openpgp D. Gillmor Internet-Draft ACLU Intended status: Informational April 15, 2019 Expires: October 17, 2019 Abuse-Resistant OpenPGP Keystores draft-dkg-openpgp-abuse-resistant-keystore-02 Abstract OpenPGP transferable public keys are composite certificates, made up of primary keys, direct key signatures, user IDs, identity certifications ("signature packets"), subkeys, and so on. They are often assembled by merging multiple certificates that all share the same primary key, and are distributed in public keystores. Unfortunately, since many keystores permit any third-party to add a certification with any content to any OpenPGP certificate, the assembled/merged form of a certificate can become unwieldy or undistributable. Furthermore, keystores that are searched by user ID can be made unusable for specific names or addresses by public submission of bogus data. And finally, keystores open to public submission can also face simple resource exhaustion from flooding with bogus submissions, or legal or other risks from uploads of toxic data. This draft documents techniques that an archive of OpenPGP certificates can use to mitigate the impact of these various attacks. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on October 17, 2019. Gillmor Expires October 17, 2019 [Page 1] Internet-Draft Abuse-Resistant OpenPGP Keystores April 2019 Copyright Notice Copyright (c) 2019 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 4 1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 4 2. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 6 2.1. Certificate Flooding . . . . . . . . . . . . . . . . . . 7 2.2. User ID Flooding . . . . . . . . . . . . . . . . . . . . 7 2.3. Keystore Flooding . . . . . . . . . . . . . . . . . . . . 7 3. Toxic Data . . . . . . . . . . . . . . . . . . . . . . . . . 8 4. Simple Mitigations . . . . . . . . . . . . . . . . . . . . . 8 4.1. Decline Large Packets . . . . . . . . . . . . . . . . . . 8 4.2. Enforce Strict User IDs . . . . . . . . . . . . . . . . . 9 4.3. Scoped User IDs . . . . . . . . . . . . . . . . . . . . . 9 4.4. Strip or Standardize Unhashed Subpackets . . . . . . . . 9 4.5. Decline User Attributes . . . . . . . . . . . . . . . . . 10 4.6. Decline Non-exportable Certifications . . . . . . . . . . 10 4.7. Decline Data From the Future . . . . . . . . . . . . . . 10 4.8. Accept Only Profiled Certifications . . . . . . . . . . . 10 4.9. Accept Only Certificates Issued by Designated Authorities 11 4.10. Decline Packets by Blocklist . . . . . . . . . . . . . . 11 5. Retrieval-time Mitigations . . . . . . . . . . . . . . . . . 12 5.1. Redacting User IDs . . . . . . . . . . . . . . . . . . . 12 5.1.1. Certificate Update with Redacted User IDs . . . . . . 12 5.1.2. Certificate Discovery with Redacted User IDs . . . . 13 5.1.3. Hinting Redacted User IDs . . . . . . . . . . . . . . 13 5.1.4. User ID Recovery by Client Brute Force . . . . . . . 14 6. Contextual Mitigations . . . . . . . . . . . . . . . . . . . 14 6.1. Accept Only Cryptographically-verifiable Certifications . 14 6.2. Accept Only Certificates Issued by Known Certificates . . 14 6.3. Rate-limit Submissions by IP Address . . . . . . . . . . 15 6.4. Accept Certificates Based on Exterior Process . . . . . . 15 6.5. Accept Certificates by E-mail Validation . . . . . . . . 15 Gillmor Expires October 17, 2019 [Page 2] Internet-Draft Abuse-Resistant OpenPGP Keystores April 2019 7. Non-append-only mitigations . . . . . . . . . . . . . . . . . 16 7.1. Drop Superseded Signatures . . . . . . . . . . . . . . . 16 7.2. Drop Expired Signatures . . . . . . . . . . . . . . . . . 17 7.3. Drop Dangling User IDs, User Attributes, and Subkeys . . 17 7.4. Drop All Other Elements of a Directly-Revoked Certificate 17 7.5. Implicit Expiration Date . . . . . . . . . . . . . . . . 18 8. Updates-only Keystores . . . . . . . . . . . . . . . . . . . 18 9. First-party-only Keystores . . . . . . . . . . . . . . . . . 19 9.1. First-party-only Without User IDs . . . . . . . . . . . . 19 10. First-party-attested Third-party Certifications . . . . . . . 19 10.1. Key Server Preferences "No-modify" . . . . . . . . . . . 21 10.2. Client Interactions . . . . . . . . . . . . . . . . . . 21 11. Side Effects and Ecosystem Impacts . . . . . . . . . . . . . 21 11.1. Designated Revoker . . . . . . . . . . . . . . . . . . . 21 11.2. Certification-capable Subkeys . . . . . . . . . . . . . 22 11.3. Assessing Certificates in the Past . . . . . . . . . . . 22 11.3.1. Point-in-time Certificate Evaluation . . . . . . . . 22 11.3.2. Signature Verification and Non-append-only Keystores 23 11.4. Global Append-only Ledgers ("Blockchain") . . . . . . . 23 11.5. Certificate Discovery for Identity Monitoring . . . . . 24 12. OpenPGP details . . . . . . . . . . . . . . . . . . . . . . . 25 12.1. Revocations . . . . . . . . . . . . . . . . . . . . . . 25 12.2. User ID Conventions . . . . . . . . . . . . . . . . . . 26 13. Security Considerations . . . . . . . . . . . . . . . . . . . 27 13.1. Tension Between Unrestricted Uploads and Certificate Discovery . . . . . . . . . . . . . . . . . . . . . . . 27 14. Privacy Considerations . . . . . . . . . . . . . . . . . . . 27 14.1. Publishing Identity Information . . . . . . . . . . . . 28 14.2. Social Graph . . . . . . . . . . . . . . . . . . . . . . 28 14.3. Tracking Clients by Queries . . . . . . . . . . . . . . 28 14.4. Cleartext Queries . . . . . . . . . . . . . . . . . . . 29 14.5. Traffic Analysis . . . . . . . . . . . . . . . . . . . . 29 15. User Considerations . . . . . . . . . . . . . . . . . . . . . 30 16. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 30 17. Document Considerations . . . . . . . . . . . . . . . . . . . 30 17.1. Document History . . . . . . . . . . . . . . . . . . . . 31 18. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 32 19. References . . . . . . . . . . . . . . . . . . . . . . . . . 32 19.1. Normative References . . . . . . . . . . . . . . . . . . 32 19.2. Informative References . . . . . . . . . . . . . . . . . 33 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 34 1. Introduction Gillmor Expires October 17, 2019 [Page 3] Internet-Draft Abuse-Resistant OpenPGP Keystores April 2019 1.1. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. 1.2. Terminology o "OpenPGP certificate" (or just "certificate") is used interchangeably with [RFC4880]'s "Transferable Public Key". The term "certificate" refers unambiguously to the entire composite object, unlike "key", which might also be used to refer to a primary key or subkey. o An "identity certification" (or just "certification") is an [RFC4880] signature packet that covers OpenPGP identity information - that is, any signature packet of type 0x10, 0x11, 0x12, or 0x13. Certifications are said to (try to) "bind" a primary key to a User ID. o The primary key that makes the certification is known as the "issuer". The primary key over which the certification is made is known as the "subject". o A "first-party certification" is issued by the primary key of a certificate, and binds itself to a user ID in the certificate. That is, the issuer is the same as the subject. This is sometimes referred to as a "self-sig". o A "third-party certification" is a made over a primary key and user ID by some other certification-capable primary key. That is, the issuer is different than the subject. (The elusive "second- party" is presumed to be the verifier who is trying to interpret the certificate) o A "keystore" is any collection of OpenPGP certificates. Keystores typically receive mergeable updates over the course of their lifetime which might add to the set of OpenPGP certificates they hold, or update the certificates. o "Certificate discovery" is the process whereby a user retrieves an OpenPGP certificate based on user ID (see Section 12.2). A user attempting to discover a certificate from a keystore will search for a substring of the known user IDs, most typically an e-mail address if the user ID is an [RFC5322] name-addr or addr-spec. Some certificate discovery mechanisms look for an exact match on Gillmor Expires October 17, 2019 [Page 4] Internet-Draft Abuse-Resistant OpenPGP Keystores April 2019 the known user IDs. [I-D.koch-openpgp-webkey-service] and [I-D.shaw-openpgp-hkp] both offer certificate discovery mechanisms. o "Certificate validation" is the process whereby a user decides whether a given user ID in an OpenPGP certificate is acceptable. For example, if the certificate has a user ID of "Alice " and the user wants to send an e-mail to "alice@example.org", the mail user agent might want to ensure that the certificate is valid for this e-mail address before encrypting to it. This process can take different forms, and can consider many different factors, some of which are not directly contained in the certificate itself. For example, certificate validation might consider whether the certificate was fetched via DANE ([RFC7929]) or WKD ([I-D.koch-openpgp-webkey-service]); or whether it has seen e-mails from that address signed by the certificate in the past; or how long it has known about certificate. o "Certificate update" is the process whereby a user fetches new information about a certificate, potentially merging those OpnePGP packets to change the status of the certificate. Updates might include adding or revoking user IDs or subkeys, updating expiration dates, or even revoking the entire certificate by revoking the primary key directly. A user attempting to update a certificate typically queries a keystore based on the certificate's fingerprint. o A "keyserver" is a particular kind of keystore, typically means of publicly distributing OpenPGP certificates or updates to them. Examples of keyserver software include [SKS] and [MAILVELOPE-KEYSERVER]. One common HTTP interface for keyservers is [I-D.shaw-openpgp-hkp]. o A "synchronizing keyserver" is a keyserver which gossips with other peers, and typically acts as an append-only log. Such a keyserver is typically useful for certificate discovery, certificate updates, and revocation information. They are typically _not_ useful for certificate validation, since they make no assertions about whether the identities in the certificates they server are accurate. As of the writing of this document, [SKS] is the canonical synchronizing keyserver implementation, though other implementations exist. o An "e-mail validating keyserver" is a keyserver which attempts to verify the identity in an OpenPGP certificate's user ID by confirming access to the e-mail account, and possibly by confirming access to the secret key. Some implementations permit removal of a certificate by anyone who can prove access to the Gillmor Expires October 17, 2019 [Page 5] Internet-Draft Abuse-Resistant OpenPGP Keystores April 2019 e-mail address in question. They are useful for certificate discovery based on e-mail address and certificate validation (by users who trust the operator), but some may not be useful for certificate update or revocation, since a certificate could be simply replaced by an adversary who also has access to the e-mail address in question. [MAILVELOPE-KEYSERVER] is an example of such a keyserver. o "Cryptographic validity" refers to mathematical evidence that a signature came from the secret key associated with the public key it claims to come from. Note that a certification may be cryptographically valid without the signed data being true (for example, a given certificate with the user ID "Alice " might not belong to the person who controls the e-mail address "alice@example.org" even though the self-sig is cryptographically valid). In particular, cryptographic validity for user ID in a certificate is typically insufficient evidence for certificate validation. Also note that knowledge of the public key of the issuer is necessary to determine whether any given signature is cryptographically valid. Some keyservers perform cryptographic validation in some contexts. Other keyservers (like [SKS]) perform no cryptographic validation whatsoever. o OpenPGP revocations can have "Reason for Revocation" (see [RFC4880]), which can be either "soft" or "hard". The set of "soft" reasons is: "Key is superseded" and "Key is retired and no longer used". All other reasons (and revocations that do not state a reason) are "hard" revocations. See Section 12.1 for more detail. 2. Problem Statement OpenPGP keystores that handle submissions from the public are subject to a range of attacks by malicious submitters. This section describes four distinct attacks that public keystores should consider. The rest of the document describes some mitigations that can be used by keystores that are concerned about these problems but want to continue to offer some level of service for certificate discovery, certificate update, or certificate validation. Gillmor Expires October 17, 2019 [Page 6] Internet-Draft Abuse-Resistant OpenPGP Keystores April 2019 2.1. Certificate Flooding Many public keystores (including both the [SKS] keyserver network and [MAILVELOPE-KEYSERVER]) allow anyone to attach arbitrary data (in the form of third-party certifications) to any certificate, bloating that certificate to the point of being impossible to effectively retrieve. For example, some OpenPGP implementations simply refuse to process certificates larger than a certain size. This kind of Denial-of-Service attack makes it possible to make someone else's certificate unretrievable from the keystore, preventing certificate discovery. It also makes it possible to swamp a certificate that has been revoked, preventing certificate update, potentially leaving the client of the keystore with the compromised certificate in an unrevoked state locally. Additionally, even without malice, OpenPGP certificates can potentially grow without bound. 2.2. User ID Flooding Public keystores that are used for certificate discovery may also be vulnerable to attacks that flood the space of known user IDs. In particular, if the keystore accepts arbitrary certificates from the public and does no verification of the user IDs, then any client searching for a given user ID may need to review and process an effectively unbounded set of maliciously-submitted certificates to find the non-malicious certificates they are looking for. For example, if an attacker knows that a given system consults a keystore looking for certificates which match the e-mail address "alice@example.org", the attacker may upload hundreds or thousands of certificates containing user IDs that match that address. Even if those certificates would not be accepted by a client (e.g., because they were not certified by a known-good authority), the client typically still has to wade through all of them in order to find the non-malicious certificates. If the keystore does not offer a discovery interface at all (that is, if clients cannot search it by user ID), then user ID flooding is of less consequence. 2.3. Keystore Flooding A public keystore that accepts arbitrary OpenPGP material and is append-only is at risk of being overwhelmed by sheer quantity of malicious uploaded packets. This is a risk even if the user ID space is not being deliberately flooded, and if individual certificates are Gillmor Expires October 17, 2019 [Page 7] Internet-Draft Abuse-Resistant OpenPGP Keystores April 2019 protected from flooding by any of the mechanisms described later in this document. The keystore itself can become difficult to operate if the total quantity of data is too large, and if it is a synchronizing keyserver, then the quantities of data may impose unsustainable bandwidth costs on the operator as well. Effectively mitigating against keystore flooding requires either abandoning the append-only property that some keystores prefer, or imposing very strict controls on initial ingestion. 3. Toxic Data Like any large public dataset, it's possible that a keystore ends up hosting some content that is legally actionable in some jurisdictions, including libel, child pornography, material under copyright or other "intellectual property" controls, blasphemy, hate speech, etc. A public keystore that accepts and redistributes arbitrary content may face risk due to uploads of toxic data. 4. Simple Mitigations These steps can be taken by any keystore that wants to avoid obviously malicious abuse. They can be implemented on receipt of any new packet, and are based strictly on the structure of the packet itself. 4.1. Decline Large Packets While [RFC4880] permits OpenPGP packet sizes of arbitrary length, OpenPGP certificates rarely need to be so large. An abuse-resistant keystore SHOULD reject any OpenPGP packet larger than 8383 octets. (This cutoff is chosen because it guarantees that the packet size can be represented as a one- or two-octet [RFC4880] "New Format Packet Length", but it could be reduced further) This may cause problems for user attribute packets that contain large images, but it's not clear that these images are concretely useful in any context. Some keystores MAY extend this limit for user attribute packets specifically, but SHOULD NOT allow even user attributes packets larger than 65536 octets. Gillmor Expires October 17, 2019 [Page 8] Internet-Draft Abuse-Resistant OpenPGP Keystores April 2019 4.2. Enforce Strict User IDs [RFC4880] indicates that User IDs are expected to be UTF-8 strings. An abuse-resistant keystore MUST reject any user ID that is not valid UTF-8. Some abuse-resistant keystores MAY only accept User IDs that meet even stricter conventions, such as an [RFC5322] name-addr or addr- spec, or a URL like "ssh://host.example.org". As simple text strings, User IDs don't need to be nearly as long as any other packets. An abuse-resistant keystore SHOULD reject any user ID packet larger than 1024 octets. 4.3. Scoped User IDs Some abuse-resistant keystores may restrict themselves to publishing only certificates with User IDs that match a specific pattern. For example, [RFC7929] encourages publication in the DNS of only certificates whose user IDs refer to e-mail addresses within the DNS zone. [I-D.koch-openpgp-webkey-service] similarly aims to restrict publication to certificates relevant to the specific e-mail domain. 4.4. Strip or Standardize Unhashed Subpackets [RFC4880] signature packets contain an "unhashed" block of subpackets. These subpackets are not covered by any cryptographic signature, so they are ripe for abuse. An abuse-resistant keysetore SHOULD strip out all unhashed subpackets. Note that some certifications only identify the issuer of the certification by an unhashed Issuer ID subpacket. If a certification's hashed subpacket section has no Issuer ID or Issuer Fingerprint (see [I-D.ietf-openpgp-rfc4880bis]) subpacket, then an abuse-resistant keystore that has cryptographically validated the certification SHOULD make the unhashed subpackets contain only a single subpacket. That subpacket should be of type Issuer Fingerprint, and should contain the fingerprint of the issuer. A special exception may be made for unhashed subpackets in a third- party certification that contain attestations from the certificate's primary key as described in Section 10. Gillmor Expires October 17, 2019 [Page 9] Internet-Draft Abuse-Resistant OpenPGP Keystores April 2019 4.5. Decline User Attributes Due to size concerns, some abuse-resistant keystores MAY choose to ignore user attribute packets entirely, as well as any certifications that cover them. 4.6. Decline Non-exportable Certifications An abuse-resistant keystore MUST NOT accept any certification that has the "Exportable Certification" subpacket present and set to 0. While most keystore clients will not upload these "local" certifications anyway, a reasonable public keystore that wants to minimize data has no business storing or distributing these certifications. 4.7. Decline Data From the Future Many OpenPGP packets have time-of-creation timestamps in them. An abuse-resistant keystore with a functional real-time clock MAY decide to only accept packets whose time-of-creation is in the past. Note that some OpenPGP implementations may pre-generate OpenPGP material intended for use only in some future window (e.g. "Here is the certificate we plan to use to sign our software next year; do not accept signatures from it until then."), and may use modified time- of-creation timestamps to try to achieve that purpose. This material would not be distributable ahead of time by an abuse-resistant keystore that adopts this mitigation. 4.8. Accept Only Profiled Certifications An aggressively abuse-resistant keystore MAY decide to only accept certifications that meet a specific profile. For example, it MAY reject certifications with unknown subpacket types, unknown notations, or certain combinations of subpackets. This can help to minimize the amount of room for garbage data uploads. Any abuse-resistant keystore that adopts such a strict posture should clearly document what its expected certificate profile is, and should have a plan for how to extend the profile if new types of certification appear that it wants to be able to distribute. Note that if the profile is ever restricted (rather than extended), and the restriction is applied to the material already present, such a keystore is no longer append-only (please see Section 7). Gillmor Expires October 17, 2019 [Page 10] Internet-Draft Abuse-Resistant OpenPGP Keystores April 2019 4.9. Accept Only Certificates Issued by Designated Authorities An abuse-resistant keystore capable of cryptographic validation MAY retain a list of designated authorities, typically in the form of a set of known public keys. Upon receipt of a new OpenPGP certificate, the keystore can decide whether to accept or decline each user ID of the certificate based whether that user ID has a certification that was issued by one or more of the designated authorities. If no user IDs are certified by designated authority, such a keystore SHOULD decline the certificate and its primary key entirely. Such a keystore SHOULD decline to retain or propagate all certifications associated with each accepted user ID except for first-party certifications and certifications by the designated authorities. The operator of such a keystore SHOULD have a clear policy about its set of designated authorities. Given the ambiguities about expiration and revocation, such a keyserver SHOULD ignore expiration and revocation of authority certifications, and simply accept and retain as long as the cryptographic signature is valid. Note that if any key is removed from the set of designated authorities, and that change is applied to the existing keystore, such a keystore may no longer be append-only (please see Section 7). 4.10. Decline Packets by Blocklist The maintainer of the keystore may keep a specific list of "known- bad" material, and decline to accept or redistribute items matching that blocklist. The material so identified could be anything, but most usefully, specific public keys or User IDs could be blocked. Note that if a blocklist grows to include an element already present in the keystore, it will no longer be append-only (please see Section 7). Some keystores may choose to apply a blocklist only at retrieval time and not apply it at ingestion time. This allows the keystore to be append-only, and permits synchronization between keystores that don't share a blocklist, and somewhat reduces the attacker's incentive for flooding the keystore (see Section 5 for more discussion). Note that development and maintenance of a blocklist is not without its own potentials for abuse. For one thing, the blocklist may itself grow without bound. Additionally, a blocklist may be socially or politically contentious as it may describe data that is toxic Gillmor Expires October 17, 2019 [Page 11] Internet-Draft Abuse-Resistant OpenPGP Keystores April 2019 (Section 3) in one community or jurisdiction but not another. There needs to be a clear policy about how it is managed, whether by delegation to specific decision-makers, or explicit tests. Furthermore, the existence of even a well-intentioned blocklist may be an "attractive nuisance," drawing the interest of would-be censors or other attacker interested in controlling the ecosystem reliant on the keystore in question. 5. Retrieval-time Mitigations Most of the abuse mitigations described in this document are described as being applied at certificate ingestion time. It's also possible to apply the same mitigations when a certificate is retrieved from the keystore (that is, during certificate update or certificate discovery). Applying an abuse mitigation at retrieval time may help a client defend against a user ID flooding (Section 2.2) or certificate flooding (Section 2.1) attack. However, only mitigations applied at ingestion time are able to mitigate keystore flooding attacks (Section 2.3). Some mitigations (like the non-append-only mitigations described in Section 7) may be applied as filters at retrieval time, while still allowing access to the (potentially much larger) unfiltered dataset associated given certificate or user ID via a distinct interface. The rest of this section documents a specific mitigation that is applied only at retrieval time. 5.1. Redacting User IDs Some abuse-resistant keystores may accept and store user IDs but decline to redistribute some or all of them, while still distributing the certifications that cover those redacted user IDs. This draft refers to such a keystore as a "user ID redacting" keystore. The certificates distributed by such a keystore are technically invalid [RFC4880] "transferable public keys", because they lack a user ID packet, and the distributed certifications cannot be cryptographically validated independently. However, an OpenPGP implementation that already knows the user IDs associated with a given primary key will be capable of associating each certification with the correct user ID by trial signature verification. 5.1.1. Certificate Update with Redacted User IDs A user ID redacting keystore is useful for certificate update by a client that already knows the user ID it expects to see associated with the certificate. For example, a client that knows a given Gillmor Expires October 17, 2019 [Page 12] Internet-Draft Abuse-Resistant OpenPGP Keystores April 2019 certificate currently has two specific user IDs could access the keystore to learn that one of the user IDs has been revoked, without any other client learning the user IDs directly from the keystore. 5.1.2. Certificate Discovery with Redacted User IDs It's possible (though non-intuitive) to use a user ID redacting keystore for certificate discovery. Since the keystore retains (but does not distribute) the user IDs, they can be used to select certificates in response to a search. The OpenPGP certificates sent back in response to the search will not contain the user IDs, but a client that knows the full user ID they are searching for will be able to verify the returned certifications. Certificate discovery from a user ID redacting keystore works better for certificate discovery by exact user ID match than it does for substring match, because a client that discovers a substring match may not be able to reconstruct the redacted user ID. However, without some additional restrictions on which certifications are redistributed (whether the user ID is redacted or not), certificate discovery can be flooded (see Section 13.1). 5.1.3. Hinting Redacted User IDs To ensure that the distributed certificate is at least structurally a valid [RFC4880] transferable public key, a user ID redacting keystore MAY distribute an empty user ID (an OpenPGP packet of tag 13 whose contents are a zero-octet string) in place of the omitted user ID. This two-octet replacement user ID packet ("\xb4\x00") is called the "unstated user ID". To facilitate clients that match certifications with specific user IDs, a user ID redacting keystore MAY insert a non-hashed notation subpacket into the certification. The notation will have a name of "uidhash", with 0x80 ("human-readable") flag unset. The value of such a notation MUST be 32 octets long, and contains the SHA-256 cryptographic digest of the UTF-8 string of the redacted user ID. A certificate update client which receives such a certification after the "unstated user ID" SHOULD compute the SHA-256 digest of all user IDs it knows about on the certificate, and compare the result with the contents of the "uidhash" notation to decide which user ID to try to validate the certification against. Gillmor Expires October 17, 2019 [Page 13] Internet-Draft Abuse-Resistant OpenPGP Keystores April 2019 5.1.4. User ID Recovery by Client Brute Force User ID redaction is at best an imperfect process. Even if a keystore redacts a User ID, if it ships a certification over that user ID, an interested client can guess user IDs until it finds one that causes the signature to verify. This is even easier when the space of legitimate user IDs is relatively small, such as the set of commonly-used hostnames 6. Contextual Mitigations Some mitigations make the acceptance or rejection of packets contingent on data that is already in the keystore or the keystore's developing knowledge about the world. This means that, depending on the order that the keystore encounters the various material, or how it discovers the material, the final set of material retained and distributed by the keystore might be different. While this isn't necessarily bad, it may be a surprising property for some users of keystores. 6.1. Accept Only Cryptographically-verifiable Certifications An abuse-resistant keystore that is capable of doing cryptographic validation MAY decide to reject certifications that it cannot cryptographically validate. This may mean that the keystore rejects some packets while it is unaware of the public key of the issuer of the packet. 6.2. Accept Only Certificates Issued by Known Certificates This is an extension of Section 4.9, but where the set of authorities is just the set of certificates already known to the keystore. An abuse-resistant keystore that adopts this strategy is effectively only crawling the reachable graph of OpenPGP certificates from some starting core. A keystore adopting the mitigation SHOULD have a clear documentation of the core of initial certificates it starts with, as this is effectively a policy decision. This mitigation measure may fail due to a compromise of any secret key that is associated with a primary key of a certificate already present in the keystore. Such a compromise permits an attacker to flood the rest of the network. In the event that such a compromised key is identified, it might be placed on a blocklist (see Section 4.10). In particular, if a public key is added to a Gillmor Expires October 17, 2019 [Page 14] Internet-Draft Abuse-Resistant OpenPGP Keystores April 2019 blocklist for a keystore implementing this mitigation, and it is removed from the keystore, then all certificates that were only "reachable" from the blocklisted certificate should also be simultaneously removed. 6.3. Rate-limit Submissions by IP Address Some OpenPGP keystores accept material from the general public over the Internet. If an abuse-resistant keystore observes a flood of material submitted to the keystore from a given Internet address, it MAY choose to throttle submissions from that address. When receiving submissions over IPv6, such a keystore MAY choose to throttle entire nearby subnets, as a malicious IPv6 host is more likely to have multiple addresses. This requires that the keystore maintain state about recent submissions over time and address. It may also be problematic for users who appear to share an IP address from the vantage of the keystore, including those behind a NAT, using a VPN, or accessing the keystore via Tor. 6.4. Accept Certificates Based on Exterior Process Some public keystores resist abuse by explicitly filtering OpenPGP material based on a set of external processes. For example, [DEBIAN-KEYRING] adjudicates the contents of the "Debian keyring" keystore based on organizational procedure and manual inspection. 6.5. Accept Certificates by E-mail Validation Some keystores resist abuse by declining any certificate until the user IDs have been verified by e-mail. When these "e-mail validating" keystores review a new certificate that has a user ID with an e-mail address in it, they send an e-mail to the associated address with a confirmation mechanism (e.g., a high-entropy HTTPS URL link) in it. In some cases, the e-mail itself is encrypted to an encryption-capable key found in the proposed certificate. If the keyholder triggers the confirmation mechanism, then the keystore accepts the certificate. Some e-mail validating keystores MAY choose to distribute certifications over all user IDs for any given certificate, but will redact (see Section 5.1) those user IDs that have not been e-mail validated. [PGP-GLOBAL-DIRECTORY] describes some concerns held by a keystore operator using this approach. [MAILVELOPE-KEYSERVER] is another example. Gillmor Expires October 17, 2019 [Page 15] Internet-Draft Abuse-Resistant OpenPGP Keystores April 2019 7. Non-append-only mitigations The following mitigations may cause some previously-retained packets to be dropped after the keystore receives new information, or as time passes. This is entirely reasonable for some keystores, but it may be surprising for any keystore that expects to be append-only (for example, some keyserver synchronization techniques may expect this property to hold). Furthermore, keystores that drop old data (e.g., superseded certifications) may make it difficult or impossible for their users to reason about the validity of signatures that were made in the past. See Section 11.3 for more considerations. Note also that many of these mitigations depend on cryptographic validation, so they're typically contextual as well. A keystore that needs to be append-only, or which cannot perform cryptographic validation MAY omit these mitigations. Alternately, a keystore may omit these mitigations at certificate ingestion time, but apply these mitigations at retrieval time (during certificate update or discovery), and offer a more verbose (non-mitigated) interface for auditors, as described in Section 5. Note that [GnuPG] anticipates some of these suggestions with its "clean" subcommand, which is documented as: Compact (by removing all signatures except the selfsig) any user ID that is no longer usable (e.g. revoked, or expired). Then, remove any signatures that are not usable by the trust calculations. Specifically, this removes any signature that does not validate, any signature that is superseded by a later signature, revoked signatures, and signatures issued by keys that are not present on the keyring. 7.1. Drop Superseded Signatures An abuse-resistant keystore SHOULD drop all signature packets that are explicitly superseded. For example, there's no reason to retain or distribute a self-sig by key K over User ID U from 2017 if the keystore have a cryptographically-valid self-sig over from 2019. Note that this covers both certifications and signatures over subkeys, as both of these kinds of signature packets may be superseded. Gillmor Expires October 17, 2019 [Page 16] Internet-Draft Abuse-Resistant OpenPGP Keystores April 2019 Getting this right requires a nuanced understanding of subtleties in [RFC4880] related to timing and revocation. 7.2. Drop Expired Signatures If a signature packet is known to only be valid in the past, there is no reason to distribute it further. An abuse-resistant keystore with access to a functionally real-time clock SHOULD drop all certifications and subkey signature packets with an expiration date in the past. Note that this assumes that the keystore and its clients all have roughly-synchronized clocks. If that is not the case, then there will be many other problems! 7.3. Drop Dangling User IDs, User Attributes, and Subkeys If enough signature packets are dropped, it's possible that some of the things that those signature packets cover are no longer valid. An abuse-resistant keystore which has dropped all certifications that cover a User ID SHOULD also drop the User ID packet. Note that a User ID that becomes invalid due to revocation MUST NOT be dropped, because the User ID's revocation signature itself remains valid, and needs to be distributed. A primary key with no User IDs and no subkeys and no revocations MAY itself also be removed from distribution, though note that the removal of a primary key may make it impossible to cryptographically validate other certifications held by the keystore. 7.4. Drop All Other Elements of a Directly-Revoked Certificate If the primary key of a certificate is revoked via a direct key signature, an abuse-resistant keystore SHOULD drop all the rest of the associated data (user IDs, user attributes, and subkeys, and all attendant certifications and subkey signatures). This defends against an adversary who compromises a primary key and tries to flood the certificate to hide the revocation. Note that the direct key revocation signature MUST NOT be dropped. In the event that an abuse-resistant keystore is flooded with direct key revocation signatures, it should retain the hardest, earliest revocation (see also Section 12.1). Gillmor Expires October 17, 2019 [Page 17] Internet-Draft Abuse-Resistant OpenPGP Keystores April 2019 In particular, if any of the direct key revocation signatures is a "hard" revocation, the abuse-resistant keystore SHOULD retain the earliest such revocation signature (by signature creation date). Otherwise, the abuse-resistant keystore SHOULD retain the earliest "soft" direct key revocation signature it has seen. If either of the above date comparisons results in a tie between two revocation signatures of the same "hardness", an abuse-resistant keystore SHOULD retain the signature that sorts earliest based on a binary string comparison of the direct key revocation signature packet itself. 7.5. Implicit Expiration Date In combination with some of the dropping mitigations above, a particularly aggressive abuse-resistant keystore MAY choose an implicit expiration date for all signature packets. For example, a signature packet that claims no expiration could be treated by the keystore as expiring 3 years after issuance. This would permit the keystore to eject old packets on a rolling basis. FIXME: it's not clear what should happen with signature packets marked with an explicit expiration that is longer than implicit maximum. Should it be capped to the implicit date, or accepted? Warning: This idea is pretty radical, and it's not clear what it would do to an ecosystem that depends on such a keystore. It probably needs more thinking. 8. Updates-only Keystores In addition to the mitigations above, some keystores may resist abuse by declining to accept any user IDs or certifications whatsoever. Such a keystore MUST be capable of cryptographic validation. It accepts primary key packets, cryptographically-valid direct-key signatures from a primary key over itself, subkeys and their cryptographically-validated binding signatures (and cross signatures, where necessary). Clients of an updates-only keystore cannot possibly use the keystore for certificate discovery, because there are no user IDs to match. However, they can use it for certificate update, as it's possible to ship revocations (which are direct key signatures), new subkeys, updates to subkey expiration, subkey revocation, and direct key signature-based certificate expiration updates. Gillmor Expires October 17, 2019 [Page 18] Internet-Draft Abuse-Resistant OpenPGP Keystores April 2019 Note that many popular OpenPGP implementations do not implement direct primary key expiration mechanisms, relying instead on user ID expirations. These user ID expiration dates or other metadata associated with a self-certification will not be distributed by an updates-only keystore. Certificates shipped by an updates-only keystore are technically invalid [RFC4880] "transferable public keys," because they lack a user ID packet. However many OpenPGP implementations will accept such a certificate if they already know of a user ID for the certificate, because the composite certificate resulting from a merge will be a standards-compliant transferable public key. 9. First-party-only Keystores Slightly more permissive than the updates-only keystore described in Section 8 is a keystore that also permits user IDs and their self- sigs. A first-party-only keystore only accepts and distributes cryptographically-valid first-party certifications. Given a primary key that the keystore understands, it will only attach user IDs that have a valid self-sig, and will only accept and re-distribute subkeys that are also cryptographically valid (including requiring cross-sigs for signing-capable subkeys as recommended in [RFC4880]). This effectively solves the problem of abusive bloating attacks on any certificate, because the only party who can make a certificate overly large is the holder of the secret corresponding to the primary key itself. Note that a first-party-only keystore is still problematic for those people who rely on the keystore for discovery of third-party certifications. Section 10 attempts to address this lack. 9.1. First-party-only Without User IDs It is possible to operate an updates-only keystore that also declines to redistribute user IDs (Section 5.1). This defends against concerns about publishing identifiable information, while enabling full certificate update for those keystore clients that already know the associated user IDs for a given certificate. 10. First-party-attested Third-party Certifications We can augment a first-party-only keystore to allow it to distribute third-party certifications as long as the first-party has signed off on the specific third-party certification. Gillmor Expires October 17, 2019 [Page 19] Internet-Draft Abuse-Resistant OpenPGP Keystores April 2019 An abuse-resistant keystore SHOULD only accept a third-party certification if it meets the following criteria: o The third-party certification MUST be cryptographically valid. Note that this means that the keystore needs to know the primary key for the issuer of the third-party certification. o The third-party certification MUST have an unhashed subpacket of type Embedded Signature, the contents of which we'll call the "attestation". This attestation is from the certificate's primary key over the third-party certification itself, as detailed in the steps below: o The attestation MUST be an OpenPGP signature packet of type 0x50 (Third-Party Confirmation signature) o The attestation MUST contain a hashed "Issuer Fingerprint" subpacket with the fingerprint of the primary key of the certificate in question. o The attestation MUST NOT be marked as non-exportable. o The attestation MUST contain a hashed Notation subpacket with the name "ksok", and an empty (0-octet) value. o The attestation MUST contain a hashed "Signature Target" subpacket with "public-key algorithm" that matches the public-key algorithm of the third-party certification. o The attestation's hashed "Signature Target" subpacket MUST use a reasonably strong hash algorithm (as of this writing, any [RFC4880] hash algorithm except MD5, SHA1, or RIPEMD160), and MUST have a hash value equal to the hash over the third-party certification with all unhashed subpackets removed. o The attestation MUST be cryptographically valid, verifiable by the primary key of the certificate in question. What this means is that a third-party certificate will only be accepted/distributed by the keystore if: o the keystore knows about both the first- and third-parties. o the third-party has made the identity assertion o the first-party has confirmed that they're OK with the third-party certification being distributed by any keystore. Gillmor Expires October 17, 2019 [Page 20] Internet-Draft Abuse-Resistant OpenPGP Keystores April 2019 FIXME: it's not clear whether the "ksok" notification is necessary - it's in place to avoid some accidental confusion with any other use of the Third-Party Confirmation signature packet type, but the author does not know of any such use that might collide. 10.1. Key Server Preferences "No-modify" [RFC4880] defines "Key Server Preferences" with a "No-modify" bit. That bit has never been respected by any keyserver implementation that the author is aware of. An abuse-resistant keystore following Section 10 effectively treats that bit as always set, whether it is present in the certificate or not. 10.2. Client Interactions Creating such an attestation requires multiple steps by different parties, each of which is blocked by all prior steps: o The first-party creates the certificate, and transfers it to the third party. o The third-party certifies it, and transfers their certification back to the first party. o The first party attests to the third party's certification. o Finally, the first party then transfers the compound certificate to the keystore. The complexity and length of such a sequence may represent a usability obstacle to a user who needs a third-party-certified OpenPGP certificate. No current OpenPGP client can easily create the attestions described in this section. More implementation work needs to be done to make it easy (and understandable) for a user to perform this kind of attestation. 11. Side Effects and Ecosystem Impacts 11.1. Designated Revoker A first-party-only keystore as described in Section 9 might decline to distribute revocations made by the designated revoker. This is a risk to certificate-holder who depend on this mechanism, because an important revocation might be missed by clients depending on the keystore. Gillmor Expires October 17, 2019 [Page 21] Internet-Draft Abuse-Resistant OpenPGP Keystores April 2019 FIXME: adjust this document to point out where revocations from a designated revoker SHOULD be propagated, maybe even in first-party- only keystores. 11.2. Certification-capable Subkeys Much of this discussion assumes that primary keys are the only certification-capable keys in the OpenPGP ecosystem. Some proposals have been put forward that assume that subkeys can be marked as certification-capable. If subkeys are certification-capable, then much of the reasoning in this draft becomes much more complex, as subkeys themselves can be revoked by their primary key without invalidating the key material itself. That is, a subkey can be both valid (in one context) and invalid (in another context) at the same time. So questions about what data can be dropped (e.g. in Section 7) are much fuzzier, and the underlying assumptions may need to be reviewed. If some OpenPGP implementations accept certification-capable subkeys, but an abuse-resistant keystore does not accept certifications from subkeys in general, then interactions between that keystore and those implementations may be surprising. 11.3. Assessing Certificates in the Past Online protocols like TLS perform signature and certificate evaluation based entirely on the present time. If a certificate that signs a TLS handshake message is invalid now, it doesn't matter whether it was valid a week ago, because the present TLS session is the context of the evaluation. But OpenPGP signatures are often evaluated at some temporal remove from when the signature was made. For example, software packages are signed at release time, but those signatures are validated at download time. Further complicating matters, the composable nature of an OpenPGP certificate means that the certificate associated with any particular signing key (primary key or subkey) can transform over time. So when evaluating a signature that appears to have been made by a given certificate, it may be better to try to evaluate the certificate at the time the signature was made, rather than the present time. 11.3.1. Point-in-time Certificate Evaluation When evaluating a certificate at a time T in the past (for example, when trying to validate a data signature by that certificate that was created at time T), one approach is to discard all packets from the Gillmor Expires October 17, 2019 [Page 22] Internet-Draft Abuse-Resistant OpenPGP Keystores April 2019 certificate if the packet has a creation time later than T. Then evaluate the resulting certificate from the remaining packets in the context of time T. However, any such evaluation MUST NOT ignore "hard" OpenPGP key revocations, regardless of their creation date. (see Section 12.1). 11.3.2. Signature Verification and Non-append-only Keystores If a non-append-only keystore (Section 7) has dropped superseded (Section 7.1) or expired (Section 7.2) certifications, it's possible for the certificate composed of the remaining packets to have no valid first-party certification at the time that a given signature was made. Such a certificate would be invalid according to [RFC4880], and consequently verification of any signature . However, there is a simple mitigation: anyone distributing a signature (e.g. a software archive) should ship the contemporary signing certificate alongside the signature. If the distributor does this, then the verifier can perform a certificate update (to learn about revocations) against any preferred keystore, including non- append-only keystores, merging what it learns into the distributed contemporary certificate. Then the signature verifier can follow the certificate evaluation process outlined in Section 11.3.1, using the merged certificate. 11.4. Global Append-only Ledgers ("Blockchain") The append-only aspect of some OpenPGP keystores encourages a user of the keystore to rely on that keystore as a faithful reporter of history, and one that will not misrepresent or hide the history that they know about. An unfaithful "append-only" keystore could abuse the trust in a number of ways, including withholding revocation certificates, offering different sets of certificates to different clients doing key discovery, and so on. However, the most widely used append-only OpenPGP keystore, the [SKS] keyserver pool, offers no cryptographically verifiable guarantees that it will actually remain append-only. Users of the pool have traditionally relied on its distributed nature, and the presumption that coordination across a wide range of administrators would make it difficult for the pool to reliably lie or omit data. However, the endpoint most commonly used by clients to access the network is "hkps://hkps.pool.sks-keyservers.net", the default for [GnuPG]. That endpoint is increasingly consolidated, and currently consists of hosts operated by only two distinct administrators, increasing the risk of potential misuse. Gillmor Expires October 17, 2019 [Page 23] Internet-Draft Abuse-Resistant OpenPGP Keystores April 2019 Offering cryptographic assurances that a keystore could remain append-only is an appealing prospect to defend against these kinds of attack. Many popular schemes for providing such assurances are known as "blockchain" technologies, or global append-only ledgers. With X.509 certificates, we have a semi-functional Certificate Transparency ([RFC6962], or "CT") ecosystem that is intended to document and preserve evidence of (mis)issuance by well-known certificate authorities (CAs), which implements a type of global append-only ledger. While the CT infrastructure remains vulnerable to certain combinations of colluding actors, it has helped to identify and sanction some failing CAs. Like other global append-only ledgers, CT itself is primarily a detection mechanism, and has no enforcement regime. If a widely-used CA were identified by certificate transparency to be untrustworthy, the rest of the ecosystem still needs to figure out how to impose sanctions or apply a remedy, which may or may not be possible. CT also has privacy implications - the certificates published in the CT logs are visible to everyone, for the lifetime of the log. For spam abatement, CT logs decline all X.509 certificates except those issued by certain CAs (those in popular browser "root stores"). This is an example of the strategy outlined in Section 4.9). Additional projects that provide some aspects of global append-only ledgers that try to address some of the concerns described here include [KEY-TRANSPARENCY] and [CONIKS], though they are not specific to OpenPGP. Both of these systems are dependent on servers operated by identity providers, however. And both offer the ability to detect a misbehaving identity provider, but no specific enforcement or recovery strategies against such an actor. It's conceivable that a keystore could piggyback on the CT logs or other blockchain/ledger mechanisms like [BITCOIN] to store irrevocable pieces of data (such as revocation certificates). Further work is needed to describe how to do this in an effective and performant way. 11.5. Certificate Discovery for Identity Monitoring A typical use case for certificate discovery is a user looking for a certificate in order to be able to encrypt an outbound message intended for a given e-mail address, but this is not the only use case. Gillmor Expires October 17, 2019 [Page 24] Internet-Draft Abuse-Resistant OpenPGP Keystores April 2019 Another use caes is when the party in control of a particular identity wants to determine whether anyone else is claiming that identity. That is, a client in control of the secret key material associated with a particular certificate with user ID X might search a keystore for all certificates matching X in order to discover whether any other certificates claim it. This is an important safeguard as part of the ledger-based detection mechanisms described in Section 11.4, but may also be useful for keystores in general. However, identity monitoring against a keystore that does not defend against user ID flooding (Section 2.2) is expensive and potentially of limited value. In particular, a malicious actor with a certificate which duplicates a given User ID could flood the keystore with similar certificates, hiding whichever one is in malicious use. Since such a keystore is not considered authoritative by any reasonable client for the user ID in question, this attack forces the identity-monitoring defender to spend arbitrary resources fetching and evaluating each certificate in the flood, without knowing which certificate other clients might be evaluating. 12. OpenPGP details This section collects details about common OpenPGP implementation behavior that are useful in evaluating and reasoning about OpenPGP certificates. 12.1. Revocations It's useful to classify OpenPGP revocations of key material into two categories: "soft" and "hard". If the "Reason for Revocation" of an OpenPGP key is either "Key is superseded" or "Key is retired and no longer used", it is a "soft" revocation. An implementation that interprets a "soft" revocation will typically not invalidate signatures made by the associated key with a creation date that predates the date of the soft revocation. A "soft" revocation in some ways behaves like a non-overridable expiration date. All other revocations of OpenPGP keys (with any other Reason for Revocation, or with no Reason for Revocation at all) should be considered "hard". Gillmor Expires October 17, 2019 [Page 25] Internet-Draft Abuse-Resistant OpenPGP Keystores April 2019 The presence of a "hard" revocation of an OpenPGP key indicates that the user should reject all signatures and certifications made by that key, regardless of the creation date of the signature. Note that some OpenPGP implementations do not distinguish between these two categories. A defensive OpenPGP implementation that does not distinguish between these two categories SHOULD treat all revocations as "hard". An implementation aware of a "soft" revocation or of key or certificate expiry at time T SHOULD accept and process a "hard" revocation even if it appears to have been issued at a time later than T. 12.2. User ID Conventions [RFC4880] requires a user ID to be a UTF-8 string, but does not constrain it beyond that. In practice, a handful of conventions predominate in how User IDs are formed. The most widespread convention is a name-addr as defined in [RFC5322]. For example: Alice Jones But a growing number of OpenPGP certificates contain user IDs that are instead a raw [RFC5322] addr-spec, omitting the display-name and the angle brackets entirely, like so: alice@example.org Some certificates have user IDs that are simply "normal" human names (perhaps display-name in [RFC5322] jargon, though not necessarily conforming to a specific ABNF). For example: Alice Jones Still other certificates identify a particular network service by scheme and hostname. For example, the administrator of an ssh host participating in the [MONKEYSPHERE] might choose a user ID for the OpenPGP representing the host like so: ssh://foo.example.net Gillmor Expires October 17, 2019 [Page 26] Internet-Draft Abuse-Resistant OpenPGP Keystores April 2019 13. Security Considerations This document offers guidance on mitigating a range of denial-of- service attacks on public keystores, so the entire document is in effect about security considerations. Many of the mitigations described here defend individual OpenPGP certificates against flooding attacks (see Section 2.1). But only some of these mitigations defend against flooding attacks against the keystore itself (see Section 2.3), or against flooding attacks on the space of possible user IDs (see Section 2.2). Thoughtful threat modeling and monitoring of the keystore and its defenses are probably necessary to maintain the long-term health of the keystore. Section 11.1 describes a potentially scary security problem for designated revokers. TODO (more security considerations) 13.1. Tension Between Unrestricted Uploads and Certificate Discovery Note that there is an inherent tension between accepting arbitrary certificate uploads and permitting effective certificate discovery. If a keystore accepts arbitrary certificate uploads for redistribution, it appears to be vulnerable to user ID flooding (Section 2.2), which makes it difficult or impossible to rely on for certificate discovery. In the broader ecosystem, it may be necessary to use gated/controlled certificate discovery mechanisms. For example, both [I-D.koch-openpgp-webkey-service] and [RFC7929] enable the administrator of a DNS domain to distribute certificates associated with e-mail addresses within that domain, while excluding other parties. As a rather different example, [I-D.mccain-keylist] offers certificate discovery on the basis of interest - a client interested in an organization can use that mechanism to learn what certificates that organization thinks are worth knowing about, regardless of the particular DNS domain. Note that this [I-D.mccain-keylist] does not provide the certificates directly, but instead expects the client to be able to retrieve them by certificate fingerprint through some other keystore capable of (and responsible for) certificate update. 14. Privacy Considerations Keystores themselves raise a host of potential privacy concerns. Additional privacy concerns are raised by traffic to and from the keystores. This section tries to outline some of the risks to the privacy of people whose certificates are stored and redistributed in Gillmor Expires October 17, 2019 [Page 27] Internet-Draft Abuse-Resistant OpenPGP Keystores April 2019 public keystores, as well as risks to the privacy of people who make use of the key stores for certificate discovery or certificate update. TODO (more privacy considerations) 14.1. Publishing Identity Information Public OpenPGP keystores often distribute names or e-mail addresses of people. Some people do not want their names or e-mail addresses distributed in a public keystore, or may change their minds about it at some point. Append-only keystores are particularly problematic in that regard. The mitigation in Section 7.4 can help such users strip their details from keys that they control. However, if an OpenPGP certificate with their details is uploaded to a keystore, but is not under their control, it's unclear what mechanisms can be used to remove the certificate that couldn't also be exploited to take down an otherwise valid certificate. Some jurisdictions may present additional legal risk for keystore operators that distribute names or e-mail addresses of non-consenting parties. Updates-only keystores (Section 8) and user ID redacting keystores (Section 5.1) may reduce this particular privacy concern because they distribute no user IDs at all. 14.2. Social Graph Third-party certifications effectively map out some sort of social graph. A certification asserts a statement of belief by the issuer that the real-world party identified by the user ID is in control of the subject cryptographic key material. But those connections may be potentially sensitive, and some people may not want these maps built. A first-party-only keyserver (Section 9) avoids this privacy concern because it distribues no third-party privacy concern. First-party attested third-party certifications described in Section 10 are even more relevant edges in the social graph, because their bidirectional nature suggests that both parties are aware of each other, and see some value in mutual association. 14.3. Tracking Clients by Queries Even without third-party certifications, the acts of certificate discovery and certificate update represent a potential privacy risk, because the keystore queried gets to learn which user IDs (in the Gillmor Expires October 17, 2019 [Page 28] Internet-Draft Abuse-Resistant OpenPGP Keystores April 2019 case of discovery) or which certificates (in the case of update) the client is interested in. In the case of certificate update, if a client attempts to update all of its known certificates from the same keystore, that set is likely to be a unique set, and therefore identifies the client. A keystore that monitors the set of queries it receives might be able to profile or track those clients who use it repeatedly. Clients which want to to avoid such a tracking attack MAY try to perform certificate update from multiple different keystores. To hide network location, a client making a network query to a keystore SHOULD use an anonymity network like [TOR]. Tools like [PARCIMONIE] are designed to facilitate this type of certificate update. Keystores which permit public access and want to protect the privacy of their clients SHOULD NOT reject access from clients using [TOR] or comparable anonymity networks. Additionally, they SHOULD minimize access logs they retain. Alternately, some keystores may distribute their entire contents to any interested client, in what can be seen as the most trivial form of private information retrieval. [DEBIAN-KEYRING] is one such example; its contents are distributed as an operating system package. Clients can interrogate their local copy of such a keystore without exposing their queries to a third-party. 14.4. Cleartext Queries If access to the keystore happens over observable channels (e.g., cleartext connections over the Internet), then a passive network monitor could perform the same type profiling or tracking attack against clients of the keystore described in Section 14.3. Keystores which offer network access SHOULD provide encrypted transport. 14.5. Traffic Analysis Even if a keystore offers encrypted transport, the size of queries and responses may provide effective identification of the specific certificates fetched during discovery or update, leaving open the types of tracking attacks described in Section 14.3. Clients of keystores SHOULD pad their queries to increase the size of the anonymity set. And keystores SHOULD pad their responses. The appropriate size of padding to effectively anonymize traffic to and from keystores is likely to be mechanism- and cohort-specific. For example, padding for keystores accessed via the DNS ([RFC7929] may use different padding strategies that padding for keystores accessed over WKD ([I-D.koch-openpgp-webkey-service]), which may in Gillmor Expires October 17, 2019 [Page 29] Internet-Draft Abuse-Resistant OpenPGP Keystores April 2019 turn be different from keystores accessed over HKPS ([I-D.shaw-openpgp-hkp]). A keystore which only accepts user IDs within a specific domain (e.g., Section 4.3) or which uses custom process (Section 6.4) for verification might have different padding criteria than a keystore that serves the general public. Specific padding policies or mechanisms are out of scope for this document. 15. User Considerations Section 10.2 describes some outstanding work that needs to be done to help users understand how to produce and distribute a third-party- certified OpenPGP certificate to an abuse-resistant keystore. Additionally, some keystores present directly user-facing affordances. For example, [SKS] keyservers typically offer forms and listings that can be viewed directly in a web browser. Such a keystore SHOULD be as clear as possible about what abuse mitigations it takes (or does not take), to avoid user confusion. Experience with the [SKS] keyserver network shows that many users treat the keyserver web interfaces as authoritative, even though the developer and implementor communities explicitly disavow any authoritative role in the ecosystem, and the implementations attempt very few mitigations against abuse, permitting republication of even cryptographically invalid OpenPGP packets. Clearer warnings to end users might reduce this kind of misperception. Or the community could encourage the removal of frequently misinterpreted user interfaces. 16. IANA Considerations This document asks IANA to register two entries in the OpenPGP Notation IETF namespace, both with a reference to this document: o the "ksok" notation is defined in Section 10. o the "uidhash" notation is defined in Section 5.1.3. 17. Document Considerations [ RFC Editor: please remove this section before publication ] This document is currently edited as markdown. Minor editorial changes can be suggested via merge requests at https://gitlab.com/dkg/draft-openpgp-abuse-resistant-keystore or by Gillmor Expires October 17, 2019 [Page 30] Internet-Draft Abuse-Resistant OpenPGP Keystores April 2019 e-mail to the author. Please direct all significant commentary to the public IETF OpenPGP mailing list: openpgp@ietf.org 17.1. Document History substantive changes between -01 and -02: o distinguish different forms of flooding attack o distinguish toxic data as distinct from flooding o retrieval-time mitigations o user ID redaction o references to related work (CT, keylist, CONIKS, key transparency, ledgers/"blockchain", etc) o more details about UI/UX substantive changes between -00 and -01: o split out Contextual and Non-Append-Only mitigations o documented several other mitigations, including: * Decline Data From the Future * Blocklist * Exterior Process * Designated Authorities * Known Certificates * Rate-Limiting * Scoped User IDs o documented Updates-Only Keystores o consider three different kinds of flooding o deeper discussion of privacy considerations o better documentation of Reason for Revocation Gillmor Expires October 17, 2019 [Page 31] Internet-Draft Abuse-Resistant OpenPGP Keystores April 2019 o document user ID conventions 18. Acknowledgements This document is the result of years of operational experience and observation, as well as conversations with many different people - users, implementors, keystore operators, etc. A non-exhaustive list of people who have contriubuted ideas or nuance to this document specifically includes: o Antoine Beaupre o ilf o Jamie McClelland o Jonathan McDowell o Justus Winter o Marcus Brinkmann o Micah Lee o Neal Walfield o Phil Pennock o vedaal o Vincent Breitmoser o Wiktor Kwapisiewicz 19. References 19.1. Normative References [I-D.ietf-openpgp-rfc4880bis] Koch, W., carlson, b., Tse, R., and D. Atkins, "OpenPGP Message Format", draft-ietf-openpgp-rfc4880bis-06 (work in progress), November 2018. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . Gillmor Expires October 17, 2019 [Page 32] Internet-Draft Abuse-Resistant OpenPGP Keystores April 2019 [RFC4880] Callas, J., Donnerhacke, L., Finney, H., Shaw, D., and R. Thayer, "OpenPGP Message Format", RFC 4880, DOI 10.17487/RFC4880, November 2007, . [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, . 19.2. Informative References [BITCOIN] "Bitcoin", n.d., . [CONIKS] Felten, E., Freedman, M., Melara, M., Blankstein, A., and J. Bonneau, "CONIKS Key Management System", n.d., . [DEBIAN-KEYRING] McDowell, J., "Debian Keyring", n.d., . [GnuPG] Koch, W., "Using the GNU Privacy Guard", n.d., . [I-D.koch-openpgp-webkey-service] Koch, W., "OpenPGP Web Key Directory", draft-koch-openpgp- webkey-service-07 (work in progress), November 2018. [I-D.mccain-keylist] McCain, R., Lee, M., and N. Welch, "Distributing OpenPGP Key Fingerprints with Signed Keylist Subscriptions", draft-mccain-keylist-04 (work in progress), March 2019. [I-D.shaw-openpgp-hkp] Shaw, D., "The OpenPGP HTTP Keyserver Protocol (HKP)", draft-shaw-openpgp-hkp-00 (work in progress), March 2003. [KEY-TRANSPARENCY] Belvin, G. and R. Hurst, "Key Transparency, a transparent and secure way to look up public keys", n.d., . [MAILVELOPE-KEYSERVER] Oberndoerfer, T., "Mailvelope Keyserver", n.d., . Gillmor Expires October 17, 2019 [Page 33] Internet-Draft Abuse-Resistant OpenPGP Keystores April 2019 [MONKEYSPHERE] Gillmor, D. and J. Rollins, "Monkeysphere", n.d., . [PARCIMONIE] Intrigeri, ., "Parcimonie", n.d., . [PGP-GLOBAL-DIRECTORY] Symantec Corporation, "PGP Global Directory Key Verification Policy", 2011, . [RFC5322] Resnick, P., Ed., "Internet Message Format", RFC 5322, DOI 10.17487/RFC5322, October 2008, . [RFC6962] Laurie, B., Langley, A., and E. Kasper, "Certificate Transparency", RFC 6962, DOI 10.17487/RFC6962, June 2013, . [RFC7929] Wouters, P., "DNS-Based Authentication of Named Entities (DANE) Bindings for OpenPGP", RFC 7929, DOI 10.17487/RFC7929, August 2016, . [SKS] Minsky, Y., Fiskerstrand, K., and P. Pennock, "SKS Keyserver Documentation", March 2018, . [TOR] "The Tor Project", n.d., . Author's Address Daniel Kahn Gillmor American Civil Liberties Union 125 Broad St. New York, NY 10004 USA Email: dkg@fifthhorseman.net Gillmor Expires October 17, 2019 [Page 34]