I have wanted this for a long time. there are actually three separate
problems to be solved.
1) How to make S/MIME work with OpenPGP credentials
2) How to make OpenPGP work with S/MIME credentials
3) How to merge the two specifications into one.
The conditions for making the first two happen are easy. If there is a
will, IETF will find a way. We already have an OpenPGP group. The
chartering of a SPASM group is in the works. I do not think it is going to
be at all difficult to get ADs or IESG to approve work to make two existing
IETF standards interoperate. That is what IETF is for.
The third is still hard because it requires existing infrastructures to
merge and that is a long and difficult process unless you can deliver a
major improvement in functionality. I just can't see merger of two email
security standards offering encryption and signature into one offering that
incentive.
But that doesn't have to be what we do. I think we do have an option that
would be Blu-Ray to OpenPGP and S/MIME's Betamax and VHS. There are in fact
three technologies we can build on that offer dramatic improvements in
functionality.
1) Linked Timestamp (aka Blockchain)
Forget Bitcoin for a minute and proof of work. Linked Timestamps improve
the Work Factor of any PKI and you do not in fact need proof of work to
guarantee that. There are better, cheaper options to achieve the same
result.
Let us imagine for a moment that we upgraded the MIT Key Server
infrastructure that supports OpenPGP to a similar infrastructure that
included technology similar to Certificate Transparency. As soon as a key
signing or certificate or whatever is enrolled and the infrastructure
synchronizes, the Work Factor for backdating a forgery of that assertion to
before the enrollment date goes to 2^256. That is real cryptographic power.
2) Combining the Web of Trust and Brokered Trust (CA) models
People have fixed on the idea of one model or the other. What if we choose
both. The work factor of the resulting Webs of trust becomes very high very
quickly and more importantly the work factor values become objective.
3) Proxy Re-Encryption
[NB IPR encumbrance for the next 18 months]
Using Recryption, a user can encrypt a document to be read by a named group
of users (e.g. secretgroup(_at_)example(_dot_)com) using the public key for
that group
and upload it to a server. The server can then create decryption keys for
each of the users that have been granted access by the administrator by
converting the decryption blob for the group into a decryption blob for
each authorized recipient. But the server can't decrypt the document itself.
Recryption is very very powerful and we should make it the heart and soul
of the next generation of message security infrastructure.
* Chat rooms which can only be accessed by people who are on the list
*These can be text, voice, video, naturally
* Dropbox style document repositories
* Next generation email
* Internal document distribution.
Recryption offers real power and we have been ignoring it for too long.
Now a program of the type I am describing is obviously not something for
SPASM or OpenPGP to discuss. It is way beyond their charter. In fact some
folk will probably argue that this is IRTF work, not IETF.
But I do have the start of open source (MIT license) code for a system that
I believe could grow into this. And the code is almost on the verge of
working cross platform. It uses all the modern platforms you would expect,
JSON over HTTPS, consensus crypto algorithms, etc. etc.
I am trying to follow the path that Tim laid out for the deployment of the
Web - start off by concentrating on how to add value to existing code
bases. The early Web users weren't actually using HTTP very much. Most of
the information they were getting came from FTP, NNTP, WAIS and so on. The
main use of HTTP and HTML was to provide a common interchange format for
gateways to access legacy gateways.
So right now, all the Mathematical Mesh is focused on is making S/MIME and
OpenPGP and SSH and Web Usernames/Passwords easy to use. I am working to
make existing crypto applications as easy to use as legacy ones. This isn't
'OK usability' meaning follow a long list of instructions. As you all know,
I am an obsessive and a perfectionist when it comes to usability. This is
security that you won't know is there unless you are asking yourself if
something is safe and start looking into it.
But if the Mesh succeeds then we get to a point where a significant
userbase has private keys established on every single device they use. We
have a large client side PKI that can establish trust through Web of Trust,
PKI or hybrid methods. Once you have that in place, developing new
cryptographic applications to leverage that infrastructure is really
straightforward.
I could use some help.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp