keyoxide
/
project
1
0
Issues 4 Packages Projects Wiki

Using domain as alternative to PGP #1

New Issue
Open
opened 2023-03-17 13:09:04 +00:00 by Ryuno-Ki · 1 comment
Ryuno-Ki commented 2023-03-17 13:09:04 +00:00

This morning a topic popped up in the Matrix channel. I volunteered to summarise it here but struggle a little with getting the summary right. Bear with me. I'm not tagging or listing names here because I'm not sure whether the respective people would consent.

The background

Someone compared Keyoxide to „link tree but with pgp encryption to verify users”.

It was pointed out that PGP is not used for encryption but rather to act as the „id”.

The next question was about whether the e-mail address had to be public.
At this point we had an interesting discussion.

Problem statement

Offer alternative means to act as an ID without leaking sensitive information.

Possible solutions

Now my idea was to encourage to hold a domain of one's own and use the domain as an ID holder. I believe the technical term is claims.

Those claims are often added as Ariadne URL to the notation part of a PGP key in the current shape of Keyoxide's documentation. The main driver for this is to utilise OpenPGP's API.

There's an option issue at https://gitlab.com/keys.openpgp.org/hagrid/-/issues/180 about an e-mail less key support.

My line of thinking was to encourage WKDs (short for .well-known directories).
If someone holds a domain adding a file to a specific path should be possible. If the content of the file is well-defined, well it could act as a pendant to the notation part.

Since we are talking about claims here, I figured whether JWT (Json Web Token) could be used. Those hold claims as well. I haven't thought about the specifics yet.

You see, I have discovered IndieWeb before I learned about Keyoxide. They are encouraging rel="me" links to bidirectional link together profiles. Since a website is usually open on the Internet anyway, it wouldn't give away additional information.

I feel like domains are easier to understand by people. But they should be aware that it's not „as secure” as using Public Key Infrastructure.

I'd like both to see next to each other.

Concerns

Now there were concerns raised with this proposal that are worth noting as well:

  • A domain has to be paid for
  • A registrar can strip the domain holder from it
  • A domain could be compromised
  • Not everyone has a domain (there could be subdomains or paths, e.g. ~user in academia) - this one was not part of the Matrix conversation

Valid concerns. PGP keys could be comprised as well (for example by accident. Look at how many secrets got leaked in git repositories).

It was brought up that for proofs it is better to use DNS records. I'm in favour of that since it's one of the challenge types by Let's Encrypt and I trust their expertise here. So this could proof the ownership (I was more concerned about the claims).

This morning a topic popped up in the Matrix channel. I volunteered to summarise it here but struggle a little with getting the summary right. Bear with me. I'm not tagging or listing names here because I'm not sure whether the respective people would consent. ## The background Someone compared Keyoxide to „link tree but with pgp encryption to verify users”. It was pointed out that PGP is not used for encryption but rather to act as the „id”. The next question was about whether the e-mail address had to be public. At this point we had an interesting discussion. ## Problem statement Offer alternative means to act as an ID without leaking sensitive information. ## Possible solutions Now my idea was to encourage to hold [a domain of one's own](https://indieweb.org/A_Domain_of_One%27s_Own) and use the domain as an ID holder. I believe the technical term is claims. Those claims are often added as Ariadne URL to the notation part of a PGP key in the current shape of Keyoxide's documentation. The main driver for this is to utilise OpenPGP's API. There's an option issue at https://gitlab.com/keys.openpgp.org/hagrid/-/issues/180 about an e-mail less key support. My line of thinking was to encourage WKDs (short for .well-known directories). If someone holds a domain adding a file to a specific path should be possible. If the content of the file is well-defined, well it could act as a pendant to the notation part. Since we are talking about claims here, I figured whether JWT (Json Web Token) could be used. Those hold claims as well. I haven't thought about the specifics yet. You see, I have discovered IndieWeb before I learned about Keyoxide. They are encouraging [rel="me" links](https://indieweb.org/rel-me) to bidirectional link together profiles. Since a website is usually open on the Internet anyway, it wouldn't give away additional information. I feel like domains are easier to understand by people. But they should be aware that it's not „as secure” as using Public Key Infrastructure. I'd like both to see next to each other. ## Concerns Now there were concerns raised with this proposal that are worth noting as well: - A domain has to be paid for - A registrar can strip the domain holder from it - A domain could be compromised - Not everyone has a domain (there could be subdomains or paths, e.g. ~user in academia) - this one was not part of the Matrix conversation Valid concerns. PGP keys could be comprised as well (for example by accident. Look at how many secrets got leaked in git repositories). It was brought up that for proofs it is better to use DNS records. I'm in favour of that since [it's one of the challenge types by Let's Encrypt](https://letsencrypt.org/docs/challenge-types/#dns-01-challenge) and I trust their expertise here. So this could proof the ownership (I was more concerned about the claims).
👍 1 👀 1
yarmo commented 2023-06-28 08:45:22 +00:00
Owner

A few months have past but the idea is still stuck in my mind and I think this is something that should exist.

The concerns need be addressed but some of them (like the paid-for aspect), I think, boil down to choice. People who don't have a domain may have to use the "standard" cryptography route. But if one does have a domain, why not use it?

Right now, I'm busy with the ASP stuff but I'll come back to this issue soon.

A few months have past but the idea is still stuck in my mind and I think this is something that should exist. The concerns need be addressed but some of them (like the paid-for aspect), I think, boil down to choice. People who don't have a domain may have to use the "standard" cryptography route. But if one does have a domain, why not use it? Right now, I'm busy with the ASP stuff but I'll come back to this issue soon.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
No items
No Label
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: keyoxide/project#1
There is no content yet.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may exist for a short time before cleaning up, in most cases it CANNOT be undone. Continue?