IETF Logo Mail Archive

Re: [dane] Start of WGLC for draft-ietf-dane-openpgpkey: objection about keyring format documentation

Petr Spacek <pspacek@redhat.com> Mon, 02 March 2015 13:03 UTC

Return-Path: <pspacek@redhat.com>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E09371A874D for <dane@ietfa.amsl.com>; Mon, 2 Mar 2015 05:03:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.911
X-Spam-Level:
X-Spam-Status: No, score=-6.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7QwpdJMyyamO for <dane@ietfa.amsl.com>; Mon, 2 Mar 2015 05:02:59 -0800 (PST)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 27DE51A874A for <dane@ietf.org>; Mon, 2 Mar 2015 05:02:59 -0800 (PST)
Received: from int-mx14.intmail.prod.int.phx2.redhat.com (int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id t22D2wa8022525 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Mon, 2 Mar 2015 08:02:58 -0500
Received: from pspacek.brq.redhat.com (pspacek.brq.redhat.com [10.34.128.7]) by int-mx14.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id t22D2uth016209 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NO); Mon, 2 Mar 2015 08:02:57 -0500
Message-ID: <54F45F80.3070000@redhat.com>
Date: Mon, 02 Mar 2015 14:02:56 +0100
From: Petr Spacek <pspacek@redhat.com>
Organization: Red Hat
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0
MIME-Version: 1.0
To: Paul Wouters <paul@nohats.ca>
References: <CAHw9_iJPuG23Aok7V_wcAMirua_DPDLHy01tnd+DaUqEeK3NZA@mail.gmail.com> <54EF3A7D.6070809@redhat.com> <alpine.LFD.2.10.1503012052350.31123@bofh.nohats.ca>
In-Reply-To: <alpine.LFD.2.10.1503012052350.31123@bofh.nohats.ca>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.27
Archived-At: <http://mailarchive.ietf.org/arch/msg/dane/5k4A20ldT78QskXwsGmm6y8SOmk>
Cc: dane@ietf.org
Subject: Re: [dane] Start of WGLC for draft-ietf-dane-openpgpkey: objection about keyring format documentation
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Mar 2015 13:03:07 -0000

On 2.3.2015 03:06, Paul Wouters wrote:
> On Thu, 26 Feb 2015, Petr Spacek wrote:
> 
>> On 20.2.2015 21:30, Warren Kumari wrote:
>>> Please review this draft to see if you think it is ready for
>>> publication and send comments to the list, clearly stating your view.
>>
>> IMHO current version *should be rejected* because further clarification to
>> keyring format is needed.
>>
>> See previous discussion on
>> http://www.ietf.org/mail-archive/web/dane/current/msg07227.html
>>
>> As I already said, I believe that -01 version does not define an interoperable
>> standard.
> 
> It was suggested you would raise this on the openpgp email list. It
> seems you have not done so.

Right, I did not do so because I do not think it is the right approach.

draft-ietf-dane-openpgpkey does not require general-purpose keyring format
because it is very limited in its scope (no private keys, no secret keys etc.).

I believe that for this reason the draft should not depend on/wait for 4880bis
(which could be a huge effort). IMHO the draft should rather define
stripped-down version of keyring tailored for this particular purpose.


I was hoping that you already defined the format internally in your tool
'openpgpkey' but apparently it is not the case. Looking at the code, it does
basically this (Python pseudo-code follows):

gpgdisk = gnupg.GPG()
disk_keys = gpgdisk.list_keys()
for pgpkey in disk_keys:
    # pick the right key here
ekey = gpgdisk.export_keys(pgpkey["keyid"], ...)

It effectively means that you are going to output anything which was returned
by current version of GnuPG Python bindings.

- Looking at documentation for Python bindings, it does not say any word about
output format.
- Looking into the binding, it basically calls 'gpg --export' and returns what
was returned by gpg binary.
- Looking at 'man gpg', it does not define output format for --export.

Please note that at this point already jumped though 4 hoops to find out the
format of the data and found nothing. That is not what I call interoperable
standard, sorry!


To be constructive, it is possible to examine what GnuPG spitted out using:

$ gpg --list-packets /tmp/what_you_exported_before
:public key packet:
	version 4, algo 1, created 1412325631, expires 0
	pkey[0]: [4096 bits]
	pkey[1]: [17 bits]
	keyid: 10587E881CB2BB71
:user ID packet: "Petr \xc5\xa0pa\xc4\x8dek <pspacek@redhat.com>"
:signature packet: algo 1, keyid 10587E881CB2BB71
	version 4, created 1412325631, md5len 0, sigclass 0x13
	digest algo 2, begin of digest d2 11
	hashed subpkt 2 len 4 (sig created 2014-10-03)
	hashed subpkt 27 len 1 (key flags: 03)
	hashed subpkt 11 len 5 (pref-sym-algos: 9 8 7 3 2)
	hashed subpkt 21 len 5 (pref-hash-algos: 8 2 9 10 11)
	hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1)
	hashed subpkt 30 len 1 (features: 01)
	hashed subpkt 23 len 1 (key server preferences: 80)
	subpkt 16 len 8 (issuer key ID 10587E881CB2BB71)
	data: [4096 bits]
:public sub key packet:
	version 4, algo 1, created 1412325631, expires 0
	pkey[0]: [4096 bits]
	pkey[1]: [17 bits]
	keyid: E52EB436C0C402E3
:signature packet: algo 1, keyid 10587E881CB2BB71
	version 4, created 1412325631, md5len 0, sigclass 0x18
	digest algo 2, begin of digest 22 98
	hashed subpkt 2 len 4 (sig created 2014-10-03)
	hashed subpkt 27 len 1 (key flags: 0C)
	subpkt 16 len 8 (issuer key ID 10587E881CB2BB71)
	data: [4096 bits]

*This* can be standardized with small effort (in comparison with 4880bis) by
listing expected packet types and by referencing RFC4880: The rough idea is to
say something like this:

The blob contains sequence consisting of
1) Public-Key Packet (Tag 6, section 5.5.1.1)

2) (non-empty?) sequence consisting of
-- User ID Packet (Tag 13, section 5.11) which identifies the previous key
-- Signature Packet (Tag 2, section 5.2)
(+ signature over what with what key - maybe over preceding User ID?)

3) Signature Packet (Tag 2, section 5.2)
(+ signature over what with what key - maybe over whole previous sequence? see
sigclass 0x13)

4) (non-empty?) sequence consisting of
- Public-Subkey Packet (Tag 14, section 5.5.1.2)
-- Signature Packet (Tag 2, section 5.2)
(+ signature over what with what key - maybe sign previous block with master
key? see sigclass 0x18)


You can see that even with current version of GnuPG at hand it is not 100%
obvious what the data actually contain and how it should be interpreted.

Also, please note that I did not try to export a public key with multiple
user-IDs or subkeys but it would certainly be more messy.


> The interoperable standard is defined in RFC 4880, the OpenPGP Message
> Format. This document references that RFC for the keyring format. If you
> think that reference is insufficient, I suggest you take this up on the

I believe that the example above sufficiently demonstrates that it is hard to
write a client which would interpret content of OPENGPGKEY records without
actually using GnuPG's code.

> ietf openpgp email list and see about writing a 4880bis document that
> further clarifies the keyring format.

As I said above, I do not think we need 4880bis because generic keyring format
is overkill for simple application as OPENPGPKEY.

> It is not up to this document to rewrite or update RFC 4880.

Sure, but I'm not proposing that :-) I'm saying that this draft should clearly
state what RFC 4880 packets are expected in OPENPGPKEY blob, in what order,
and what has to be signed by which key (define expected sigclasses etc.).

>> Current format of records can stay as is but it has to be clearly documented
>> so we do not rely on current GPG implementation.
> 
> In my opinion, it is documented in RFC 4880. Whether or not that is
> "clearly" is a subjective matter, and something that should be taken
> to the OpenPGP list.

There is no room for subjectivity. Please imagine that you are going to write
a new version of opengpgkey utility - without looking at GnuPG code and in a
way which has to be interoperable with current version of the utility.

You will see if RFC 4880 is sufficient or not.

>> 'It is beyond the scope of this standard to discuss the details of keyrings or
>> other databases.' is simply not sufficient.
> 
> I believe it is.

Hmm ... Are you saying that you and others are able to implement equivalent of
'opengpgkey' utility without using existing GnuPG bindings/code? Or a
Thunderbird extension which would import keys and sign emails?

-- 
Petr Spacek  @  Red Hat

v2.23.0 | Report a Bug | By Email