On 10/05/2009 05:45 AM, Hauke Laging wrote:
Am Montag 05 Oktober 2009 schrieb Daniel Kahn Gillmor:
0) you only talk about digesting the e-mail part of the address. what
about the human-specific name? Would this need to be digested also?
Why or Why not?
From a technical point of view that nearly does not matter so one could
leave this up to each user.
i don't think you can leave this up to the user effectively, unless you
want clients to need to query for a potentially-lengthy series of
different digested addresses. If something like this is going to work,
you need to have one widely-adopted digest, and to change it *very*
infrequently, so clients would never need to try more than two digests
in a search.
But there is a second argument, privacy. This is valid for the email
hashing, too. In an ideal world the key server data could not be used for
anything their "owner" does not want it to be used for.
If you want to advocate for a standard for digested User IDs, I think
the general privacy argument is a much stronger one than the spam
argument. For example, consider a Bordurian dissident who is being
persecuted by her government. She may very well want to exchange
secure, private e-mails without people being able to search for her by
name, and without publically binding her name to the e-mail address
she's using (though she may be willing to confide that information to
her associates). she may also want to take advantage of the revocation,
certification, and expiration features of the WoT (all features which
are enhanced by using public keyservers) without exposing the names of
her personal contacts to direct review or searching on the public
keyservers.
Beyond names and e-mail addresses, there are other things that could be
stored in an OpenPGP User ID which people might not want to be publicly
enumerable or searchable, though they might want the associated material
to be found if someone else already knows the relevant name.
For example, i work on the Monkeysphere project, which provides a PKI
for OpenSSH servers using the WoT and public keyservers as a PKI (for
certification, revocation, etc). We've had some potential users express
concern about using it because they don't want their infrastructure to
be mappable or enumerable from the public keyservers.
https://labs.riseup.net/code/issues/show/1181
Using a privately-held keyserver could solve this problem for a certain
class of these users (those who maintain a "walled-garden" network, for
example), but this requires an authentication/authorization policy for
access to the private keyserver, it creates another point of failure in
the system, and it doesn't work well at all for people who prefer a
federated approach over a "walled garden" approach. Allowing these
folks to take advantage of a broader keyserver network for distributing
their data might make this use case more feasible.
I do not know the openpgp key format. Would it be easily possible to add
the signed information whether the UID of this key may or must not be
uploaded to a key server in cleartext, at best distinguishing between name
and email?
OpenPGP User IDs are defined as UTF-8-encoded textual data, and can in
principle range from 0B to 4GB (though in practice i've never seen one
even as long as 1KB). There's no reason that they couldn't be used to
store the digest encoded as a text string.
If you wanted that to work smoothly, though, you probably want to have a
single unique form so that they could be found.
One small additional point: This hashing approach would be used for all
published keys, not only for key servers. I guess that most PGP users have
their public key on their web site.
right, otherwise someone could download the key from a web site and post
it to the keyservers. Note, however, that most people who publish their
keys to their web site have already provided an easy way for people to
come up with their name and e-mail address. Those people's contact info
has probably already been transferred into a mailing list that has been
sold to a spammer, so the cat is probably out of the bag for them (as it
is for everyone who participates in public mailing list discussions).
A proposal like this would really only be useful for people who prefer
to avoid having their User ID publicly searchable in any way. But such
people exist, and it would be good to allow them to use the nicer
features of the WoT as well without divulging their information directly
in the User ID packets.
--dkg
signature.asc
Description: OpenPGP digital signature