[Top] [All Lists]

Re: [openpgp] AS2+OpenPGP protocol extension review request

2019-02-12 05:52:34


I just had a quick peek (will try read more later) but wondered
why PGP is a better primitive here than MLS? [1] (Or one of the
IM security schemes that motivated MLS, if dealing with a work-
in-progress like MLS is problematic.)



On 12/02/2019 04:09, Ben McGinnes wrote:
Hi all,
      For those of you either not subscribed to gnupg-devel or who
may not have paid as much attention to it over the new year period;
I've been working on a little thing which is ready for some form of
peer review.

Essentially it's a design for extending the W3C's ActivityStream
version 2.0 (AS2) and ActivityPub (AP) protocols for federated social
networks (e.g. Mastodon and Pleroma) with OpenPGP in order to provide
a host of features not inherently built into AS2 and AP.

The AS2 and AP designers considered it, but realised that they didn't
have enough cryptographic knowledge to design it in a way that
wouldn't shoot someone in the foot; and so they did the responsible
thing in not making assumptions.  Instead leaving things open for that
void to be filled later.

I found their work early last year and, upon reading the specs,
realised that I was looking at a transport protocol.  Not only that,
but all the most essential cryptographic functions which needed
filling were already thoroughly addressed by another existing
protocol: OpenPGP.

My post on this thing to the gnupg-devel mailing list is here:

The W3C AS2 and AP specifications are here:

My extension proposal is the second draft and the first draft that has
been posted publicly (the actual first draft was sent to the W3C AS2
designers, a couple of GnuPG developers and a handful of others).  My
design document is available here:

The supplemental files (including public and private keys used in the
examples) are here:

Note: is an AWS S3 bucket, so it will trigger
an SSL cert error.  Ignore it or drop back to HTTP at your own

Anyway, there are a number of people on this list in particular who I
think could make sure that I haven't catastrophically cocked the whole
thing up.  I don't think I have, but that's precisely when you should
double-check to be sure.

So if as many of you as can spare the time could please weigh in and
try to pick it apart; that'd be greatly appreciated.  It'll help make
it stronger.  Those of you who've already been down the protocol
design path are amongst those I'm particularly keen on checking this

I do realise there are still matters to discuss and finalise with
regards to transmission of keys; currently there are multiple options
included and I expect some discussion around that.  There's also two
versions of the Encrypted Note and I'm inclined to favour the second,
slightly more complex version for a number of reasons; including
working with other functions (like nesting a Signed Note inside it in
a similar manner to signed & encrypted PGP/MIME emails).


P.S.  I'm cross-posting this to the IETF OpenPGP WG mailing list on
      the off chance that there might be subscribers to that who are
      not also subscribed here or to gnupg-devel.  That may not be
      very likely, but it is possible and so a copy there doesn't
      hurt.  Apologies to those who will see it twice as result,
      though.  Especially since you're the ones I'm most keen to want
      reviewing this work.

openpgp mailing list

Attachment: 0x5AB2FAF17B172BEA.asc
Description: application/pgp-keys

Attachment: signature.asc
Description: OpenPGP digital signature

openpgp mailing list