[148430] in cryptography@c2.net mail archive
Re: [Cryptography] Size of the PGP userbase?
daemon@ATHENA.MIT.EDU (Phillip Hallam-Baker)
Thu Dec 12 22:20:27 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <717B716B-7F89-4668-A50F-6C6F742A8794@callas.org>
Date: Thu, 12 Dec 2013 22:19:31 -0500
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Jon Callas <jon@callas.org>
Cc: "cryptography@metzdowd.com" <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============0709766724304105447==
Content-Type: multipart/alternative; boundary=90e6ba475e4b3f9ce604ed61ee82
--90e6ba475e4b3f9ce604ed61ee82
Content-Type: text/plain; charset=ISO-8859-1
On Thu, Dec 12, 2013 at 7:57 PM, Jon Callas <jon@callas.org> wrote:
>
> On Dec 12, 2013, at 4:04 PM, Phillip Hallam-Baker <hallam@gmail.com>
> wrote:
>
> Cool. Laudable goal. Even achievable. We did it at PGP Corporation. I'll
> add that despite the name "PGP Universal" it did S/MIME, too, and images a
> public key into both OpenPGP keys and S/MIME certificates.
>
What has changed here is Snowdonia has arrived.
This may not be the most relevant response to Snowden but it is the crypto
deployment that gives the end user the most security for the least effort.
It is also a platform we can build other message level features on.
Particularly as patents begin to expire.
I am planning to do PGP eventually to provide backwards compatibility. I
have even reserved hex keys of the relevant length for PGP fingerprints.
But I want to move beyond the plumbing. The interesting part is in the
trust model and that is where I want to be able to combine CA and peer
endorsements. They both bring different things to the table.
To make use of keys opportunistically I have to know if the recipient
prefers encrypted mail.
You can use the convention we did of keys.* to be a domain name for a
> key/cert server, as well. Our SMTP proxy would go ask the recipient domain
> for relevant certs and use them. My 2003 "Self-assembling PKI" paper gives
> the basic rundown of many, many techniques. They work amazingly well.
>
I will cite that in the longer version of the workshop paper where I am not
limited to 5 pages (!).
There are some differences between my approach and yours. But the big
difference is context. I think that we have a lot more people willing to
make the effort right now.
--
Website: http://hallambaker.com/
--90e6ba475e4b3f9ce604ed61ee82
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div class=3D"gmail_extra"><div class=3D"gmail_quote">On T=
hu, Dec 12, 2013 at 7:57 PM, Jon Callas <span dir=3D"ltr"><<a href=3D"ma=
ilto:jon@callas.org" target=3D"_blank">jon@callas.org</a>></span> wrote:=
<br><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-lef=
t:1px #ccc solid;padding-left:1ex">
<div class=3D"HOEnZb"><div class=3D"h5"><br>
On Dec 12, 2013, at 4:04 PM, Phillip Hallam-Baker <<a href=3D"mailto:hal=
lam@gmail.com">hallam@gmail.com</a>> wrote:<br><br>
</div></div>Cool. Laudable goal. Even achievable. We did it at PGP Corporat=
ion. I'll add that despite the name "PGP Universal" it did S/=
MIME, too, and images a public key into both OpenPGP keys and S/MIME certif=
icates.<br>
</blockquote><div><br></div><div>What has changed here is Snowdonia has arr=
ived.</div><div><br></div><div>This may not be the most relevant response t=
o Snowden but it is the crypto deployment that gives the end user the most =
security for the least effort.</div>
<div><br></div><div>It is also a platform we can build other message level =
features on. Particularly as patents begin to expire.=A0</div><div><br></di=
v><div><br></div><div>I am planning to do PGP eventually to provide backwar=
ds compatibility. I have even reserved hex keys of the relevant length for =
PGP fingerprints.=A0</div>
<div><br></div><div>But I want to move beyond the plumbing. The interesting=
part is in the trust model and that is where I want to be able to combine =
CA and peer endorsements. They both bring different things to the table.</d=
iv>
<div><br></div><div>To make use of keys opportunistically I have to know if=
the recipient prefers encrypted mail.=A0</div><div><br></div><div><br></di=
v><div><br></div><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8=
ex;border-left:1px #ccc solid;padding-left:1ex">
You can use the convention we did of keys.* to be a domain name for a key/c=
ert server, as well. Our SMTP proxy would go ask the recipient domain for r=
elevant certs and use them. My 2003 "Self-assembling PKI" paper g=
ives the basic rundown of many, many techniques. They work amazingly well.<=
br>
</blockquote><div><br></div><div>I will cite that in the longer version of =
the workshop paper where I am not limited to 5 pages (!).=A0</div></div><br=
clear=3D"all"><div>There are some differences between my approach and your=
s. But the big difference is context. I think that we have a lot more peopl=
e willing to make the effort right now.=A0</div>
<div><br></div>-- <br>Website: <a href=3D"http://hallambaker.com/">http://h=
allambaker.com/</a><br>
</div></div>
--90e6ba475e4b3f9ce604ed61ee82--
--===============0709766724304105447==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============0709766724304105447==--
