However, what would be different if one of the keys found happened to carry one of your proposed email address validation signatures? If I could quickly check (or rather, my client could do that automatically) that the signature is also found on their web page, I can assume that either the web page is fake (which is unlikely for something known like ccc.de), it has been hacked (unlikely for a random troll) or someone intercepted either my HTTP request or the original verification e-mail (possible with a secret service, unlikely with a troll). Therefore, it will raise my estimated probability that the owner of the key also has access to the mailbox, which will pretty surely now be much higher than for any fake key. The advantage with respect to the proof of work concept is that the procedure is asymmetric: it costs much more to troll than to verify a genuine key. Best regards, Viktor signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal of OpenPGP Email Validation
On Thursday 30 July 2015 08:04:28 Viktor Dick wrote: Now that I think about it - if I search for the original author of the c't article (j...@ct.de), who complained about getting mails that were encrypted to some fake key, I would assume that the keys 38EA4970 and E1374764 are both genuine, because they both have not only selfsigs. BTW, they are both signed by different keys with the UID 'pg...@ct.heise.de', so they already have a similar service in place - of course I had to do a websearch to find if these keys are genuine, which should probably be easier. I guess ideally the UID would contain a weblink to a page that has the fingerprint and describes the service shortly. I'm sorry to tell you that you have fallen into the trap. There is only one genuine pg...@ct.heise.de key the fingerprint of which is printed in each issue of the c't magazine. The other one is a fake. And the fact that the fake key with the author's email address is signed by different keys only means that a lot of people have signed this fake key without following the proper procedure of key validation (or that the trolls created even more fake keys to sign the author's fake key to make it look more credible). Regards, Ingo signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal of OpenPGP Email Validation
On 2015-07-30 10:17, Ingo Klöcker wrote: I'm sorry to tell you that you have fallen into the trap. There is only one genuine pg...@ct.heise.de key the fingerprint of which is printed in each issue of the c't magazine. The other one is a fake. And the fact that the fake key with the author's email address is signed by different keys only means that a lot of people have signed this fake key without following the proper procedure of key validation (or that the trolls created even more fake keys to sign the author's fake key to make it look more credible). Not according to http://www.heise.de/security/dienste/PGP-Schluessel-der-c-t-CA-473386.html where three different keys are listed (two DSS and one RSA). signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal of OpenPGP Email Validation
On 2015-07-29 18:24, n...@enigmail.net wrote: So, could somebody explain in a bit more detail how a PoW approach works? As far as I understand it, for any key that you have - regardless whether you have access to the mail address in the uid - you can add some signature where anyone with the public key can quickly check that the person that posesses the private key has spent a specific amount of computing power (p.e., 1 week with an average PC) to create this signature. It is hard to create the signature (impossible without the private key, a lot of computing power with it) but easy to check. Essentially, you create the possibility to make a key 'premium' by spending this time and hope that trolls who flood the keyservers with fake keys will be deterred by the costs. Anyone who does not have any problem with trolls can of course still upload a non-premium key. I myself find the idea not so appealling. I would not like it if after creating a key my machine had high CPU load for a couple of weeks. And I doubt that many trolls will be deterred by it - the number of fake keys per time interval will go down, but since they are anyhow going out of their way to create problems for others without any gain for themselves, I think a significant portion will still do it even if it costs more. I rather like the idea of servers that offer to sign your key (or rather a specific UID) and send it to your email, encrypted to you. For the user this just means that if he has the problem of trolls using his address he has to send his key to such a server or upload it in a webinterface, then receive the mail, decrypt it and import the contained signatures to his key, and optionally upload his new key to a keyserver - with enigmail, for example, everything done within a few clicks. Anyone who looks for a key to a specific mail address on a keyserver will probably, when faced with multiple results, take the one that has most signatures (and isn't expired) - especially if some of the signatures are from email-verification-sounding hostnames. Therefore, there is no necessity to create a whitelist of servers (but it can be done, if a user decides to trust signatures of a specific server) and it is still decentralized - anyone can set up such a verification server. Of course with a lot of effort, a troll could still try to create a complete fake network and cross-sign different keys. But here the amount of work to be done for a troll is much bigger than that for a genuine user, so hopefully it will not be a problem. It would also be possible to check for known services if the signature is actually theirs (by checking the key with that on the homepage or something like that), but of course it should have been possible to do that with the original recipient already... These signatures should expire after a year or so, so keys where the owner no longer has acces to the private key will loose these signatures after a while. I myself have two older keys from early experiments (where I did not specify an expiry date) uploaded to the keyserver network, but I guess anyone who looks me up will take my current key, because it has much more subkeys (which I now change every year) and also some signatures. Now that I think about it - if I search for the original author of the c't article (j...@ct.de), who complained about getting mails that were encrypted to some fake key, I would assume that the keys 38EA4970 and E1374764 are both genuine, because they both have not only selfsigs. BTW, they are both signed by different keys with the UID 'pg...@ct.heise.de', so they already have a similar service in place - of course I had to do a websearch to find if these keys are genuine, which should probably be easier. I guess ideally the UID would contain a weblink to a page that has the fingerprint and describes the service shortly. Regards, Viktor signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal of OpenPGP Email Validation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Thursday 30 July 2015 at 4:12:35 PM, in mid:55ba3ee3.7000...@gmail.com, Viktor Dick wrote: On 2015-07-30 16:39, MFPA wrote: On Thursday 30 July 2015 at 1:43:35 PM, in mid:55ba1bf7.4090...@enigmail.net, n...@enigmail.net wrote BTW, as another example, several keys of t...@gpgtools.org are faked (search for these keys and the the interesting result). Sorry, I don't see a result that leaps out at me as interesting. Are you willing to elaborate? I'd say if one searches on a keyserver, it is pretty clear which key is real. Only if you download the key from the GPGTools website and find the key-id first. (If the GPGTools team shows their key ID or Fingerprint on their website, I failed to find it.) My output from searching a keyserver for gpgtools.org:- - --- C:\TDM-GCC-32gpg --search-keys t...@gpgtools.org gpg: using character set 'utf-8' gpg: data source: http://kronecker.scientia.net:11371 (1) GPGTools Team t...@gpgtools.org 2048 bit RSA key 0xDE13CCD892EFC169, created: 2013-09-13, exp ires: 2017-09-13 (2) GPGTools Team t...@gpgtools.org 2048 bit RSA key 0x93F6E721F7D75F75, created: 2013-09-13, exp ires: 2017-09-13 (3) GPGTools Team t...@gpgtools.org 2048 bit RSA key 0x07F7603CC8F5BBF1, created: 2013-09-13, exp ires: 2017-09-13 (4) *Key invalid; use 76D78F0500D026C4 GPG Tools Team t...@gpgtools.org 2048 bit RSA key 0x929D128A9EA002BA, created: 2013-09-13, exp ires: 2017-09-13 (5) George Nigg t...@gpgtools.org 2048 bit RSA key 0xD0863D5E46FA0F9F, created: 2013-07-12, exp ires: 2017-07-12 (6) GPGTools Team t...@gpgtools.org GPGMail Project Team (Official OpenPGP Key) gpgmail-devel@list s.gpgma GPGTools Project Team (Official OpenPGP Key) gpgtools-org@list s.gpgto 2048 bit DSA key 0x76D78F0500D026C4, created: 2010-08-19, exp ires: 2018-08-19 Keys 1-6 of 6 for t...@gpgtools.org. Enter number(s), N)ext, or Q)uit - --- Number 6 has more UIDs but nothing in the search listing tells me any key is clearly the one I want. When verifying a software download, the search would be the other way around. I would be checking a signature, so GnuPG would search the server for the key-id that made the signature, the signature would be good or bad, and the key would be the one their website says it should be or it wouldn't. (OK, there would quite probably be certifications vouching for the key as well, in case the site was hacked and now said a different key.) I'm a bit worried because when I search with Enigmail it does not show the signatures, so from there they all seem equally valid. I do not use Enigmail, so couldn't comment. However, what would be different if one of the keys found happened to carry one of your proposed? - -- Best regards MFPA mailto:2014-667rhzu3dc-lists-gro...@riseup.net What's another word for synonym? -BEGIN PGP SIGNATURE- iQF8BAEBCgBmBQJVuq8rXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2 QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwL1cH/3MxcfTEKp+Dlnj3pf//5dr4 sywvMnkv/7k7X0wEPApQVmlVH+6y0kFgOBK366oAKh32mq2muftcRIhOe/eH5pCJ PQvpjhmuqu7TvmIT9YlnnEcuWPMhK8iT8q1WqAwNJdFxv2WhzN6V+g/QcilDE4cD TQ6VyIvNp9Z6Nrrb9bl7DF8eh4jxiRtvyoT+JfL9l3qt3umqcuy/eTyt5YLOg03T V3jSherLB4eSyRFwxbOvccd9o9yZK8rVezD6Oul+dOUQbgBeuPrLfRG2E1sjLE2S fKj9NsZTmMOc3D2uSfwGNWb9vQtKnnvMosGX6PGvp9ESgvj5REXEJ4vCcwZUFxKI vgQBFgoAZgUCVbqvPF8UgAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45HRoAQCWIaBpOmDy7AruEsbWaJZUrt3I tCsfiO9kXYa5lBh4CgEA+xSPOnYEEaWXIqlouKAbKEt1JqqJ+k5ut5j68DbkBAo= =qAVG -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal of OpenPGP Email Validation
On Wed, 29 Jul 2015 17:49, patr...@enigmail.net said: The whole point of this exercise is to verify that the key and the email address(es) belong _together_. I don't see how PoW could do this, or I didn't understand it well enough. The idea with a regular PoW is that an attacker (well, script kiddie) would look for a lower hanfing fruit than to create a faked key. The PoW is expensive and thus the expectaion is that it would at best only done for the first interval but not a second time My points against PoW are: - PoW is not green computing so it should only be done in rare cases. - Users with low end devices are discriminated. - With all that surplus Bitcoin mining rig we would soon see a lot of faked keys just for the fun of it - or as a service. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal of OpenPGP Email Validation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Thursday 30 July 2015 at 9:27:37 AM, in mid:55b9dff9.6080...@gmail.com, Viktor Dick wrote: On 2015-07-30 10:17, Ingo Klöcker wrote: I'm sorry to tell you that you have fallen into the trap. There is only one genuine pg...@ct.heise.de key the fingerprint of which is printed in each issue of the c't magazine. The other one is a fake. And the fact that the fake key with the author's email address is signed by different keys only means that a lot of people have signed this fake key without following the proper procedure of key validation (or that the trolls created even more fake keys to sign the author's fake key to make it look more credible). Not according to http://www.heise.de/security/dienste/PGP-Schluessel-der-c-t-CA-473386.html where three different keys are listed (two DSS and one RSA). I concur that the keys 38EA4970 and E1374764 both look likely to be genuine. One has signatures from B3B2A12C, the other from DAFFB000. The link above lists as ct magazine CERTIFICATE pg...@ct.heise.de keys B3B2A12C and DAFFB000, as well as a third key BB1D9F6D. As for the other non-revoked keys I found by searching for schmidt juergen heise de:- all four are signed by a ct magazine CERTIFICATE pg...@ct.heise.de key F6ADD6C2 that is not listed on the magazine's page. all four are also signed by a ct magazine CERTIFICATE ct magazine CERTIFICATE key FB4DFDC6. one of the four has a UID claiming itself to be another ct magazine CERTIFICATE pg...@ct.heise.de as well as being Juergen Schmidt's key. Also all four have the same creation date. I guess anybody being fooled didn't look at the page linked above, or they would have used key 2C26A309 ct magazine pgpCA CommunicationKey 2015 pg...@ct.heise.de when contacting the magazine. (-; - -- Best regards MFPA mailto:2014-667rhzu3dc-lists-gro...@riseup.net This message represents the official view of the voices in my head. -BEGIN PGP SIGNATURE- iQF8BAEBCgBmBQJVufsoXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2 QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwC2oIALQTnp8zRuDfNM/crs07szAG lrmNBhB63fSnr2CfHbpSUHXjoVIgn6sKRGz7oUEyhvmTUDPc4QS+aa7khV5jE094 kQn4nh7oWSNDfTEMSZJjA1DQlrN9QMO0A1Pq77Y1LoRCnaMSBtMgifOqp1vX6nfE ejhqpwMiLF4Db7fdn4gTBK1o3FGXKP55kC5i2QMnwF9KiXz0gtkgdQ+7pgM4MdRT ow9pynZHoEy9sfIKRkF5g5uk1ch5O2mFFvFeCfTph1d6MK06phQaT9v0VQgOz8ms 0BtsUApmUShYO+BPKVlKVFDsfnMPGrcsOqjxcCz+Ikv2GOOdgdnEl1Rbs2+N0ICI vgQBFgoAZgUCVbn7Ll8UgAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45MHfAQDVto8gZk48618e2MxXA8ZITDH4 bTaPakeawetZLjew+QD/QZSjuDd/l7s76NXGhrj14fXb9Z9B+/ibDuPelWfSnws= =cN7q -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal of OpenPGP Email Validation
[Sent from my HTC, as it is not a secured device there are no cryptographic keys on this device, meaning this message is sent without an OpenPGP signature. In general you should *not* rely on any information sent over such an unsecure channel, if you find any information controversial or un-expected send a response and request a signed confirmation] On Jul 29, 2015 4:02 PM, MFPA 2014-667rhzu3dc-lists-gro...@riseup.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Wednesday 29 July 2015 at 1:47:35 PM, in mid:55b8cb67@sumptuouscapital.com, Kristian Fiskerstrand wrote: On 07/29/2015 02:41 PM, MFPA wrote: That would be good: mail clients that applied a rule to only use validated keys would otherwise deny service when emailing somebody who is trying to keep their key off the keyservers. Are they really the target group for this proposal? The target group for an email address validation certificate on my key would be people who wanted to email me. You are still in control of that given that you can (i) opt not to click the validation link, so other users defer back to WoT, same as today (ii) elect not to give any ownertrust to the CA ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal of OpenPGP Email Validation
Am 29.07.2015 um 15:41 schrieb MFPA: Well, I don't like the CA model and that's what Nico is basically proposing (with less rigorous checks). Another huge disadvantage is that user's have to actively participate by replying to emails / visiting a link. Yes, PoW has none of that. If you went for a per-UID PoW and a common validation signature notation with Nico's scheme (type: ProofOfWork instead of enc-email), the schemes could operate together as compatible alternatives. I am happy to propose other way of validation. Unfortunately I didn't understand the PoW approach yet. So, could somebody explain in a bit more detail how a PoW approach works? In my scenario a user only has to do 2 easy and understandable things: a) change the keyserver configuration: I.e. replace a keyserver by a validating keyserver proxy b) From time to time process an email asking for email confirmation by clicking the appropriate link IMO, that's easy, that's something people are used to do (when they register to other services), that's rare enough to get accepted.. And it works with each existing email client (where I can configure the keyserver). So, how does the PoW approach works in practice? How does this validate an email? What has the user to do? Does it work for each existing email client? IMO anything more complicated makes acceptance more problematic. E.g. using two servers (asking for validation at another server than the keyserver) is IMO for most people simply a show stopper. Even replying with a signed email IMO instead of clicking a link sounds more complicated to me. IMO, we should avoid any step that makes the scenario more complex than necessary (without a significant win). But as written, I didn't understand the PoW scenario yet. may be the effective interaction (based on the UIs of existing email clients) is not worse. Sorry that I am not an expert in this area. Nico -- Nicolai M. Josuttis www.josuttis.de mailto:n...@enigmail.net PGP fingerprint: CFEA 3B9F 9D8E B52D BD3F 7AF6 1C16 A70A F92D 28F5 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal of OpenPGP Email Validation
On 29.07.15 14:07, Neal H. Walfield wrote: At Wed, 29 Jul 2015 01:03:53 +0100, MFPA wrote: On Tuesday 28 July 2015 at 11:46:10 PM, in mid:87vbd3nbnx.wl-n...@walfield.org, Neal H. Walfield wrote: At Tue, 28 Jul 2015 19:22:29 +0100, MFPA wrote: It also eliminates any attempt to to establish a link between the key and the email address in the UID. I'm not so sure. Recall that we are not attempting to protect against attacks by nation states. As such, performing a week of computation each year is going to be too much to maintain for those who upload fake keys. And too much for people with multiple email addresses. It doesn't have to be per-email address. It is sufficient to attach it to the primary key. This allows me to have patr...@enigmail.net verified OK. Then I add a new UID mall...@evil.com and delete patr...@enigmail.net from the key. And then I upload my key to the keyservers network, and I'll end up where we are now. This still seems less rigorous to me than having to receive an email sent to that address and decrypt it with that key. I guess it's a case of swings and roundabouts. Well, I don't like the CA model and that's what Nico is basically proposing (with less rigorous checks). Another huge disadvantage is that user's have to actively participate by replying to emails / visiting a link. Using PoW, no human intervention is required and there is no central authority. PoW relies on the assumption that conducting an attack is too expensive to do / maintain. The whole point of this exercise is to verify that the key and the email address(es) belong _together_. I don't see how PoW could do this, or I didn't understand it well enough. -Patrick ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal of OpenPGP Email Validation
On Tue, 28 Jul 2015 20:46, 2014-667rhzu3dc-lists-gro...@riseup.net said: Unless at least some of the major email providers were to provide a means for these DNS entries to be added, any DNS-based approach has very limited potential. Right, but is the only solid way of doing it. The provider already have the infrastructure to maintain the mail account and thus the costs of adding a new data field a marginal. Of course one could setup a service to do this for example by appending foo.gnupg.net to the mail address before the lookup. However this introduces a lot of costs (user help desk), annoyance (the user need to register with that service), and centralization. A person cannot usually dictate which mail provider is used by the people with whom they exchange messages. Iff enough people are interested in confidential mail communication competition will force all providers to add this. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal of OpenPGP Email Validation
On Tue, 28 Jul 2015 19:57, 2014-667rhzu3dc-lists-gro...@riseup.net said: Couldn't human-readable data with a suitable field delimiter (such as generated by GnuPG's --with-colons option) be interpreted by a parser? OpenPGP allows to indicate whether a notation data item is human readable. Notation data generated by gpg are always flagged as human readable and there has up to now be no request to add a feature to add binary notation data - but it would be possible to do that. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal of OpenPGP Email Validation
b. The validation server does not need to manage a stack of keys awaiting feedback from the validation emails. indeed, that's an argument Hmm, but IMO we anyway need a state in validation servers to deal with different spam schemes (i.e. avoiding that any request to a v-server sends an email). -- Nicolai M. Josuttis www.josuttis.de mailto:n...@enigmail.net PGP fingerprint: CFEA 3B9F 9D8E B52D BD3F 7AF6 1C16 A70A F92D 28F5 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal of OpenPGP Email Validation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 07/29/2015 01:07 PM, n...@enigmail.net wrote: Hmmm, There should simply be no overhead in using OpenPGP in the ordinary case for the ordinary user. Any secure system needs proper operational security surrounding it, that require user awareness. So if security/privacy is a priority, there needs to be an overhead (it might even serve a purpose as it reminds the user about the the proper procedures to follow). Quick example; They can use OpenPGP all they want, doesn't help one bit if the private keys are stored on the computer, running a 10 year old version of Operating System XY with so many trojan horses working on copying the private key data that they are fighting over the resources on the computer. To paraphrase Schneier, security isn't a product it is a process. - -- - Kristian Fiskerstrand Blog: http://blog.sumptuouscapital.com Twitter: @krifisk - Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 - Action is the foundational key to all success (Pablo Picasso) -BEGIN PGP SIGNATURE- iQEcBAEBCgAGBQJVuLWrAAoJECULev7WN52FabcH/3NYi5yWdKNZgAmee/gFy6cB GNVYn1xxK/JI6X0/rJ58OfCbAvzxmDzpM6/FCZJ61uPFFi3UCchqkupaHKdOfkqj qVsPtavL3jeq4h/2ZXxajHiGFATGZyyO2GMQtB+TzXLwbFijErxrpE9vswBri+HH rrNRtxZM1rE7LpI0frGCS99wbcv8en0BVG6zafkKq2hA9JNDSzjnxCkqqNcRXDZL wWhCrdzobdaoxE+TPN8v7IXLdgPeLa4J9MwvT15RiS4lE07bmFuYgmtSWBWJGZQo ph8mBlii1myCedVe4oTzO5Uu2U3lO7fKi91dXz2/8GGU07TqEWTZLd7TLt6wCGA= =loYp -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal of OpenPGP Email Validation
On Wednesday 29 July 2015 07:42:34 n...@enigmail.net wrote: Am 29.07.2015 um 03:30 schrieb MFPA: Why not simplify the workflow:- 1. key reaches validation server. 2. for each UID containing an email address, validation server creates a copy of the key stripped of all other UIDs. 3. validation server signs that copy of the key. 4. validation server pastes the signed key into an email, encrypts the email to that key, and sends it to the email address in the UID. 5. user receives each email, decrypts it, and updates their local copy of their key. 6. user uploads key now bearing the validation server's signatures to a keyserver. There is still the same level of assurance that the email address and private key are controlled by the same entity. Advantages are:- c. Changes to the user's key are uploaded to the keyserver by the user, not by the validation server. Is this a real benefit? A possible benefit would be that the user can choose not to upload the validation signatures to the keyservers. With a minor change in step 1 (the key owner uploads his key to the validation server without uploading it to a keyserver) the UID validation would even work for keys which its owner does not want to upload to a public keyserver. Regards, Ingo signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal of OpenPGP Email Validation
On Wednesday 29 July 2015 01:48:54 MFPA wrote: On Tuesday 28 July 2015 at 8:17:28 PM, in mid:55b7d548.4020...@enigmail.net, n...@enigmail.net wrote: AFAIK, there are not THAT many faked keys, but the problem exists especially for key parties of our internet world (a famous German magazine, at least one GPG tool, ...). The problem is that the German magazine takes this as a show stopper (both personally and publicly). I really want to have them back on our road for more encryption with OpenPGP. And the publicity we get from not validating email addresses is really a big problem (especially as fixing that problems sounds so easy and obvious). Thus, without fixing this, IMO the whole OpenPGP movement has a reputation problem. I understand what you are saying. I cannot help but think they are making a mountain out of a molehill by characterising this minor irritation as a show stopper. Yes, he (not they!), the author of the article is doing exactly this. Putting something in place to counteract the issue is one approach. Would it not be an equally-valid approach to educate them as to why it is a non-issue, which they could then disseminate through their magazine? I think that the author of the article knows that it's mostly a non-issue. He still decided to write the article Forged PGP Keys in the Wild [1] and even an accompanying editorial titled Let PGP Die! [2]. I guess he simply got pissed because he received so many messages that were undecryptable with his real key. Luckily, there are also more sensible authors working for this magazine who write good articles about OpenPGP. I personally chose to ignore the stupid editorial. IMHO it does not deserve more attention than any other rant written by a random troll. OTOH, the article actually isn't that bad. It points out the issue with the missing validation of email addresses in UIDs making a bit of a fuss about it, but IIRC it also explains how to avoid falling into the trap of using a fake key. Regards, Ingo [1] http://www.heise.de/artikel-archiv/ct/2015/06/160_Die-Schluessel-Falle (German; needs to be bought) [2] https://www.heise.de/artikel-archiv/ct/2015/06/3_Editorial (German; free) signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal of OpenPGP Email Validation
Hmmm, first i talked to him/them a couple of times personally (there are multiple editors at that magazine) about the issue in detail and tried to convince them following the WoT without success. Note that they just behave as ordinary users, having not much time to deal with the problems of OpenPGP. They get hundreds of emails per day and each email they can't read is a significant problem because the 2 seconds they have for reading emails turn out to become minutes. There should simply be no overhead in using OpenPGP in the ordinary case for the ordinary user. And I agree with that. Usability is key for a broad acceptance. I don't want to have the same problem. And other tools also don't want to have it anymore (e.g. the GPGTools.org guys have the same problem). I see no reason NOT to solve this problem, but I see many reasons to solve it. Just saying deal with it simply means that we place unneccesary burden on OpenPGP users. IMO, that's a really bad approach. Am 29.07.2015 um 12:38 schrieb Ingo Klöcker: On Wednesday 29 July 2015 01:48:54 MFPA wrote: On Tuesday 28 July 2015 at 8:17:28 PM, in mid:55b7d548.4020...@enigmail.net, n...@enigmail.net wrote: AFAIK, there are not THAT many faked keys, but the problem exists especially for key parties of our internet world (a famous German magazine, at least one GPG tool, ...). The problem is that the German magazine takes this as a show stopper (both personally and publicly). I really want to have them back on our road for more encryption with OpenPGP. And the publicity we get from not validating email addresses is really a big problem (especially as fixing that problems sounds so easy and obvious). Thus, without fixing this, IMO the whole OpenPGP movement has a reputation problem. I understand what you are saying. I cannot help but think they are making a mountain out of a molehill by characterising this minor irritation as a show stopper. Yes, he (not they!), the author of the article is doing exactly this. Putting something in place to counteract the issue is one approach. Would it not be an equally-valid approach to educate them as to why it is a non-issue, which they could then disseminate through their magazine? I think that the author of the article knows that it's mostly a non-issue. He still decided to write the article Forged PGP Keys in the Wild [1] and even an accompanying editorial titled Let PGP Die! [2]. I guess he simply got pissed because he received so many messages that were undecryptable with his real key. Luckily, there are also more sensible authors working for this magazine who write good articles about OpenPGP. I personally chose to ignore the stupid editorial. IMHO it does not deserve more attention than any other rant written by a random troll. OTOH, the article actually isn't that bad. It points out the issue with the missing validation of email addresses in UIDs making a bit of a fuss about it, but IIRC it also explains how to avoid falling into the trap of using a fake key. Regards, Ingo [1] http://www.heise.de/artikel-archiv/ct/2015/06/160_Die-Schluessel-Falle (German; needs to be bought) [2] https://www.heise.de/artikel-archiv/ct/2015/06/3_Editorial (German; free) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users -- Nicolai M. Josuttis www.josuttis.de mailto:n...@enigmail.net PGP fingerprint: CFEA 3B9F 9D8E B52D BD3F 7AF6 1C16 A70A F92D 28F5 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal of OpenPGP Email Validation
At Wed, 29 Jul 2015 02:30:47 +0100, MFPA wrote: On Monday 27 July 2015 at 1:15:57 PM, in mid:874mkpokxu.wl-n...@walfield.org, Neal H. Walfield wrote: Regarding the design: personally, I wouldn't have the user follow a link that includes a swiss number, but have the user reply to the mail, include the swiss number and sign it. Why not simplify the workflow:- 1. key reaches validation server. 2. for each UID containing an email address, validation server creates a copy of the key stripped of all other UIDs. 3. validation server signs that copy of the key. 4. validation server pastes the signed key into an email, encrypts the email to that key, and sends it to the email address in the UID. 5. user receives each email, decrypts it, and updates their local copy of their key. 6. user uploads key now bearing the validation server's signatures to a keyserver. There is still the same level of assurance that the email address and private key are controlled by the same entity. Advantages are:- a. Nobody is asked to click links or reply to emails. b. The validation server does not need to manage a stack of keys awaiting feedback from the validation emails. c. Changes to the user's key are uploaded to the keyserver by the user, not by the validation server. Personally, I think c is the killer in this plan: people aren't going to bother to upload it (assuming they even get that far)! Neal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal of OpenPGP Email Validation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Wednesday 29 July 2015 at 11:05:13 AM, in mid:1713361.r4rmyyg...@collossus.ingo-kloecker.de, Ingo Klöcker wrote: A possible benefit would be that the user can choose not to upload the validation signatures to the keyservers. With a minor change in step 1 (the key owner uploads his key to the validation server without uploading it to a keyserver) the UID validation would even work for keys which its owner does not want to upload to a public keyserver. That would be good: mail clients that applied a rule to only use validated keys would otherwise deny service when emailing somebody who is trying to keep their key off the keyservers. - -- Best regards MFPA mailto:2014-667rhzu3dc-lists-gro...@riseup.net If at first you don't succeed, destroy all evidence that you tried. -BEGIN PGP SIGNATURE- iQF8BAEBCgBmBQJVuMoGXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2 QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwMtoH/iPmxI7H2eaewn8kqa5fzmTE X/zvQ2HpSwEuh7EU6o18pTZungVVpHQ03vMYAWtvGhUNw771IJT8t1KGGMBDavlg sMFTmYDn4vuJIGwr0n3hxyHfEjY81qe4TM9cQ41DxRCDcRT+pd0vkpiKrQdcEizc DDdZB8PtM+UQnIfQIg7Av8OSC/JaDKqZlxgctqiHyGx1fvMPhFNwWQblgnr3Oxnc CEBd2/vdFaVSpHTxnVuhbfFXNc0oRNdf7o894vvchpNMcjSmxXYXxmlugxdSK4v5 2az5KAMdZ8GKR4K0FsnIXxiEoJ/E2Slu7TTcmqAiRxYxAAFzmrLSZ7BvT1tphxiI vgQBFgoAZgUCVbjKKV8UgAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45J0PAP9UraHwesfTkIc0jUqOVuJpqfBD MdnlNiMthNBz4NXwOQEA6YyB96i/U+YpEMPogOtKfR1ohBg7/nh00ZjMSpi27QE= =I0b9 -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal of OpenPGP Email Validation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Wednesday 29 July 2015 at 6:42:34 AM, in mid:55b867ca.9090...@enigmail.net, n...@enigmail.net wrote: Interesting. What comes into my mind is the following: - This requires special email clients. How would this require a special email client? OpenPGP-aware email clients I have used have a simple way to save a key from a message to the keyring by clicking a button or selecting a menu option. And if the user's email client is not OpenPGP-aware, or they use webmail, there is always copy and paste. The benefit of the proposed workflow is that any existing client can use it just by switching its keyserver to the validating keyserver proxy. I only suggested simplification of the workflow for actually validating/signing the keys. The user can still just switch their keyserver of choice to the validating proxy. How to deal with existing keys? Well probably the same (upload a key for the first time and uploading it for updates would run the saem workflow), right? Yes. And for automatic re-validations, before my step 1 (key reaches validation server) the proxy server would consult its list of which keys it signed when and fetch them for revalidation. There is still the same level of assurance that the email address and private key are controlled by the same entity. Advantages are:- a. Nobody is asked to click links or reply to emails. Hmm, isn't step 5 is kind of that? No. Step 5 is that the user receives an encrypted email to each relevant email address containing a copy of their key with the additional signature on just that UID, much as they might receive from other attendees at a keysigning. If they wish, the user saves the updated key to their keyring. And, again if they wish, the user uploads their updated key to a keyserver. In any case some confirmation email handling is required. For each UID, the copy of the key containing a validation signature over only that UID would be sent in an encrypted email to the email address in that UID. Receipt of the email containing the signed key confirms the ability to receive messages sent to that email address. And decryption of that email confirms access to the private key. What else do you need to confirm? c. Changes to the user's key are uploaded to the keyserver by theuser, not by the validation server. Is this a real benefit? It's the user's key. Denying them the choice by uploading your changes directly to keyservers is pretty arrogant. Maybe you could have the validating proxy upload the changes itself in the event the the key you are validating does not have the keyserver no-modify flag set? - -- Best regards MFPA mailto:2014-667rhzu3dc-lists-gro...@riseup.net Think for yourself. Otherwise you have to believe what other people tell you. -BEGIN PGP SIGNATURE- iQF8BAEBCgBmBQJVuMZGXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2 QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXweqgH/Aq5kO8qt0dJLy0J7W73I8k2 TXjCir9yvYvlqIliJpoYRbV5TC4N/k0xI6d+kx/J825V81xjpi6wgtLHXpF3tii4 rGdEniBgzJmoZvSNVVUhbzgy/Nd7RdMAL/ZF0PVfGsG0fg0MRSonikG1AUVxk9S8 JOXNfq5suDhx3hIA0W5qL0ecWSWRfbwFmUXcO9C59oTd90Do1Noz7LAAizzeNOgT ZeM7wuGlOicqqRGVKppxJ64LlRlkRc/WHkbZlubDw3iR4d3iqwAMam+/tI1vDvDg 9YHu7M91FHqPPIKFd8cCVbcFBdnBctucYVvC07KnCKOeqPBmCE+EnHoxwRm22reI vgQBFgoAZgUCVbjGcF8UgAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45J7bAP0dlJftV38bRaG70yc2g0ZMOUCv hMpVCeNAbfYKXoQmwwEA/TzLo6o28HFJ3pjaQ/ZGr8x0sR4RzBsMJ9JwUWw+4AE= =5N4q -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal of OpenPGP Email Validation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Wednesday 29 July 2015 at 1:09:54 PM, in mid:87lhdzmagd.wl-n...@walfield.org, Neal H. Walfield wrote: Personally, I think c is the killer in this plan: people aren't going to bother to upload it (assuming they even get that far)! They have gone to the effort of sending it to the validation server to obtain the validation signature. It is up to them whether they publish it to a server, publicise it in some other way, send it to their contacts directly, or just do nothing. - -- Best regards MFPA mailto:2014-667rhzu3dc-lists-gro...@riseup.net Volvo, Video, Velcro. (I came, I saw, I stuck around.) -BEGIN PGP SIGNATURE- iQF8BAEBCgBmBQJVuM+0XxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2 QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwO04H/1FPkm+NLuMKhSSPW3hWfGQj FCYNxrbPcV+NICLD9pnvU4sQBYK14sJ2n6gSzgQZA58x+IiV9tI/xtCDIPMiR9L9 AAfk+Ru2zbfABGALH5E/9Wem8bIc47hCQNfTjp2R3qemCev2IZ2/FhxVA6qGtLS5 OKh3sM2QmrYtSIpElsMnaYYcGmFsIEzBZo89DBksWJlwQkljGsXHzFAN2zOQc8Lo N7sBIxujPOXZFgt3y9RZQjS3WhDWSsV3QLEcCn1q7N7lKVcLGn9HtP2P4iRk6S1J ZKK9wbY6VN2btNx/4taa4xBgjAwCJC+j/XizMXWHR1E05GwWHGQSl52b8tcNb/iI vgQBFgoAZgUCVbjPwV8UgAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45C1VAP931XFbBRTuo5uUqo8vEqh02VNJ XnNNsXgTLkpkYgPNcAD/eFS0Rh9qzWF+Nb8GQEgeKITsjmvF+eHbnyuPQXqPDgQ= =C5qa -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal of OpenPGP Email Validation
At Wed, 29 Jul 2015 15:14:07 +0200, Ingo Klöcker wrote: If you replace validation server with keysigning party participant then you get one of the ways participants of keysigning parties get their signatures to the key owners. So, it's already done and people do upload their signed keys. I don't see why people should behave differently for validation servers. Key signing parties are a surprisingly good example that demonstrate my point. Key signing parties are a bizarre geek ritual. Most people don't do it. And, I think, most people won't use the validation servers. Neal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal of OpenPGP Email Validation
At Wed, 29 Jul 2015 01:03:53 +0100, MFPA wrote: On Tuesday 28 July 2015 at 11:46:10 PM, in mid:87vbd3nbnx.wl-n...@walfield.org, Neal H. Walfield wrote: At Tue, 28 Jul 2015 19:22:29 +0100, MFPA wrote: It also eliminates any attempt to to establish a link between the key and the email address in the UID. I'm not so sure. Recall that we are not attempting to protect against attacks by nation states. As such, performing a week of computation each year is going to be too much to maintain for those who upload fake keys. And too much for people with multiple email addresses. It doesn't have to be per-email address. It is sufficient to attach it to the primary key. This still seems less rigorous to me than having to receive an email sent to that address and decrypt it with that key. I guess it's a case of swings and roundabouts. Well, I don't like the CA model and that's what Nico is basically proposing (with less rigorous checks). Another huge disadvantage is that user's have to actively participate by replying to emails / visiting a link. Using PoW, no human intervention is required and there is no central authority. PoW relies on the assumption that conducting an attack is too expensive to do / maintain. :) Neal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal of OpenPGP Email Validation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 07/29/2015 02:41 PM, MFPA wrote: Hi On Wednesday 29 July 2015 at 11:05:13 AM, in mid:1713361.r4rmyyg...@collossus.ingo-kloecker.de, Ingo Klöcker wrote: A possible benefit would be that the user can choose not to upload the validation signatures to the keyservers. With a minor change in step 1 (the key owner uploads his key to the validation server without uploading it to a keyserver) the UID validation would even work for keys which its owner does not want to upload to a public keyserver. That would be good: mail clients that applied a rule to only use validated keys would otherwise deny service when emailing somebody who is trying to keep their key off the keyservers. Are they really the target group for this proposal? Keep in mind this would be in addition to the regular WoT model, so there is no DoS based on that, per se (obviously you should never encrypt data to a key that isn't verified on some level, even if just a heuristic analysis based on public data and a local non-exportable signature). If the key isn't on keyserver it defeats some of the purpose of this being an easy to use for senders (while still providing _some_ level of security). - -- - Kristian Fiskerstrand Blog: http://blog.sumptuouscapital.com Twitter: @krifisk - Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 - A committee is a group that keeps minutes and loses hours. (Milton Berle) -BEGIN PGP SIGNATURE- iQEcBAEBCgAGBQJVuMtjAAoJECULev7WN52F0C8H/1LMy2GnsLr6WRAcPj9jMAvS IwpL+oe5cTdTtpdIcs7s5PhRXwQsbmGdlVaPllsbFn4mAOJ2x7eD7fe/hIHkIPGX +ocZk6h9GlgK6wadNp5mbJ9egxYVVnV84+64S07GAx6IQ9NpOOa+BEa4VDL0UcI/ uLx1LO/9Fkj/gg5IM9YrM3ToLhcotMfen/wQE5dAQ5Zcb2BcDWAGw9mCTzs+a4LY 06w0Q5cRuQDUTcrmrGs5Y23BIRjtijPqEvamWhGynokeR1dmG1axbBAWgRzZAsQl XPoDYLaldAXqPPqLUoNN/IBtJ+7c8MUVlkYTccIzTkYnsqFfGZimEo1mx1DmiNQ= =0Gtq -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal of OpenPGP Email Validation
On Wednesday 29 July 2015 14:09:54 Neal H. Walfield wrote: At Wed, 29 Jul 2015 02:30:47 +0100, MFPA wrote: On Monday 27 July 2015 at 1:15:57 PM, in mid:874mkpokxu.wl-n...@walfield.org, Neal H. Walfield wrote: Regarding the design: personally, I wouldn't have the user follow a link that includes a swiss number, but have the user reply to the mail, include the swiss number and sign it. Why not simplify the workflow:- 1. key reaches validation server. 2. for each UID containing an email address, validation server creates a copy of the key stripped of all other UIDs. 3. validation server signs that copy of the key. 4. validation server pastes the signed key into an email, encrypts the email to that key, and sends it to the email address in the UID. 5. user receives each email, decrypts it, and updates their local copy of their key. 6. user uploads key now bearing the validation server's signatures to a keyserver. There is still the same level of assurance that the email address and private key are controlled by the same entity. Advantages are:- a. Nobody is asked to click links or reply to emails. b. The validation server does not need to manage a stack of keys awaiting feedback from the validation emails. c. Changes to the user's key are uploaded to the keyserver by the user, not by the validation server. Personally, I think c is the killer in this plan: people aren't going to bother to upload it (assuming they even get that far)! If you replace validation server with keysigning party participant then you get one of the ways participants of keysigning parties get their signatures to the key owners. So, it's already done and people do upload their signed keys. I don't see why people should behave differently for validation servers. Regards, Ingo signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal of OpenPGP Email Validation
At Wed, 29 Jul 2015 14:05:49 +0100, MFPA wrote: On Wednesday 29 July 2015 at 1:09:54 PM, in mid:87lhdzmagd.wl-n...@walfield.org, Neal H. Walfield wrote: Personally, I think c is the killer in this plan: people aren't going to bother to upload it (assuming they even get that far)! They have gone to the effort of sending it to the validation server to obtain the validation signature. It is up to them whether they publish it to a server, publicise it in some other way, send it to their contacts directly, or just do nothing. I suspect that 95% of users won't bother. This would defeat the entire scheme, which requires widespread buy in to be successful. Neal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal of OpenPGP Email Validation
[Please do not CC me. I am subscribed.] On Wednesday 29 July 2015 13:07:20 n...@enigmail.net wrote: I see no reason NOT to solve this problem, but I see many reasons to solve it. Just saying deal with it simply means that we place unneccesary burden on OpenPGP users. IMO, that's a really bad approach. Sure. All I'm saying is that introducing a second centralized CA PKI does not strike me as a good solution. Actually, I think this is more of an educational or a social problem than it is a technical problem. The problem you have to solve is that people blindly trust the UIDs. You cannot counter people's ignorance about how OpenPGP and the WoT works with technical means. Regards, Ingo signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal of OpenPGP Email Validation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Wednesday 29 July 2015 at 1:47:35 PM, in mid:55b8cb67@sumptuouscapital.com, Kristian Fiskerstrand wrote: On 07/29/2015 02:41 PM, MFPA wrote: That would be good: mail clients that applied a rule to only use validated keys would otherwise deny service when emailing somebody who is trying to keep their key off the keyservers. Are they really the target group for this proposal? The target group for an email address validation certificate on my key would be people who wanted to email me. - -- Best regards MFPA mailto:2014-667rhzu3dc-lists-gro...@riseup.net Humility is no substitute for a good personality. -BEGIN PGP SIGNATURE- iQF8BAEBCgBmBQJVuNz9XxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2 QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwTTkH/joN2TCMNlj/JrXyZnaHelQH Hr2Of7WCADGMhkWNbcRmR7IjJXGvsZurSPtTVQL2i6LLvLnrPd+3Xr8eOyyIynLX WTX05ecxGl5RLcSlZsO6ocCRySFBSb0RNlkdoDloWex8slpe1ShVfg4zprn5/XeE SmBxuyQ2QDvPvplVuQrJ5oemB1U4mLhJWvlZLDqW1QJSr2ASCmu5nFNcjYlbvGKV 2LPvL0uga4HbNwCB45yFkpVADdQm7QSW5ndqgg3rfZmVe621I+r40L+kjjB6ACQP X+kQhQ0MSVW8OKZfel+Yu5pRSKtzYDcKVS3NU71sKxqbofgRzRbMv90ZW/+s/AGI vgQBFgoAZgUCVbjdAl8UgAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45GdwAQCNcHKFzUus0OvHZKoIA+JGIUhT D85F88TRBFViq2VYigEA77mLohKUDTNLLOIFxGYq/FxAmqpZbEwoJeiFRvwdlQo= =HtQo -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal of OpenPGP Email Validation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Wednesday 29 July 2015 at 1:07:21 PM, in mid:87twsnmakm.wl-n...@walfield.org, Neal H. Walfield wrote: It doesn't have to be per-email address. It is sufficient to attach it to the primary key. Fair enough if it is just to signify the key is in current usage. But I think it does have to be per-email address if the point is to address the same issue as Nico's scheme. The key announcements in Mike Ingle's Confidant Mail include a Proof of Work, and I think they are done every few days. If you stop using the key, it stops being announced and over time disappears from the DHT. But the keys there do not have multiple addresses. (They don't really even *need* an address, the fingerprint will suffice.) https://confidantmail.org/download/spec.pdf Well, I don't like the CA model and that's what Nico is basically proposing (with less rigorous checks). Another huge disadvantage is that user's have to actively participate by replying to emails / visiting a link. Yes, PoW has none of that. If you went for a per-UID PoW and a common validation signature notation with Nico's scheme (type: ProofOfWork instead of enc-email), the schemes could operate together as compatible alternatives. - -- Best regards MFPA mailto:2014-667rhzu3dc-lists-gro...@riseup.net Working hard. Please interrupt at once. -BEGIN PGP SIGNATURE- iQF8BAEBCgBmBQJVuNf/XxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2 QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwcdAIAJ5TDVjiz2DdRDW9Iq8k9B2q cBlSqWRrje2thrwhWHM4GsN4rJsst3aBGOpaZLLWwo0KK9BP88B68ahej38+OHb1 l+OU55OVlmQ87/Op5vsmKlr9yuXM/uYrYJO1mCOzr4KGoq2eptfcIBH7ZakcZDQq GVZHN8AZRPfa1Gm5l90IqRMrkSkY/D9boWhjKhIAlHWdRLV92V8TdGex1Mg7bTOD BboAnUkWi0uYbHy8ISrYxTOrM+wou0TV7eOdTrTrVtkV9cth+hai/XARNvdmfBrj BJZKvLByGd1Hp+bUUYDz95U/oCcRieZEoLOEDlhqbWzMLiomUUUKretDz3scz++I vgQBFgoAZgUCVbjYBl8UgAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45AJZAP9104lD12MmcWKsxQug4R86eekA VQMFRSAMAK6dsyElhwD7B2IyijCYyv8SZqZrMXiinXKU8RBh+ZPfhP4F1tBIhwc= =wVtr -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal of OpenPGP Email Validation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Wednesday 29 July 2015 at 12:07:20 PM, in mid:55b8b3e8.9080...@enigmail.net, n...@enigmail.net wrote: They get hundreds of emails per day and each email they can't read is a significant problem because the 2 seconds they have for reading emails turn out to become minutes. I would expect each time they got no secret key they would spend a couple of seconds to fire back an email of boilerplate text saying they couldn't decrypt and containing the correct key. There should simply be no overhead in using OpenPGP in the ordinary case for the ordinary user. Any security measure has overhead. It takes longer to open a door if you have to unlock it first, and then there's the overhead of having to look after a key or remember an access code. (-: I see no reason NOT to solve this problem, but I see many reasons to solve it. I was just questioning whether it is really a problem. If it is, and the effort to solve it is less than the effort to just deal with it, then it should be solved. - -- Best regards MFPA mailto:2014-667rhzu3dc-lists-gro...@riseup.net Experience is the name everyone gives to their mistakes -BEGIN PGP SIGNATURE- iQF8BAEBCgBmBQJVuNhPXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2 QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwJPMH/iFT5dzzuD7elMJXPnDEzvQY QSmbFnB9iKtw4FdM0Hi/Hk1VlY0iSzzxipIEAZD2Tx9L8gKwv/PJTNm5hFk5ajrq ObGl3h5c/z+ZdXWm0sBVbKYOv641wyNpK6TtecCPtHU88OeApyFrAq39xc3GqvHD MCm5GSDluT9mw5/0EaNsOgqCaMsUbhcdpQbic39tvXsEsWm57LyqJ2PuxsvFheo8 N2txlfpJV22nIiSzMtvNKYc67utyGsihcwXK0hg3p11bIKZWKoDCzlMNNAhofZER HNefknmxJaXrqNYvwXp10dGNDl1kQXVZWRy6pJvJgqErXEgIoItBCMiay3mMVmuI vgQBFgoAZgUCVbjYT18UgAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45ErmAQCH0BlkGuDeV6mSKThVPkc1Q6EL QuK5956kri9B5/LJDgD/QJV28U42WN0Q8hK/g+p5Pao0pAXPm8b+Fu79/qAThwU= =KJDo -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal of OpenPGP Email Validation
On Wed, 29 Jul 2015 12:38, kloec...@kde.org said: I personally chose to ignore the stupid editorial. IMHO it does not deserve more attention than any other rant written by a random troll. OTOH, the The publication came to a surprise to me given that we had a mail Q+A in the week before to explain what keyservers are and what they are not. I later heard rumors that he was working on that article for a year. I spent some time to rebute it (in German): http://rem.eifzilla.de/archives/2015/02/24/re-die-schlssel-falle Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal of OpenPGP Email Validation
Hi, Did you consider user a proof-of-work scheme? For instance, the user does a 1 week PoW, signs the result and attackes it to the key. These would be refreshed about once a year. This eliminates the verification servers and the problems associated with them (namely, people need to trust them and there can't be too many of them). It also increases usability: there are no emails. This can be done completely by, say, gpg-agent in the background. gpg (or the email clients) don't need to know about special verification keys / signatures. They just check the proof of work and sort the returned keys appropriately. Neal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal of OpenPGP Email Validation
On Mon, 27 Jul 2015 19:54, kristian.fiskerstr...@sumptuouscapital.com said: The way I read this proposal isn't about keyservers per se, but the individual validation servers publishing a chained list (like a Right. I assume that these validation servers still work like the the regualr keyservers and sync between them. The question about the implementaion language of SKS indated to me that the validation servers are based on that protocol and would thus also use the Gossip protocol. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal of OpenPGP Email Validation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Tuesday 28 July 2015 at 9:06:03 PM, in mid:55b7e0ab.9020...@hammernoch.net, Ludwig Hügelschäfer wrote: Let's concentrate on this one, I think this is the real tough task: establishing a trust chain from the validating servers to the client. There's one root certificate, signing the individual proxy certificates. Sounds a lot like the discredited trusted CA system, used for TLS and S/MIME? - -- Best regards MFPA mailto:2014-667rhzu3dc-lists-gro...@riseup.net A woman's mind is cleaner than a man's: She changes it more often. -BEGIN PGP SIGNATURE- iQF8BAEBCgBmBQJVuBnhXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2 QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwposH/15Ka7DXO5nFHdiCvIA9HQLi majWzM4taIWwNpKNrFYHDEBl2WuYrPzIeqI+hZQEdgHWKmGUeDUyRp+iOzRG9O0c 4ZtpY0DNdoeMH2MiZbstfgtrRTblI7jw1K5x0hhFA9m2y3HnAWpy/s9NMeMy8NBh /dTE5Qdad1cvmfHvkBobvlh4USuaeLs2JksZyGKN3blXR2u4y0Lbv4D9qVt0n87J S8LXfntcV2azmOKTV8b1vvpu5gG0BwRLQ31xBLB9yRl4Ooqnyprdpx9h7FfM8gHM FGiQ95zQ2xQw9/HPKAApq64H1+Ds0FvN51eh+C0ey0vJFxR1Y7qC4OWdh6ENxSGI vgQBFgoAZgUCVbgZ4V8UgAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45JcCAQCI9iT1YcoTxx+iC2GWv6wBtlwv cBcGakM8/EgYQu7LzgD/Upx5INuwxkkJEvZFdurXAJLjOfPXeza95OgFcgbOFAk= =qOTP -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal of OpenPGP Email Validation
At Tue, 28 Jul 2015 19:22:29 +0100, MFPA wrote: On Tuesday 28 July 2015 at 8:22:23 AM, in mid:87y4i0n3v4.wl-n...@walfield.org, Neal H. Walfield wrote: Did you consider user a proof-of-work scheme? For instance, the user does a 1 week PoW, signs the result and attackes it to the key. These would be refreshed about once a year. Would this one-week PoW pause when the user shuts down and continue when they boot it up? There are plenty of email users who do not leave their computer running all the time. Of course. A simple proof of work scheme is to find a hash that starts with X zeros. This requires 2^X steps. In our case, the prefix of the text would be the primary public key. This eliminates the verification servers and the problems associated with them (namely, people need to trust them and there can't be too many of them). It also eliminates any attempt to to establish a link between the key and the email address in the UID. I'm not so sure. Recall that we are not attempting to protect against attacks by nation states. As such, performing a week of computation each year is going to be too much to maintain for those who upload fake keys. Moreover, this will automatically purge old keys (or at least rank them very low in search results). In other words, only people who actually use a given key will bother performing the work. gpg (or the email clients) don't need to know about special verification keys / signatures. They just check the proof of work and sort the returned keys appropriately. Instead of one special signature notation type, we have another that will be much larger? What do you mean? A PoW is just a few dozen bytes large... Neal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal of OpenPGP Email Validation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Tuesday 28 July 2015 at 8:17:28 PM, in mid:55b7d548.4020...@enigmail.net, n...@enigmail.net wrote: AFAIK, there are not THAT many faked keys, but the problem exists especially for key parties of our internet world (a famous German magazine, at least one GPG tool, ...). The problem is that the German magazine takes this as a show stopper (both personally and publicly). I really want to have them back on our road for more encryption with OpenPGP. And the publicity we get from not validating email addresses is really a big problem (especially as fixing that problems sounds so easy and obvious). Thus, without fixing this, IMO the whole OpenPGP movement has a reputation problem. I understand what you are saying. I cannot help but think they are making a mountain out of a molehill by characterising this minor irritation as a show stopper. Putting something in place to counteract the issue is one approach. Would it not be an equally-valid approach to educate them as to why it is a non-issue, which they could then disseminate through their magazine? Today, people with faked keys simply get unreadable emails, but don't know whether there were trolls or spies at work. They can, however, search on keyservers for the key to which the message was encrypted. Or ask the sender where they got it and to forward a copy for inspection. After validating their own key, only one of two things can happen: [snipped] either the problem is solved or we know that the problem is more severe than just a work of trolls only uploading a faked key for fun. Fair enough. But if G claims that an email address was validated although it was not, they express this as a public signature visible to the whole world. If they do that, people can/will find out and blame G. But that's something G clearly wants to avoid (they need trust by their customers). Thus, they have much more interest not to signal validation of a faked key because any violation here is easy to detect. The provider could claim the user's password must have been compromised and that was how the validation occurred without the user's knowledge. They could even make the user jump through password reset and security question hoops the next time they log in. Anyway, after ten minutes public attention will switch to something else. - -- Best regards MFPA mailto:2014-667rhzu3dc-lists-gro...@riseup.net Adults are obsolete children. -BEGIN PGP SIGNATURE- iQF8BAEBCgBmBQJVuCMBXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2 QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwxpYH/jjZIF0ue4m1F8WJSdNt3fcG WGrdQT5rpOG8hUUcCPA36NTeKA9zWrREgFgZX2lRIPOwCTzaHzlw3SRNc42yOS2/ ayviJbN714zrl0tT6zhYlb3T4lQo0mX8S8G4EkzUECt9DPYZOsv6YPxv+WcNMDGa YwAsEvXQHD4uXe2bmvO2zIjNsehYBnISPKv4dr9XHMjxOVUTSPmmBsRkYnrVP6mN MEXf9VQJUtybnrWUlhE3WqAX1zBdTMwfm1PlpWNUTMPTtluoW7qabEI5kGMuPRsj AygSJvUqUzs5wlg2jVhvUfAK4eeNBnua+U0duvIsfP4xeeYWN1r1uzjC7m+y6xyI vgQBFgoAZgUCVbgjB18UgAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45J18AQCVilysc7qVQt09cSq0/nxPAq+j Y4OGfgsiB1itI5jVFgEA95f3usAyVwOh3xKv4KJpXZqBjHxKD/B18U+TDmTitwU= =dOC/ -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal of OpenPGP Email Validation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Tuesday 28 July 2015 at 11:46:10 PM, in mid:87vbd3nbnx.wl-n...@walfield.org, Neal H. Walfield wrote: At Tue, 28 Jul 2015 19:22:29 +0100, MFPA wrote: It also eliminates any attempt to to establish a link between the key and the email address in the UID. I'm not so sure. Recall that we are not attempting to protect against attacks by nation states. As such, performing a week of computation each year is going to be too much to maintain for those who upload fake keys. And too much for people with multiple email addresses. Moreover, this will automatically purge old keys (or at least rank them very low in search results). In other words, only people who actually use a given key will bother performing the work. If the search results were returned in order of PoW date, newest first, that would be great. Are they currently sorted at all, or simply returned in the order in which they are found? This still seems less rigorous to me than having to receive an email sent to that address and decrypt it with that key. I guess it's a case of swings and roundabouts. - -- Best regards MFPA mailto:2014-667rhzu3dc-lists-gro...@riseup.net There is no snooze button for a cat that wants breakfast -BEGIN PGP SIGNATURE- iQF8BAEBCgBmBQJVuBh1XxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2 QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXw31EH/2pRMlByL/KlNaIWBL7HYmUV thLGzhoiTjMCM3aWpGEsRtCXGiUbykPl16dL8A7siSHH6kSIklOpYUviRSp09M6o GhRRGQcqQ/1xWcQRdb64q6QHHCCQSHDWUk1o1uiGG0BUmKf7lhB25LifCVCLNZ4L 1tYAZJdylNrwTAYRZlZqesirhJi0f9r40dmMR87wye4eInQBLkqeB++BmAqM6V00 KzdmRf7acR9pD3Hz0lyHkFGRqm3PY5lIRqad3XhsQ7Ln5BQyVNrsnN//7/lUXFPD NKQmWXlF+MKl3t7s5BSkt0yLtJCujrzh6AdUZoyYjITCuF7TiS0G4076LxW3POWI vgQBFgoAZgUCVbgYe18UgAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45G4sAP9whBfAE5Vg0aO3J9u1vIxTOJr0 d6PmgM2WntglbHyLGQEA00g7R8WvHgZIuaYrqZm/ndRW8C7RZNguQvyDFbxa4Qc= =ogbj -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal of OpenPGP Email Validation
On Monday 27 July 2015 20:19:07 n...@enigmail.net wrote: Am 27.07.2015 um 16:31 schrieb Ingo Klöcker: This whole concept of a whitelist of trusted validation servers included in the email clients sounds a lot like the CA certificate bundles included in browsers and/or OSes. Who is going to maintain this whitelist? The email client developers? The OS manufactures? Who is going to certify trusted validation servers, i.e. who is going to tell benign validation servers apart from malignant validation servers? I agree that this is a key issue/problem of the approach. And indeed, I suggest to initially or by default give some trust to some signatures. Note that I propose different things, though: 1) A standard format for such validations. This simply would help to be able to deal with any validation approach. 2) A way to establish such validations by using a validating key server proxy. 3) A whitelist. I am happy to only have 1) and 2) and to teach people to trust e.g. specific servers (and to mistrust others). I only want to have a way to manage email validations (a common technique where everybody wonders why this is not supported). This is the best I could come up with after discussing this with several people. And so far it would be a lot more than we have now. It it might fix a problem which otherwise is a show stopper. If this is not appropriate, what do YOU propose instead for email validation? So many processes in this world are today based on email validation. Do you think that in general email validation is not the right approach or do you propose something different? I'm not against your proposal per se. In fact, I'm probably one of the few people who actually think that the email validation done by PGP.com has some value. Consequently, I am also seeing the value in your proposal. I'm just having reservations with regard to the whitelists. See my reply to Ludwig's reply. Regards, Ingo signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal of OpenPGP Email Validation
On 28.07.15 16:46, Ingo Klöcker wrote: On Monday 27 July 2015 21:05:26 Ludwig Hügelschäfer wrote: Hi Ingo, On 27.07.15 16:31, Ingo Klöcker wrote: This whole concept of a whitelist of trusted validation servers included in the email clients sounds a lot like the CA certificate bundles included in browsers and/or OSes. Who is going to maintain this whitelist? Whilelists: The OpenPGP-aware clients. There aren't so many of them, so that's manageable. Speaking for KMail how can I be sure that somebody who claims that his validation server can be trusted can actually be trusted and should therefore be added to the whitelist? KDE avoids this problem for the CA certificate bundle by relying on the certificate bundles provided by the Linux distributors or by Mozilla. Let's face it: KDE doesn't /avoid/ this problem. It just shifts the problem to someone else -- the Linux distributors or Mozilla ;) -Patrick ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal of OpenPGP Email Validation
On Tuesday 28 July 2015 09:22:23 Neal H. Walfield wrote: Hi, Did you consider user a proof-of-work scheme? For instance, the user does a 1 week PoW, signs the result and attackes it to the key. These would be refreshed about once a year. Which problem do you propose to address with such a scheme? I can see the zombie key issue being addressed by this, but this issue can as easily be addressed by 1-year-key-expiration (where the PoW consists of extending the expiration date). I don't see how a PoW scheme addresses the fake key issue. Someone who is motivated enough to create a fake key will most likely also be motivated enough to add a PoW (at least, for the first year). Regards, Ingo signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal of OpenPGP Email Validation
On Monday 27 July 2015 21:05:26 Ludwig Hügelschäfer wrote: Hi Ingo, On 27.07.15 16:31, Ingo Klöcker wrote: This whole concept of a whitelist of trusted validation servers included in the email clients sounds a lot like the CA certificate bundles included in browsers and/or OSes. Who is going to maintain this whitelist? Whilelists: The OpenPGP-aware clients. There aren't so many of them, so that's manageable. Speaking for KMail how can I be sure that somebody who claims that his validation server can be trusted can actually be trusted and should therefore be added to the whitelist? KDE avoids this problem for the CA certificate bundle by relying on the certificate bundles provided by the Linux distributors or by Mozilla. The email client developers? The OS manufactures? Who is going to certify trusted validation servers, i.e. who is going to tell benign validation servers apart from malignant validation servers? There is a community providing keyservers (such as pool.sks-keyservers.net). My impression is that this network is well maintained and has worked reliably the last years. Why should there not be a similar community approach for setting up a (smaller) network of validating key server proxies. Well, the keyservers do not make any claims with regard to the authenticity or the integrity of the keys. Those checks are left to the clients. I do not have to trust any of the keyservers. The validating key server proxies claim validity of the UIDs (to a certain degree). I can see myself marking such a proxy as trusted by adding it to my gnupg.conf (or to KMail's configuration). But I cannot see myself adding such a proxy to the whitelist that's shipped with KMail. Another problem I see with whitelist management is revocation in case the validation key of a validating proxy is compromised. Again, for the CA certificate bundles that's handled by the distributors and not by individual application developers. I'd rather put my bets on a DANE-based approach like https://datatracker.ietf.org/doc/draft-ietf-dane-openpgpkey/ DANE requires write access to DNS. I don't see that the average OpenPGP user has facilities and knowledge to achieve setting up the required DNS records. If you can't convince the big mail providers (e.g. Google, GMX here in Germany, ...) to provide a reasonable interface for their users, I'm afraid that this will not be a success, I'm confident that the smaller mail providers who focus on security would be willing to add such an interface. Frankly, I do not care that much for the big mail providers. People who really value privacy should use mail providers that value privacy. Regards, Ingo signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal of OpenPGP Email Validation
Am 29.07.2015 um 03:30 schrieb MFPA: Hi On Monday 27 July 2015 at 1:15:57 PM, in mid:874mkpokxu.wl-n...@walfield.org, Neal H. Walfield wrote: Regarding the design: personally, I wouldn't have the user follow a link that includes a swiss number, but have the user reply to the mail, include the swiss number and sign it. Why not simplify the workflow:- 1. key reaches validation server. 2. for each UID containing an email address, validation server creates a copy of the key stripped of all other UIDs. 3. validation server signs that copy of the key. 4. validation server pastes the signed key into an email, encrypts the email to that key, and sends it to the email address in the UID. 5. user receives each email, decrypts it, and updates their local copy of their key. 6. user uploads key now bearing the validation server's signatures to a keyserver. Interesting. What comes into my mind is the following: - This requires special email clients. The benefit of the proposed workflow is that any existing client can use it just by switching its keyserver to the validating keyserver proxy. IMO, that's a huge drawback, because any solution that requires email client updates is a lot harder to establish. - How to deal with existing keys? Well probably the same (upload a key for the first time and uploading it for updates would run the saem workflow), right? There is still the same level of assurance that the email address and private key are controlled by the same entity. Advantages are:- a. Nobody is asked to click links or reply to emails. Hmm, isn't step 5 is kind of that? In any case some confirmation email handling is required. If this is done by the email client silently, this also can be done by the email client in my proposal. But again this requires supporting clients. b. The validation server does not need to manage a stack of keys awaiting feedback from the validation emails. indeed, that's an argument c. Changes to the user's key are uploaded to the keyserver by the user, not by the validation server. Is this a real benefit? Thanks Nico -- Nicolai M. Josuttis www.josuttis.de mailto:n...@enigmail.net PGP fingerprint: CFEA 3B9F 9D8E B52D BD3F 7AF6 1C16 A70A F92D 28F5 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal of OpenPGP Email Validation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Monday 27 July 2015 at 6:55:24 PM, in mid:55b6708c.9090...@enigmail.net, n...@enigmail.net wrote: If the goal is to keep validations in sync, key owners might have to confirm emails added over the year earlier, which shouldn't be too bad. - - If the goal is to reduce validation requests, I see no problem to have different expiration dates. I think, because each email should be validated from time to time anyway (and this is an isolated process), each validation should give the 12 month period for the specific email when it is validated. Or do you see any problems? I just think if I was to receive revalidation requests all at the same time I would be less likely to overlook those for little-used email addresses I do not often check. It also keeps it neat. This whole approach is NOT to make a perfect prove that the email is correct. Nothing is perfect. Even meeting up and verifying government-issued ID documents can be defeated by good quality fake documents. It only says that the email did one day work for a validation of any kind, which is more than what we have now. We have the Web of Trust to demonstrate that. But those are generally one-off signatures on a key, and may be quite a few years old. Some email providers recycle addresses, so an address Bob used a few months or years ago could now be under Alice's, or even Mallory's, control. As far as I see it, your scheme adds two things: periodic revalidation, and an easy way to get a signature on your key without having to meet anybody. That is, such a validation does not give full trust, it would only give slightly more trust over emails that do not have the validation. Indeed. I think an annual revalidation period strikes a reasonable balance, although maybe there are email services that recycle addresses more quickly than that. But that might be enough to solve the faked key issue. Are there really many faked keys, rather than keys that are no longer used, forgotten passphrase, lost private key, etc.? this solution does NOT solve the problem of interception of emails. But it helps to detect them How does this help to detect interception of emails? It depends on whether and how far you trust the provider. Reality looks different (see startmail, posteo, riseup, and many company email servers). I don't claim to solve any problem in that area. User/clients might have to decide whether to trust a validation notation given by posteo, riseup, google, ... Company email servers, I would expect companies as a matter of course to have a means to decrypt their employees' emails. I'm shocked to read [0] that Riseup once had a webmail option that stored the user's public and private keys. Riseup now tells [1] users who want to use encrypted email to utilize an email client to send and receive email, while keeping their private key stored safely on their local machine. [0] https://help.riseup.net/en/email/webmail/where-is-imp [1] https://help.riseup.net/en/security/message-security/openpgp#can-i-send-and-receive-encrypted-email-using-riseups-webmail Startmail sounds like a similar concept to Hushmail, which was compromised by a court order obtained through a mutual assistance treaty. It is not clear to me why Startmail would not be expected to suffer the same fate. Posteo looks interesting. But their overview says end-to-end encryption is done by the user in addition to Posteo's own security measures, so the user would have to generate and store their own keys. And Google make a living out of exploiting data mined from users' emails and search activities. Why would anybody trust them? In your proposal for listing validation signatures in GnuPG: ‘!’ after sig signals successful validation - why is this needed? Surely the mere presence of a validation signature signals successful validation. Hmm, Wener recommended to use --check-sigs rather than --list.sigs which then results in printing the '!'. Isn't it necessary in your opinion? Fair enough. The mere presence of a validation signature from the validation server indicates successful validation of the email address in the UID. The ! after sig in the output of --check-sigs indicates the signature has been checked and found to be good or valid. - -- Best regards MFPA mailto:2014-667rhzu3dc-lists-gro...@riseup.net A woman's mind is cleaner than a man's: She changes it more often. -BEGIN PGP SIGNATURE- iQF8BAEBCgBmBQJVt7tCXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2 QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwT+gIALbLkCzYZ8UV65RDYkMEZhZx kos01iteGKPiOZDOkvNanXEiM2UWO848kDS4SLb/bl/k3Wwob4SatIUwSH5g5LYi VSVl3UF1KeoycEg96HvIpxddRpK8EdhrOe7QMCYQh9UfPwpjbjda2iO+v3bnNXS3 GQJNNfKs9ra4cWiouqV26c52q3uKtiSTnjrs31nXeiCpEP9LN6GjjDQuj+j3bfQq yYs3sLjvTPR6izg9YrXqD0rsWaEAjb0QblVb32a4X1lmmWApKZGL/o5h+qodPbXy
Re: Proposal of OpenPGP Email Validation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Monday 27 July 2015 at 7:00:08 PM, in mid:55b671a8.7020...@sumptuouscapital.com, Kristian Fiskerstrand wrote: It makes the information more compact and will make hkp vindex lists look cleaner. I thought Base64 encodes 3 bytes into 4, so has a 33% overhead. Presuming this information contains data objects in json format it will be interpreted by a parser, Couldn't human-readable data with a suitable field delimiter (such as generated by GnuPG's --with-colons option) be interpreted by a parser? and raw data from keyservers anyways shouldn't be trusted directly before validating the signature (including its subpackets/notations) since no crypto has been performed at that point. Is that a good enough reason to deny the user the opportunity to read the signature notation value data in a --list-sigs output? What about in a --check-sigs output? The ! would indicate the validation signature signature could be trusted, but the Base64 encoding would obscure the detail about how the email address was verified. - -- Best regards MFPA mailto:2014-667rhzu3dc-lists-gro...@riseup.net Wait. You think I'm right? -BEGIN PGP SIGNATURE- iQF8BAEBCgBmBQJVt8KTXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2 QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwvLsH/2QWBfAQ4HyJTtToMhIscl94 72ehjR/ackAyg4ojqbbN7/PDL4BBH7b5EjLIUcsVTwXUGxSw4Z1XBEAXR7oz70Uo WJdyrQVc6CtYLnepzTH2atRSuwd3fv4BpYfbUZ+R4ogVqOtctZznFz2acCXj2HUH Mqq8rUWiJzzCBTBHrprM5Hir8T9gwB/i0qjzOxta7NsMU4r8HcIgUTsxGuQWTjvX mY1NNAXo/S5hjcf8dzHvO9jDSbbt9AtEfA/K3qoIDDJBvY9w5U3dj5i0lpelValM iGC5rg9QJSXT755Rz2Mbs0lK/eYGRQXdJVn3e5vZn7fczOcdCdOMEPSzDTpY6vaI vgQBFgoAZgUCVbfCmF8UgAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45KWNAQD0RFU+Dg3l9npiN3QLXDxKtTnT RJtvh2TagoxVi4AyHgEAvLnRqoss9FL3AkdPCFsfgRCwID44+X5Tr/mG43Jecgs= =0igL -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal of OpenPGP Email Validation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Tuesday 28 July 2015 at 8:22:23 AM, in mid:87y4i0n3v4.wl-n...@walfield.org, Neal H. Walfield wrote: Did you consider user a proof-of-work scheme? For instance, the user does a 1 week PoW, signs the result and attackes it to the key. These would be refreshed about once a year. Would this one-week PoW pause when the user shuts down and continue when they boot it up? There are plenty of email users who do not leave their computer running all the time. This eliminates the verification servers and the problems associated with them (namely, people need to trust them and there can't be too many of them). It also eliminates any attempt to to establish a link between the key and the email address in the UID. gpg (or the email clients) don't need to know about special verification keys / signatures. They just check the proof of work and sort the returned keys appropriately. Instead of one special signature notation type, we have another that will be much larger? - -- Best regards MFPA mailto:2014-667rhzu3dc-lists-gro...@riseup.net Censor: a man who knows more than he thinks you ought to. -BEGIN PGP SIGNATURE- iQF8BAEBCgBmBQJVt8hrXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2 QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwdtMIAJ4a4kL/C5dskGgWJqh16q6J 0FBX9GNSzuu3UZr7NVzBo3Lf5Ed7uxdKdb9FEjTsUEOG/awy87KYYMKaj9wT2UtY o9ObVXJ68W/JH9dT9v+07Serco88uVbRAh3wbMe10HIJfxVw3AG1FvejdkVfEU9Z rwmnr0OgRvDTXXFF8P9LwHwCyvbCe/lsACeisqCDyTosQMlwWYEvLgY66VKumlRQ HtTss2jy6lqSinFWEvOiNM20310zL5BjJGGzve9sAgB3Bn3zlp6Gb0x9FXK02Qh4 /aJosyeHEqNssRHMRveWefzXzjlLVGI/O4JSQ4zOJxsQrxE6Hrr/G6QM5ONLl/iI vgQBFgoAZgUCVbfIcF8UgAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45F7XAPwMjqC88bZ7Ij+Gsu6QQZPZ54ph Mlg8RLj4MuQRN8A6xgEAwJ447hyipEnIRvkVIJKZJo3p1FcYQ1oxn4YNYfUUPgk= =lk5K -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal of OpenPGP Email Validation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Tuesday 28 July 2015 at 3:46:54 PM, in mid:1865150.ufn610a...@collossus.ingo-kloecker.de, Ingo Klöcker wrote: I'm confident that the smaller mail providers who focus on security would be willing to add such an interface. Frankly, I do not care that much for the big mail providers. Unless at least some of the major email providers were to provide a means for these DNS entries to be added, any DNS-based approach has very limited potential. People who really value privacy should use mail providers that value privacy. A person cannot usually dictate which mail provider is used by the people with whom they exchange messages. - -- Best regards MFPA mailto:2014-667rhzu3dc-lists-gro...@riseup.net It is not necessary to have enemies if you go out of your way to make friends hate you. -BEGIN PGP SIGNATURE- iQF8BAEBCgBmBQJVt84EXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2 QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXww1AH/iaZry3CPY/8YfDSjWYedmdm QQwJFZCjc4V9PyiCL+yBwRvKElsCtTCrwTPY2f+GxgASXCOLObzdnCdgFQrT9dbi 3BGuOz2yCrJ/5jCx8sSCEXa1qLvfQoARw6rufgYb9gxiDnikQ82eOhfptbAf4TMQ tyHU9ITodCS61rzw5e2DaKJWrQWEXS4+sGOO7XJw4u0y0R8EuR2EHoSI1BnDEHZG 2AQlvGQJY8XaPlSoLRBZqqIxmJ7OJXjMmFod0FGb+VxRanhAxY/I+F2TVTqxdkVg UWlWk/Dd4xiMSnsiLL2A8+WnNgdEREaoDv6NR94JMfMOMXXwLl1nERNCf/5knWSI vgQBFgoAZgUCVbfOCV8UgAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45Ft+AP0YJw0U+xtnCLEZ889FGYrhO3aY TE6ljuYBfSUaLgix8AEA+VOgf6UnRzUKF8L+85qvo6x5BNnN4mTI4KQKHE8DHgQ= =ci51 -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal of OpenPGP Email Validation
Hi, thanks again for the great feedback. Am 28.07.2015 um 19:26 schrieb MFPA: Hi On Monday 27 July 2015 at 6:55:24 PM, in mid:55b6708c.9090...@enigmail.net, n...@enigmail.net wrote: If the goal is to keep validations in sync, key owners might have to confirm emails added over the year earlier, which shouldn't be too bad. - - If the goal is to reduce validation requests, I see no problem to have different expiration dates. I think, because each email should be validated from time to time anyway (and this is an isolated process), each validation should give the 12 month period for the specific email when it is validated. Or do you see any problems? I just think if I was to receive revalidation requests all at the same time I would be less likely to overlook those for little-used email addresses I do not often check. It also keeps it neat. OK, I will add this as an argument. Does anybody disagree? It only says that the email did one day work for a validation of any kind, which is more than what we have now. We have the Web of Trust to demonstrate that. But those are generally one-off signatures on a key, and may be quite a few years old. Some email providers recycle addresses, so an address Bob used a few months or years ago could now be under Alice's, or even Mallory's, control. As far as I see it, your scheme adds two things: periodic revalidation, and an easy way to get a signature on your key without having to meet anybody. Yep, sounds good to me. May be an additional value is the goal to establish some common validation signatures, which would allow to use/trust these signatures by default. Thus, we also introduce an easy way to benefit from a validation (signature). That is, such a validation does not give full trust, it would only give slightly more trust over emails that do not have the validation. Indeed. I think an annual revalidation period strikes a reasonable balance, although maybe there are email services that recycle addresses more quickly than that. Finding the right balance is probably something we have to find out over time. I would start very very conservatively, just not to annoy people. But that might be enough to solve the faked key issue. Are there really many faked keys, rather than keys that are no longer used, forgotten passphrase, lost private key, etc.? AFAIK, there are not THAT many faked keys, but the problem exists especially for key parties of our internet world (a famous German magazine, at least one GPG tool, ...). The problem is that the German magazine takes this as a show stopper (both personally and publicly). I really want to have them back on our road for more encryption with OpenPGP. And the publicity we get from not validating email addresses is really a big problem (especially as fixing that problems sounds so easy and obvious). Thus, without fixing this, IMO the whole OpenPGP movement has a reputation problem. this solution does NOT solve the problem of interception of emails. But it helps to detect them How does this help to detect interception of emails? Today, people with faked keys simply get unreadable emails, but don't know whether there were trolls or spies at work. After validating their own key, only one of two things can happen: a) The faked key problem is solved, because people now know, which of the available keys to prefer (provided people trust the validation signature) b) The faked key problem still exists, because a validation signature to the faked key was also added. In this case we know that something more severe happened: - either the confirmation email was intercepted - or the validation server was corrupted That is, either the problem is solved or we know that the problem is more severe than just a work of trolls only uploading a faked key for fun. It depends on whether and how far you trust the provider. Reality looks different (see startmail, posteo, riseup, and many company email servers). I don't claim to solve any problem in that area. User/clients might have to decide whether to trust a validation notation given by posteo, riseup, google, ... Company email servers, I would expect companies as a matter of course to have a means to decrypt their employees' emails. I'm shocked to read [0] that Riseup once had a webmail option that stored the user's public and private keys. Riseup now tells [1] users who want to use encrypted email to utilize an email client to send and receive email, while keeping their private key stored safely on their local machine. [0] https://help.riseup.net/en/email/webmail/where-is-imp [1] https://help.riseup.net/en/security/message-security/openpgp#can-i-send-and-receive-encrypted-email-using-riseups-webmail Startmail sounds like a similar concept to Hushmail, which was compromised by a court order obtained through a mutual assistance treaty. It is not clear to me why Startmail would not
Re: Proposal of OpenPGP Email Validation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 28.07.15 16:46, Ingo Klöcker wrote: On Monday 27 July 2015 21:05:26 Ludwig Hügelschäfer wrote: Hi Ingo, On 27.07.15 16:31, Ingo Klöcker wrote: (...) Why should there not be a similar community approach for setting up a (smaller) network of validating key server proxies. Well, the keyservers do not make any claims with regard to the authenticity or the integrity of the keys. Those checks are left to the clients. I do not have to trust any of the keyservers. The validating key server proxies claim validity of the UIDs (to a certain degree). I can see myself marking such a proxy as trusted by adding it to my gnupg.conf (or to KMail's configuration). But I cannot see myself adding such a proxy to the whitelist that's shipped with KMail. Another problem I see with whitelist management is revocation in case the validation key of a validating proxy is compromised. Again, for the CA certificate bundles that's handled by the distributors and not by individual application developers. Let's concentrate on this one, I think this is the real tough task: establishing a trust chain from the validating servers to the client. There's one root certificate, signing the individual proxy certificates. Each individual proxy has a certificate it is using for creating the validating signatures. Each client only needs to have the root certificate builtin. If it encounters a validation proxy's certificate, it will download it. If a proxy certificate is known compromised, the signature from the root certificate is revoked. If the root certificate is compromised (and revoked), the scheme will require new client versions with a new root certificate builtin. The client itself must refresh the root certificate and all downloaded proxy certificates regularly. This all requires a very small group of maintainers for the root certificate (2 or 3 people), issueing and revoking signatures for proxy certificates. The client authors will need to have a trust chain to at least one root certificate maintainer. This is also true for the proxy maintainers . This is my view of the problem :-) Ludwig -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCgAGBQJVt+CmAAoJEDrb+m0Aoeb+MZsP/RhiweEwRqQhG1q6yyrFLdYJ +tBUUYOlKWdI3xoDCX2g0dUu+4hl9VcbvLpOJSunDgbPNT7HHaZSKmV8Mo+3iE2o J9v9jGdmK3UJxBRNZhR2+z0vN2Qm9OWN2a17rd7EDmwAjr6GZ6zqw1XMTjd3JSz9 yDGaCgMQhLfcw0qesTD4rKEWNf95KQBpFdWcJypcEPBJtad676SNwHLBAnktAhJ+ Oo942tT9982s2ijnPfGGw5CS8K+J2T2kS/ucMPWFwK4m6/NngLip20ET+S2DcBcG f09RHHwvPUc1/j6QDb1HfDdlu9vqUp/h9MZ6EEBPPCCDwTtl0RSXnd6jveEJtzrs X5DSZRMruDrjNw4OJ0NQytN1s+FeyZn1I/vQYEREgJgGdzGmW1UpcqbzVhMOOFHz dgP5RbIrgQC2MbgZDjARlFK8SknJxO0D6B9RYqaYE4bCr6/x4+9vZ9XAJZw8wYlt 25gP1S7oLC8g3vsVNXfkXeaRRC7V6PPKPWxqcodBtg0uQh49H8i7G53W/OMpu/aZ QJJn8Z2JqKbye/0IRByYcCEcnd2dviHRA++eWQswdJpb6kyJv7LraHgV3z0lhZkI Qj9roCPGuqIsHGuQLoL+leOp6xUkWbgdT1dWNnIkCzWnRB3wl5pJ9R6eIKGcWlmO jZqhgSJBm5V7OXV51bdr =0UhR -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal of OpenPGP Email Validation
Hi, I guess you mean this: The idea I have in mind is roughly as follows: if you upload a key to a keyserver, the keyserver would send an encrypted email to every UID in the key. Each encrypted mail contains a unique link to confirm the email address. Once all email addresses are confirmed, the key is validated and the keyserver will allow access to it just like with any regular keyserver. This approach is not going to stop a nation state. A nation state can intercept the mail, decrypt it and follow the link. For the same reason, it is not going to stop a user's ISP. Given Microsoft's et al.'s willingness to cooperate with the NSA, these are not very good starting conditions. The approach also has another problem: which key servers are going to do this? There are 100s of key servers. I'm not going to reply to mails from each one, sorry. This also seems like a nice way to spam someone. Generate a key, upload it to a key server and they have a bunch of mails from the key server. Based on this, I suspect that it won't take long for the key servers to be blacklisted? Have you considered these issues? Do you have any thoughts about how to avoid these problems or do you think they are not real problems? Regarding the design: personally, I wouldn't have the user follow a link that includes a swiss number, but have the user reply to the mail, include the swiss number and sign it. I'd also consider having the key servers publish the validations. If you chain the validations (include the hash of the previous validation in the current validation) you can detect if the key servers serve a fake key to a specific user. Neal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal of OpenPGP Email Validation
Hello, Am 27.07.2015 um 14:15 schrieb Neal H. Walfield: This approach is not going to stop a nation state. A nation state can intercept the mail, decrypt it and follow the link. For the same reason, it is not going to stop a user's ISP. Given Microsoft's et al.'s willingness to cooperate with the NSA, these are not very good starting conditions. As far as I understand, the email is encrypted with the public key of the owner – so as long as we think that GPG is safe, Nico’s verification-emails should be also safe. What could be a problem: The state or the ISP could create a key-pair of its own and upload it, intercept the mail and verify it. Sincerely, DaB. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal of OpenPGP Email Validation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Monday 27 July 2015 at 6:55:03 AM, in mid:55b5c7b7.4090...@enigmail.net, n...@enigmail.net wrote: Thus, I am happy for any feedback (details and general remarks) both here and directly as email to me. Comments in no particular order, just as they occurred to me when looking through your paper:- If a key is validated by the proxy, then subsequently uploaded again with a new UID, does the new UID get a validation expiry date that matches the rest of the key? Or does it get a standard 12-month validation period, but still get re-validated the next time one of the other UIDs needs it, so that all UIDs' validation expiry dates are brought back into sync? And what if the upload with an extra UID hits a different validation server? If a third party has uploaded my key, or if the validation server is automatically validating existing keys in response to certain events, the validation emails are unsolicited by me. Most people will not click a link in such an email. If a third party who can intercept my emails has generated a key containing my email address in a UID, all bets are off. If an email provider provides public keys for their customers, presumably those keys are unsuitable for mail encryption because the provider may have access to the private key. The configuration changes for email clients that you mention, things like which keyserver to use and which keys to trust, need to be set in GnuPG.conf (or maybe some form of GnuPG wrapper or plugin) so that they are used by an email client that simply calls GnuPG and therefore honours GnuPG's own settings. Same for trust models; maybe you should consider suggesting a modified trust model for GnuPG that includes options for handling validation signatures. Blacklists should not be used *anywhere* as they are a form of censorship and can be used for DOS attacks. In your proposal for listing validation signatures in GnuPG: ‘!’ after sig signals successful validation - why is this needed? Surely the mere presence of a validation signature signals successful validation. Why would the notation value be base64 encoded? What is the rationale for preventing users from reading the notation values in a key listing? Notation version numbers. Rather than using different notation names such as validation...@enigmail.net, I would think it better to keep the notation name standard and put the version number at the start of the value string. - -- Best regards MFPA mailto:2014-667rhzu3dc-lists-gro...@riseup.net Of course it's a good idea - it's mine! -BEGIN PGP SIGNATURE- iQF8BAEBCgBmBQJVti9OXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2 QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwomYIAKOZABvgm+ThrS8fEVBss0ZC YGum47Mu1j72FAAVZWw2q/w34sOOpZmBU4SdqFYVtvy+g3+KpdBviybU3pZCjUx9 220pOHjLzyWOA1Kg4yl3N9NDRRzN70IvTf3S1jEwiJAedr4dH1Wq25SlS8vICj6r JYohh9Cp4fEBXQTA7IJVvHUE6AbVRfeN4HqyaDCfLN3Om0m37fws2J9p6w9u7CnI Pkuku+BwMMzJX2bqJo4rEQ9f777FGpyicAfj0xVEZuwfa5zZ6Uc5sWaxc9RXyjw7 zKHpwllefD3xhV7SavEjea5cmU2GpNuPDHwYB2tzMq3PR/zZxMdK8qF2tgTqpDmI vgQBFgoAZgUCVbYvU18UgAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45HYGAQCMDqnx5p5GssdlNRjamhGLZ722 jSiKwhEuScsRNcg2dAEA5QtVWIzazuuC8KJB9kERVyXCnoWUu9QD7Rlatzh6wAU= =0XZS -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal of OpenPGP Email Validation
On Monday 27 July 2015 07:55:03 n...@enigmail.net wrote: Hi all, in March we discussed here German ct magazine postulates death of pgp encryption and Patrick Brunschwig proposed a way to validate email addresses I also had in mind: http://lists.gnupg.org/pipermail/gnupg-users/2015-March/052882.html In the past months I tried to come up with a concrete proposal. I discussed it already with some people and this is what I/we propose so far. The proposal is not perfect and not completely worked out but IMO it is ready for a broader discussion and review. This whole concept of a whitelist of trusted validation servers included in the email clients sounds a lot like the CA certificate bundles included in browsers and/or OSes. Who is going to maintain this whitelist? The email client developers? The OS manufactures? Who is going to certify trusted validation servers, i.e. who is going to tell benign validation servers apart from malignant validation servers? Your proposal seems to repeat a lot of the (failed) concepts of the centralized CA approach. For this reason I think the approach is doomed to fail the same way the centralized CA approach has failed (even if everybody seems to ignore its failure). I'd rather put my bets on a DANE-based approach like https://datatracker.ietf.org/doc/draft-ietf-dane-openpgpkey/ Regards, Ingo signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal of OpenPGP Email Validation
On Mon, 27 Jul 2015 07:55, n...@enigmail.net said: Thus, I am happy for any feedback (details and general remarks) Plain text would be appreciated. I accidentally accepted that 280k PDF but sending such files to 2600 subscribes should be the exception. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal of OpenPGP Email Validation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 07/27/2015 07:55 PM, n...@enigmail.net wrote: Hi MFPA, Thanks a lot for your feedback. .. Why would the notation value be base64 encoded? What is the rationale for preventing users from reading the notation values in a key listing? Hmm, it was a recommendation by Kristina Fiskerstrand: the value should be base64 encoded to avoid some issues @Kristian: Can you elaborate on that? It makes the information more compact and will make hkp vindex lists look cleaner. Presuming this information contains data objects in json format it will be interpreted by a parser, and raw data from keyservers anyways shouldn't be trusted directly before validating the signature (including its subpackets/notations) since no crypto has been performed at that point. - -- - Kristian Fiskerstrand Blog: http://blog.sumptuouscapital.com Twitter: @krifisk - Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 - Knowing is not enough; we must apply. Willing is not enough; we must do . (Johann Wolfgang von Goethe) -BEGIN PGP SIGNATURE- iQEcBAEBCgAGBQJVtnGkAAoJECULev7WN52FyFAIAKgXWzCuH8/k96sw+Bgw4Y5O fuAzTVTFk4D4UO9F0T1YIinfWNiDXV37sOGdGdgR5BGNGSyeXNU3R0GgyeM4NTaT K8UGnY2xwpY2wndi8rKpLVj5uoLofCrvhnrqJ1juuNHOXy0xuQarYwB5/5TWYfgT rBBMeIrEUgBita8Eh+7/0H4AkmRioTJIcHZDNqySqA5UF9ai6skcvVIoyh/zAmtH 230shQfx4XG4wJpWTRE7W0oCyEMBl38Pdno0c2GfJ7rHszpnk3DnOViyf9JHFzvI rjWP0DTP7CCsJ3N0YomphnDGxtpZyKJw3R8znk1CU3Q8quZ/R1dlkvF8alwGfxI= =XKeM -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal of OpenPGP Email Validation
On 07/27/2015 07:46 PM, Werner Koch wrote: On Mon, 27 Jul 2015 14:15, n...@walfield.org said: You can't do that due to the decentralized approach with no requirement for the user to always upload to the same keyserver. Thus a server may miss validation signatures not yet received from other servers. The way I read this proposal isn't about keyservers per se, but the individual validation servers publishing a chained list (like a blockchain) of its validations. There is merit to that proposal for auditing purposes, although I'm not entirely sure how it'd work in practice unless the blockchain itself was decentralized (it can't function securely if completely local to validation server). iirc this is what Google is doing with its approach as well[0]. References: [0] http://www.certificate-transparency.org/ -- Kristian Fiskerstrand Blog: http://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 Knowing is not enough; we must apply. Willing is not enough; we must do. (Johann Wolfgang von Goethe) signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal of OpenPGP Email Validation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi MFPA, Thanks a lot for your feedback. Am 27.07.2015 um 15:16 schrieb MFPA: Hi On Monday 27 July 2015 at 6:55:03 AM, in mid:55b5c7b7.4090...@enigmail.net, n...@enigmail.net wrote: Thus, I am happy for any feedback (details and general remarks) both here and directly as email to me. Comments in no particular order, just as they occurred to me when looking through your paper:- If a key is validated by the proxy, then subsequently uploaded again with a new UID, does the new UID get a validation expiry date that matches the rest of the key? Or does it get a standard 12-month validation period, but still get re-validated the next time one of the other UIDs needs it, so that all UIDs' validation expiry dates are brought back into sync? And what if the upload with an extra UID hits a different validation server? Hmm, I didn't think about that in detail. But I would assume that because each validation validates a specific email address, a validation once each year is enough. I see no problem with both attempts: - - If the goal is to keep validations in sync, key owners might have to confirm emails added over the year earlier, which shouldn't be too bad. - - If the goal is to reduce validation requests, I see no problem to have different expiration dates. I think, because each email should be validated from time to time anyway (and this is an isolated process), each validation should give the 12 month period for the specific email when it is validated. Or do you see any problems? If a third party has uploaded my key, or if the validation server is automatically validating existing keys in response to certain events, the validation emails are unsolicited by me. Most people will not click a link in such an email. OK, I agree (unless this feature is widely accepted ;-) ). So may be, for the beginning, validations can only be triggered when keys are uploaded (not when they are downloaded). If a third party who can intercept my emails has generated a key containing my email address in a UID, all bets are off. This whole approach is NOT to make a perfect prove that the email is correct. It only says that the email did one day work for a validation of any kind, which is more than what we have now. That is, such a validation does not give full trust, it would only give slightly more trust over emails that do not have the validation. But that might be enough to solve the faked key issue. This is BTW no different than for any other validation email in common systems. They also don't give more guarantee. Thus this solution does NOT solve the problem of interception of emails. But it helps to detect them (if this happens the ct guys know that the problem is a lot worse than they thought) and helps in case this is the result of internet trolls. If an email provider provides public keys for their customers, presumably those keys are unsuitable for mail encryption because the provider may have access to the private key. It depends on whether and how far you trust the provider. Reality looks different (see startmail, posteo, riseup, and many company email servers). I don't claim to solve any problem in that area. User/clients might have to decide whether to trust a validation notation given by posteo, riseup, google, ... The configuration changes for email clients that you mention, things like which keyserver to use and which keys to trust, need to be set in GnuPG.conf (or maybe some form of GnuPG wrapper or plugin) so that they are used by an email client that simply calls GnuPG and therefore honours GnuPG's own settings. Same for trust models; maybe you should consider suggesting a modified trust model for GnuPG that includes options for handling validation signatures. THAT's a bigger step, but if Gnu wants to support it (which would mean that they think that this approach is fine), I am happy if this happens. For the moment I try to minimize additional requirements to be able to support this approach pretty fast (for people who want it). And I really try to got at least some solution for this problem, which I consider to be one show stopper to establish email encryption. Blacklists should not be used *anywhere* as they are a form of censorship and can be used for DOS attacks. OK, don't we even have some blacklists in key servers? ;-) But I agree, that's something we have to discuss or find out in detail. In your proposal for listing validation signatures in GnuPG: ‘!’ after sig signals successful validation - why is this needed? Surely the mere presence of a validation signature signals successful validation. Hmm, Wener recommended to use --check-sigs rather than --list.sigs which then results in printing the '!'. Isn't it necessary in your opinion? Why would the notation value be base64 encoded? What is the rationale for preventing users from reading the notation values in a key listing?
Re: Proposal of OpenPGP Email Validation
Hi Ingo, thanks a lot for the feedback. Am 27.07.2015 um 16:31 schrieb Ingo Klöcker: On Monday 27 July 2015 07:55:03 n...@enigmail.net wrote: Hi all, in March we discussed here German ct magazine postulates death of pgp encryption and Patrick Brunschwig proposed a way to validate email addresses I also had in mind: http://lists.gnupg.org/pipermail/gnupg-users/2015-March/052882.html In the past months I tried to come up with a concrete proposal. I discussed it already with some people and this is what I/we propose so far. The proposal is not perfect and not completely worked out but IMO it is ready for a broader discussion and review. This whole concept of a whitelist of trusted validation servers included in the email clients sounds a lot like the CA certificate bundles included in browsers and/or OSes. Who is going to maintain this whitelist? The email client developers? The OS manufactures? Who is going to certify trusted validation servers, i.e. who is going to tell benign validation servers apart from malignant validation servers? I agree that this is a key issue/problem of the approach. And indeed, I suggest to initially or by default give some trust to some signatures. Note that I propose different things, though: 1) A standard format for such validations. This simply would help to be able to deal with any validation approach. 2) A way to establish such validations by using a validating key server proxy. 3) A whitelist. I am happy to only have 1) and 2) and to teach people to trust e.g. specific servers (and to mistrust others). I only want to have a way to manage email validations (a common technique where everybody wonders why this is not supported). This is the best I could come up with after discussing this with several people. And so far it would be a lot more than we have now. It it might fix a problem which otherwise is a show stopper. If this is not appropriate, what do YOU propose instead for email validation? So many processes in this world are today based on email validation. Do you think that in general email validation is not the right approach or do you propose something different? Your proposal seems to repeat a lot of the (failed) concepts of the centralized CA approach. For this reason I think the approach is doomed to fail the same way the centralized CA approach has failed (even if everybody seems to ignore its failure). I TRIED to avoid some of them: - avoiding to many signatures - providing no central solution It's the best I could come up with. I don't see any other form but may be you know better. Tell me! I'd rather put my bets on a DANE-based approach like https://datatracker.ietf.org/doc/draft-ietf-dane-openpgpkey/ I am happy with ANY solution here. I don't know all the details about DANE, but as far as I know it is promising but well not established yet. If we don#t need my proposal, great! But if establishing DANE will take more time or if there are some flaws with it), I would like to have this solution because IMO it would help. But I might be wrong. Thanks and all the best Nico BTW, the name sounds German and I am happy to discuss this whole issue with you in person. Regards, Ingo -- Nicolai M. Josuttis www.josuttis.de mailto:n...@enigmail.net PGP fingerprint: CFEA 3B9F 9D8E B52D BD3F 7AF6 1C16 A70A F92D 28F5 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal of OpenPGP Email Validation
On 27.07.15 14:15, Neal H. Walfield wrote: Hi, I guess you mean this: The idea I have in mind is roughly as follows: if you upload a key to a keyserver, the keyserver would send an encrypted email to every UID in the key. Each encrypted mail contains a unique link to confirm the email address. Once all email addresses are confirmed, the key is validated and the keyserver will allow access to it just like with any regular keyserver. This approach is not going to stop a nation state. A nation state can intercept the mail, decrypt it and follow the link. If the email can be decrypted, then any email can be decrypted, which would turn OpenPGP useless. For the same reason, it is not going to stop a user's ISP. Given Microsoft's et al.'s willingness to cooperate with the NSA, these are not very good starting conditions. If (and only if) the user stores his private key on his computer, and the connection to the validating key server is HTTPS with PFS, I don't really agree. In any case, the target users are not the Edward Snowdens of this world, but the 99% of people who just want to communicate easily with each other and don't want to be bothered too much with key complicated key lookup/verification scenarios. The approach also has another problem: which key servers are going to do this? There are 100s of key servers. I'm not going to reply to mails from each one, sorry. The idea is that these servers are separate from the keyserver network. That is, a relatively small set of servers that would only do validation of email addresses. Validated keys would then be uploaded to normal key servers. This also seems like a nice way to spam someone. Generate a key, upload it to a key server and they have a bunch of mails from the key server. Based on this, I suspect that it won't take long for the key servers to be blacklisted? True, but this only serves the purpose of spamming someone without any further action. You cannot send specific text to those who get spammed, that's thus not very interesting. But in general, that's certainly something to consider (such as only accepting one key at a time and only accepting N keys per hour from some IP address). Have you considered these issues? Do you have any thoughts about how to avoid these problems or do you think they are not real problems? Regarding the design: personally, I wouldn't have the user follow a link that includes a swiss number, but have the user reply to the mail, include the swiss number and sign it. That's a good idea indeed. I'd also consider having the key servers publish the validations. If you chain the validations (include the hash of the previous validation in the current validation) you can detect if the key servers serve a fake key to a specific user. Sounds like a good idea. -Patrick ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal of OpenPGP Email Validation
Thanks, Neal for the feedback. I will try to answer. Am 27.07.2015 um 14:15 schrieb Neal H. Walfield: Hi, I guess you mean this: The idea I have in mind is roughly as follows: if you upload a key to a keyserver, the keyserver would send an encrypted email to every UID in the key. Each encrypted mail contains a unique link to confirm the email address. Once all email addresses are confirmed, the key is validated and the keyserver will allow access to it just like with any regular keyserver. Hmm, not quite right, there are two major points where I think there is some misunderstanding: First, I DON'T propose to use key servers here. In agreement with Kristian Fiskerstrand we propose to give other servers the task. As written, these validation servers should ideally operate as key server proxies, though, passing all requests to keyservers and responses back to email clients, while in addition doing/triggering email validations. But for ordinary keyservers validations servers only provide validation signatures as any other email client can do. Second, because the signatures sign UIDs (not keys), each UID is individually signed. A validation server could wait to upload the key to a key server until the FIRST email address is signed. But in principle, uploading a key or a new UID for the key is different from triggering its validation (and as a result uploading the corresponding validation signature to the UID(s)). This approach is not going to stop a nation state. A nation state can intercept the mail, decrypt it and follow the link. Sorry, don't know what a nation state is. For the same reason, it is not going to stop a user's ISP. Given Microsoft's et al.'s willingness to cooperate with the NSA, these are not very good starting conditions. Although, Daniel answered, I didn't quite get the problem here and would be happy if you prefer to explain the problem a bit in detail (yes, sorry, I am not an expert). The approach also has another problem: which key servers are going to do this? There are 100s of key servers. I'm not going to reply to mails from each one, sorry. Hmm, I though I discussed that but may be my wording was bad. Indeed, there should only by one validation request per email address each year. For this, we'd trust multiple validation signatures. But yes, as I wrote, we have to maintain white- and/or black lists then (in email clients or where ever). And yes, THIS can be(come) a problem. This also seems like a nice way to spam someone. Generate a key, upload it to a key server and they have a bunch of mails from the key server. Based on this, I suspect that it won't take long for the key servers to be blacklisted? We though about that, but right I didn't write anything about it. We might follow the following rule: - Once validated, no re-validations can be triggered within the 12 months the signature is valid (may be unless the owner of the key itself troggers the re-validation) - But yes, then we have the problem of others uploading faked keys (the problem we want to solve). First: May be it's fine that people get informed that faked keys are uploaded. At least I personally would like to know that. Then: I could trigger my own validation and as written in the first bullet disable any other validations unless triggered by me. Thus, once there is a successful validation this is no loner a problem. Have you considered these issues? Do you have any thoughts about how to avoid these problems or do you think they are not real problems? At least a part of them, I hope. But I would not be surprised having overlooked some stuff. You are the experts. I only want to solve the problem. And indeed , the question, how to avoid to many validation requests while at the same time having multiple validation servers is something I am pretty unsure about details. I am happy for any help here. Regarding the design: personally, I wouldn't have the user follow a link that includes a swiss number, but have the user reply to the mail, include the swiss number and sign it. OK, that's of course also possible. Any reason why this is something you prefer? I'd also consider having the key servers publish the validations. If you chain the validations (include the hash of the previous validation in the current validation) you can detect if the key servers serve a fake key to a specific user. OK, interesting idea. Thanks a lot Nico Neal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users -- Nicolai M. Josuttis www.josuttis.de mailto:n...@enigmail.net PGP fingerprint: CFEA 3B9F 9D8E B52D BD3F 7AF6 1C16 A70A F92D 28F5 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal of OpenPGP Email Validation
On Mon, 27 Jul 2015 14:15, n...@walfield.org said: The approach also has another problem: which key servers are going to do this? There are 100s of key servers. I'm not going to reply to mails from each one, sorry. As Nico described, PGP used a very simlar system to validate keys and expire them based on the date of the last validation. However, that system worked with because they control the central server and the server did not sync with the other keyserver automatically. The validation signature you find on some the keys are due to faulty manual syncing (download from pgp.com upload to pgp.net). A solid approach for central crypto server. I'd also consider having the key servers publish the validations. If you chain the validations (include the hash of the previous validation You can't do that due to the decentralized approach with no requirement for the user to always upload to the same keyserver. Thus a server may miss validation signatures not yet received from other servers. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal of OpenPGP Email Validation
Hi Nico, At Mon, 27 Jul 2015 19:21:10 +0200, n...@enigmail.net wrote: Thanks, Neal for the feedback. I will try to answer. Am 27.07.2015 um 14:15 schrieb Neal H. Walfield: Hi, I guess you mean this: The idea I have in mind is roughly as follows: if you upload a key to a keyserver, the keyserver would send an encrypted email to every UID in the key. Each encrypted mail contains a unique link to confirm the email address. Once all email addresses are confirmed, the key is validated and the keyserver will allow access to it just like with any regular keyserver. Hmm, not quite right, there are two major points where I think there is some misunderstanding: If this is not right please point me to the proposal. The above is just a quote from the single source in your original email. After I read that I will respond to your other questions / comments. :) Neal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal of OpenPGP Email Validation
On 2015/07/27 at 21:08, Neal H. Walfield wrote: If this is not right please point me to the proposal. The above is just a quote from the single source in your original email. After I read that I will respond to your other questions / comments. :) Neal It's attached in the OP named OpenPGP-Email-Validation-20150726.pdf -- Juan Miguel Navarro Martínez GPG Keyfingerprint: 5A91 90D4 CF27 9D52 D62A BC58 88E2 947F 9BC6 B3CF ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal of OpenPGP Email Validation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi Ingo, On 27.07.15 16:31, Ingo Klöcker wrote: This whole concept of a whitelist of trusted validation servers included in the email clients sounds a lot like the CA certificate bundles included in browsers and/or OSes. Who is going to maintain this whitelist? Whilelists: The OpenPGP-aware clients. There aren't so many of them, so that's manageable. The email client developers? The OS manufactures? Who is going to certify trusted validation servers, i.e. who is going to tell benign validation servers apart from malignant validation servers? There is a community providing keyservers (such as pool.sks-keyservers.net). My impression is that this network is well maintained and has worked reliably the last years. Why should there not be a similar community approach for setting up a (smaller) network of validating key server proxies. I'd rather put my bets on a DANE-based approach like https://datatracker.ietf.org/doc/draft-ietf-dane-openpgpkey/ DANE requires write access to DNS. I don't see that the average OpenPGP user has facilities and knowledge to achieve setting up the required DNS records. If you can't convince the big mail providers (e.g. Google, GMX here in Germany, ...) to provide a reasonable interface for their users, I'm afraid that this will not be a success, Ludwig -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCgAGBQJVtoDzAAoJEDrb+m0Aoeb+/NcP/ioUVK5tlkZ7bXlkiKKtaB1f 7EpTqpkg2gIY0ev6xhAWwLoDsACLX/iCmVu+OHgJbRFYo/e5m6FHzxpWEMMxgsON Dn7yuuHtxDxWQmX3LzPzG3GU3x2ynKuR7V5iyj4p1fbVYmijaIraOpbPaM5wKjP+ 2m5+QZjAHrHzFIrj4LadiaJmCn5HVfGcttqxc3I8u/oQl3uXoB1XTIa+Xf5lt2vG 7FUchBZCWSZVzShLk2PYU9ZYHK1/oMYFBS0qMgYtZeGnuCMUUbKFsPjfaqEAq/I9 95dxk9GSssxdANGFjyT9Q1fMdrJOdi/rAENCzHHQ+Tmj6Aa2cn46DNxjiqEjA77V YPvlLm9Sjec/UvpaJ3aYVhu+uHl7FwEsNe+ZA1W/y9HmdISCrmorpHi3SOCGJIWR PbGmRthYjDPQ7wK0naQ5my5prum586Cs9dloHMFuW/1jd7K2rC8GkOhR2KDpsHr3 L1sGovfBtahy3uVOOvqILZzX61qen9ACd/7XJBXOYurytgzXFzz8FtRehdwf31Of 3VnprnXPIWwOQ6Xj0lcilw3Ff3t8T2PgJqLftBxF+64bqtlP63XzFMNWo87a0nbo WfG13WHLdBEmWo2TiAA8EHFWCCW+HlGVclo+5mR/NBgFKlZhF4kAhgcaTwLvP6ke TnJfQ7Ba8btK1vP/5nfq =L7BF -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal of OpenPGP Email Validation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Monday 27 July 2015 at 1:33:42 PM, in mid:55b62526.9000...@dabpunkt.eu, Daniel Baur wrote: What could be a problem: The state or the ISP could create a key-pair of its own and upload it, intercept the mail and verify it. That certainly would be a problem. I've no idea how likely. - -- Best regards MFPA mailto:2014-667rhzu3dc-lists-gro...@riseup.net None are so fond of secrets as those who do not mean to keep them -BEGIN PGP SIGNATURE- iQF8BAEBCgBmBQJVtrc7XxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2 QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwFO0H/AlkbVUjVPqi46W3sSaQjxR6 LmQrNbaUzHDdwWWNgBfUCciejRzkwgFUtxCwuMogzsGbObdBVtMsBk8XCkGYoG1O 5mPLyiKP1Mz5mburJZsphrrmwSsH3gjy7Fspa7GnmGkZk3EwdE8AHLEoazViTfQu ELU0vtJMapqvccafMYLTFnzwm+eaJivtiLlPhL+kBX5opgK4BfB73uw1M3VW9OHl XP1nKgEO7v8WUVIDkdnyP6fYILdSWAjqdYeQvaIjl8XkJntcnVR2LVZ5fTRNSnbW imo+ihOskkjMT0Y5GEsgK8KtcG6MYaq1jb+ffbeZtoIy8f40hjF1890FgfEBPYWI vgQBFgoAZgUCVba3Q18UgAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45CjfAQCwdabfoGT+SvHNxpQirKYVNF8+ j2lNxxAPC/QYCY+dAwEA7s2QOoHqmgyghBc//is7xFDt3Q0wAyUhE0cuYCKbAg4= =qn4S -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal of OpenPGP Email Validation
At Mon, 27 Jul 2015 17:51:56 +0200, Patrick Brunschwig wrote: On 27.07.15 14:15, Neal H. Walfield wrote: Hi, I guess you mean this: The idea I have in mind is roughly as follows: if you upload a key to a keyserver, the keyserver would send an encrypted email to every UID in the key. Each encrypted mail contains a unique link to confirm the email address. Once all email addresses are confirmed, the key is validated and the keyserver will allow access to it just like with any regular keyserver. This approach is not going to stop a nation state. A nation state can intercept the mail, decrypt it and follow the link. If the email can be decrypted, then any email can be decrypted, which would turn OpenPGP useless. Sorry. This was definately unclear. What I meant is: a nation state can create a fake key, upload it to the key server and intercept the mail encrypted to the fake key thereby validating the fake key. In any case, the target users are not the Edward Snowdens of this world, but the 99% of people who just want to communicate easily with each other and don't want to be bothered too much with key complicated key lookup/verification scenarios. This is a worthy goal :). :) Neal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users