[Cryptography] Cryptographic mailto: URI

Eugen Leitl eugen at leitl.org
Mon Sep 23 01:26:54 PDT 2013


----- Forwarded message from Phillip Hallam-Baker <hallam at gmail.com> -----

Date: Fri, 20 Sep 2013 08:55:48 -0400
From: Phillip Hallam-Baker <hallam at gmail.com>
To: Dirk-Willem van Gulik <dirkx at webweaving.org>
Cc: "cryptography at metzdowd.com" <cryptography at metzdowd.com>
Subject: Re: [Cryptography] Cryptographic mailto: URI

On Fri, Sep 20, 2013 at 4:36 AM, Dirk-Willem van Gulik <dirkx at webweaving.org
> wrote:

>
> Op 19 sep. 2013, om 19:15 heeft Phillip Hallam-Baker <hallam at gmail.com>
> het volgende geschreven:
>
> > Let us say I want to send an email to alice at example.com securely.
> ...
> > ppid:alice at example.com:example.net:
> Syd6BMXje5DLqHhYSpQswhPcvDXj+8rK9LaonAfcNWM
> ...
> > example.net is a server which will resolve the reference by means of a
> simple HTTP query using the pattern http://<host>/.well-known/ppid/<hash>
> > "Syd...NWM" is the Base64 hash of OID-SHA256 + SHA256(X)
> ..
> > So to use this as a mechanism for ghetto key distribution receivers
> would add the URI into their account. Or let their PKI discovery agent do
> it for them.
>
> We've been experimenting with much the same. With two twists. Basic
> principle is the same.
>
> We use:
>
> -       <namespace>:<id>
>
> as to keep it short. ID is currently a <sha1>; namespace is a 2-3 char
> identifier. We then construct with this a 'hardcoded' zone name:
>
>         <namespace>.fqdn-in-some-tld.
>
> which is to have a (signed) entry for in DNS:
>
>         <id>.<ns>.<namespace>.fqdn-in-some-tld.
>
> which is in fact a first-come, first-served secure dynamic dns updatable
> zone containing the public key.
>
> Which once created allows only updating to those (still) having the
> private key of the public key that signed the initial claim of that <id>.
>

Interesting, though I suspect this is attempting to meet different trust
requirements than I am.

A couple of days ago I spoke with someone well known here who has seen the
Snowden files. His take was that when the NSA has a choice of doing A or B
it always does both.

I think we need to adopt the same approach but in a way that lets all the
various approaches work together. It should not be necessary for me to
install five plug ins into Thunderbird to support five different flavors of
researchy trust infrastructure.

A better approach is to have one plug-in, or better native support for a
connector to a Web Service that can then perform all the researchy trust
infrastructure navigation on my behalf. The Web service can be shared
between users and when there is a new researchy trust infrastructure
proposed, all that is necessary to add it into the mix is to extend the Web
Service and everyone using it can try out the new scheme and see if it is
practical.


This approach does introduce the risk that the web service might be
compromised. Particularly if the client is unable to perform at least some
degree of local validation on the keys. But the long term expectation would
be that support for trust infrastructures that prove to be stable, widely
used, and effective will eventually migrate into the client.


At this point the experimental research question should be 'is this trust
infrastructure practical'. We can get a very good idea of the security
properties of the system by looking at how people use it and doing math.


-- 
Website: http://hallambaker.com/

_______________________________________________
The cryptography mailing list
cryptography at metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography


----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B  47EE F46E 3489 AC89 4EC5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20130923/591aec7f/attachment-0001.sig>


More information about the cypherpunks mailing list