diff options
Diffstat (limited to 'pages/docs')
-rw-r--r-- | pages/docs/design/transitional-key-validation.md | 418 |
1 files changed, 418 insertions, 0 deletions
diff --git a/pages/docs/design/transitional-key-validation.md b/pages/docs/design/transitional-key-validation.md new file mode 100644 index 0000000..f13f4f5 --- /dev/null +++ b/pages/docs/design/transitional-key-validation.md @@ -0,0 +1,418 @@ +- @title = 'Transitional rules for automated key validation' +- @nav_title = 'Transitional Key Validation' +- @summary = 'Generic rules for automatic key management utilizing proper TOFU with a defined path to transition to future schemes of key validation.' + +Introduction +=================================== + +Although many interesting key validation infrastructure schemes have been +recently proposed, it is not at all clear what someone writing secure email +software today should do. In particular, most of the new opportunistic +encrypted email projects have proposed starting with some sort of Trust On +First Use, but there are many ways to implement TOFU and many ways TOFU can +interact with whatever more advanced schemes are adopted in the future. + +This document attempts to specify generic rules for automatic key management +that can form a basis for proper TOFU and to transition from TOFU to more +advanced forms of key validation. In particular, the rules try to define when +a user agent should use one public key over another. These rules are agnostic +concerning what form these future systems of key validation take. + +For systems that enforce a single channel for discovery and validation, these +rules are not useful. This document is only useful for the messy situation we +find ourselves in at the present time: there is a large gap between what +systems should do now in order to be immediately useful in the current OpenPGP +ecosystem and what should be done in the future. + +This document is written from the point of view of Alice, a user who wants to +send an encrypted email to Bob, although she does not yet have his public key. + +We assume: + +* The goal is to automate the process of binding an email address to a public + key (we don't care about real identities). +* Alice knows Bob's email address, but not his public key. +* Alice might be initiating contact with Bob, or he might be initiating + contact with her. +* Bob might use an email provider that facilitates key discovery and/or + validation in some way, or he might not. + +Unless otherwise specified, "key" in this text always means "public key". + +Definitions +--------------------- + +* key manager: The key manager is a trusted user agent that is responsible for + storing a database of all the keys for the user, updating these keys, and + auditing the endorsements of the user's own keys. Typically, the key manager + will run on the user's device, but might be running on any device the user + chooses to trust. +* key directory: An online service that stores public keys and allows clients + to search for keys by address or fingerprint. A key directory does not make + any assertions regarding the validity of an address + key binding. Existing + OpenPGP keyservers are a type of key directory in this context, but several + of the key validation proposals include new protocols for key directories. +* key discovery: The act of encountering a new key, either inline the message, + via URL, or via a key directory. +* key validation level: the level of confidence the key manager has that we + have the right key for a particular address. For automatic key management, + we don't say that a key is ever "trusted" unless the user has manually + verified the fingerprint. +* key registration: the key has been stored by the key manager, and assigned a + validation level. The user agent always uses registered keys. This is + analogous to adding a key to a user's keyring, although implementations may + differ. +* key endorser: A key endorser is an organization that makes assertions + regarding the binding of username@domain address to public key, typically by + signing public keys. When supported, all such endorsement signatures must + apply only to the uid corresponding to the address being endorsed. +* binding information: evidence that the key manager uses to make an educated + guess regarding what key to associate with what email address. This + information could come from the headers in an email, a DNS lookup, a key + endorser, etc. +* verified key transition: A process where a key owner generates a new + public/private key pair and signs the new key with a prior key. Someone + verifying this new key then must check to see if there is a signature on the + new key from a key previously validated for that particular email address. + In effect, "verified key transition" is a process where verifiers treat all + keys as name-constrained signing authorities, with the ability to sign any + new key matching the same email address. In the case of a system that + supports signing particular uids, like OpenPGP, the signatures for key + transition must apply only to the relevant uid. +* endorsement key: The public/private key pair that a service provider or + third party endorser uses to sign user keys. + +Key manager rules +==================================== + +1. **First Contact:** When one or more keys are first discovered for a + particular email address, the key with the highest validation level is + registered. +2. **Regular Refresh:** All keys are regularly refreshed to check for modified + expirations, or new subkeys, or new keys signed by old keys (precisely how + updates work is out of scope of this document). + a. This refresh should happen via some anonymizing mechanism. + b. The expiration date on a key should not ever be reduced, unless it can + be proved that this is a newer version of the key. +3. **Key Replacement:** A registered key MUST be replaced by a new key in one + of the following situations, and ONLY these situations: + a. verified key transitions (when the new key is signed by the previously + registered key for same address). + b. If the user manually verifies the fingerprint of the new key. + c. If the registered key is expired or revoked and the new key is of equal + or higher validation level. + d. If the registered key has never been successfully used and the new key + has a higher validation level. + e. If the registered key has no expiration date. + +Previously registered keys must be retained by the key manager, for the +purpose of signature authentication. These old keys are never used for sending +messages, however. Keys older than X may be forgotten. + +A public key for Bob is considered "successfully used" by Alice if and only if +Alice has both sent a message encrypted to the key and received a message +signed by that key. + +In practice, a key manager likely will implement rule 1 by trying every +possible validation and discovery method it supports, from highest level to +lowest, until it first gets a key and then it will stop. + +Validation levels +==================================== + +Listed from lowest to highest validation level. + +1. weak-chain +--------------------------- + +Bob's key is obtained by Alice from a non-auditable source via a weak chain. +By weak chain, we mean that the chain of custody for "binding information" is +broken. In other words, somewhere a long the way, the binding information was +transmitted over a connection that was not authenticated. + +This form of key validation is very weak, and should either be forbidden by +the key manager or phased out as soon as practical. + +Examples: + +* Alice initiates key discovery because she wants to send an email to Bob. + Alice queries the OpenPGP keyservers for an address that matches Bob's. This + is a weak chain because anyone can upload anything to keyservers. +* Bob initiates key discovery by sending Alice an email that is signed, but + Bob's email provider does not support DKIM. Alice takes the fingerprint from + the signature and queries the OpenPGP keyservers to discover the key. This + is a weak chain because there is nothing to stop anyone from sending an + email that impersonates Bob with a fake "From" header and fake signature. + +2. provider-trust +---------------------------- + +Alice obtains binding information for Bob's key from Bob's service provider, +via a non-auditable source over a strong chain. By strong chain, we mean that +every connection in the chain of custody for "binding information" from Bob's +provider to Alice is authenticated. To subvert "provider-trust" validation, an +attacker must compromise Bob's service provider or a certificate authority (or +parent zones when using DNSSEC), but it also places a high degree of trust on +service providers and CAs. + +Examples: + +* Bob initiates key discovery by sending Alice an email that is signed by Bob, + and there is a valid DKIM signature from the provider for the "From" header + and the full body. Alice takes the fingerprint from the signature and + queries the OpenPGP keyservers to discover the key. This is "provider-trust" + because the DKIM signature binds the sender address to the fingerprint of + Bob's key, and presumably Bob authenticated with his service provider. This + also assumes Alice's user agent is able to securely discover the DKIM public + key for Bob's provider. Also, in practice, no one ever DKIM signs the + message body, so this example is just hypothetical. +* Alice initiates key discovery for Bob's address, checking webfinger or DNS. + These queries by Alice are 'provider-trust' so long as the webfinger request + was over HTTPS (and the server presented a certificate authenticated by a CA + known to Alice) or the DNS request used DANE/DNSSEC. This relies on a + reasonable assumption that if a provider publishes keys via DNSSEC or HTTPS + then the provider probably also required some authentication from the user + when the user uploaded their public key. Bob initiates key discovery by + sending Alice an email that contains an OpenPGP header that specifies a URL + where Alice may obtain Bob's public key. Bob's email contains no DKIM + signature, so it could have been sent by anyone. However, the URL is in a + standard form such as [https://example.org/.well-known/webfinger?resource=acct:bob@example.org](#). + If the "From" header matches the domain, the URL is in a standard form, the + email address in the URL, and the HTTPS connection is authenticated, then + Alice may consider this "provider-trust." This is because, regardless of who + actually sent the email, what Alice sees as the sender matches what the + provider is queried for. All these conditions are unlikely to be met in + practice, but the example serves to illustrate the broader point. + +3. provider-endorsement +---------------------------------------- + +Alice is able to ask Bob's service provider for the key bound to Bob's email +address and Bob is able to audit these endorsements. Rather than simple +transport level authenticity, these endorsements are time stamped signatures +of Bob's key for a particular email address. These signatures are made using +the provider's 'endorsement key'. Alice must obtained and register the +provider's endorsement key with validation level at 'provider-trust' or +higher. + +An auditable endorsing provider must follow certain rules: + +* The keys a service provider endorses must be regularly audited by its users. + Alice has no idea if Bob's key manager has actually audited Bob's provider, + but Alice can know if the provider is written in such a way that the same + client libraries that allow for submitting keys for endorsement also support + auditing of these endorsements. If a key endorsement system is not written + in this way, then Alice's key manager must consider it to be the same as + "provider-trust" validation. +* Neither Alice nor Bob should contact Bob's service provider directly. + Provider endorsements should be queried through an anonymizing transport + like Tor, or via proxies. Without this, it is easy for provider to prevent + Bob from auditing its endorsements, and the validation level is the same as + "provider-trust". With provider-endorsement, a service provider may + summarily publish bogus keys for a user. Even if a user's key manager + detects this, the damage may already be done. However, "provider- + endorsement" is a higher level of validation than "provider-trust" because + there is a good chance that the provider would get caught if they issue + bogus keys, raising the cost for doing so. + +4. third-party-endorsement +--------------------------------------- + +Alice asks a third party key endorsing service for binding information, using +either an email address of key fingerprint as the search term. This could +involve asking a key endorser directly, via a proxy, or asking a key directory +that includes endorsement information from a key endorser. + +A key endorser must follow certain rules: + +* The key endorser must be regularly audited by the key manager. Alice has no + idea if Bob's key manager has actually audited a particular key endorser, + but Alice can know if the key endorser is written in such a way that the + same client libraries that allow for submitting keys for endorsement also + support auditing of these endorsements. If a key endorsement system is not + written in this way, then Alice's key manager must consider it to be the + same as "provider-trust" validation. +* The key endorser must either require verified key transitions or require + that old keys expire before a new key is endorsed for an existing email + address. This is to give a key manager time to prevent the user's service + provider from obtaining endorsements for bogus keys. If a key endorsement + system is not written in this way, Alice's key manager must consider it to + have the same level of validation as "provider-endorsement". + +5. third-party-consensus +----------------------------------- + +This is the same as third-party endorsement, but Alice's user agent has +queried a quorum of third party endorsers and all their endorsements for a +particular user address agree. A variant of this could be "n-of-m" validation, +where Alice's user agent requires 'n' endorsements from a set of 'm' +endorsers. + +6. historical-auditing +----------------------------------- + +This works similar to third-party-endorsement, but with better ability to +audit key endorsements. With historical auditing, a key endorser must publish +an append-only log of all their endorsements. Independent "auditor" agents can +watch these logs to ensure new entries are always appended to old entries. + +The benefit of this approach is that an endorser is not able to temporarily +endorse and publish a bogus key and then remove this key before Alice's key +manager is able to check what key has been endorsed. The endorser could try to +publish an entire bogus log in order to endorse a bogus key, but this is very +likely to be eventually detected. + +As with other endorsement models, the endorsement key must be bootstrapped +somehow using a validation level of "provider-trust" or higher. + +7. known-key +----------------------------------- + +Bob's key has been hard-coded as known by the software (mostly this just +applies to keys belonging to established endorsers, not user keys). + +8. fingerprint +---------------------------------- + +Alice has manually confirmed the validity of the key by inspecting the full +fingerprint or by using a short authentication string with a limited time +frame. For extra whimsy, fingerprint inspection should take the form of a +poem. + +Future specification +=================================== + +These are out of scope for the specific problem of key validation, but these +are important issues that need to be addressed when transitioning to +opportunistic encrypted email over time. + +Issuing new keys +-------------------------- + +As these rules are written, if Alice loses her private key but still has +access to her email account, she will not be able to send signed mail or +receive encrypted mail until the expiration date on the key (assuming all the +clients respect the key expiration date). If the key has no expiration date, +then the key manager should just accept new keys. + +For example, imagine Alice loses access to her private key but the key will +not expire for another month. She can still authenticate with her service +provider, so she can still issue new keys and have the service provider +endorse them, or some other party endorse them. But, no valid client should +use them yet until her lost key expires. + +Effectively, the primary key's expiratation date is the window of time that +Alice is willing to put up with being locked out of using encrypted email. +This window is also the same length of time that Alice has of detecting, by +audit, a provider that is publishing bogus keys for her (before those keys +potentially start to get used). So, if Alice wants high convenience, she can +set this window to be short (or have no expiration). If Alice wants higher +security, she can set this window to be long. + +At this point, it is unclear what a good value for key expiration should be +for users who want higher convenience and for users who want higher security. +If a key expiration date is too soon, then there is a possibility that Alice's +key manager will not have had the opportunity to extend the key expiration +(for example, perhaps Alice is traveling and does not check email for several +weeks). Alice can still recover, since a key can still have its expiration +date extended after the key has expired, but this is still not ideal. + +Updating keys +-------------------------- + +For high usability, a key manager will need to frequently update keys by +querying a key directory or the original source of the key. Every key +validation proposal has a different mechanism for this. The important thing is +that Alice's key manager should not make queries in a manner that leaks +Alice's addressbook to the key directories. As one example, the program +parcimonie will slowly update keys, one at a time, from traditional OpenPGP +keyservers over Tor. Also, because these updates need to happen frequently, +the key manager should have some way to first test to see if a key is modified +before downloading the full key (using something like an etag). + +Sending email +-------------------------- + +To avoid encrypted email being sent to people who no longer use OpenPGP, the +user agent should not opportunistically encrypt outgoing mail to a recipient +unless the recipient has positively indicated they wish to receive encrypted +email. Such indication may include: a signed email message, a public key as an +attachment, an OpenPGP header, a key published by the provider or key +directory (but NOT a HKP keyserver), or when the user performs manual +fingerprint verification. When Alice sends an email with an opportunistic mail +user agent, the agent should always try to indicate that Alice prefers +encrypted email. This could be done by signing every message, although that +can raise security issues as well. + +Receiving email +-------------------------- + +As alluded to above, an opportunistic mail user agent that receives a message +from a provider that does not support DKIM signatures on the From header +should be cautious when using the OpenPGP signature or OpenPGP header to +discover and register the sender's public key. These emails are easily spoofed +by anyone on the internet, causing the user agent to register impostor keys. + +Device keys and subkeys +-------------------------- + +It would be highly desirable for all projects that use OpenPGP to support +device keys. The idea is that a user might have multiple devices, with +different keys for each device (instead of needing to synchronize the same +private key to all their devices). How might this work? + +If Bob's master key has multiple subkeys with (E)ncryption usage for the uid +in question, then Alice should encrypt the message to ALL those subkeys when +sending email to Bob. + +A system using subkeys like this still requires a single master key. It may be +desirable for a key validation protocol to allow for a single email address to +be bound to multiple master public keys, although this is not supported with +the current rules in this document. + +Phasing out +-------------------------- + +Ideally, there should be some mechanism to phase out lower forms of validation +as higher forms become more common. In particular, it would be good to forbid +weak-chain validation entirely. + +Critique +========================== + +Thus far, there have been two critiques of the key management rules as +described here. + +Lost keys +-------------------------- + +The first problem occurs when the owner loses access to their private key. +After a user has lost their private key, clients that follow the rules here +will not accept the new key until the prior public key has expired or unless +other people manually import the new key. + +One alternate approach is to present the user with a choice when a new key +appears (that does not have a verified key transition) and ask the user if +they want to accept this key (or possibly just notify them that the key has +changed). On closed systems, such as TextSecure, this approach makes sense, +because there are fewer parties who are able to inject bogus keys into the +system. In a federated system, however, there are many ways one can inject new +bogus keys, and so we have felt that it is better to just always reject new +keys and not require user interaction when new keys are discovered. + +Stolen keys +-------------------------- + +If an attacker is able to gain access to a user's private key, then this +scheme will make the situation worse than it already is. This is because a +system for 'verified key transitions' will allow the attacker to issue a new +public key, publish it, and make it so that the target of the attack is no +longer able to read any of their incoming encrypted mail. + +On balance, we felt that it is still a good idea to support automatic +'verified key transitions'. There are many legitimate reasons why you would +want to entirely regenerate your master signing key. In the community of +OpenPGP users that we communicate with, verified key transitions are +commonplace. Key transitions are likely to be common in the future when people +upgrade to 25519 OpenPGP keys. + |