[messaging] TOFU to ease PGP key discovery

Tankred Hase tankred at whiteout.io
Mon Feb 9 07:29:12 PST 2015


Hi Mike,

2015-02-09 16:06 GMT+01:00 Mike Hearn <mike at plan99.net>:
> To quickly double check my understanding, your users can get public keys
> from two sources:
>
> Whiteout acts as a CA for its own users
> Or, the app will accept any key that claims to own that email address and is
> uploaded to a key server
>
> Given this model, I'm not sure why you are using PGP. It seems like the
> wrong tool for the job.
>
> In the first approach you're basically doing the PKI, but smaller, with less
> competition/decentralisation and with less software compatibility. You could
> as well just use S/MIME and team up with an existing CA that offers free
> S/MIME certs. This would have the advantage of e.g. working out of the box
> on the iPhone/Outlook/Thunderbird/etc, plus the existing CA's have the
> advantage of having been audited and been in business for a long time,
> whereas you are new and a bit of an unknown quantity.
>
> In the second approach you're dodging the key management problem entirely,
> whilst opening up a DoS attack - anyone can block your app from sending mail
> to any user by simply uploading a bogus key to a PGP keyserver. Is there a
> good way to recover from this?
>
> Opportunistic crypto is fine, but it feels like this second approach is not
> any better than just telling people to use Gmail. Both ends have TLS on the
> wire and it's only susceptible to a targeted attack, so the security level
> is the same.
>
> Can you convince me I'm wrong?

Nope.

> If you got out of the CA business and used stuff that's more widely
> implemented than PGP, you could focus 100% on building the best S/MIME UX
> and fixing up some of its warts with proprietary extensions e.g. encrypting
> the subject field. That would be a truly valuable product, plus it would
> come with a built in business model as S/MIME is much more widely used in
> corporate deployments than PGP, so you could sell into the enterprise with
> greater ease.
>
> I guess the biggest issue you'd face, beyond the fact that PGP has nerd cred
> that S/MIME doesn't, is that you are implementing everything in Javascript
> in the browser.

Webmail is only one option. More info here:
https://github.com/whiteout-io/mail-html5/wiki/FAQ#is-browser-based-security-really-possible

Right now we're focusing on the consumer market. We've thought about
adding S/MIME support, but right now we're focusing on providing an
easy to use PGP solution.

Tankred

-- 
Whiteout Networks GmbH c/o Werk1
Grafinger Str. 6
D-81671 München
Geschäftsführer: Oliver Gajek
RG München HRB 204479


More information about the Messaging mailing list