Re: PGP security models, was Summary of IETF LC for draft-ietf-dane-openpgpkey

robert <robert.w.withers@xxxxxxxxx> · Thu, 24 Sep 2015 08:02:54 -0400



    I've sort of been following this discussion, not being too familiar
    with thinking about PGP. I did an S/MIME impl awhile back.

    
    I would like to propose adding 2 features:

    a. add a registry family that is self-signed and the members form a
    quorum for election and the family cert is distributed across many
    registries and there is eventual consistency.

    b. use a blockchain to make eventually consistent and authenticate
    the quorum of members of a self-signed family cert, published to
    global registry.

    
    I think you blockchain the self-signed, globally published family
    cert which contains quorum approval of additions and revocations of
    certs produced by this self-signed family cert with CA ability. I
    think that's secure without 3rd party CA/RevokeCertList (if IIIRC
    it's name).

    
    Do you think my proposal has merit?

    
    On 9/24/2015 7:49 AM, Phillip
      Hallam-Baker wrote:

    
          On Thu, Sep 24, 2015 at 7:42 AM,
            Simon Josefsson <simon@xxxxxxxxxxxxx>
            wrote:

            Tony Finch <dot@xxxxxxxx>
                writes:

                
                > John R Levine <johnl@xxxxxxxxx>
                wrote:

                >>

                >> A straightforward example is that the mail
                system, through malice or outside

                >> pressure, does an MITM attack on users who have
                their own keys, so it

                >> publishes a key it controls and re-encrypts
                mail on the way through to the

                >> user's own key.

                >

                > The user should notice this since their encrypted
                mail will appear to come

                > from their mail provider not from the sender. (PGP
                signature doesn't

                > match 822 From:)

                
              Not really -- OpenPGP does not reveal anything
              about the identity of the

              encrypting entity.  If the mail provider signed the email,
              it would be

              noticeable, but there is no requirement to sign encrypted
              emails.

            
            Since PGP was invented, spam has become a major problem
              and worse. You can have unrestricted end-to-end encryption
              without end-to-end authentication but you can't risk using
              it.
            

            Security requires a systems approach. There are very
              few cases where you can get good security by adding one
              feature.
            

<<attachment: smime.p7s>>