[messaging] TOFU to ease PGP key discovery

Mike Hearn mike at plan99.net
Mon Feb 9 07:06:31 PST 2015

To quickly double check my understanding, your users can get public keys
from two sources:

   - Whiteout acts as a CA for its own users
   - Or, the app will accept any key that claims to own that email address
   and is uploaded to a key server

Given this model, I'm not sure why you are using PGP. It seems like the
wrong tool for the job.

In the first approach you're basically doing the PKI, but smaller, with
less competition/decentralisation and with less software compatibility. You
could as well just use S/MIME and team up with an existing CA that offers
free S/MIME certs. This would have the advantage of e.g. working out of the
box on the iPhone/Outlook/Thunderbird/etc, plus the existing CA's have the
advantage of having been audited and been in business for a long time,
whereas you are new and a bit of an unknown quantity.

In the second approach you're dodging the key management problem entirely,
whilst opening up a DoS attack - anyone can block your app from sending
mail to any user by simply uploading a bogus key to a PGP keyserver. Is
there a good way to recover from this?

Opportunistic crypto is fine, but it feels like this second approach is not
any better than just telling people to use Gmail. Both ends have TLS on the
wire and it's only susceptible to a targeted attack, so the security level
is the same.

Can you convince me I'm wrong?

If you got out of the CA business and used stuff that's more widely
implemented than PGP, you could focus 100% on building the best S/MIME UX
and fixing up some of its warts with proprietary extensions e.g. encrypting
the subject field. That would be a truly valuable product, plus it would
come with a built in business model as S/MIME is much more widely used in
corporate deployments than PGP, so you could sell into the enterprise with
greater ease.

I guess the biggest issue you'd face, beyond the fact that PGP has nerd
cred that S/MIME doesn't, is that you are implementing everything in
Javascript in the browser.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20150209/6a7725cf/attachment.html>

More information about the Messaging mailing list