From nobody Mon Aug 1 13:54:47 2016 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D58412D8D4 for ; Mon, 1 Aug 2016 13:54:46 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.597 X-Spam-Level: X-Spam-Status: No, score=-2.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bE0Rz-QoVPrW for ; Mon, 1 Aug 2016 13:54:44 -0700 (PDT) Received: from mail-qk0-x22f.google.com (mail-qk0-x22f.google.com [IPv6:2607:f8b0:400d:c09::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B592312D8CD for ; Mon, 1 Aug 2016 13:54:44 -0700 (PDT) Received: by mail-qk0-x22f.google.com with SMTP id v123so24582340qkh.3 for ; Mon, 01 Aug 2016 13:54:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=gPeZGcPaH2rKt45U6wT7RLXJGZ3OXm8BsjqWYWG8raw=; b=LXa325mUQsGFnH2SuOlL4RsHNHMYWSNSp/9Wl+sBZqP1j4MfK9KfyQtnel2lqNkemS /RIW7cmt3KlcX96OKUye/ydfjsbIfEB7KCsj8ZIXJScbxiyR4KbL75o+4G9xxF1Y4Pfa +OVBLASoWtVGovAr42aTgBkm3C7UIENndkdA1lIaAq63b3h0+6+GKDq76CsXOX0It17s FEamcSgQp3GYKWoSRPJS6DUC2JVhcxcmIpYGOkiMLCwnqDa/b7m7TBoOB8tm5v2sakHj cTvl2vcD5UBDeUwKUOKHtw/pKqBOIeEQj8eNCSqMYGv9VyUoqOZzpoKcCAA3ctimU9GW gLDA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=gPeZGcPaH2rKt45U6wT7RLXJGZ3OXm8BsjqWYWG8raw=; b=HG+oCp3zsddIMHyPngJyDVHR72RN49Hl1RnX+b9BEA5p7gOLIEJjRzgZsK7GdtRjGO MtLX02H8LBS7+jgioqWy/3NCJXiLz7OrvPBcJoB2Sx8I/SYL0wMS4Uuog/PfJ1UjElAE 7qskyYvgkp5LOuf5Ye2DV+KIxJg429ZbFUko5r7vwzeQOVWxfWLPJYQX3PIqtL+Nrkmd /xxhhwK3vlMsq38WubRwL5qpD1oVc9KkN4/a12/gfLyV9nPTpZ2VATllJuWUXD+IrAy/ 1/g1QytGgYSC7MgMlH6oWxAD7D8m/NEU53EBFrTyexeAtiCj2tY4ePos2i52xOS4rY0G 7siQ== X-Gm-Message-State: AEkoousCWOmL31/+N7VECwrcJbnpi6EZiHgQeTrJT5B9Lx3uHZGHmpkNGYC75qO10BoA7VYGt38ZEVQcMjaXCQ== X-Received: by 10.55.17.8 with SMTP id b8mr72794qkh.37.1470084883889; Mon, 01 Aug 2016 13:54:43 -0700 (PDT) MIME-Version: 1.0 Sender: hallam@gmail.com Received: by 10.55.168.151 with HTTP; Mon, 1 Aug 2016 13:54:43 -0700 (PDT) In-Reply-To: References: From: Phillip Hallam-Baker Date: Mon, 1 Aug 2016 16:54:43 -0400 X-Google-Sender-Auth: 2XrafoqWzaJv8d5Tbv4TmZUIu84 Message-ID: To: Barry Leiba Content-Type: multipart/alternative; boundary=001a113b0b724b6a03053908cfd5 Archived-At: Cc: IETF OpenPGP Subject: Re: [openpgp] Minutes from the IETF 96 openpgp session posted X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Aug 2016 20:54:46 -0000 --001a113b0b724b6a03053908cfd5 Content-Type: text/plain; charset=UTF-8 I said I would provide text. Did not get round to it before going on holiday. Will do it as soon as I get back. Off to Bletchley Park tomorrow. On Fri, Jul 29, 2016 at 3:24 PM, Barry Leiba wrote: > They are here: > https://www.ietf.org/proceedings/96/minutes/minutes-96-openpgp > > And many, MANY thanks to Melinda Shore for the most excellent work on > the minutes! > > Comments or corrections here, please. > > Chairingly, > Barry > > _______________________________________________ > openpgp mailing list > openpgp@ietf.org > https://www.ietf.org/mailman/listinfo/openpgp > --001a113b0b724b6a03053908cfd5 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
I s= aid I would provide text. Did not get round to it before going on holiday. = Will do it as soon as I get back.

Off to Bletchley Park tomorrow.

On Fri, Jul 29, 2016 at 3:24 PM, Barry= Leiba <barryleiba@computer.org> wrote:
They are here:
https://www.ietf.org/proceedings/96/mi= nutes/minutes-96-openpgp

And many, MANY thanks to Melinda Shore for the most excellent work on
the minutes!

Comments or corrections here, please.

Chairingly,
Barry

_______________________________________________
openpgp mailing list
openpgp@ietf.org
https://www.ietf.org/mailman/listinfo/openpgp

--001a113b0b724b6a03053908cfd5-- From nobody Thu Aug 4 07:35:10 2016 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D0D5112DA41 for ; Thu, 4 Aug 2016 07:35:08 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.289 X-Spam-Level: X-Spam-Status: No, score=-3.289 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-1.287, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=singpolyma.net Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mKpM7303KuWb for ; Thu, 4 Aug 2016 07:35:07 -0700 (PDT) Received: from singpolyma.net (singpolyma.net [IPv6:2607:5300:60:9e74:1000::]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4A43012DA1A for ; Thu, 4 Aug 2016 07:35:07 -0700 (PDT) Received: by singpolyma.net (Postfix, from userid 1000) id 275D4486080C; Thu, 4 Aug 2016 14:35:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=singpolyma.net; s=iweb; t=1470321306; bh=Ab59crJG4RPHlua1RMNcbgRgwoHi37JLrtENKk9xQJA=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=VZ7vAoScdmifElHWAlhoW5d7V6lMn5Vxew+mQCnxM7CvCCtzkGC7376OG99kJdcWA 4nkKZ8uaawVpn4dDN11EePEzJabry7VhxYbMbwwAhakARInCTTKrz8pVRmcf0b+kpK lTg2rUnQiHEtfKzhxKmPjgtgNn3ImyJyApRT3X20= Date: Thu, 4 Aug 2016 09:35:04 -0500 From: Stephen Paul Weber To: Hanno =?utf-8?B?QsO2Y2s=?= Message-ID: <20160804143504.GD3918@singpolyma.net> References: <20160701153304.332d2c95@pc1> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="UHN/qo2QbUvPLonB" Content-Disposition: inline In-Reply-To: <20160701153304.332d2c95@pc1> Jabber-ID: singpolyma@singpolyma.net OpenPGP: id=CE519CDE; url=https://singpolyma.net/public.asc X-URL: https://singpolyma.net User-Agent: Mutt/1.5.21 (2010-09-15) Archived-At: Cc: IETF OpenPGP Subject: Re: [openpgp] Can the OpenPGP vs. S/MIME situation be fixed? X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Aug 2016 14:35:09 -0000 --UHN/qo2QbUvPLonB Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline Content-Transfer-Encoding: quoted-printable >I think it was a big mistake to create two competing standards in the >first place, but that was back in the 90s. So we may ask if we want to >live forever with this situation or if it can be fixed. If we can convince any CAs to start issuing OpenPGP signatures, then OpenPG= P=20 already has the features to support this mode of operation. So it's really= =20 just about formats / software support, etc. --=20 Stephen Paul Weber, @singpolyma See for how I prefer to be contacted edition right joseph --UHN/qo2QbUvPLonB Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJXo1KYAAoJENEcKRHOUZzeKgIQAJnJMSSjtU+yieyWeE5LIZVY DKlEIXnYS3lP+TNnfgN8NkjgG/7Nd43XXQNDK5pPYSVz2up7+Z9lmVDRH5r53cfT 00VcA7Y0J02sDShmjChEFBmQaypAGx0VXchpim4DNcFiiXrO1ByBp+bfCT9esl1l IigN0g6iVloFxdRcBGjjS7yMBApmgDXJaQmLERg1DXbFHv3u8y6/ZCtjK05Az0eI X1G3gdEJqdkYlDaYP/FJA3K26GarpT+D6zebdJ8ypfgOPFXjQ0KHRiWAx4706xJY A19U/XsrYVq/vvDMlxHuY/7swVTWKdT8YjS/tuaOYOrEdG1Xy1d8xBctVZrQ1Qsg 5XN9JkNyi+CoqRe7uUmM1YfA9IT2XcOzP8tRFRtCBfaQPyptOVVI8uC8CpIAeYeZ 2GSdWp4LqlG+1E2ZTaAqHZCahJuCJXxfPq6qV9ijoZQfi5zbRwjEi5RMxQZklqOJ Fa5rq43jgDd18h+xysq8RQyFy2WknzzzqQQ3nDPyjI/5h371lgD7egvtiofJp2G4 3tstdpP4NT+XprcLbk6AMwMK774ZJLJnIuUMGHlluv8yp9P8EjqsMU1OYKJ+O/5t c9OzpBbw17iPS7CsX2aNYs5mPb1Mzo5b00gAdetxgBtYQPOcRRoPMz/0iKTN+L+2 OBfzyhVTkH8Zr25KWRK3 =TXEb -----END PGP SIGNATURE----- --UHN/qo2QbUvPLonB-- From nobody Sun Aug 14 07:37:50 2016 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5950412B01D for ; Sun, 14 Aug 2016 07:37:49 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bqp-DSXpnueK for ; Sun, 14 Aug 2016 07:37:47 -0700 (PDT) Received: from virulha.pair.com (virulha.pair.com [209.68.5.166]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C8BD412B016 for ; Sun, 14 Aug 2016 07:37:47 -0700 (PDT) Received: from tormenta.local (iang.org [209.197.106.187]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by virulha.pair.com (Postfix) with ESMTPSA id EE7CA6D748; Sun, 14 Aug 2016 10:37:45 -0400 (EDT) To: openpgp@ietf.org References: <20160701153304.332d2c95@pc1> <874m86xq04.fsf@alice.fifthhorseman.net> <9A043F3CF02CD34C8E74AC1594475C73F4CB97D2@uxcn10-5.UoA.auckland.ac.nz> <5779E086.9000506@brainhub.org> From: ianG Message-ID: <5b2f191e-1ffe-b7ec-1498-383d5570b338@iang.org> Date: Sun, 14 Aug 2016 10:37:44 -0400 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Archived-At: Subject: Re: [openpgp] Can the OpenPGP vs. S/MIME situation be fixed? X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Aug 2016 14:37:49 -0000 On 6/07/2016 18:12 pm, Phillip Hallam-Baker wrote: > > > On Wed, Jul 6, 2016 at 10:59 AM, Derek Atkins > wrote: > > Phillip Hallam-Baker > writes: > > > There's how you issue certificates (the whole CA/introducer issue(s)), > > whether certs contain one key or key sets, how they are transported (S/ > > MIME puts them in the message, OpenPGP in directories etc.), and even the > > role of the internal layering. Note that OpenPGP is a binary (and UTF-8 is > > still binary) object protocol with a drizzling of MIME-encoding frosting > > over the top. That frosting is subject to its own interpretations. S/MIME > > in contrast *starts* with the email and MIME object and underneath there's > > CMS, usually almost as an afterthought. (Did you have a momentary "huh?" > > in your head when you read CMS? Many people do, and that's the point.) S/ > > MIME starts at the top, OpenPGP starts at the bottom. > > > > And oh, there are also other things that have to be re-hashed like ASN.1 > > all over again and the things it drags along like encoding rules. This is > > a good deal why perhaps its better to just push the other things up into > > software. The reason that there are the two standards is that they address > > different views of the world, technical as well as political. > > > > ​Two views of the world that are rather absolutist and thus wrong. Some parts > > of the world are hierarchical, others are not. A trust infrastructure needs to > > support both. But it isn't clear such infrastructure is best implemented > > inside a client. > > OpenPGP can support hierarchical certificate deployments just fine (my > company is building one) as well as the Web of Trust model. X.509 > cannot support a Web of Trust deployment, period. > > So there is a clear winner here. > > > ​ > You can in fact make X.509 do Web of trust. You simply give each user > their own CA root and cross certify. > > I was doing that for quite a while till I realized that the legacy stuff > was hurting rather than helping. Yes you can get the protocols to do > more than the apps let them. But you don't have the advantage of legacy > platform support or legacy platform ignoring your stuff in a predictable > way. Right - that word legacy. My experiences are that you can get both of the tech stacks to handle the requirements with enough nailing and pain. But at some point the tech stack starts to interfere too dramatically, and you're better off starting again. One issue to bear in mind is that we are talking about a rather narrow and dated concept - email. In the pre-web world, all comms was basically email. Most comms these days is not email. And, what we knew about what was interesting in the late 1980s early 1990s is no longer the text book. Other methods/views/requirements are much more interesting. Which is to say, we could narrow the scope so that we could get these tools to finally slay the dual standard dragon, but we'd still be slaying a beast that is no longer big and scary. iang, chiming in yonks late. From nobody Tue Aug 16 13:29:52 2016 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 05C3B12D827 for ; Tue, 16 Aug 2016 13:29:51 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.897 X-Spam-Level: X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LD3f0UxADKgq for ; Tue, 16 Aug 2016 13:29:49 -0700 (PDT) Received: from mail-qk0-x229.google.com (mail-qk0-x229.google.com [IPv6:2607:f8b0:400d:c09::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3163D126D74 for ; Tue, 16 Aug 2016 13:29:49 -0700 (PDT) Received: by mail-qk0-x229.google.com with SMTP id v123so82802395qkh.2 for ; Tue, 16 Aug 2016 13:29:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=63AbuE4iXVWihs4T/bQU8DK0IfIFGSBkIJ6iC+C/ph8=; b=LB6xSTstNoYzv0HaguRbgcdlYpkXo8os+akg5sYRQuNuxyWEY6aZTpDoSqk3Rt8b1+ 9X8FHdAJlg6gSv+7DXZjoE56bp+WlaabrUwqwcdzZlIlB89mS1hljwpberTgCSLMXwIR qaMkLIZ4DmrXyv1I46z3ZKT3nSeJKdY/pMihatf1K+vV3BzkGtBifxDsYZ09JtL5DQNL PejYi94kfON1v9SoCzJ/GJpH06G3tNhx7g3rVWi+Fa+JiQCFYlxGM73SejmUtbQOhP1E I6u9K4td0jWRTYDDMHDF/WQfat6sfLcwOQunFUfO9LMtLUrOoz/uE2KuGd3VnZIfOITc NoPQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=63AbuE4iXVWihs4T/bQU8DK0IfIFGSBkIJ6iC+C/ph8=; b=WV6yVXc0/1GUJnryr1A5tZ/1zDarUnUTo1wOf2tp4W42jrVlzArYAPNTjupv4K8OzW aGRKlgL2t9rI8lIsQCittF+zAFB2ZNAQ9T4OgceJqQS93erS+HaeiR9jgnqK74RA1b8j up/iog+RsEZqaVU2PjyOZnKF8lAew36uLgQSR13cxqNOR3PO1zo0JApHH8/TDjWcpVXy rdtC5PtI6OAPYynmLd2+9kWyYENfgcaZbmCgVeBXLatsmhFb318LsKHT3wG8LVNHinRA /33aa4LXGK1g0b+9732r5wmq7U+OFEdZ707Rm06bZkopHRKKXJ0ZIr5fRrSCbrftaWlN UyYQ== X-Gm-Message-State: AEkoouufu955/tDCClnzCqTi9xrXXfWww7cWLaRzvDX/H3DYNfC66ZuTQGzJVsGznc9qa134DjMFsgnSsWuHig== X-Received: by 10.55.10.6 with SMTP id 6mr38843166qkk.164.1471379388195; Tue, 16 Aug 2016 13:29:48 -0700 (PDT) MIME-Version: 1.0 Sender: hallam@gmail.com Received: by 10.55.168.151 with HTTP; Tue, 16 Aug 2016 13:29:47 -0700 (PDT) In-Reply-To: <5b2f191e-1ffe-b7ec-1498-383d5570b338@iang.org> References: <20160701153304.332d2c95@pc1> <874m86xq04.fsf@alice.fifthhorseman.net> <9A043F3CF02CD34C8E74AC1594475C73F4CB97D2@uxcn10-5.UoA.auckland.ac.nz> <5779E086.9000506@brainhub.org> <5b2f191e-1ffe-b7ec-1498-383d5570b338@iang.org> From: Phillip Hallam-Baker Date: Tue, 16 Aug 2016 16:29:47 -0400 X-Google-Sender-Auth: QhJiWxxxe3jFX8BeoHQINQM-ZgQ Message-ID: To: ianG Content-Type: multipart/alternative; boundary=001a114d873ec36d7a053a363519 Archived-At: Cc: IETF OpenPGP Subject: Re: [openpgp] Can the OpenPGP vs. S/MIME situation be fixed? X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Aug 2016 20:29:51 -0000 --001a114d873ec36d7a053a363519 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Sun, Aug 14, 2016 at 10:37 AM, ianG wrote: > > Right - that word legacy. My experiences are that you can get both of th= e > tech stacks to handle the requirements with enough nailing and pain. But > at some point the tech stack starts to interfere too dramatically, and > you're better off starting again. > > One issue to bear in mind is that we are talking about a rather narrow an= d > dated concept - email. In the pre-web world, all comms was basically > email. Most comms these days is not email. And, what we knew about what > was interesting in the late 1980s early 1990s is no longer the text book. > Other methods/views/requirements are much more interesting. > > Which is to say, we could narrow the scope so that we could get these > tools to finally slay the dual standard dragon, but we'd still be slaying= a > beast that is no longer big and scary. > > iang, chiming in yonks late. =E2=80=8BMy thoughts pretty much.=E2=80=8B I see three possible paths towards convergence and I am trying for all three. 1) Converge S/MIME and OpenPGP standards to the point that they are functionally interoperable. So just like the fact that 120V and 240V are still in use, pretty much every laptop you buy will work on either without issue. The supply voltage is no longer an issue for most equipment. 2) As in (1) above but the systems merge to the point that one or the other 'wins'. 3) Propose a completely new infrastructure that might supersede both because it offers a major functional advance. =E2=80=8BI don't see much point in a third standard that does the same as O= penPGP and S/MIME. But where there is opportunity is to offer wider functionality. * If I have someone's public key, I should be able to contact them securely by mail, chat, messaging, voice or video. =E2=80=8B =E2=80=8B* Integrating proxy re-encryption into the system so that it is po= ssible to have end to end secure confidential mailing lists, controlled document distribution and support for individually keyed devices. Right now I am looking at how to make use of proxy re-encryption as a 'clean slate' proposal. Once I get that working we can look at the system and decide whether it makes sense to back-engineer it into legacy systems or not. =E2=80=8B --001a114d873ec36d7a053a363519 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

On Sun, Au= g 14, 2016 at 10:37 AM, ianG <iang@iang.org> wrote:

Right - that word legacy.=C2=A0 My experiences are that you can get both of= the tech stacks to handle the requirements with enough nailing and pain.= =C2=A0 But at some point the tech stack starts to interfere too dramaticall= y, and you're better off starting again.

One issue to bear in mind is that we are talking about a rather narrow and = dated concept - email.=C2=A0 In the pre-web world, all comms was basically = email.=C2=A0 Most comms these days is not email.=C2=A0 And, what we knew ab= out what was interesting in the late 1980s early 1990s is no longer the tex= t book.=C2=A0 Other methods/views/requirements are much more interesting.
Which is to say, we could narrow the scope so that we could get these tools= to finally slay the dual standard dragon, but we'd still be slaying a = beast that is no longer big and scary.

iang, chiming in yonks late.

=E2=80=8BMy thought= s pretty much.=E2=80=8B

I see three possible pa= ths towards convergence and I am trying for all three.

1) Converge S/MIME and OpenPGP standards to the point that they are = functionally interoperable. So just like the fact that 120V and 240V are st= ill in use, pretty much every laptop you buy will work on either without is= sue. The supply voltage is no longer an issue for most equipment.

2) As in (1) above but the systems merge to the point tha= t one or the other 'wins'.

3) Propose a = completely new infrastructure that might supersede both because it offers a= major functional advance.

=E2=80=8BI don't see much point = in a third standard that does the same as OpenPGP and S/MIME. But where the= re is opportunity is to offer wider functionality.=C2=A0

* If I have someone's public key, I sho= uld be able to contact them securely by mail, chat, messaging, voice or vid= eo. =E2=80=8B

=E2=80=8B* Integrating proxy re-encryption into the system so= that it is possible to have end to end secure confidential mailing lists, = controlled document distribution and support for individually keyed devices= .

Right now I am looking = at how to make use of proxy re-encryption as a 'clean slate' propos= al. Once I get that working we can look at the system and decide whether it= makes sense to back-engineer it into legacy systems or not. =E2=80=8B


--001a114d873ec36d7a053a363519-- From nobody Wed Aug 17 20:49:02 2016 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D779E12D501 for ; Wed, 17 Aug 2016 20:49:00 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.597 X-Spam-Level: X-Spam-Status: No, score=-2.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 15XUmzgH8ppQ for ; Wed, 17 Aug 2016 20:48:58 -0700 (PDT) Received: from mail-qt0-x232.google.com (mail-qt0-x232.google.com [IPv6:2607:f8b0:400d:c0d::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 874A912D099 for ; Wed, 17 Aug 2016 20:48:58 -0700 (PDT) Received: by mail-qt0-x232.google.com with SMTP id u25so3083560qtb.1 for ; Wed, 17 Aug 2016 20:48:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:from:date:message-id:subject:to; bh=IvEgti20SEw8K0ADn2wfUN5YC0pMepCQwOeurSkax8w=; b=GoFOQxB/Z6MXSOJJs+jMlou2oBfLwsA+CYCeLpgZg66+MaSqBjYUUK1jf1EUSU+jCp njmmJtYd9ilGrnvimm/Sf7mtyYUe5fqpXWYyEKJ2w4jdd4DGTQjhtCJ8vX3DOTC58oLt 3fP6km5OEOLOzN4gkFk44JaB8SC//a6SPVZ99gJAtqCUxgrwhZwqMCGbAmbWiVl7FWW/ voS2j4k8nwW/mtT13aRKv60oYKecuReCcRA1p3+uYOHtkzVHrHuiJr2ph16YrT98sypu uDIoY3yiF+5F+ZrYx/SpG/wSacSWmitJ3C54QEkXDFHOi3e+Abjq5++UXhcXGyPj3rKT wmKA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:from:date:message-id:subject :to; bh=IvEgti20SEw8K0ADn2wfUN5YC0pMepCQwOeurSkax8w=; b=HwfKtORiBJidHOI/rxqIK+XE+tGLjwAMW0vIrWpgpZC/qzdkyYRMPNYTTRu0kkUMl1 jXoTDsBDdGw/Zhr3BzkOdNKr5fWpFS7PkLKML3moKQ1a6UxZAzWw7ukrTbQFffR1cXqk aZvMwJXPLyJFFYxBcghTAhubcEYkaeyq+/7LQWHWrGOuKEtBOSWcXgXxuIsOYT7/1f2z t0dM+FnnyA7OlMMujWcyayF6dlFO0rlL27A3jDCApVl9asxczjtPAddHxFnkRQqb++sV NlzvW6oVGELJSL8PBqRj54iXenJsgrk6JcjhQ2d7PBayeYpvNUcGLvusB/QMrRKQvQn7 vjLw== X-Gm-Message-State: AEkoousm9lB9AwXq6IBAmVp3UIxHI5H3wgQUcUqptFZ01i+kxz+vR1YZ04tKGZmiBTHxLEMPLLzl60jX5ZlBzw== X-Received: by 10.200.53.214 with SMTP id l22mr60416qtb.117.1471492137536; Wed, 17 Aug 2016 20:48:57 -0700 (PDT) MIME-Version: 1.0 Sender: hallam@gmail.com Received: by 10.55.168.151 with HTTP; Wed, 17 Aug 2016 20:48:57 -0700 (PDT) From: Phillip Hallam-Baker Date: Wed, 17 Aug 2016 23:48:57 -0400 X-Google-Sender-Auth: S3TW2JznsnqbMSFdHvtHXzwy89U Message-ID: To: IETF OpenPGP Content-Type: multipart/alternative; boundary=001a113b89c425d47e053a5076ad Archived-At: Subject: [openpgp] Proposed text for V5 fingerprint X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Aug 2016 03:49:01 -0000 --001a113b89c425d47e053a5076ad Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable This is a very first draft. What I am doing here is extracting the mechanism from my UDF draft and presenting the case for OpenPGP as a standalone example. I have stripped out all the explanation of why things are done in the particular way they are since this is for a specification, not a requirements doc. I would see this slotting into the current draft as Section 12.3 It looks like I need to work more on harmonizing with the house style of the OpenPGP spec. I would also like to add an example. Unfortunately I can only work on this at night as my office is at 90 degrees right now (AC is bust). ##V5 Fingerprint calculation and presentation A V5 fingerprint value is a sequence of bits that provides a sufficiently unique identifier for a public key. In addition to generating and accepting the text string presentation used in earlier versions of OpenPGP applications MAY support such additional presentation formats as are found to be useful. Conforming V5 OpenPGP implementations MUST support the V5 Fingerprint text presentation format for display and entry of fingerprint values. Support for all other fingerprint values is optional. ###V5 Fingerprint value calculation The OpenPGP V5 fingerprint value is calculated as follows Fingerprint =3D + H ( + =E2=80=98:=E2=80=99 + H(<= data>)) Where: Version-ID =3D 0x60 Content-ID =3D "application/pgp-v5-key" <> H(x) =3D SHA-2-512(x) =3D =3D a.1) 0x99 (1 octet) a.2) high-order length octet of (b)-(d) (1 octet) a.3) low-order length octet of (b)-(d) (1 octet) b) version number =3D 5 (1 octet); c) algorithm (1 octet): 17 =3D DSA (example); d) Algorithm-specific fields. The value of Version-ID is intentionally chosen so that the first character of every V5 fingerprint in the text presentation format is 'M', a character that is guaranteed not to appear in a V4 or earlier fingerprint format where hexadecimal values were used. Thus ensuring that V5 fingerprints are not accidentally confused. The construction of the data sequence over which the hash value is calculated follows the construction used in V4 with the omission of the key creation timestamp field. This ensures that a given set of public key parameters has exactly one V5 fingerprint value. The Content-ID is a MIME content type identifier that indicates that fingerprint value is of data in the pgp-v5-key format specified above and is intended for use with an OpenPGP application. If a fingerprint value is to be calculated for a public key value specified in a different format (e.g. a PKIX certificate or key) or for a future version of OpenPGP with a different format, a different Content-ID value MUST be used. ###V5 Fingerprint Text Presentation. The Binary Fingerprint Value is truncated to an integer multiple of 25 bits regardless of the intended output presentation. The output of the hash function is truncated to a sequence of n bits by first selecting the first n/8 bytes of the output function. If n is an integer multiple of 8, no additional bits are required and this is the result. Otherwise the remaining bits are taken from the most significant bits of the next byte and any unused bits set to 0. For example, to truncate the byte sequence [a0, b1, c2, d3, e4] to 25 bits. 25/8 =3D 3 bytes with 1 bit remaining, the first three bytes of the truncated sequence is [a0, b1, c2] and the final byte is e4 AND 80 =3D 80 which we add to the previous result to obtain the final truncated sequence of [a0, b1, c2, 80] A modified version of Base32 [!RFC4648] encoding is used to present the fingerprint in text form grouping the output text into groups of five characters separated by a dash =E2=80=98-=E2=80=98. # IANA Requirements Register a new content type for application/pgp-v5-key --001a113b89c425d47e053a5076ad Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Thi= s is a very first draft. What I am doing here is extracting the mechanism f= rom my UDF draft and presenting the case for OpenPGP as a standalone exampl= e.

I have stripped out al= l the explanation of why things are done in the particular way they are sin= ce this is for a specification, not a requirements doc.

I would see this slotting into the current d= raft as Section 12.3

It l= ooks like I need to work more on harmonizing with the house style of the Op= enPGP spec. I would also like to add an example.

Unfortunately I can only work on this at night as m= y office is at 90 degrees right now (AC is bust).


=
##V5 Fingerprint calculation and pr= esentation

A V5 fingerprint value is a sequence of bits= that provides a sufficiently=C2=A0
unique identifier for a public key. In addition to generating and acc= epting=C2=A0
the text string p= resentation used in earlier versions of OpenPGP applications
MAY support such additional presentation for= mats as are found to be useful.

Conforming V5 OpenPGP i= mplementations MUST support the V5 Fingerprint
text presentation format for display and entry of fingerpr= int values.
Support for all ot= her fingerprint values is optional.

###V5 Fingerprint v= alue calculation

The OpenPGP V5 fingerprint value is ca= lculated as follows

=
Fingerprint =3D <Version-ID> = + H (<Content-ID> =C2=A0+ =E2=80=98:=E2=80=99 + H(<data>))

Where:

Version-ID =3D 0x60

Content-ID =3D "application/pgp-v5-key"=C2=A0
<<MIME Content-Type string TBS by IANA>>

H(x) =3D SHA-2-512(x)

<data> =3D <pgp= -v5-key>

<pgp-v5-key> =3D=C2=A0

a.1) 0x99 (1 octet)

=
a.2) high-order length octet = of (b)-(d) (1 octet)

a.3) low-order length octet of (b)= -(d) (1 octet)

b) version number =3D 5 (1 octet);
=

c) algorithm (1 octet): 17 =3D DSA (example);

d) Algorithm-specific fields.

The value of Versio= n-ID is intentionally chosen so that
the first character of every V5 fingerprint in the text presentation= =C2=A0
format is 'M', = a character that is guaranteed not to appear in a V4=C2=A0
or earlier fingerprint format where hexadecim= al values were used.
Thus ensu= ring that V5 fingerprints are not accidentally confused.

The construction of the data sequence over which the hash value=C2=A0
is calculated follows the constru= ction used in V4 with the omission
of the key creation timestamp field. This ensures that a given set=C2= =A0
of public key parameters h= as exactly one V5 fingerprint value.

The Content-ID is = a MIME content type identifier that indicates that
fingerprint value is of data in the pgp-v5-key format = specified=C2=A0
above and is i= ntended for use with an OpenPGP application.=C2=A0

If a= fingerprint value is to be calculated for a public key value=C2=A0
specified in a different format (e.g.= a PKIX certificate or key)
or= for a future version of OpenPGP with a different <data> format,
a different Content-ID value MUST = be used.


###V5 Fingerprint Text Presentation.

The Binary F= ingerprint Value is truncated to an integer multiple=C2=A0
of 25 bits regardless of the intended output = presentation. =C2=A0

The output of the hash function is= truncated to a sequence of n bits=C2=A0
by first selecting the first n/8 bytes of the output function. I= f n=C2=A0
is an integer multip= le of 8, no additional bits are required and=C2=A0
this is the result. Otherwise the remaining bits are t= aken from the=C2=A0
most signi= ficant bits of the next byte and any unused bits set to 0.

For example, to truncate the byte sequence [a0, b1, c2, d3, e4] to=C2= =A0
25 bits. 25/8 =3D 3 bytes = with 1 bit remaining, the first three bytes=C2=A0
of the truncated sequence is [a0, b1, c2] and the final= byte is=C2=A0
e4 AND 80 =3D 8= 0 which we add to the previous result to obtain the=C2=A0
final truncated sequence of [a0, b1, c2, 80]<= /div>

A modified version of Base32 [!RFC4648] encoding is use= d to present=C2=A0
the fingerp= rint in text form grouping the output text into groups of=C2=A0
five characters separated by a dash =E2= =80=98-=E2=80=98.=C2=A0


# IANA Requirements

Register a new c= ontent type for application/pgp-v5-key=C2=A0
--001a113b89c425d47e053a5076ad-- From nobody Mon Aug 22 12:04:21 2016 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5F18212D798; Mon, 22 Aug 2016 12:04:12 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.597 X-Spam-Level: X-Spam-Status: No, score=-2.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3mNRk_xNa5nZ; Mon, 22 Aug 2016 12:04:11 -0700 (PDT) Received: from mail-qk0-x22c.google.com (mail-qk0-x22c.google.com [IPv6:2607:f8b0:400d:c09::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1D61312D5A5; Mon, 22 Aug 2016 12:04:10 -0700 (PDT) Received: by mail-qk0-x22c.google.com with SMTP id l2so89950829qkf.3; Mon, 22 Aug 2016 12:04:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:from:date:message-id:subject:to; bh=R46glwfuinuQEXLMMrmIX627Z2aZvla+rlJjE7vw5cg=; b=keaCnE+bLsLTjpdMBg/AcCyQ+V0QcBNJ149Y9ZYkfHmMjtapAB16idE5TDII9jRQaS q751gL+9farQVjEOVQZ0prfs+HHDMgGIzEue5e8enNuaYWj/FSn4enD5iS7RhqaaN/nv vbkgzpgtPaPylVBNWdtNgIv7mUR+WcS69KIEUZQeyi1nr30eC4vX9hz0XoxnaP9IYzrc OPJA6N+UQeMeJfMr05fYyzRnQ60jMINPEgyT4riD2w5PRR9KfAVQJo3pR4xlZq83RTaq VwtFaGJcMSlQruUC7wU6gmiJSbekod7q2pe0qjkU1m3gDJQn9D/ypqy3J0IxP3bFym8l UBLg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:from:date:message-id:subject :to; bh=R46glwfuinuQEXLMMrmIX627Z2aZvla+rlJjE7vw5cg=; b=aTxoNnjekXqRWwy9PzGll2tHJt/jh7STP+MblkQf1PRprKpjgDpsz83L7fA0R6f1j4 bLpbfWHxZdpf9DPYpFDFMK5nZgCt/VRXIe4DVIdgxeR+73jLuDJNF7MD27JGgh8UJERy i9mnYyLgbUFuzOQtzoZfKfluViMucW/ta4SaN1YZPyNqbPqwU785PyYofwPlZTANUuhJ d8qHo1KlRpRN0CyP28C8hOvUm1MDv7Utf1TzLDoPyRFSw79yrtV3MTY121rRzq+nUC0U 5L+Tj8z6iRQw1+efDmnnZxGLSofz/WQ/HtvIQ8Gk4fOaMXxzBHLOaOW6EdwEjXbDdmQN p3gg== X-Gm-Message-State: AEkoouvQKIC7CxVert2ulSeT/mmxwGoWbXVSWCReMY4p06hcAGt78jaCPp+vC9xvsFQVQxnlX/sM3cmHucPVxA== X-Received: by 10.55.99.195 with SMTP id x186mr25013950qkb.26.1471892649031; Mon, 22 Aug 2016 12:04:09 -0700 (PDT) MIME-Version: 1.0 Sender: hallam@gmail.com Received: by 10.55.168.151 with HTTP; Mon, 22 Aug 2016 12:04:08 -0700 (PDT) From: Phillip Hallam-Baker Date: Mon, 22 Aug 2016 15:04:08 -0400 X-Google-Sender-Auth: 2E1H8l7X350QRopIPTuJz1XG-oU Message-ID: To: endymail , "cfrg@irtf.org" , IETF OpenPGP , IETF SMIME Content-Type: multipart/alternative; boundary=001a114d38227e3edd053aadb633 Archived-At: Subject: [openpgp] Proposal to use Proxy Re-Encryption in a messaging protocol X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Aug 2016 19:04:12 -0000 --001a114d38227e3edd053aadb633 Content-Type: text/plain; charset=UTF-8 NB: Please direct followups to endymail@ietf.org alone The draft is at: https://www.ietf.org/id/draft-hallambaker-mesh-recrypt-00.txt At the last IETF, I made a presentation on the use of Proxy Re-Encryption 'recryption' at the CFRG session=. I think that this is a very powerful technique that solves some real problems we are facing today that were probably not as apparent when it was first proposed. In particular, recryption allows end-to-end security to be preserved in situations where it would normally be lost. For example in a mailing list application or in a situation where Alice needs to read her email on multiple devices, some of which might be mobile devices that could get lost. Recryption also provides the ideal basis for Confidential Document Control which is an access control system that uses data level encryption, One slight holdup here is that there is a patent encumbrance that purports to claim the use of recyption for DRM applications but this will expire shortly, certainly before any project could get off the ground. I have written an Internet draft showing how Recryption might be implemented as a 'clean slate' protocol. Since we don't have anything like a CDC application yet (Plasma maybe), this is going to be a requirement for some situations. I am thinking we should probably try to build something and work out how to get that running before working out how best to fit these capabilities to S/MIME, OpenPGP, Jabber, etc. Contrary to my usual practice, there is no code so far, well no implementation code.I will be filling that in once I finish a few things ahead of this in the queue, specifically using the Mesh to manage SSH keys. The one technical holdup I see here is that if we are going to get people to use it, usability can't be 'OK' or 'not bad'. The only way to get a new crypto system off the ground is to design something that delivers usability that is iPhone level perfect. I think that the Mesh makes that possible of course but I will probably have to prove that with some demos. Which is why I want to get the Mesh to manage SSH keys. --001a114d38227e3edd053aadb633 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
NB:= Please direct followups to endymail@i= etf.org alone


The draft is at:<= /div>

https://www.ietf.org/id/draft-hallambaker= -mesh-recrypt-00.txt


At the= last IETF, I made a presentation on the use of Proxy Re-Encryption 're= cryption' at the CFRG session=3D. I think that this is a very powerful = technique that solves some real problems we are facing today that were prob= ably not as apparent when it was first proposed.

In particular, recryption allows end-to-end securit= y to be preserved in situations where it would normally be lost. For exampl= e in a mailing list application or in a situation where Alice needs to read= her email on multiple devices, some of which might be mobile devices that = could get lost. Recryption also provides the ideal basis for Confidential D= ocument Control which is an access control system that uses data level encr= yption,

One slight holdup= here is that there is a patent encumbrance that purports to claim the use = of recyption for DRM applications but this will expire shortly, certainly b= efore any project could get off the ground.


I have written an Internet draft showing how Recryption might be= implemented as a 'clean slate' protocol. Since we don't have a= nything like a CDC application yet (Plasma maybe), this is going to be a re= quirement for some situations. I am thinking we should probably try to buil= d something and work out how to get that running before working out how bes= t to fit these capabilities to S/MIME, OpenPGP, Jabber, etc.

Contrary to my usual practice, there is= no code so far, well no implementation code.I will be filling that in once= I finish a few things ahead of this in the queue, specifically using the M= esh to manage SSH keys.

<= br>
The one tec= hnical holdup I see here is that if we are going to get people to use it, u= sability can't be 'OK' or 'not bad'. The only way to ge= t a new crypto system off the ground is to design something that delivers u= sability that is iPhone level perfect. I think that the Mesh makes that pos= sible of course but I will probably have to prove that with some demos. Whi= ch is why I want to get the Mesh to manage SSH keys.



--001a114d38227e3edd053aadb633-- From nobody Mon Aug 29 05:44:17 2016 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4D35312D531 for ; Mon, 29 Aug 2016 05:44:16 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.6 X-Spam-Level: X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gRK8ic8Z7V4g for ; Mon, 29 Aug 2016 05:44:14 -0700 (PDT) Received: from mx1.mailbox.org (mx1.mailbox.org [80.241.60.212]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 67E2D12D12B for ; Mon, 29 Aug 2016 05:44:13 -0700 (PDT) Received: from smtp1.mailbox.org (smtp1.mailbox.org [80.241.60.240]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.mailbox.org (Postfix) with ESMTPS id E39B743F56; Mon, 29 Aug 2016 14:44:10 +0200 (CEST) X-Virus-Scanned: amavisd-new at heinlein-support.de Received: from smtp1.mailbox.org ([80.241.60.240]) by gerste.heinlein-support.de (gerste.heinlein-support.de [91.198.250.173]) (amavisd-new, port 10030) with ESMTP id NWzbK98M8kyp; Mon, 29 Aug 2016 14:43:38 +0200 (CEST) To: IETF OpenPGP , openpgp-email@enigmail.net From: Dominik Schuermann Message-ID: Date: Mon, 29 Aug 2016 14:43:35 +0200 MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="Q0WDSuo5hVIMjq548tld4BvAWlnEE3vHP" Archived-At: Subject: [openpgp] openpgp.org reactivated X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Aug 2016 12:44:16 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --Q0WDSuo5hVIMjq548tld4BvAWlnEE3vHP Content-Type: multipart/mixed; boundary="GuGsRMDDHpfG6inP7KmL0W65hP5gU0kvV" From: Dominik Schuermann To: IETF OpenPGP , openpgp-email@enigmail.net Message-ID: Subject: openpgp.org reactivated --GuGsRMDDHpfG6inP7KmL0W65hP5gU0kvV Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi, with some help of Phil Zimmermann, I reactivated and re-purposed http://openpgp.org It is now hosted on GitHub pages and has a new design and content. I will try to put up new blog posts and content in the future. I am also very much open for pull requests to change, fix and extend the pages at http://github.com/OpenPGP/openpgp.github.io I would like to see this page grow like xmpp.org and provide an overview over the standards and maybe also provide recommendations, which are not part of the standard, but commonly implemented. In addition, it should provide a simple introduction for people who heard of OpenPGP but don't know which software to install. Cheers Dominik --GuGsRMDDHpfG6inP7KmL0W65hP5gU0kvV-- --Q0WDSuo5hVIMjq548tld4BvAWlnEE3vHP Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJXxC35AAoJEHGMBwEAASKCA1sH/1glzSjqAxFMnKwY8ik60j08 By5coXBtcf7fqlpT14Iz3glFcYQWOsdxHEIaEAqmxmCVYLPQvBBrXiQngEQwIgbv HqLr/0bb3+1QkwinlGwh21Nlg/zM2ViVUYGrUEferp+qN80yqDdyNXJUjmCY/QJw VirlodtGgSLnD8aDYoNXFo3ykglk+XVa5i5uVl8HbyQ679jyjHGzTfEUK9afyKiC MeI49hLbzcHr0FuvqJoRzajMSYBAxoGkYpXUjbHnFr7uyPHCe+/iwQyrm7CqJjV1 H2yNM3lKcOCisIYN6lj7JycDQeA1hvAtCbzAgzzVs8JnPNmkN4j6SQkAx0ASIqw= =+3Ef -----END PGP SIGNATURE----- --Q0WDSuo5hVIMjq548tld4BvAWlnEE3vHP-- From nobody Mon Aug 29 06:28:40 2016 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D4A7012D0CF for ; Mon, 29 Aug 2016 06:28:37 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.6 X-Spam-Level: X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WZLd8P-4vKrY for ; Mon, 29 Aug 2016 06:28:33 -0700 (PDT) Received: from mx1.mailbox.org (mx1.mailbox.org [80.241.60.212]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BD92A12D614 for ; Mon, 29 Aug 2016 06:28:33 -0700 (PDT) Received: from smtp1.mailbox.org (smtp1.mailbox.org [80.241.60.240]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.mailbox.org (Postfix) with ESMTPS id 49C2D4426D for ; Mon, 29 Aug 2016 15:28:32 +0200 (CEST) X-Virus-Scanned: amavisd-new at heinlein-support.de Received: from smtp1.mailbox.org ([80.241.60.240]) by hefe.heinlein-support.de (hefe.heinlein-support.de [91.198.250.172]) (amavisd-new, port 10030) with ESMTP id t0FVr_Q96Vj2 for ; Mon, 29 Aug 2016 15:28:27 +0200 (CEST) References: To: IETF OpenPGP From: Dominik Schuermann Message-ID: Date: Mon, 29 Aug 2016 15:28:27 +0200 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="1v1sN6EinhKaBcuocLbe5fVSL8XRI60T1" Archived-At: Subject: Re: [openpgp] [openpgp-email] openpgp.org reactivated X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.17 Precedence: list Reply-To: OpenPGP-based Email Encryption List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Aug 2016 13:28:39 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --1v1sN6EinhKaBcuocLbe5fVSL8XRI60T1 Content-Type: multipart/mixed; boundary="APaS4UgsdSaD4OqTPBATDQbV2HDptIDkD" From: Dominik Schuermann Reply-To: OpenPGP-based Email Encryption To: IETF OpenPGP Message-ID: Subject: Re: [openpgp-email] openpgp.org reactivated References: In-Reply-To: --APaS4UgsdSaD4OqTPBATDQbV2HDptIDkD Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable To clarify: It would be great to extend the software pages via pull requests, I just started with a list off my head, many projects are still missing. I am open to add any software that implements the OpenPGP standard! We should also order the software alphabetically within the sections to make the pages more neutral. Cheers Dominik On 08/29/2016 02:43 PM, Dominik Schuermann wrote: > Hi, >=20 > with some help of Phil Zimmermann, I reactivated and re-purposed > http://openpgp.org >=20 > It is now hosted on GitHub pages and has a new design and content. I > will try to put up new blog posts and content in the future. I am also > very much open for pull requests to change, fix and extend the pages at= > http://github.com/OpenPGP/openpgp.github.io >=20 > I would like to see this page grow like xmpp.org and provide an overvie= w > over the standards and maybe also provide recommendations, which are no= t > part of the standard, but commonly implemented. > In addition, it should provide a simple introduction for people who > heard of OpenPGP but don't know which software to install. >=20 > Cheers > Dominik >=20 >=20 >=20 > _______________________________________________ > openpgp-email mailing list > openpgp-email@enigmail.net > To unsubscribe or make changes to your subscription click here: > https://admin.hostpoint.ch/mailman/listinfo/openpgp-email_enigmail.net >=20 --APaS4UgsdSaD4OqTPBATDQbV2HDptIDkD-- --1v1sN6EinhKaBcuocLbe5fVSL8XRI60T1 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJXxDh7AAoJEHGMBwEAASKCpUAH/04rs6vbATHAUu+fFYJQHl2Z 2T8iHP1USf7YnNJ+nMGfz2hTF6lXIcq0iusZoJ+eYBPQDjr55QnAMVadyik6cymF UW16lRsdLWu5PXWotLqivu0P0yVwJzEGZ58NOr/ovqc/HocXfPZ1zRh2457gDY+W V4EtG4I0/xpogV9zAoMarG2scEMiTiFcdvD34JZeiWhBGY8QKqzyHyPa/HS8rPpu rwgLnbXeoL63h8GqJ8jp/uXJIV2spj0x1BoE1KCVLVX0kKr83wynsodTvpk+KvBc eh80+DswAcfJn45GADSYNUCoaix2MsgIG/flvFtQpyRLRtmw3314zGiW0JnIJuI= =huNb -----END PGP SIGNATURE----- --1v1sN6EinhKaBcuocLbe5fVSL8XRI60T1--