Re: emailselfdefense.fsf.org indirectly recommends a proprietary service through a new Enigmail defaults

[Dmitry Alexandrov]

Werner Koch <wk@gnupg.org> wrote:
> On Wed, 17 Jul 2019 14:37, 321942@gmail.com said:
>>> A problem is the single-point-of-validation (done via mail confirmation) 
>>> which puts [keys.openpgp.org] in a position like X.509 CAs.
>>
>> That is, mister Brunschwig is willing to add other keyservers on a par with 
>> keys.openpgp.org?  Who will be an auditor (like webtrust.org)?
>
> I don't understand.

There are _many_ X.509 root certificates shipped by operating systems and 
user-agents and equally respected by them by default.  webtrust.org are those 
who audits CAs and advises OS / UA developers whether they can trust their 
users’ security to a certain CA or not.  While keys.openpgp.org is now the 
_only one_ proprietary keyserver network used in Enigmail by default.

>> And Enigmail is like a software that encourages any user to get a CAcert 
>> certificate ‘in two clicks’, not even informing him, that they not 
>> univarsally accepted
>
> How is that different from software uploading to SKS.

In two major points:

1. SKS is (or was, prior this diversion) a de-facto standard, so those who 
unilaterally switched from it had broken the compatibility with GPG and other 
GPG-compatible tools.  This is bad enough, but not so bad as the second point.

2. SKS is a peered network (if you do not like the word ‘distributed’), while 
keys.openpgp.org is a proprietary service.

>> [keys.openpgp.org is] a part (as of now, the only part) of a proprietary 
>> network — just like, say, Facebook.  While SKS is a distributed network — 
>> like Usenet.
>
> Nope.  To use the distributed (actually replicated) SKS you need to get onto 
> Kristian's list.  Kristian has certain rules on what servers he puts on the 
> list.  This currently means you need to have several SKS instances running 
> behind a loadbalancer.

I need to get onto list to do what?  To use as in ‘user’?  Definitely not.  To 
massively download keys?  No, I do not.  To massively upload keys?  Well, I 
never tried, but if I need to get an approval to to this, who have flooded the 
network with fake signatures then?  I have to meet some technical requirements 
to be admitted into the community in order to become a first-class peer of the 
network?  So with Usenet, so the analogy was perfectly valid.

> For year now this had the effect that there are only two persons running SKS 
> keyservers.

>> Unless you mean an entity that controls root DNS of the Internet, for sure, 
>> DNS of SKS *network* is _not_ under control of a single person.
>
> Nope, it is.  The network is DNS and certificate based and there is one 
> person controlling it.

I really do not understand you.  Under whose control 
https://keyserver.ubuntu.com is?  And https://pgp.mit.edu?  Or 
https://pgp.neopost.com and https://peegeepee.com?  Are they under Kristian’s 
or that second person’s?

> I pretty sure everyone in the community trusts Kristian to do the Right Thing 
> as most users also trust Patrick, me, or any other GNU author.

This is not about trust or mistrust to some specific person.  Decentralisation 
is about freedom not to rely upon a good will, abilities or even the fact of 
existence (do not underrate the so called ‘bus factor’) of _any_ single person.

> In fact, keys.openpgp.org has some advantages for some user and those who do 
> not understand the goal of the GDPR

So Facebook has _lots_ of advantages for _lots_ of users.  Advantages is not 
what I am trying to speak about here.

> Enigmail has its own policy and I do not like some of them ... but ... they 
> all have defaults which are set to best serve their users.

It seems, that you are not of very high opinion of Enigmail users, if you 
believe, that proprietary service is the best for them. :-)

>> With SKS, when the default entry point is down, I can simply choose the 
>> other one, and if I am paranoid I can command GPG to check several 
>> keyservers — results must be identical, am I right?
>
> You can do the very same in Enigmail.

Oh...  What does it matter, what users of Enigmail can or cannot do?

As some wise person on this thread pointed out: “If you want get something in 
use you need to have it has default.  Virtually nobody changes options”.  :-)

So what matters is what they are _in fact_ going to do.

First, they are going to cease look keys up on the SKS Net.  Actually, I bet, 
100 % of those who installed their Enigmail from addons.thunderbird.net had 
already ceased, as there was no any questions on whether they want to switch to 
a proprietary service or stick with the standard one — keyserver had been 
rewritten, even it was manually configured.  And secondly, after updating to 
Thunderbird 68 + Enigmail 2.1 they will start to bring their new keys to an 
isolated server.

So neither Enigmail users will be any longer able to find keys of those who 
stays on GPG defaults, nor the latter — to find keys of trustful Enigmailers 
without becoming users (anonymous, yet users) of a specific proprietary service.

That’s what is called a ‘network effect’ [1], and that’s exactly the reason why 
Telegram or Proton Mail are evil, even if we were purely egoistical and had 
zero care about someone’s else freedom and convenience.

[1] https://en.wikipedia.org/wiki/Network_effect

>> He’s in fact in a halfway of doing that.  Enigmail 2.1 (for Thunderbird 68, 
>> now in beta) primarily advertising itself not as a GPG-frontend or an 
>> OpenPGP-compatible tool, but as a PEP [2] software.
>
> pEp now is a very different story than keyservers and I am with you that it 
> is not a good descision of Patrick to make that highly proprietary pEp that 
> visible.  Despite of the well intention of its founder, the pEp conglomerate 
> has only one goal: Burst its market value and sell itself at the peak.
>
>> Yes, by elimination, the second one, despite that it does not even mention 
>> neither GPG nor OpenPGP!
>
> Surely they don't want to use copyleft because that makes it harder to seel 
> the company.

Sorry, I missed the point.  Who ‘they’?  That was a quote from a configuration 
dialog of the new Enigmail, which is still under (weak) copyleft, I believe.

>> Back to our topic now: what’s about keyserver?  Suppose, you did not get rid 
>> of PEP (cannot find out how, or even do not want), how do you switch an 
>> outcoming keyserver?  My answer is: no idea!  I did not find
>
> In theory by editing dirmngr.conf;

Yes, that’s _exactly_ what would be the most convenient for ‘Junior Mode’ user!

> unfortunately Enigmail does not use [our] default API but calls gpg with a 
> keyserver and even worse implemens parts of GnuPG itself.  I have not looked 
> at the latest Enigmail and can't tell whether the gnupg configure options 
> have been removed.  That would, in contrast to the keys.openppg.org default 
> indeed be a problem.

I _really_ cannot realize, why do you deny, that breaking seamless 
compatibility with its own backend in order to populate a freshly established 
proprietary service with users is not a problem.

“Virtually nobody changes options”.  And even less likely they would do it, 
when (returning to the topic) not only this introductory guide to PGP for mail, 
but lots of them, say simply “upload to keyserver” or “search a keyserver” 
without clarifying _which_ keyserver, or even explicitly saying that all public 
keyservers are peered.

>> May I finally propose a small thought experiment: what would you do under 
>> the circumstances: disabled lookup on SKS servers until the installed GPG 
>> had been updated, or took the situation as a ideal opportunity to 
>> aggressively promote a competing private service among all you users?  Or 
>> something else?
>
> Assuming you mean pEp:

Well, first and foremost keys.opengpg.org.  You are right, of course, that PEP 
is capable to cause much more harm, but the issue is less urgent: Thunderbird 
68 is not released yet.

> I won't be able to give a neutral answer here because the folks who wrote the 
> Hagrid software, which is used by keys.openpgp.org, used to be my employees, 
> learned everything about OpenPGP and things, and left me in favor of working 
> for pEp.  Patrick of Enigmail is not associated with pEp, though.
>
> Note that keys.openpgp.org is not run any of them but as a private project of 
> Vicent who is also not associated with pEp but runs along with a partner a 
> small company to fister delopment of OpenKeychain.

Thank you for the info.  It’s actually somewhat funny, that some regard among 
‘advantages’ of keys.openpgp.org over the SKS the alleged fact that it is 
censorship-conformant, while it does not even try to conform to the most basic 
requirement of laws of the kind — to reveal, who runs it.

signature.asc
Description: PGP signature