Mailing List Archive

On Mon, Jan 11, 2021 at 4:55 PM ?????? ?????? via Gnupg-users
<gnupg-users@gnupg.org> wrote:
>
> 12021/00/10 04:42.21 ?????, Stefan Claas via Gnupg-users <gnupg-users@gnupg.org> ??????:
> > Not sure if Let's Encrypt issues such certs. If, I could set-up two droplets at
> > Digital Ocean, a bob.300baud.de one and an alice.300baud.de one and see
> > what happens.
>
> Let's Encrypt does offer such certificates. You can generate using e.g.:
>
> sudo certbot certonly --rsa-key-size 4096 --manual -d *.domain.tld
>
> (editing parameters as necessary).
>
> HTH!

Great, thanks for the info!

I will do this in the next couple of days, in case Werner does not
chime in (assuming
he is not 'AWOL').

Regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On 11/01/2021 16:32, Stefan Claas via Gnupg-users wrote:
> I will do this in the next couple of days, in case Werner does not
> chime in (assuming
> he is not 'AWOL').

Stefan, please dial down the casual sniping at Werner. It's not
constructive.

--
Andrew Gallagher

On Mon, Jan 11, 2021 at 6:16 PM Andrew Gallagher <andrewg@andrewg.com> wrote:
>
> On 11/01/2021 16:32, Stefan Claas via Gnupg-users wrote:
> > I will do this in the next couple of days, in case Werner does not
> > chime in (assuming
> > he is not 'AWOL').
>
> Stefan, please dial down the casual sniping at Werner. It's not
> constructive.

Ok, Andrew I hereby apologize to Werner!

Regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On 2021-01-11 at 16:36 +0100, Stefan Claas wrote:
> On Sun, Jan 10, 2021 at 11:22 PM ?ngel wrote:
> > On 2021-01-10 at 18:47 +0100, Stefan Claas wrote:
> > > Can you tell me/us in laymen terms how this works with gnupg.org?
> >
> > Sure. Let's suppose you wanted to fetch Werner's key. You want the
> > key
> > for wk@gnupg.org Using --with-wkd-hash parameter, we can see that
> > this
> > would generate nq6t9teux7edsnwdksswydu4o9i5es3f@gnupg.org
> >
> > Then, the key of Werner lives at
> > https://openpgpkey.gnupg.org/.well-known/openpgpkey/gnupg.org/hu/nq6t9teux7edsnwdksswydu4o9i5es3f
> >
> > If openpgpkey.gnupg.org didn't exist, then it would use the direct
> > schema, in which the key would be at
> > https://gnupg.org/.well-known/openpgpkey/hu/nq6t9teux7edsnwdksswydu4o9i5es3f
>
> Thanks, so I think the culprit could be that maybe the specs were
> changed, when I
> look at your links, including the gnupg.org domain as a folder, which
> I never set-up
> when doing this for my 300baud.de domain. I checked also older WKD
> tutorials
> on the Internet and they do not mention a domain folder either.
>
> I tried to include this domain folder, this morning, named sac001 but
> it did not work either, whether with GnuPG or sequioa-pgp.
>
> So my guess is that GnuPG gives this cert error because it does not
> support
> wildcard subdomains, included in an SSL cert, like the GitHub one.


The folder with the domain name is only used in the advanced method.
Compare how the url using openpgpkey.gnupg.org above has a gnupg.org
folder but the url of gnupg.org doesn't.


In your case, you would place your key at

https://openpgpkey.300baud.de/.well-known/openpgpkey/300baud.de/hu/ywwzopgqx5kmisb8r18gq68h13jwdg33

or -if openpgpkey.300baud.de doesn't exist- at

https://300baud.de/.well-known/openpgpkey/hu/ywwzopgqx5kmisb8r18gq68h13jwdg33

note that in both cases, you still need a file named policy in the same
folder that contains hu/ (just create an empty file, but it must be
there)


The advanced method was added in November 2018, 2.5 years ago, in
version 7 of the draft:
https://www.ietf.org/rfcdiff?url1=draft-koch-openpgp-webkey-service-06&url2=draft-koch-openpgp-webkey-service-07&difftype=--html


It's true that draft-koch-openpgp-webkey-service doesn't specify that
the https certificate must be valid. One would generally expect that
https:// with no, normal rules would apply, although there is a history
of ignoring certificate validation if keys are going to be validated
through WoT. The "make a CNAME of your openpgpkeys subdomain to
wkd.keys.openpgp.org" couldn't work with https certificate validation,
thouth (or are they requesting a certificate on-the-fly?)
Actually, I suspect that depending on how you build gnupg, it would
validate them or not.

Best regards


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Mon, Jan 11, 2021 at 11:03 PM Ángel <angel@pgp.16bits.net> wrote:
>
> On 2021-01-11 at 16:36 +0100, Stefan Claas wrote:
> > On Sun, Jan 10, 2021 at 11:22 PM Ángel wrote:
> > > On 2021-01-10 at 18:47 +0100, Stefan Claas wrote:
> > > > Can you tell me/us in laymen terms how this works with gnupg.org?
> > >
> > > Sure. Let's suppose you wanted to fetch Werner's key. You want the
> > > key
> > > for wk@gnupg.org Using --with-wkd-hash parameter, we can see that
> > > this
> > > would generate nq6t9teux7edsnwdksswydu4o9i5es3f@gnupg.org
> > >
> > > Then, the key of Werner lives at
> > > https://openpgpkey.gnupg.org/.well-known/openpgpkey/gnupg.org/hu/nq6t9teux7edsnwdksswydu4o9i5es3f
> > >
> > > If openpgpkey.gnupg.org didn't exist, then it would use the direct
> > > schema, in which the key would be at
> > > https://gnupg.org/.well-known/openpgpkey/hu/nq6t9teux7edsnwdksswydu4o9i5es3f
> >
> > Thanks, so I think the culprit could be that maybe the specs were
> > changed, when I
> > look at your links, including the gnupg.org domain as a folder, which
> > I never set-up
> > when doing this for my 300baud.de domain. I checked also older WKD
> > tutorials
> > on the Internet and they do not mention a domain folder either.
> >
> > I tried to include this domain folder, this morning, named sac001 but
> > it did not work either, whether with GnuPG or sequioa-pgp.
> >
> > So my guess is that GnuPG gives this cert error because it does not
> > support
> > wildcard subdomains, included in an SSL cert, like the GitHub one.
>
>
> The folder with the domain name is only used in the advanced method.
> Compare how the url using openpgpkey.gnupg.org above has a gnupg.org
> folder but the url of gnupg.org doesn't.

Yes, I have checked that. Noteworthy IMHO, regarding wildcard subdomains,
gnupg.org does not have such entry in the DNS section, of the cert.

> In your case, you would place your key at
>
> https://openpgpkey.300baud.de/.well-known/openpgpkey/300baud.de/hu/ywwzopgqx5kmisb8r18gq68h13jwdg33
>
> or -if openpgpkey.300baud.de doesn't exist- at
>
> https://300baud.de/.well-known/openpgpkey/hu/ywwzopgqx5kmisb8r18gq68h13jwdg33
>
> note that in both cases, you still need a file named policy in the same
> folder that contains hu/ (just create an empty file, but it must be
> there)

When I had that in the past, for 300baud.de I had that included,
it was an emtpy one.

> The advanced method was added in November 2018, 2.5 years ago, in
> version 7 of the draft:
> https://www.ietf.org/rfcdiff?url1=draft-koch-openpgp-webkey-service-06&url2=draft-koch-openpgp-webkey-service-07&difftype=--html

It would be nice to know why the advanced method was added. In case
the direct method would not be sufficent or would have security issues
I would think that than one replaces the direct method with advanced
one and then we only need only one method, in order that this works.
And if we must have two methods, why is the order not, like one would
think: check direct first and if this does not work check advanced?
I must admit I do not understand the programming logic.

> It's true that draft-koch-openpgp-webkey-service doesn't specify that
> the https certificate must be valid. One would generally expect that
> https:// with no, normal rules would apply, although there is a history
> of ignoring certificate validation if keys are going to be validated
> through WoT. The "make a CNAME of your openpgpkeys subdomain to
> wkd.keys.openpgp.org" couldn't work with https certificate validation,
> thouth (or are they requesting a certificate on-the-fly?)
> Actually, I suspect that depending on how you build gnupg, it would
> validate them or not.

It should be noted that my findings and proposal for wildcard subdomains
would allow organizations and individuals to reduce costs, when using
purchased SSL certs, instead of Let's Encrypt ones. Not only this but
if this would work, like I mentioned in my bund.de example, organizations
would have the freedom to choose WKD instead of hockeypuck or Hagrid,
and they would have a compatible *inhouse* solution, via simple
Web management, instead of running a server software, like hokeypuck
or Hagrid. And In my example, with GitHub, I guess it would be fantastic
too, to promote WKD GnuPG/sequoia-pgp usage for individuals,
low on budged while not extra running an own server and purchasing
a domain.

Best regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Tue, Jan 12, 2021 at 09:25:15AM +0100, Stefan Claas via Gnupg-users
wrote:
>It would be nice to know why the advanced method was added.

To give more flexibility for people setting up a WKD for more than one
domain.

Let’s say that I manage example.org and example.net, and I want to serve
keys for addresses in both domains. With the “direct” method, I need to
set up two distinct WKD servers, one for each domain. With the
“advanced” method, I can set up a single server and make
openpgpkey.example.org and openpgpkey.example.net point to that single
server.

(SRV records would be the modern and proper way to provide such a level
of indirection, instead of a subdomain. And indeed, previous versions of
the WKD draft relied on SRV records. Unfortunately, resolving SRV
records was problematic for some implementers using some limited
languages with limited DNS capabilities, so they were scrapped in favor
of the subdomain approach.)


>the direct method would not be sufficent or would have security issues
>I would think that than one replaces the direct method with advanced
>one and then we only need only one method, in order that this works.

If you have only one domain to manage and don’t need the indirection
provided by the advanced method, the direct method is still perfectly
fine, why replace it?

>And if we must have two methods, why is the order not, like one would
>think: check direct first and if this does not work check advanced?

I don’t know, it feels more logical to me to look for an indirection
*first*, and only if there’s no indirection you then look at the target
domain itself.


- Damien

On 12/01/2021 09.25, Stefan Claas via Gnupg-users wrote:
> It would be nice to know why the advanced method was added. In case
> the direct method would not be sufficent or would have security issues
> I would think that than one replaces the direct method with advanced
> one and then we only need only one method, in order that this works.

A domain is not automatically tied to a webserver. It might so far only
be used for e-mail and just to set up WKD, one might not want to run a
webserver under the second-level domain itself. Therefore the
standardized "openpgpkey" subdomain, which can easily point to a
different IP. That makes it easy to completely separate the
infrastructure needed for WKD from anything else, like a webserver for a
web page, webmail or other services.

In addition, that separate server might serve WKD keys for a bunch of
different domains through redirects, hence it makes sense to separate
the URLs per domain. It just gives the admin additional flexibility by
not forcing them to make a certain URL under the main domain work.

> And if we must have two methods, why is the order not, like one would
> think: check direct first and if this does not work check advanced?
> I must admit I do not understand the programming logic.

That's easy: If openpgpkey.example.org exists, we can be certain that
example.org exists as well. So the check for the openpgpkey subdomain
must come first if its mere existence decides which method is tried.
Otherwise you would get HTTPS connections for every WKD request on the
example.org server, which fail if the direct method is not supported.
Just to make another HTTPS connection to openpgpkey.example.org to try
the advanced method next. That's a lot of overhead on both the client
and server side, compared to the two DNS queries you need to make either
way.

Hope that helps.
André

--
Greetings...
From: André Colomb <andre@colomb.de>

On 12/01/2021 08:25, Stefan Claas via Gnupg-users wrote:

> if this would work, like I mentioned in my bund.de example, organizations
> would have the freedom to choose WKD instead of hockeypuck or Hagrid,
> and they would have a compatible*inhouse* solution, via simple
> Web management, instead of running a server software, like hokeypuck
> or Hagrid.

WKD is used to publish your own keys, or keys belonging to users in your
own domain. A keyserver is for publishing arbitrary other people's keys.
It has never been necessary for a business to run its own keyserver in
order to use PGP.

--
Andrew Gallagher

On Tue, Jan 12, 2021 at 11:49 AM Andrew Gallagher <andrewg@andrewg.com> wrote:
>
> On 12/01/2021 08:25, Stefan Claas via Gnupg-users wrote:
>
> > if this would work, like I mentioned in my bund.de example, organizations
> > would have the freedom to choose WKD instead of hockeypuck or Hagrid,
> > and they would have a compatible*inhouse* solution, via simple
> > Web management, instead of running a server software, like hokeypuck
> > or Hagrid.
>
> WKD is used to publish your own keys, or keys belonging to users in your
> own domain. A keyserver is for publishing arbitrary other people's keys.
> It has never been necessary for a business to run its own keyserver in
> order to use PGP.

Let me say first thank you to Damien and Andre, because I want to make it
short and therefore sorry for not replying to your messages.

Your are right, but we all know what happened to the SKS Network and
we know also that Hagrid is perfectly fine for privacy and once a hockeypuck
Network is in operation users will appreciate it too.

The point for me is WKD exists and can be used as an cheap inhouse
solution, for families or organizations, if it would allow cost effective
wildcard subdomain support for SSL certs, which IMHO can not hurt
and if the direct method would be triggered first.

Regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On 12/01/2021 11:27, Stefan Claas wrote:
> The point for me is WKD exists and can be used as an cheap inhouse
> solution, for families or organizations, if it would allow cost effective
> wildcard subdomain support for SSL certs, which IMHO can not hurt
> and if the direct method would be triggered first.

Yes, WKD is great. But as André has explained, there is an overhead cost
(to everyone) for trying the direct method first, so inverting this to
work around the side effects of an experiment that's tied to one
particular vendor's service is a *huge* ask.

--
Andrew Gallagher

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Tue, Jan 12, 2021 at 12:43 PM Andrew Gallagher <andrewg@andrewg.com> wrote:
>
> On 12/01/2021 11:27, Stefan Claas wrote:
> > The point for me is WKD exists and can be used as an cheap inhouse
> > solution, for families or organizations, if it would allow cost effective
> > wildcard subdomain support for SSL certs, which IMHO can not hurt
> > and if the direct method would be triggered first.
>
> Yes, WKD is great. But as André has explained, there is an overhead cost
> (to everyone) for trying the direct method first, so inverting this to
> work around the side effects of an experiment that's tied to one
> particular vendor's service is a *huge* ask.

Well, I am not sure about the details for a server or a user when it comes
to overhead and if you mean with one particular vendow GitHub, well
that may be the beginning, for such request. But like I mentioned if people
would wish to manage key distribution themselves, without using third
parties, like Hagrid or hokeypuck or even running such software and
servers I strongly believe that WKD could be an excellent choice, if
this would be fixed.

Regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Tue, Jan 12, 2021 at 12:47 PM Stefan Claas
<spam.trap.mailing.lists@gmail.com> wrote:

> Well, I am not sure about the details for a server or a user when it comes
> to overhead and if you mean with one particular vendow GitHub, well
> that may be the beginning, for such request. But like I mentioned if people
> would wish to manage key distribution themselves, without using third
> parties, like Hagrid or hokeypuck or even running such software and
> servers I strongly believe that WKD could be an excellent choice, if
> this would be fixed.

And for the fun factor I could put also an .ots file from my pub key into
the hu directory,thus making Mallory a bit angry ... :-D

Regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Tue, Jan 12, 2021 at 1:04 PM Stefan Claas
<spam.trap.mailing.lists@gmail.com> wrote:
>
> On Tue, Jan 12, 2021 at 12:47 PM Stefan Claas
> <spam.trap.mailing.lists@gmail.com> wrote:

> And for the fun factor I could put also an .ots file from my pub key into
> the hu directory,thus making Mallory a bit angry ... :-D

Unfortunaly I am no skilled Golang programmer, otherwise I would write
a WKD key fetch utility, which works like sequoia-pgp, e.g fechting the
binary key blob and displaying the results to stdout and additionally
fetching the younamit.ots file and the policy file, while storing those
in the current workin directory and where the policy file would contain
the fingerprint of my key.

Thus an OpenPGP users could use the direct method, like sequoia-pgp
does, had my pub key and the policy file and .oth file which he can use with
time stamping services.

And it would not break WKD specs.

Regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Tue, Jan 12, 2021 at 2:22 PM Stefan Claas
<spam.trap.mailing.lists@gmail.com> wrote:
>
> On Tue, Jan 12, 2021 at 1:04 PM Stefan Claas
> <spam.trap.mailing.lists@gmail.com> wrote:
> >
> > On Tue, Jan 12, 2021 at 12:47 PM Stefan Claas
> > <spam.trap.mailing.lists@gmail.com> wrote:
>
> > And for the fun factor I could put also an .ots file from my pub key into
> > the hu directory,thus making Mallory a bit angry ... :-D
>
> Unfortunaly I am no skilled Golang programmer, otherwise I would write
> a WKD key fetch utility, which works like sequoia-pgp, e.g fechting the
> binary key blob and displaying the results to stdout and additionally
> fetching the younamit.ots file and the policy file, while storing those
> in the current workin directory and where the policy file would contain
> the fingerprint of my key.
>
> Thus an OpenPGP users could use the direct method, like sequoia-pgp
> does, had my pub key and the policy file and .oth file which he can use with
> time stamping services.
>
> And it would not break WKD specs.

Edit: the policy file would be timestamped, because it can be pasted
as ASCII file into timestamping web services and would then fulfill a job,
whic I have not yet seen otherwise.

Regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Dienstag, 12. Januar 2021 12:47:59 CET Stefan Claas via Gnupg-users wrote:
> On Tue, Jan 12, 2021 at 12:43 PM Andrew Gallagher <andrewg@andrewg.com>
wrote:
> > Yes, WKD is great. But as Andr? has explained, there is an overhead cost
> > (to everyone) for trying the direct method first, so inverting this to
> > work around the side effects of an experiment that's tied to one
> > particular vendor's service is a *huge* ask.
>
> Well, I am not sure about the details for a server or a user when it comes
> to overhead and if you mean with one particular vendow GitHub, well
> that may be the beginning, for such request. But like I mentioned if people
> would wish to manage key distribution themselves, without using third
> parties, like Hagrid or hokeypuck or even running such software and
> servers I strongly believe that WKD could be an excellent choice, if
> this would be fixed.

Why do you think anything needs to be changed in gpg? The problem isn't the
implementation of WKD in gpg. The problem is that GitHub serves sub-sub-
subdomains like openpgpkey.sac001.github.io with an invalid TLS certificate.

It's not only gpg that complains.

===
$ curl https://openpgpkey.sac001.github.io
curl: (60) SSL: no alternative certificate subject name matches target host
name 'openpgpkey.sac001.github.io'
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
===

It's easy for people to manage key distribution themselves with WKD. All they
have to do is setup WKD with or without openpgpkey subdomain with valid (!!!)
TLS certificates.

Regards,
Ingo

On Tue, Jan 12, 2021 at 5:36 PM Ingo Klöcker <kloecker@kde.org> wrote:
>
> On Dienstag, 12. Januar 2021 12:47:59 CET Stefan Claas via Gnupg-users wrote:
> > On Tue, Jan 12, 2021 at 12:43 PM Andrew Gallagher <andrewg@andrewg.com>
> wrote:
> > > Yes, WKD is great. But as André has explained, there is an overhead cost
> > > (to everyone) for trying the direct method first, so inverting this to
> > > work around the side effects of an experiment that's tied to one
> > > particular vendor's service is a *huge* ask.
> >
> > Well, I am not sure about the details for a server or a user when it comes
> > to overhead and if you mean with one particular vendow GitHub, well
> > that may be the beginning, for such request. But like I mentioned if people
> > would wish to manage key distribution themselves, without using third
> > parties, like Hagrid or hokeypuck or even running such software and
> > servers I strongly believe that WKD could be an excellent choice, if
> > this would be fixed.
>
> Why do you think anything needs to be changed in gpg? The problem isn't the
> implementation of WKD in gpg. The problem is that GitHub serves sub-sub-
> subdomains like openpgpkey.sac001.github.io with an invalid TLS certificate.
>
> It's not only gpg that complains.
>
> ===
> $ curl https://openpgpkey.sac001.github.io
> curl: (60) SSL: no alternative certificate subject name matches target host
> name 'openpgpkey.sac001.github.io'
> More details here: https://curl.se/docs/sslcerts.html
>
> curl failed to verify the legitimacy of the server and therefore could not
> establish a secure connection to it. To learn more about this situation and
> how to fix it, please visit the web page mentioned above.
> ===
>
> It's easy for people to manage key distribution themselves with WKD. All they
> have to do is setup WKD with or without openpgpkey subdomain with valid (!!!)
> TLS certificates.

Hello Ingo,

please ... openpgpkey is *not* a part of a real (sub)domain, which a
user of any domain service has to define in a record.

Please accept also that a modern OpenPGP software like sequoia-pgp
can handle this *adequately* with the direct method first!

Additionally I have received from GitHub a very nice reply, which I and
I guess all will accept here!

Quote: "... however I don't believe GitHub is in a position to try and persuade
a software author to change or fix their software."

So the last thing besides here discussing the issue with the community is
to file a bug report at: https://dev.gnupg.org/

At least the global OpenPGP community is now aware of my proposal
and I repeat here once again: GitHub (which I am not affiliated with in
any form) has a *proper* SSL cert and github.io pages are properly
working subdomain sites, wiich GnuPG's and gpg4win's WKD implementation
can not handle, while modern OpenPGP implementations like
sequoia-pgp can handle this. BTW. I am also not affiliated in any form with
sequoia or the pep foundation etc.

Best regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Hi Stefan,

maybe I'm not the only one here who doesn't fully follow what your
"proposal" actually is. For me, it sounds like you are misunderstanding
some things and therefore think you are making a superior proposal where
it is actually based on wrong assumptions.

On 12/01/2021 18.05, Stefan Claas via Gnupg-users wrote:
> please ... openpgpkey is *not* a part of a real (sub)domain, which a
> user of any domain service has to define in a record.

I do not understand this statement at all. Could you please elaborate?

> Please accept also that a modern OpenPGP software like sequoia-pgp
> can handle this *adequately* with the direct method first!

It seems adequate for *you*, but as I explained it would put a burden on
both the client and the involved webservers to handle it that way. In
case the advanced method is available, and the direct method is not,
testing for the direct method first is not a cheap operation.

It has also been pointed out repeatedly in this thread that Sequoia
apparently does not properly check the TLS certificate, which you have
proven with your example setup. That could be called "modern" or
"insecure". It has nothing to do with the ordering of the two methods.

> Additionally I have received from GitHub a very nice reply, which I and
> I guess all will accept here!
>
> Quote: "... however I don't believe GitHub is in a position to try and persuade
> a software author to change or fix their software."

I agree they shouldn't try that. Your question to them probably hinted
at something being the problem which is not in their control. While
actually the real problem is something else which they could control on
their side (see below).

> At least the global OpenPGP community is now aware of my proposal
> and I repeat here once again: GitHub (which I am not affiliated with in
> any form) has a *proper* SSL cert and github.io pages are properly
> working subdomain sites, wiich GnuPG's and gpg4win's WKD implementation

This is plain wrong, as Ingo has pointed out. But let me explain to you
why I think so.

The certificate is issued for *.github.io. So it is valid for anything
like example.github.io, openpgpkey.github.io, whatever.github.io. But
it is NOT VALID for any deeper level of subdomain, like
foo.bar.github.io or openpgpkey.example.github.io. That's just how TLS
certificate validity is defined.

However, GitHub apparently still presents that certificate when making
an HTTPS connection to the deeper subdomains, e.g.
openpgpkey.example.github.io. For this connection, the certificate is
definitely NOT VALID, as curl or gnupg do point out. Sequoia seems to
apply different rules for the hostname check, so it seems to "just work"
for you. In fact, it should only accept a certificate for
openpgpkey.example.github.io or *.example.github.io.

So there are two "bugs" involved here. 1. GitHub presenting an invalid
certificate for the sub-subdomain and 2. Sequoia not noticing that.
Neither of these are bugs in GnuPG. If you can accept these facts, then
it makes sense to further discuss what could be changed where to make
your desired setup work. Maybe that discussion will lead to a concise
change proposal.

One more question: You're talking about OpenPGP key discovery setups for
families and small groups, IIUC. And that should involve WKD and
GitHub. But how should these people actually get working e-mail
addresses @example.github.io? WKD very specifically ties the key
discovery to the control over the involved domain. It moves part of the
trust relationship to the domain administrator. So who is actually in
control over those e-mail addresses?

I hope this mail will not upset you. Just trying to clarify what you
might have misunderstood that leads to people not understanding or
agreeing with your proposal. I don't mind to be proven wrong if it was
in fact my misunderstanding.

Kind regards
André

--
Greetings...
From: André Colomb <andre@colomb.de>

On Tue, Jan 12, 2021 at 8:17 PM André Colomb <andre@colomb.de> wrote:
>
> Hi Stefan,

> So there are two "bugs" involved here. 1. GitHub presenting an invalid
> certificate for the sub-subdomain and 2. Sequoia not noticing that.
> Neither of these are bugs in GnuPG. If you can accept these facts, then
> it makes sense to further discuss what could be changed where to make
> your desired setup work. Maybe that discussion will lead to a concise
> change proposal.

Hi Andre, currently I can only accept the fact that these two "bugs" are
currently not resolved in GnuPG and gpg4win, if you allow me to
formulate it this way. I desperately hope that this thread will lead to a
fruitful outcome, for GnuPG and gpg4win users, while I personally
could care less, because I just checked yesterday the latest sq
version and I am happy that it works.

> One more question: You're talking about OpenPGP key discovery setups for
> families and small groups, IIUC. And that should involve WKD and
> GitHub. But how should these people actually get working e-mail
> addresses @example.github.io? WKD very specifically ties the key
> discovery to the control over the involved domain. It moves part of the
> trust relationship to the domain administrator. So who is actually in
> control over those e-mail addresses?

Good question Andre! In case of github.io there is apprently no
email address, which is IMHO a good thing if people like to
set-up a github.io page and do not want to reveal their real
email address, to third parties, which is IMHO their good right,
in case they like to use this github.io pub key as multi-purpose
key, let's say for multiple email accounts, from other services,
file transfer, NFC postcards, you name it.

Let's say as an example for gnupg.org. If am not mistaken
dev.gnupg.org has a different cert as gnupg.org. Let's assume
also that gnupg.org would come up with the idea of running
keys.gnupg.org. I strongly believe that a (purchased) SSL
cert for gnupg.org, covering wildcard subdomains, like GitHub's
cert is neither wrong nor does it cause any security implications,
when the direct method is used.

Speaking of overhead, I must admit (again) I do not understand
what this is or what this can cause for a server maintainer or
a GnuPG or gpg4win user, when I for example can fetch my
pub key with sequoia real quick, because in binary form these
are only a couple of bytes and I strongly believe that a simple
directory structure, holding some files, on a web server has no
issues either.

> I hope this mail will not upset you. Just trying to clarify what you
> might have misunderstood that leads to people not understanding or
> agreeing with your proposal. I don't mind to be proven wrong if it was
> in fact my misunderstanding.

Of course not and I appreciate if this issue can be discussed further!

Best regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On 12/01/2021 20:40, Stefan Claas via Gnupg-users wrote:
> On Tue, Jan 12, 2021 at 8:17 PM André Colomb <andre@colomb.de> wrote:

>> One more question: You're talking about OpenPGP key discovery setups for
>> families and small groups, IIUC. And that should involve WKD and
>> GitHub. But how should these people actually get working e-mail
>> addresses @example.github.io? WKD very specifically ties the key
>> discovery to the control over the involved domain. It moves part of the
>> trust relationship to the domain administrator. So who is actually in
>> control over those e-mail addresses?
>
> Good question Andre! In case of github.io there is apprently no
> email address, which is IMHO a good thing if people like to
> set-up a github.io page and do not want to reveal their real
> email address, to third parties, which is IMHO their good right,
> in case they like to use this github.io pub key as multi-purpose
> key, let's say for multiple email accounts, from other services,
> file transfer, NFC postcards, you name it.

The point of WKD is using the trust of the CA machinery (and the
assumption that the email infrastructure and web servers serving a
specific domain are run by the same organization) to securely retrieve
OpenPGP keys associated to an email address. There keys can then be used
to communicate with the older of the email address.

The party in the communication are identified by email addresses.

In your scheme there are no email addresses. How is retrieving an
OpenPGP key from a random .github.io subdomain from obtaining it in any
other untrusted way? What is the line of trust in the scheme you are
proposing?

Cheers,
Dan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On 12/01/2021 20:40, Stefan Claas via Gnupg-users wrote:
> On Tue, Jan 12, 2021 at 8:17 PM André Colomb <andre@colomb.de> wrote:
>>
>> Hi Stefan,
>
>> So there are two "bugs" involved here. 1. GitHub presenting an invalid
>> certificate for the sub-subdomain and 2. Sequoia not noticing that.
>> Neither of these are bugs in GnuPG. If you can accept these facts, then
>> it makes sense to further discuss what could be changed where to make
>> your desired setup work. Maybe that discussion will lead to a concise
>> change proposal.
>
> Hi Andre, currently I can only accept the fact that these two "bugs" are
> currently not resolved in GnuPG and gpg4win, if you allow me to
> formulate it this way.

How can GPG solve bugs that are not in the GPG code or infrastructure? I
think André did a great job explaining what the issues are. How do you
think they can be addressed by GPG?

Cheers,
Dan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

> On 12 Jan 2021, at 19:44, Stefan Claas via Gnupg-users <gnupg-users@gnupg.org> wrote:
>
> Hi Andre, currently I can only accept the fact that these two "bugs" are
> currently not resolved in GnuPG and gpg4win, if you allow me to
> formulate it this way.

You should not formulate it this way. If the bugs are not in gnupg, they cannot be resolved in gnupg.

A
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Tue, Jan 12, 2021 at 9:43 PM Andrew Gallagher <andrewg@andrewg.com> wrote:
>
>
> > On 12 Jan 2021, at 19:44, Stefan Claas via Gnupg-users <gnupg-users@gnupg.org> wrote:
> >
> > Hi Andre, currently I can only accept the fact that these two "bugs" are
> > currently not resolved in GnuPG and gpg4win, if you allow me to
> > formulate it this way.
>
> You should not formulate it this way. If the bugs are not in gnupg, they cannot be resolved in gnupg.

Ok, than I should formulate it as feature request, for GnuPG and gpg4win.

Regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Tue, Jan 12, 2021 at 10:09 PM Daniele Nicolodi <daniele@grinta.net> wrote:
>
> On 12/01/2021 20:40, Stefan Claas via Gnupg-users wrote:
> > On Tue, Jan 12, 2021 at 8:17 PM André Colomb <andre@colomb.de> wrote:
> >>
> >> Hi Stefan,
> >
> >> So there are two "bugs" involved here. 1. GitHub presenting an invalid
> >> certificate for the sub-subdomain and 2. Sequoia not noticing that.
> >> Neither of these are bugs in GnuPG. If you can accept these facts, then
> >> it makes sense to further discuss what could be changed where to make
> >> your desired setup work. Maybe that discussion will lead to a concise
> >> change proposal.
> >
> > Hi Andre, currently I can only accept the fact that these two "bugs" are
> > currently not resolved in GnuPG and gpg4win, if you allow me to
> > formulate it this way.
>
> How can GPG solve bugs that are not in the GPG code or infrastructure? I
> think André did a great job explaining what the issues are. How do you
> think they can be addressed by GPG?

If you followed the whole thread you may agree that GnuPG and gpg4win,
due to the way of how WKD is implemented does not allow wildcard (sub)domains,
when fetching a pub key from, for example, github.io pages, because it gives
a cert error for a *valid* SSL cert, while other OpenPGP software,
like sequoia-pgp,
can handle this.

I suggest that you or any other persons ask this question Werner, the author
of GnuPG and IIRC the wkd-draft author or you ask the sequoia
team how they implemented WKD, because sq.exe does it's job.

Regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Tue, Jan 12, 2021 at 10:17:13PM +0100, Stefan wrote in
<CAC6FiZ4okkkjsZWG5N7MmnZL=twait-geP8VBJA8ai49vza1+g@mail.gmail.com>:
>> How can GPG solve bugs that are not in the GPG code or infrastructure? I
>> think Andr? did a great job explaining what the issues are. How do you
>> think they can be addressed by GPG?
>
>If you followed the whole thread you may agree that GnuPG and gpg4win,
>due to the way of how WKD is implemented does not allow wildcard (sub)domains,
>when fetching a pub key from, for example, github.io pages, because it gives
>a cert error for a *valid* SSL cert, while other OpenPGP software,
>like sequoia-pgp,
>can handle this.
>
>I suggest that you or any other persons ask this question Werner, the author
>of GnuPG and IIRC the wkd-draft author or you ask the sequoia
>team how they implemented WKD, because sq.exe does it's job.

Firefox gives an error on the URL https://openpgpkey.sac001.github.io/ :

Websites prove their identity via certificates. Firefox does not trust this site
because it uses a certificate that is not valid for openpgpkey.sac001.github.io.
The certificate is only valid for the following names: www.github.com,
*.github.com, github.com, *.github.io, github.io, *.githubusercontent.com,
githubusercontent.com

I don't see the valid SSL certificate you keep on insisting is there.

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On 12/01/2021 20.40, Stefan Claas wrote:
>> So there are two "bugs" involved here. 1. GitHub presenting an invalid
>> certificate for the sub-subdomain and 2. Sequoia not noticing that.
>> Neither of these are bugs in GnuPG. If you can accept these facts, then
>> it makes sense to further discuss what could be changed where to make
>> your desired setup work. Maybe that discussion will lead to a concise
>> change proposal.
>
> Hi Andre, currently I can only accept the fact that these two "bugs" are
> currently not resolved in GnuPG and gpg4win, if you allow me to
> formulate it this way. I desperately hope that this thread will lead to a

I (and others) understand the word "bug" as in "software not working
according to its specification". The specification is the WKD Internet
Draft as well as some RFCs about TLS certificate rules. Bugs in Sequoia
or GitHub's DNS configuration can therefore not be resolved in a
different software, namely GnuPG. Not sure what you mean by "resolve"
otherwise. Ignoring security rules would be a workaround, and a
terrible one as well.

Regarding the "misconfiguration" of GitHub's DNS and HTTPS, I noticed
Werner has actually added a corresponding paragraph to the WKD draft in
May 2019 (version 08):

Sites which do not use the advanced method but employ wildcard DNS
for their sub-domains MUST make sure that the "openpgpkey" sub-domain
is not subject to the wildcarding. This can be done by inserting an
empty TXT RR for this sub-domain.

Of course that only applies for someone striving for WKD conformance,
which the github.io domain has absolutely no business with. Therefore
they don't take this extra measure to suppress a failed attempt with the
WKD advanced method.

> Good question Andre! In case of github.io there is apprently no
> email address, which is IMHO a good thing if people like to
> set-up a github.io page and do not want to reveal their real
> email address, to third parties, which is IMHO their good right,
> in case they like to use this github.io pub key as multi-purpose
> key, let's say for multiple email accounts, from other services,
> file transfer, NFC postcards, you name it.

Okay, so you're using a protocol (WKD) that was purpose-designed with
e-mail in mind, but your user IDs don't work as e-mail addresses.
Despite looking exactly alike. That in itself might confuse people
(like me) using those keys. However WKD itself is not strictly tied to
e-mail, in contrast to WKS (the related Web Key Service protocol).

> Let's say as an example for gnupg.org. If am not mistaken
> dev.gnupg.org has a different cert as gnupg.org. Let's assume
> also that gnupg.org would come up with the idea of running
> keys.gnupg.org. I strongly believe that a (purchased) SSL
> cert for gnupg.org, covering wildcard subdomains, like GitHub's
> cert is neither wrong nor does it cause any security implications,
> when the direct method is used.

You need to distinguish at which level the wildcard is found. A TLS
certificate for *.gnupg.org would be perfectly fine, and even if
dev.gnupg.org uses its own even though it would be covered by the
wildcard. A fictional openpgpkey.gnupg.org server could present the
wildcard cert, just as GitHub does it. But for an
openpgpkey.dev.gnupg.org server, that would be invalid. Again, a
certificate for *.dev.gnupg.org could be used there.

There's two sides to the validity: DNS and TLS. Going back to the
GitHub example for continuity. The DNS server resolves
example.github.io to some IP address. It also resolves any
sub-subdomain like openpgpkey.example.github.io to a (probably the same)
IP address. The web server at that address presents a TLS certificate
which is issued for *.github.io. It would need to present a different
certificate for *.example.github.io in order to make a valid TLS
authenticated connection. I don't think there is something like a
*.*.github.io entry they could include in their certificate that would
cover all sub- and sub-sub-domains at once. So the HTTPS connection to
openpgpkey.example.github.io "works" on the DNS level, but has NO VALID
TLS set up, which is the "bug" / error on their side.

> Speaking of overhead, I must admit (again) I do not understand
> what this is or what this can cause for a server maintainer or
> a GnuPG or gpg4win user, when I for example can fetch my
> pub key with sequoia real quick, because in binary form these
> are only a couple of bytes and I strongly believe that a simple
> directory structure, holding some files, on a web server has no
> issues either.

I'll try to explain what happens during a WKD lookup attempt in your
preferred order, in hopefully simple terms (not 100 % technically correct).

1. The client queries DNS for the github.io domain, gets back an NS
record (a name server for the github.io zone).
2. Client asks the returned DNS server about example.github.io, gets
back an IP address for the (web) server.
3. Client contacts the web server on port 443, initiating a TLS
handshake. Gets back a TLS certificate issued for *.github.io.
4. Client checks that the contacted DNS name is actually covered by that
certificate. (OK for example.github.io, not for deeper levels)
5. Client sends an HTTP request over the established TLS connection,
asking for the well-known URL's path component. The server answers "404
Not found" or similar.
6. Client decides that the simple method failed and goes back to step 2,
this time trying the openpgpkey.example.github.io DNS name. Step 5 will
succeed this time, returning the OpenPGP certificate and public key.

Now you need to know that the "handshake" part consists of several
back-and-forth data transfers, which is why surfing over satellite links
is awful and stuff like QUIC / HTTP/2 is being developed to try and
reduce these round trips. There are also many points where things can
go wrong, e.g. the web server simply not answering on port 443 because
it is really only an e-mail server and WKD is handled somewhere else
(where we get in the second round). That involves the connection
needing to time out first. So repeating steps 2 to 5 is what I mean
with "overhead", which may very well cause user-noticeable delays.

In contrast to that, *first* querying the sub-sub-domain
openpgpkey.example.github.io would ideally return NXDOMAIN and we can
switch immediately to trying the direct method. Less time and energy
wasted.

I say ideally, because on github.io specifically, that doesn't happen.
Which is fine in itself. But the WKD spec lets us interpret that as
"cool, the openpgpkey subdomain resolved, so let's use advanced method!"
If it now fails at a later step (TLS certificate validity in this case),
sane implementations rightfully report a misconfiguration and abort,
because it may just as well be an MITM attacker fooling with the TLS
certificate.

What could be done in the WKD spec and / or GnuPG is to fall back to the
simple method not only when the openpgpkey subdomain is unresolvable,
but also if any other error happens during the advanced method. I don't
see any obvious *security* implications in that. But providers like
GitHub would then go through two complete HTTPS connections before the
client notices "WKD just isn't set up properly there". The current WKD
draft tries to avoid that duplicated server load by aborting early based
on the DNS response.

What Sequoia could do is fix their TLS host name check (step 4 above) to
only match one level with a wildcard, slightly increasing security. But
that is their call and I'm not knowledgeable enough on official TLS
validity rules to point a finger. Just GnuPG and curl choking on your
example indicates that it might be the Right Thing to do.

What GitHub could do (easily) is follow the WKD recommendation and
specifically block any "openpgpkey" sub-subdomain from resolving. Just
in case someone is crazy enough (no offense Stefan :-) to try abusing
their free web page service for WKD.

Remember it is *their* domain even if they grant you free usage of a
subdomain. And WKD specifically delegates some trust to the *domain
owner*, so they have every right to not care about OpenPGP at all and
let WKD requests fail ungracefully. Even the right to serve an invalid
wildcard certificate for sub-subdomains (which is still bad though).

Sorry for the long read, but I hope it clarifies the situation.

Regards
André

--
Greetings...
From: André Colomb <andre@colomb.de>