Re: [openpgp] marking subkeys as constrained for specific use -- new key usage flags?
Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 07 March 2013 13:45 UTC
Return-Path: <dkg@fifthhorseman.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CBC6E21F8CD8 for <openpgp@ietfa.amsl.com>; Thu, 7 Mar 2013 05:45:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AZETlTD2NgMC for <openpgp@ietfa.amsl.com>; Thu, 7 Mar 2013 05:45:06 -0800 (PST)
Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by ietfa.amsl.com (Postfix) with ESMTP id 5686D21F8CD7 for <openpgp@ietf.org>; Thu, 7 Mar 2013 05:45:06 -0800 (PST)
Received: from [192.168.13.132] (lair.fifthhorseman.net [108.58.6.98]) by che.mayfirst.org (Postfix) with ESMTPSA id 88CECF979 for <openpgp@ietf.org>; Thu, 7 Mar 2013 08:45:03 -0500 (EST)
Message-ID: <513899DF.60109@fifthhorseman.net>
Date: Thu, 07 Mar 2013 08:45:03 -0500
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130112 Icedove/17.0.2
MIME-Version: 1.0
To: IETF OpenPGP <openpgp@ietf.org>
References: <5135BDE6.1070200@fifthhorseman.net> <6F1173CD-290C-4A38-BD80-152C5E553D1F@jabberwocky.com> <B18461E9-7F88-4B85-AAD7-83E31C79DBD4@callas.org>
In-Reply-To: <B18461E9-7F88-4B85-AAD7-83E31C79DBD4@callas.org>
X-Enigmail-Version: 1.6a1pre
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="----enig2KNIBAQBHNFPVWGJJBVEQ"
Subject: Re: [openpgp] marking subkeys as constrained for specific use -- new key usage flags?
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Mar 2013 13:45:07 -0000
On 03/05/2013 11:10 AM, Jon Callas wrote: > In this case, we have an authentication-only subkey that's intended to be used for OTR. If you mark it as authentication-only, it's not going to be used for document signing, which is really what you want. It's possible that some other authentication protocol could grab it, but is that really a problem? well, yes, this was my original concern. i wrote: >> (e.g. it would be bad if someone who was able to compromise my >> OTR client and steal my OTR key was able to use the secret key material >> to impersonate me over SSH). We already have systems in place (e.g. monkeysphere) that permit the use of authentication-capable subkeys for ssh systems. so if i was to mark my OTR key as authentication-capable, and critical notations were not widely respected, that wouldn't turn out very well. > This brings us to the problem with criticality. It's supposed to keep some item from being used in an unknown way. But it can also fail in unexpected ways. I've seen criticality flags cause all sorts of weird issues in other systems, and the usual fix is not to make it critical. If criticality is fraught with problems, doesn't that suggest extending the usage flags is a more responsible way to go? or should i create a subkey with all usage flags set to 0, and then include a notation to indicate the use? that way, the subkey wouldn't be used by any existing system except the ones willing to parse and interpret the notation, regardless of its criticality. --dkg
- [openpgp] marking subkeys as constrained for spec… Daniel Kahn Gillmor
- Re: [openpgp] marking subkeys as constrained for … Jon Callas
- Re: [openpgp] marking subkeys as constrained for … David Shaw
- Re: [openpgp] marking subkeys as constrained for … Werner Koch
- Re: [openpgp] marking subkeys as constrained for … Jon Callas
- [openpgp] Offline key flag (was Re: marking subke… David Shaw
- Re: [openpgp] Offline key flag Werner Koch
- Re: [openpgp] Offline key flag David Shaw
- Re: [openpgp] marking subkeys as constrained for … Daniel Kahn Gillmor
- Re: [openpgp] marking subkeys as constrained for … Jon Callas