Re: [openpgp] Known seed key generation
Phillip Hallam-Baker <phill@hallambaker.com> Fri, 18 October 2019 17:25 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 849CA1200F4 for <openpgp@ietfa.amsl.com>; Fri, 18 Oct 2019 10:25:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.476
X-Spam-Level:
X-Spam-Status: No, score=-1.476 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.172, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ICwkqKSltdft for <openpgp@ietfa.amsl.com>; Fri, 18 Oct 2019 10:25:01 -0700 (PDT)
Received: from mail-oi1-f174.google.com (mail-oi1-f174.google.com [209.85.167.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CAD9F12000F for <openpgp@ietf.org>; Fri, 18 Oct 2019 10:25:01 -0700 (PDT)
Received: by mail-oi1-f174.google.com with SMTP id k9so5851113oib.7 for <openpgp@ietf.org>; Fri, 18 Oct 2019 10:25:01 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=hlq2eJa7HH+hq2AsyH+RkNhUqVRwtAVueW6CfzSpudw=; b=FfV7kp+TclJiXI78jEZQ+twZiuXY+K9PxNhGpMJy2To3/5H8PrXxkhM4hddxnU8Ciw B20b2v9V1ob6rSWJVFUwemj8tjZx8HlO1bkGyNwMpwc1XshrMrcLwWU2qCdGmvKRt0vg e30l9r24VWTFjn88w59N+91CGEceoV+163Lz5yhATqSAzF/YAVt+lGWaseqWYeoODk3g Ecer2Qg0de+twg6fT84HmY/5jKp1B5K/aRVbMPKDiAodBXWqDGbjljkAVaIMB6B4oDSI onjNObajNW2Aqp/KkddNYImzF/1VPpBVJwRuNRKwHplTQYttKpX0uCNZYOsEXw5UP3+C MVrg==
X-Gm-Message-State: APjAAAWvGg8EQLMD+pAluseAw5VcnOzH+7ayZf3YeCBhUHNl3fc216V0 51kwu8vNu/TnWcsdzb3Jd26rG+DMHMMrWUwgYw0=
X-Google-Smtp-Source: APXvYqzP0gzMfM6pEEh/bBaElJkzQ0M07K1jWEzb9/HGJJ6VChD+Hvbvk0FSl1/MVxc+kpC+2sCqd8lgmVU/SjbFMzU=
X-Received: by 2002:aca:1b0f:: with SMTP id b15mr9057096oib.58.1571419500853; Fri, 18 Oct 2019 10:25:00 -0700 (PDT)
MIME-Version: 1.0
References: <CAMm+LwhscJv=eG8ta+9MQqeSyQy3JN6LCNcg8WoatRyJu-spng@mail.gmail.com> <x7VEkU4Fe6cDXLgTDywLVwV4jYNzrXyY3a98W7VT2385@mailpile>
In-Reply-To: <x7VEkU4Fe6cDXLgTDywLVwV4jYNzrXyY3a98W7VT2385@mailpile>
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Fri, 18 Oct 2019 13:24:48 -0400
Message-ID: <CAMm+LwjLbhK1f45_brmZVTx3_GtZ2CfQBNV201mw=OnX+f2asw@mail.gmail.com>
To: Bjarni Runar Einarsson <bre@mailpile.is>
Cc: IETF OpenPGP <openpgp@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000002440c70595329da8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/-CvaSP8aJsd_LQTlKK6c8Sr-eF4>
Subject: Re: [openpgp] Known seed key generation
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Oct 2019 17:25:03 -0000
On Fri, Oct 18, 2019 at 11:39 AM Bjarni Runar Einarsson <bre@mailpile.is> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > Hello! > > Phillip Hallam-Baker <phill@hallambaker.com> wrote: > > On Fri, Oct 18, 2019 at 3:51 AM Bjarni Runar Einarsson <bre@mailpile.is> > wrote: > > > I'll refrain from derailing this thread to pontificate on why. > > > > Saying that you have technical objections which you will not > > reveal is incredibly rude. Either state your objections so they > > can be responded to or don't state them at all. > > I apologise, I meant no offence. Just that I didn't want to get > too far off topic. > > But since you feel strongly, I'm happy to elaborate. > > As I understand it, generating keys from a known seed is intended > as a backup/restore/sync strategy for the secret key material. > But as such, it does nothing to address all the metadata > surrounding the key (or keys), which tends to be rather > important. Schemes based on a shared seed are therefore (IMO) > insufficient for many (most?) real world use-cases > The metadata is generally associated with the public key rather than the private. > Furthermore, generating keys from a known seed implies a lot of > hidden dependencies. If people do not take care to implement the > critical algorithms in exactly the same way, different > implementations will generated different keys from the same seed. > If using code-words, dictionaries have to be standardized and > kept unchanged, across all supported languages. If there are bugs > or mistakes in the scheme, you can't fix them without adding a > compatibility layer that can regenerate previous generations of > keys. > Not for the new CFRG keys. They are simply random blobs. Generating the blob from a seed using a KDF is straightforward. Everything has to go exactly right for your restoration procedure > to work; which is really not a characteristic you want in a > backup system. Do you really want to attempt a restore 10 years > later, discover that a security update changed the algorithms, > and you need to go digging up obsolete versions of GnuPG to > restore your data? Why expose yourself to that risk? > I don't think this type of key management should be part of apps. It is probably something that is most useful for disk level encryption and for SSH. OpenPGP would only be using it for establishing the same key across devices. In particular, for shared test data, there is no bandwidth > constraint and there is absolutely no reason to take on all the > above complexity and constraints. Just do the simple thing and > copy the key material. It works. > > > I proposed this idea September 28. I expect writing the draft > > and shipping code to take no more than a day. > > For openpgp.js, Sequoia, GnuPG, and PgPy? All in one day? > Impressive! :-D > They can all import a P12 or PEM encoded key or they are useless. I don't think key generation or management should be part of the crypto apps that make use of the keys. It is a separate function.
- [openpgp] Shared OpenPGP keys for use in test cor… Bjarni Runar Einarsson
- Re: [openpgp] Shared OpenPGP keys for use in test… Phillip Hallam-Baker
- Re: [openpgp] Shared OpenPGP keys for use in test… Bjarni Runar Einarsson
- Re: [openpgp] Shared OpenPGP keys for use in test… Phillip Hallam-Baker
- Re: [openpgp] Known seed key generation Bjarni Runar Einarsson
- Re: [openpgp] Known seed key generation Phillip Hallam-Baker
- Re: [openpgp] Shared OpenPGP keys for use in test… Daniel Kahn Gillmor
- Re: [openpgp] Known seed key generation Bjarni Runar Einarsson