@ -5,11 +5,11 @@
Network Working Group V. Birk
Internet-Draft H. Marques
Intended status: Standards Track pEp Foundation
Expires: December 29, 2018 June 27, 2018
Expires: August 8, 2019 February 04, 2019
pretty Easy privacy (pEp): Key Synchronization Protocol
draft-birk-pep-keysync-00
draft-birk-pep-keysync-NN
Abstract
@ -30,11 +30,11 @@ Status of This Memo
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on December 29, 2018 .
This Internet-Draft will expire on August 8, 2019 .
Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the
Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
@ -53,9 +53,9 @@ Copyright Notice
Birk & Marques Expires December 29, 2018 [Page 1]
Birk & Marques Expires August 8, 2019 [Page 1]
Internet-Draft pretty Easy privacy (pEp) Key Sync June 2018
Internet-Draft pretty Easy privacy (pEp) Key Sync February 2019
Table of Contents
@ -69,12 +69,13 @@ Table of Contents
7. Security Considerations . . . . . . . . . . . . . . . . . . . 8
8. Implementation Status . . . . . . . . . . . . . . . . . . . . 8
8.1. Introduction . . . . . . . . . . . . . . . . . . . . . . 8
8.2. Current software implementing pEp . . . . . . . . . . . . 9
9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 9
10. References . . . . . . . . . . . . . . . . . . . . . . . . . 9
10.1. Normative References . . . . . . . . . . . . . . . . . . 9
10. References . . . . . . . . . . . . . . . . . . . . . . . . . 10
10.1. Normative References . . . . . . . . . . . . . . . . . . 10
10.2. Informative References . . . . . . . . . . . . . . . . . 10
Appendix A. Excerpts from the pEp Reference Implementation . . . 12
Appendix B. Open Issues . . . . . . . . . . . . . . . . . . . . 12
Appendix A. Excerpts from the pEp Reference Implementation . . . 11
Appendix B. Open Issues . . . . . . . . . . . . . . . . . . . . 11
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 12
1. Introduction
@ -98,21 +99,22 @@ Table of Contents
o Handshake: The process when Alice - e.g. in-person or via phone -
contacts Bob to verify Trustwords (or by fallback: fingerprints)
is called handshake. [E-D.birk -pep-handshake]
is called Handshake. [I-D.marques -pep-handshake]
o Trustwords: A scalar-to-word representation of 16-bit numbers (0
to 65535) to natural language words. When doing a h andshake,
to 65535) to natural language words. When doing a H andshake,
peers are shown combined Trustwords of both public keys involved
to ease the comparison. [I-D.birk-pep-trustwords]
o Trust on First Use (TOFU): cf. [RFC7435]
Birk & Marques Expires December 29, 2018 [Page 2]
Birk & Marques Expires August 8, 2019 [Page 2]
Internet-Draft pretty Easy privacy (pEp) Key Sync June 2018
Internet-Draft pretty Easy privacy (pEp) Key Sync February 2019
o Trust on First Use (TOFU): cf. [RFC7435]
o Man-in-the-middle attack (MITM): cf. [RFC4949]
@ -133,7 +135,7 @@ Internet-Draft pretty Easy privacy (pEp) Key Sync June 2018
the other nor are the chances realistic that the independently
created key pairs match.
If Alice wants to communicate from both of her devices, she expecte s
If Alice wants to communicate from both of her devices, she expects
not only that messages be readable across the devices, but also that
she can send messages expecting the same level of privacy she's used
to with just using one device, i.e., she wants all of the trust she
@ -141,7 +143,7 @@ Internet-Draft pretty Easy privacy (pEp) Key Sync June 2018
reflected on any device she uses. This requires her to have her
devices be part of a so-called Device Group.
This scenario can be full filled using the following steps, assuming
This scenario can be fulfilled using the following steps, assuming
the process is started with device Alice_A:
1. Alice automatically invokes a broadcast from the first device,
@ -163,11 +165,9 @@ Internet-Draft pretty Easy privacy (pEp) Key Sync June 2018
Birk & Marques Expires December 29, 2018 [Page 3]
Birk & Marques Expires August 8, 2019 [Page 3]
Internet-Draft pretty Easy privacy (pEp) Key Sync June 2018
Internet-Draft pretty Easy privacy (pEp) Key Sync February 2019
2. Alice_A and Alice_B now send each other all of their secrets,
@ -221,9 +221,9 @@ Internet-Draft pretty Easy privacy (pEp) Key Sync June 2018
Birk & Marques Expires December 29, 2018 [Page 4]
Birk & Marques Expires August 8, 2019 [Page 4]
Internet-Draft pretty Easy privacy (pEp) Key Sync June 2018
Internet-Draft pretty Easy privacy (pEp) Key Sync February 2019
fsm DeviceState filename=sync {
@ -277,9 +277,9 @@ Internet-Draft pretty Easy privacy (pEp) Key Sync June 2018
Birk & Marques Expires December 29, 2018 [Page 5]
Birk & Marques Expires August 8, 2019 [Page 5]
Internet-Draft pretty Easy privacy (pEp) Key Sync June 2018
Internet-Draft pretty Easy privacy (pEp) Key Sync February 2019
}
@ -333,9 +333,9 @@ Internet-Draft pretty Easy privacy (pEp) Key Sync June 2018
Birk & Marques Expires December 29, 2018 [Page 6]
Birk & Marques Expires August 8, 2019 [Page 6]
Internet-Draft pretty Easy privacy (pEp) Key Sync June 2018
Internet-Draft pretty Easy privacy (pEp) Key Sync February 2019
do acceptHandshake(partner);
@ -389,9 +389,9 @@ Internet-Draft pretty Easy privacy (pEp) Key Sync June 2018
Birk & Marques Expires December 29, 2018 [Page 7]
Birk & Marques Expires August 8, 2019 [Page 7]
Internet-Draft pretty Easy privacy (pEp) Key Sync June 2018
Internet-Draft pretty Easy privacy (pEp) Key Sync February 2019
}
@ -445,9 +445,9 @@ Internet-Draft pretty Easy privacy (pEp) Key Sync June 2018
Birk & Marques Expires December 29, 2018 [Page 8]
Birk & Marques Expires August 8, 2019 [Page 8]
Internet-Draft pretty Easy privacy (pEp) Key Sync June 2018
Internet-Draft pretty Easy privacy (pEp) Key Sync February 2019
features. Readers are advised to note that other implementations may
@ -460,7 +460,29 @@ Internet-Draft pretty Easy privacy (pEp) Key Sync June 2018
more mature. It is up to the individual working groups to use this
information as they see fit."
[[ TODO ]]
8.2. Current software implementing pEp
The following software implementing the pEp protocols (to varying
degrees) already exists:
o pEp for Outlook as add-on for Microsoft Outlook, release
[SRC.pepforoutlook]
o pEp for Android (based on a fork of the K9 MUA), release
[SRC.pepforandroid]
o Enigmail/pEp as add-on for Mozilla Thunderbird, release
[SRC.enigmailpep]
o pEp for iOS (implemented in a new MUA), beta [SRC.pepforios]
pEp for Android, iOS and Outlook are provided by pEp Security, a
commercial entity specializing in end-user software implementing pEp
while Enigmail/pEp is pursued as community project, supported by the
pEp Foundation.
All software is available as Free Software and published also in
source form.
9. Acknowledgements
@ -472,15 +494,22 @@ Internet-Draft pretty Easy privacy (pEp) Key Sync June 2018
and extended with funding by the Internet Society's Beyond the Net
Programme on standardizing pEp. [ISOC.bnet]
Birk & Marques Expires August 8, 2019 [Page 9]
Internet-Draft pretty Easy privacy (pEp) Key Sync February 2019
10. References
10.1. Normative References
[I-D.birk-pep]
Birk, V., Marques, H., and S. Shelburn, "pretty Easy
privacy (pEp): Privacy by Default", draft-birk-pep-02
(work in progress), June 2018.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
@ -490,77 +519,23 @@ Internet-Draft pretty Easy privacy (pEp) Key Sync June 2018
FYI 36, RFC 4949, DOI 10.17487/RFC4949, August 2007,
<https://www.rfc-editor.org/info/rfc4949>.
[RFC5322] Resnick, P., Ed., "Internet Message Format", RFC 5322,
DOI 10.17487/RFC5322, October 2008,
<https://www.rfc-editor.org/info/rfc5322>.
[RFC7435] Dukhovni, V., "Opportunistic Security: Some Protection
Most of the Time", RFC 7435, DOI 10.17487/RFC7435,
December 2014, <https://www.rfc-editor.org/info/rfc7435>.
Birk & Marques Expires December 29, 2018 [Page 9]
Internet-Draft pretty Easy privacy (pEp) Key Sync June 2018
10.2. Informative References
[E-D.birk-pep-email]
Birk, V. and H. Marques, "pretty Easy privacy (pEp):
Secure and Trusted Email Communication", June 2018,
<https://pep.foundation/dev/repos/internet-
drafts/file/tip/pep-email/draft-birk-pep-email-NN.txt>.
Early draft
[E-D.birk-pep-handshake]
Marques, H., "pretty Easy privacy (pEp): Contact
Authentication through Handshake", June 2018,
<https://pep.foundation/dev/repos/internet-
drafts/file/tip/pep-handshake/
draft-marques-pep-handshake-00.txt>.
Early draft
[E-D.birk-pep-keysync]
Birk, V. and H. Marques, "pretty Easy privacy (pEp): Key
Synchronization Protocol", June 2018,
<https://pep.foundation/dev/repos/internet-
drafts/file/tip/pep-keysync/
draft-birk-pep-keysync-NN.txt>.
Early draft
[E-D.birk-pep-trust-rating]
Birk, V. and H. Marques, "pretty Easy privacy (pEp): Trust
Rating System", June 2018,
<https://pep.foundation/trac/browser/internet-drafts/pep-
rating/draft-marques-pep-rating-00.txt>.
Early draft
[I-D.birk-pep-trustwords]
Birk, V., Marques, H., and B. Hoeneisen, "IANA
Registration of Trustword Lists: Guide, Template and IANA
Considerations", draft-birk-pep-trustwords-02 (work in
progress), June 2018.
Birk & Marques Expires December 29, 2018 [Page 10]
Internet-Draft pretty Easy privacy (pEp) Key Sync June 2018
[I-D.marques-pep-handshake]
Marques, H. and B. Hoeneisen, "pretty Easy privacy (pEp):
Contact and Channel Authentication through Handshake",
draft-marques-pep-handshake-01 (work in progress), October
2018.
[ISOC.bnet]
Simao, I., "Beyond the Net. 12 Innovative Projects
@ -570,54 +545,35 @@ Internet-Draft pretty Easy privacy (pEp) Key Sync June 2018
blog/2017/06/12-innovative-projects-selected-for-beyond-
the-net-funding/>.
[RFC4880] Callas, J., Donnerhacke, L., Finney, H., Shaw, D., and R.
Thayer, "OpenPGP Message Format", RFC 4880,
DOI 10.17487/RFC4880, November 2007,
<https://www.rfc-editor.org/info/rfc4880>.
[RFC5321] Klensin, J., "Simple Mail Transfer Protocol", RFC 5321,
DOI 10.17487/RFC5321, October 2008,
<https://www.rfc-editor.org/info/rfc5321>.
[RFC7258] Farrell, S. and H. Tschofenig, "Pervasive Monitoring Is an
Attack", BCP 188, RFC 7258, DOI 10.17487/RFC7258, May
2014, <https://www.rfc-editor.org/info/rfc7258>.
[RFC7942] Sheffer, Y. and A. Farrel, "Improving Awareness of Running
Code: The Implementation Status Section", BCP 205,
RFC 7942, DOI 10.17487/RFC7942, July 2016,
<https://www.rfc-editor.org/info/rfc7942>.
[SRC.enigmailpep]
"Source code for Enigmail/pEp", June 2018,
"Source code for Enigmail/pEp", July 2018,
<https://enigmail.net/index.php/en/download/source-code>.
[SRC.pepcore]
"Core source code and reference implementation of pEp
(engine and adapters)", June 2018,
<https://pep.foundation/dev/>.
Birk & Marques Expires August 8, 2019 [Page 10]
Internet-Draft pretty Easy privacy (pEp) Key Sync February 2019
[SRC.pepforandroid]
"Source code for pEp for Android", June 2018,
"Source code for pEp for Android", July 2018,
<https://pep-security.lu/gitlab/android/pep>.
[SRC.pepforios]
"Source code for pEp for iOS", June 2018,
"Source code for pEp for iOS", July 2018,
<https://pep-security.ch/dev/repos/pEp_for_iOS/>.
[SRC.pepforoutlook]
"Source code for pEp for Outlook", June 2018,
"Source code for pEp for Outlook", July 2018,
<https://pep-security.lu/dev/repos/pEp_for_Outlook/>.
Birk & Marques Expires December 29, 2018 [Page 11]
Internet-Draft pretty Easy privacy (pEp) Key Sync June 2018
Appendix A. Excerpts from the pEp Reference Implementation
This section provides excerpts of the running code from the pEp
@ -631,6 +587,8 @@ Appendix B. Open Issues
[[ RFC Editor: This section should be empty and is to be removed
before publication ]]
o Include shared file (cf. other drafts)
o Major update
o Verify Dummy Sections
@ -649,6 +607,17 @@ Appendix B. Open Issues
o Check List of Authors
o shorten overlong lines in code examples
Birk & Marques Expires August 8, 2019 [Page 11]
Internet-Draft pretty Easy privacy (pEp) Key Sync February 2019
Authors' Addresses
Volker Birk
@ -661,19 +630,6 @@ Authors' Addresses
URI: https://pep.foundation/
Birk & Marques Expires December 29, 2018 [Page 12]
Internet-Draft pretty Easy privacy (pEp) Key Sync June 2018
Hernani Marques
pEp Foundation
Oberer Graben 4
@ -713,16 +669,4 @@ Internet-Draft pretty Easy privacy (pEp) Key Sync June 2018
Birk & Marques Expires December 29, 2018 [Page 13]
Birk & Marques Expires August 8, 2019 [Page 12]