ietf-openpgp
[Top] [All Lists]

Re: [openpgp] public logging of e-mail certificates [was: Re: OpenPGP private certification]

2015-04-01 13:56:27
OK, this is what I am planning to do for PrismProof email.

After trying a number of approaches I have concluded that the best
approach today is to insist that each keypair have exactly one
purpose.

So Alice will always have a personal root key and an intermediate key
signing key and the fingerprint of this PKI is the hash of the keyinfo
block of the personal root. to do key endorsement she will also need a
key endorsement key on each device she wants to use for endorsements.

Alice-Personal-Root -> Key Signing Key -> Key Endorsement Key[s]

[One reason for the no sharing rule for KEKs is that it makes dealing
with a stolen phone etc. much easier]

Each cert in this chain would be enrolled in an append-only
cryptographic log which provides proof that it existed at a particular
point in time. But none of these certs requires an email address.

For various reasons, we probably want these certs to be enrolled in a
transparent log that publishes both the block chain and the input
data. It is not necessary for a log to publish the input values to fix
them in time however.


When Alice endorses Bob, this is not an operation currently supported
by PKIX and so the 'no new ASN.1' rule applies. The endorsement is
probably some sort of JSON structure:

{"name":"Bob",
 "email":"bob(_at_)example(_dot_)com",
  fingerprint":"phb:qweflkqwhjdflkjhasdlkjhasdvlkjhlksajvh",
  "date":"2015-04-01:01:23Z",
  "blind":"askfasjkldhkjashdvkjhsadkjh"}
<...Signature data...>

This is of course simply another form of certificate but it is a very
different type of cert so its best to use a different term. Alice is
not going to commit to managing the endorsement lifecycle.

The property we want to get from enrolling the endorsement in a log is
to fix it in time. So we enroll the hash in the log rather than the
endorsement itself.

The value "blind" is a random value that leaks Alice's RNG to the
NSA^h^h^h^h^h^h^h^h prevents dictionary attacks.

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp

<Prev in Thread] Current Thread [Next in Thread>