[openpgp] Re: Matters arising from IETF-121 re draft-replacementkey
Andrew Gallagher <andrewg@andrewg.com> Fri, 22 November 2024 12:38 UTC
Return-Path: <andrewg@andrewg.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B3B43C18DBB4 for <openpgp@ietfa.amsl.com>; Fri, 22 Nov 2024 04:38:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=andrewg.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qRdEPjFMdm6Y for <openpgp@ietfa.amsl.com>; Fri, 22 Nov 2024 04:38:50 -0800 (PST)
Received: from fum.andrewg.com (fum.andrewg.com [135.181.198.78]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0AED5C18DB89 for <openpgp@ietf.org>; Fri, 22 Nov 2024 04:38:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=andrewg.com; s=andrewg-com; t=1732279127; bh=ELwYDD/j6iDSpT9wmU9lwnqKeHYuOatEPfXLkQZiJMk=; h=From:Subject:Date:References:To:In-Reply-To:From; b=t07BnHV/WIH//gPF3jcDRBA7PRCARx19c1Vr5eHodpKsCuymf7ajSgAHZwFszxFUk aQSZZl/NqBYzQT6RrWgIrO616adm15XP26xV+I448X6N6xJbC+owLFIq95mkDx7fVF Woj1SeVWS7+kxmf8syqt1yjJUfMC/uQTgXPR48TXAzpsVGCBddAWWlp8MJXiqMCvyW Ee1NkPR4ZU4cABs4RcGitO8dzDyfuFrr8tzGAORBh/QnB7eDEi8r+dfeW0xtTt+MVW 9TId633W+J1Z7oMFDNsEUzG4z7a73/PCylr2M+DQnJnB59JgKnAdBSsxPdPyCgqiPM Xrf7eqqLa1VpQ==
Received: from smtpclient.apple (serenity [IPv6:fc93:5820:7349:eda2:99a7::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by fum.andrewg.com (Postfix) with ESMTPSA id 104815E5FA for <openpgp@ietf.org>; Fri, 22 Nov 2024 12:38:46 +0000 (UTC)
From: Andrew Gallagher <andrewg@andrewg.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_9DB87F50-EF4F-475B-A727-90408A76A1BC"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.700.6.1.2\))
Date: Fri, 22 Nov 2024 12:38:28 +0000
References: <d0ec517e-53d2-4bb9-ae71-f6a7eef50529@cs.tcd.ie> <2A6F2C41-A2AA-4153-BA48-5FF4723B4AEC@andrewg.com>
To: "openpgp@ietf.org" <openpgp@ietf.org>
In-Reply-To: <2A6F2C41-A2AA-4153-BA48-5FF4723B4AEC@andrewg.com>
Message-Id: <2DBD55E4-1D59-4370-8558-1188675D201B@andrewg.com>
X-Mailer: Apple Mail (2.3731.700.6.1.2)
Message-ID-Hash: 2FTMOHRWBDES5373P3IHFB3O5OCTOV3G
X-Message-ID-Hash: 2FTMOHRWBDES5373P3IHFB3O5OCTOV3G
X-MailFrom: andrewg@andrewg.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-openpgp.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [openpgp] Re: Matters arising from IETF-121 re draft-replacementkey
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/-4a6Kflqp4EV6J23rUsuXnk1BN4>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Owner: <mailto:openpgp-owner@ietf.org>
List-Post: <mailto:openpgp@ietf.org>
List-Subscribe: <mailto:openpgp-join@ietf.org>
List-Unsubscribe: <mailto:openpgp-leave@ietf.org>
On 19 Nov 2024, at 20:15, Andrew Gallagher <andrewg=40andrewg.com@dmarc.ietf.org> wrote > 3. The name of the draft (and potentially the subpacket). Several people have indicated that they wish to change it to “Certificate Replacement”. I’m personally not in favour of this because I think it is imprecise — it is already possible to “replace" a certificate with a modified one that shares the same primary key, while this mechanism is only useful for certificate replacement that also includes primary key replacement. > > As a counter-proposal, I would suggest “Primary Key Replacement”, which I believe describes more precisely what exactly is achieved by the mechanism. I know Justus doesn’t like it, but I’d like to hear some other opinions, either way. :-) There has been no further discussion of this, so the new draft will not contain any change. It does not affect the wire format, so I’m happy to leave this unresolved for now. > 4. There is also one other item which we mentioned at the interim but is not in the minutes, which is whether to include an “encrypt to all equivalent keys” mechanism. I am reluctant to do this as it is a significant expansion of scope. As a counter-proposal, we could instead invert the meaning of the following text in the draft: > >> An implementation that encounters a class octet that has other bits set MUST disregard that Replacement Key subpacket. The new draft will include this inversion of requirements, however the broader question of how to deal with the "encryption to multiple certificates" use case is still open. Two conflicting options have been proposed so far on the issue tracker: [1] 1. A mechanism is required in this draft to signal that a correspondent should encrypt to all equivalent certificates. 2. This should be addressed in a future document, which would also cover related issues such as encryption subkey selection and/or secret key material sharing. If anyone else has an opinion on these options (or wishes to propose a third option) please speak up! :-) A [1] https://gitlab.com/andrewgdotcom/openpgp-replacementkey/-/issues/14
- [openpgp] draft minutes for IETF-121 session Stephen Farrell
- [openpgp] Matters arising from IETF-121 re draft-… Andrew Gallagher
- [openpgp] Re: draft minutes for IETF-121 session Andrew Gallagher
- [openpgp] Re: Matters arising from IETF-121 re dr… Andrew Gallagher