nanog mailing list archives
opportunistic email encryption by the MTA (not MUA)
From: Randy Bush <randy () psg com>
Date: Fri, 15 Jan 2021 03:33:13 -0800
email from a friend who uses protonmail as their MTA suddenly started to
be opportunistically encrypted with pgp; i.e. the sender's MUA did
nothing to cause the encryption. i believe this started when i provided
my pgp public key over WKD [0].
i have a guess. i suspect that protonmail opportunistically tests for a
WKD for the recipient and, if found, uses it. i do see protonmail
queries to my WKD service
/var/log/httpd-access.log:185.70.40.57 - - [14/Jan/2021:08:44:41 +0000] "HEAD /.well-known/openpgpkey/policy
HTTP/1.1" 200 - "-" "GuzzleHttp/6.5.5 curl/7.29.0 PHP/7.4.11"
/var/log/httpd-access.log:185.70.40.57 - - [14/Jan/2021:08:44:42 +0000] "GET
/.well-known/openpgpkey/hu/pbe8wr5gm5b4gf43adj411yrreqyib6u?l=randy HTTP/1.1" 200 26027 "-" "GuzzleHttp/6.5.5
curl/7.29.0 PHP/7.4.11"
/var/log/httpd-access.log:185.70.40.57 - - [14/Jan/2021:10:49:44 +0000] "HEAD /.well-known/openpgpkey/policy
HTTP/1.1" 200 - "-" "GuzzleHttp/6.5.5 curl/7.29.0 PHP/7.4.11"
/var/log/httpd-access.log:185.70.40.57 - - [14/Jan/2021:10:49:45 +0000] "GET
/.well-known/openpgpkey/hu/pbe8wr5gm5b4gf43adj411yrreqyib6u?l=randy HTTP/1.1" 200 26027 "-" "GuzzleHttp/6.5.5
curl/7.29.0 PHP/7.4.11"
/var/log/httpd-access.log:185.70.40.57 - - [14/Jan/2021:15:02:49 +0000] "HEAD /.well-known/openpgpkey/policy
HTTP/1.1" 200 - "-" "GuzzleHttp/6.5.5 curl/7.29.0 PHP/7.4.11"
/var/log/httpd-access.log:185.70.40.57 - - [14/Jan/2021:15:02:49 +0000] "GET
/.well-known/openpgpkey/hu/pbe8wr5gm5b4gf43adj411yrreqyib6u?l=randy HTTP/1.1" 200 26027 "-" "GuzzleHttp/6.5.5
curl/7.29.0 PHP/7.4.11"
my interest is whether WKD publication is triggering opportunistic
encryption; if anything else might be using it opportunistically, and if
this can actually scale.
i really do not want to discuss if pgp encryption is a good thing, if
opportunistic encryption is the spawn of the frog goddess, or if there
are viable alternatives to emacs.
anyone with protonmail clue or contact(s)?
randy
[0] - https://git.rg.net/randy/randy/src/master/pgp-WKD.md
Current thread:
- opportunistic email encryption by the MTA (not MUA) Randy Bush (Jan 15)
- Re: opportunistic email encryption by the MTA (not MUA) Brian J. Murrell (Jan 15)
- Re: opportunistic email encryption by the MTA (not MUA) Bryan Fields (Jan 15)
- Re: opportunistic email encryption by the MTA (not MUA) Brian J. Murrell (Jan 15)
- Re: tiny gorillas, was opportunistic email encryption by the MTA (not MUA) John Levine (Jan 15)
- Re: opportunistic email encryption by the MTA (not MUA) Rich Kulawiec (Jan 16)
- Re: opportunistic email encryption by the MTA (not MUA) Bryan Fields (Jan 15)
- Message not available
- Re: opportunistic email encryption by the MTA (not MUA) Randy Bush (Jan 15)
- Re: opportunistic email encryption by the MTA (not MUA) Brian J. Murrell (Jan 15)