adding TOFU/POP to GnuPG

[Robert J. Hansen]

So far in this thread I've said an awful lot of "no, I don't think  
this is appropriate for GnuPG."  I don't like saying that: I'd much  
rather find ways to do cool things rather than find reasons not to  
even try.

I think there's a place for this sort of thing, and it's worth looking  
at how other people have already done similar things.  We might be  
able to learn from their experiences.

What seems most on-point to me is PGP's experience using an email  
proxy.  Rather than ship with plugins for every imaginable email  
client, PGP set up an invisible mail proxy to do opportunistic signing  
and encryption.  It would snoop on your email client's connection with  
the server and, if an outbound email message was addressed to someone  
for whom PGP had a valid certificate, would encrypt (and optionally  
sign) it.  The goal here was to make email encryption completely  
invisible to the end-user.  I personally found the proxy to be touchy,  
but in the main it worked well.

(I don't know much about GnuPG's STEED project: it's possible it works  
in much the same way.)

A similar thing could be used to achieve many of the goals of TOFU/POP  
without adding any complexity to GnuPG itself.  The email proxy could  
be a completely separate application with its own custom logic to  
handle whatever trust calculations were needed, and if necessary it  
could call out to GnuPG to adjust the local keyring.

There is a *lot* of work to be done with solidifying the idea behind a  
TOFU/POP-based scheme and figuring out how to make it interact nicely  
with the rest of the OpenPGP ecosystem.  But I believe that it can be  
done, and that it can be done outside of GnuPG.  That's hardly without  
precedent, either: for instance, GnuPG's keyserver support is provided  
by external applications -- TOFU/POP support via a mail proxy could be  
an external application as well.

A word of warning, though: once you set up automated mail proxies that  
do cryptographic operations, you wind up with things like seeing  
PGP-signed spam mails.  One in four desktop PCs is compromised by  
malware nowadays, and many of them serve as spam botnets -- that,  
combined with an email proxy that does automatic signing, and a long  
passphrase timeout, gets really bad really fast.  In a similar vein,  
let's keep in mind that our solution *will* get hijacked at some  
point, and think of how to minimize the risk.