Skip to main content

pretty Easy privacy (pEp): Trustwords concept
draft-birk-pep-trustwords-00

The information below is for an old version of the document.
Document Type
This is an older version of an Internet-Draft whose latest revision state is "Replaced".
Authors Volker Birk , Hernâni Marques , Bernie Hoeneisen
Last updated 2018-02-22
Replaced by draft-pep-trustwords
RFC stream (None)
Formats
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state I-D Exists
Telechat date (None)
Responsible AD (None)
Send notices to (None)
draft-birk-pep-trustwords-00
Network Working Group                                            V. Birk
Internet-Draft                                                H. Marques
Intended status: Standards Track                          pEp Foundation
Expires: August 26, 2018                                    B. Hoeneisen
                                                                 Ucom.ch
                                                            Feb 22, 2018

             pretty Easy privacy (pEp): Trustwords concept
                      draft-birk-pep-trustwords-00

Abstract

   In public-key cryptography comparing the public keys' fingerprints of
   the communication partners involved is vital to ensure that there is
   no man-in-the-middle (MITM) attack on the communication channel.
   Fingerprints normally consist of a chain of hexadecimal chars.
   However, comparing hexadecimal strings is often impractical for
   regular users and prone to misunderstandings.

   To mitigate these challenges, this memo proposes the comparision of
   trustwords as opposed to hexadecimal strings.  Trustwords are common
   words in a natural language (e.g., English) to which the hexidecimal
   strings are mapped to.  This makes the verification process more
   natural.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on August 26, 2018.

Copyright Notice

   Copyright (c) 2018 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

Birk, et al.             Expires August 26, 2018                [Page 1]
Internet-Draftpretty Easy privacy (pEp): Trustwords concept     Feb 2018

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Terms . . . . . . . . . . . . . . . . . . . . . . . . . . . .   3
   3.  The Concept of Trustword Mapping  . . . . . . . . . . . . . .   3
   4.  Example . . . . . . . . . . . . . . . . . . . . . . . . . . .   3
   5.  Previous work . . . . . . . . . . . . . . . . . . . . . . . .   3
   6.  Number of Trustwords for a language . . . . . . . . . . . . .   3
   7.  The nature of the words . . . . . . . . . . . . . . . . . . .   4
   8.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   4
   9.  Security Considerations . . . . . . . . . . . . . . . . . . .   4
   10. Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .   4
   11. References  . . . . . . . . . . . . . . . . . . . . . . . . .   4
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .   5

1.  Introduction

   In public-key cryptography comparing the public keys' fingerprints of
   the communication partners involved is vital to ensure that there is
   no man-in-the-middle (MITM) attack on the communication channel.
   Fingerprints normally consist of a chain of hexadecimal chars.
   However, comparing hexadecimal strings is often impractical for
   regular users and prone to misunderstandings.

   To mitigate these challenges, this memo proposes the comparision of
   trustwords as opposed to hexadecimal strings.  Trustwords are common
   words in a natural language (e.g., English) to which the hexidecimal
   strings are mapped to.  This makes the verification process more
   natural.

   Trustwords are used to achieve easy contact verification in pEp's
   proposition of Privacy by Default [pEp] for end-to-end encryption
   situations after the peers have exchanged public keys
   opportunistically.

   Trustwords may also be used for purposes other than contact
   verification.

Birk, et al.             Expires August 26, 2018                [Page 2]
Internet-Draftpretty Easy privacy (pEp): Trustwords concept     Feb 2018

2.  Terms

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].

3.  The Concept of Trustword Mapping

4.  Example

   A fingerprint typically looks like:

   F482 E952 2F48 618B 01BC 31DC 5428 D7FA ACDC 3F13

   Its mapping to trustwords looks like:

   dog house brother town fat bath school banana kite task

   [[Actual mapping for English should be used here and perhaps an
   example for another language.]]

   Instead of the former hexadecimal string, users can compare ten
   common words of their language.

5.  Previous work

   The basic concept of trustwork mapping has been already documented in
   the past, e.g. for use in One-Time Passwords (OTP) [RFC2289] or the
   PGP Word List ("Pretty Good Privacy word list" [PGPwordlist], also
   called a biometric word list, to compare fingerprints.

6.  Number of Trustwords for a language

   Previsous proposals have the shortcoming of a limited number of
   trustwords and they are usually only available in English.  If the
   number of trustwords is low, a lot of trustworks need to be compared,
   which make a comparision somewhat cumbersome for users, i.e. leads to
   degraded usability.  To reduce the number of trustwords to compare,
   16-bit scalars are mapped to natural language words.  Therefore, the
   size (by number of key--value pairs) of any key--value pair structure
   MUST be 65536, the keys being the enumeration of the Trustwords
   (starting at 0) and the values being individual natural language
   words in the respective language.

   However, the number of unique values to be used in a language may be
   less than 65536.  This can be addressed e.g. by using the same value
   (trustword) for more than one key.  However, the entropy of the
   representation is slightly reduced.

Birk, et al.             Expires August 26, 2018                [Page 3]
Internet-Draftpretty Easy privacy (pEp): Trustwords concept     Feb 2018

   Example.  A Trustwords list of just 42000 words still allows for an
   entropy of log_2(42000) ~= 15.36 bits in 16-bit mappings.

   It is for further study, what minimal number of words (or entropy)
   should be required.

7.  The nature of the words

   Every Trustwords list SHOULD be cleared from swearwords in order to
   not offense users.  This is a task to be carried out by speakers of
   the respective natural lnaguage.

8.  IANA Considerations

   Each natural language requires a different set of trustwords.  To
   allow implementors for identical trustword lists, a IANA registry is
   to be established.  The IANA registration policy according to
   [RFC8126] will likely be "Expert Review" and "Specification
   Required".

   An IANA registration will contain:

   o  language code accoring to ISO 639-3

   o  version number

   o  list of up to 65536 trustwords

   The details of the IANA registry and requirements for the expert to
   assess the specification are for further study.

9.  Security Considerations

   There are no special security considerations.

10.  Acknowledgements

   This work was initially created by pEp Foundation, and then reviewed
   and extended with funding by the Internet Society's Beyond the Net
   Programme on standardizing pEp. [bnet]

11.  References

Birk, et al.             Expires August 26, 2018                [Page 4]
Internet-Draftpretty Easy privacy (pEp): Trustwords concept     Feb 2018

   [bnet]     Simao, I., "Beyond the Net. 12 Innovative Projects
              Selected for Beyond the Net Funding. Implementing Privacy
              via Mass Encryption: Standardizing pretty Easy privacy's
              protocols", Jun 2017, <https://www.internetsociety.org/
              blog/2017/06/12-innovative-projects-selected-for-beyond-
              the-net-funding/>.

   [pEp]      pEp Foundation, "pretty Easy privacy (pEp): Privacy by
              Default [Internet-Draft]", Jan 2018,
              <https://tools.ietf.org/html/draft-birk-pep-01>.

   [PGPwordlist]
              Wikipedia, "PGP word list", Nov 2017,
              <https://en.wikipedia.org/w/
              index.php?title=PGP_word_list&oldid=749481933>.

   [RFC1760]  Haller, N., "The S/KEY One-Time Password System",
              RFC 1760, DOI 10.17487/RFC1760, February 1995,
              <https://www.rfc-editor.org/info/rfc1760>.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <https://www.rfc-editor.org/info/rfc2119>.

   [RFC2289]  Haller, N., Metz, C., Nesser, P., and M. Straw, "A One-
              Time Password System", STD 61, RFC 2289,
              DOI 10.17487/RFC2289, February 1998,
              <https://www.rfc-editor.org/info/rfc2289>.

   [RFC8126]  Cotton, M., Leiba, B., and T. Narten, "Guidelines for
              Writing an IANA Considerations Section in RFCs", BCP 26,
              RFC 8126, DOI 10.17487/RFC8126, June 2017,
              <https://www.rfc-editor.org/info/rfc8126>.

Authors' Addresses

   Volker Birk
   pEp Foundation

   Email: vb@pep-project.org

   Hernani Marques
   pEp Foundation

   Email: hernani.marques@pep.foundation

Birk, et al.             Expires August 26, 2018                [Page 5]
Internet-Draftpretty Easy privacy (pEp): Trustwords concept     Feb 2018

   Bernie Hoeneisen
   Ucom Standards Track Solutions GmbH

   Email: bernie@ietf.hoeneisen.ch (bernhard.hoeneisen AT ucom.ch)
   URI:   http://www.ucom.ch/

Birk, et al.             Expires August 26, 2018                [Page 6]