On 8/04/2015 11:35 pm, Werner Koch wrote:
On Wed, 8 Apr 2015 15:05, phill(_at_)hallambaker(_dot_)com said:
My point here is that if we want to get a billion people using
encrypted mail then it has to offer iPhone class usability, not OK for
1990s usability.
If that is the goal you only need to care about 140 character messages
or other useless status messages ;-).
Drop SMS in favour of MMS and use that to sent ASCII-armoured OpenPGP
messages. TextSecure? Yes *and* no ...
Actually I prefer 1990s use of mail instead of todays 50% of mails are
going through Compuserve^WGmail. But yeah, I am on a lost position with
that.
Oh god ... that's so accurate (at least they're not AOL, though).
There are plenty of ways that the scheme could be fixed. Since key
server enrollment can be made automatic, it would be pretty easy to
renew the enrollment once every n months and discard keys that have
It is about mail. Mail addresses are defined by the DNS. Bind the
keys to the DNS and your are done. This needs support from the mail
providers, though.
TXT records, just as was done with SPF before it was adopted as a standard.
Though it would be nice to be able to set:
IN PGPKEY "ben: 0x321E4E2373590E5D"
IN PGPFPR "ben: DB47 24E6 FA42 86C9 2B4E 55C4 321E 4E23 7359 0E5D"
IN PGP "Catchall: <key id> "
Get around that with TXT records and prepend the response value with
what you'd eventually want adopted as DNS records.
I doubt that we will be able to deploy a large, encrypted, anonymous,
and decentralized mail network unless we can build upon a transport
layer to solve the basic problems of todays Internet. For now we need
the help of some central services to get things going.
Erm, there was a post to gnupg-users last month which proposes a
method of doing something which is very close to that. The
confidantmail.org thing (which already proposes using DNS TXT records
for key ID listings). It's pseudonymous rather than anonymous, but
the only pseudonym required is the key ID/fingerprint of any given
key. Everything else is arbitrarily assigned (and uses freeform
UIDs).
Actually, Phillip, that thing is probably right up your alley given
some of the other SMTP related posts around here, you should
definitely go and play with it.
Having the key servers continue to regurgitate false or stale data
forever because there is no way to stop them does not seem like an
acceptable plan to me.
Think of signature verification. It should work even after a mail/key
association has been disolved for example after a provider change.
Right and all you need to do to prove the current key ID associated
with an email address is to use the PGP Global Directory Verification
Key. The stale data won't gain signatures like that. The Hushmail
keyserver will provide a similar verification (and limits one key ID
per UID email address, but does not limit the number of UIDs
associated with a key ID).
I agree that this is onluy a problem for a smaller group but this is
something a keyserver network can be useful even after the migration
of the public key store from keyserver to more controlled service
(DNS, Web, whatever). Deleting keys from the keyservers is thus not
going to work.
Besides, even if you did delete a key (and even if it was your own),
there's very little preventing someone else re-uploading it. This is
clearly illustrated by the signature on my key made last June by key
ID 0x46406269AA2F6FBE. The exception bing the Hushmail key server,
which throws a fit if you want to update to a new key (it can only be
done by contacting them directly and getting it changed manually, but
that's the only way to get Hush users to be able to natively encrypt
to you or verify your signatures).
Anyway, we've all made the error of forgetting a passphrase and being
unable to revoke a key when we might want to. It's what taught us to
remember the current passphrases (why do you think I got into the
habit of signing by default, initially it was so I'd remember the
passphrase and now it's just a good habit). As for the keys which
taught me that lesson, well, I eventually did remember the passphrase
... a mere fourteen and a half (14.5) years later, so they got to sign
the current key before being revoked.
Yes, there are some annoyances, but really those are a small price to
pay to prevent having your key arbitrarily removed by a particularly
determined adversary. Imagine, for a moment, if Glenn Greenwald and
Laura Poitras had had their keys arbitrarily removed from all
keyservers back in 2011 in response to certain WikiLeaks publications
and articles ... or worse, replaced. At the very least the
CitizenFour documentary wouldn't've happened and at worst, well, we'd
all still be making oblique references to ECHELON instead of PRISM.
It'd be like living in a world where NCIS dictated reality and while
Mark Harmon portrays droll, dry humour well enough; that is nowhere
near enough to justify an existence like *that*. Not to mention
accepting NIST recommendations at face value ...
See, there's a scary side to everything. You're welcome. ;)
Regards,
Ben
signature.asc
Description: OpenPGP digital signature
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp