Web Key Directory (pubkey uploading via email or https?)

[Bernhard Reiter]

Am Freitag, 13. Mai 2016 12:48:59 schrieb Werner Koch:
> On Thu, 12 May 2016 14:37, bernhard at intevation.de said:
> > But it shows ownership of the email account.
>
> It shows that you have the credentials.  It does not prove that you have
> access to your mail account.  There may be further restrictions to
> access the mails.

That seems tautological to me, I am refering to the credentials necessary to 
access my mailbox. This would include everything that is needed to access it,
so if there is a time-of-the-day restriction or and ip-range-restriction, it 
should be met as well.

> > With showing it by credentials it may save the crypto processing side
> > of the server to construct, safe and confirm a challenge. Otherwise
>
> Without a challenge you can't prove that you are in possession of the
> mail account.

I consider the credentials for accessing the mail account (cfatma) of being 
equivalent as owning it on the security side. Or do you suggest to add 
another layer of authentification?

Anyone with cfatma could just initiate a new pubkey to be included anyway, 
read and answer the resulting challenge and have their pubkey official in.
So far I don't see what you are gaining with a challenge for the secret key
over showing cfatma.

> > If one out of 10.000 users has this issue, he will be of subset of
> > archetype "Bob" (from
> > https://wiki.gnupg.org/EasyGpg2016/VisionAndStories) and we should
> > probably not design for it. Bob could just use the WoT.
>
> Air-gaping and selecting the trust model are orthogonal.  You use an
> air-gap to mitigate attacks on the software you are running.  The trust
> model is used to confirm the identify of your communication partners.

On the technical side it may be orthogonal, but you have not responded to my 
main point. Bob could use a different way than most people use GnuPG,
because of his motivation, technical skills and (assumed) higher security 
requirements. Do you agree that we should not design for Bob?
(Just like you did not select the default RSA key length for "Bob".)

> > The protocol can be designed in a way that if Bob wants to he can:
> > Take the challenge carry it over to a different machine, solve it there
> > and then take it back and transmit back with TLS.
>
> Right, a store and forward system, i.e. mail.

By using TLS, the majority may get the other advantages of not using email:
* no OpenPGP crypto processing necessary on server side
* no extra email handling necessary on server and client side
* no time delay for email roundup-trips

I am still not convinced which version is better email or https, 
but trying to understand your arguments.

Best Regards,
Bernhard

-- 
www.intevation.de/~bernhard   +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20160517/10ec5a9b/attachment.sig>