[Cryptography] Cryptographic mailto: URI

Phillip Hallam-Baker hallam at gmail.com
Fri Sep 20 08:55:48 EDT 2013

On Fri, Sep 20, 2013 at 4:36 AM, Dirk-Willem van Gulik <dirkx at webweaving.org
> wrote:

> Op 19 sep. 2013, om 19:15 heeft Phillip Hallam-Baker <hallam at gmail.com>
> het volgende geschreven:
> > Let us say I want to send an email to alice at example.com securely.
> ...
> > ppid:alice at example.com:example.net:
> Syd6BMXje5DLqHhYSpQswhPcvDXj+8rK9LaonAfcNWM
> ...
> > example.net is a server which will resolve the reference by means of a
> simple HTTP query using the pattern http://<host>/.well-known/ppid/<hash>
> > "Syd...NWM" is the Base64 hash of OID-SHA256 + SHA256(X)
> ..
> > So to use this as a mechanism for ghetto key distribution receivers
> would add the URI into their account. Or let their PKI discovery agent do
> it for them.
> We've been experimenting with much the same. With two twists. Basic
> principle is the same.
> We use:
> -       <namespace>:<id>
> as to keep it short. ID is currently a <sha1>; namespace is a 2-3 char
> identifier. We then construct with this a 'hardcoded' zone name:
>         <namespace>.fqdn-in-some-tld.
> which is to have a (signed) entry for in DNS:
>         <id>.<ns>.<namespace>.fqdn-in-some-tld.
> which is in fact a first-come, first-served secure dynamic dns updatable
> zone containing the public key.
> Which once created allows only updating to those (still) having the
> private key of the public key that signed the initial claim of that <id>.

Interesting, though I suspect this is attempting to meet different trust
requirements than I am.

A couple of days ago I spoke with someone well known here who has seen the
Snowden files. His take was that when the NSA has a choice of doing A or B
it always does both.

I think we need to adopt the same approach but in a way that lets all the
various approaches work together. It should not be necessary for me to
install five plug ins into Thunderbird to support five different flavors of
researchy trust infrastructure.

A better approach is to have one plug-in, or better native support for a
connector to a Web Service that can then perform all the researchy trust
infrastructure navigation on my behalf. The Web service can be shared
between users and when there is a new researchy trust infrastructure
proposed, all that is necessary to add it into the mix is to extend the Web
Service and everyone using it can try out the new scheme and see if it is

This approach does introduce the risk that the web service might be
compromised. Particularly if the client is unable to perform at least some
degree of local validation on the keys. But the long term expectation would
be that support for trust infrastructures that prove to be stable, widely
used, and effective will eventually migrate into the client.

At this point the experimental research question should be 'is this trust
infrastructure practical'. We can get a very good idea of the security
properties of the system by looking at how people use it and doing math.

Website: http://hallambaker.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20130920/13e5fa75/attachment.html>

More information about the cryptography mailing list