[openpgp] Re: I-D Action: draft-ietf-openpgp-replacementkey-02.txt
Andrew Gallagher <andrewg@andrewg.com> Mon, 27 January 2025 18:21 UTC
Return-Path: <andrewg@andrewg.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AB6A1C1D4CFE for <openpgp@ietfa.amsl.com>; Mon, 27 Jan 2025 10:21:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.393
X-Spam-Level:
X-Spam-Status: No, score=0.393 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FONT_INVIS_MSGID=2.499, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=andrewg.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zWPc9scMJeUJ for <openpgp@ietfa.amsl.com>; Mon, 27 Jan 2025 10:21:09 -0800 (PST)
Received: from fum.andrewg.com (fum.andrewg.com [IPv6:2a01:4f9:c011:23ad::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 837A9C1654EF for <openpgp@ietf.org>; Mon, 27 Jan 2025 10:21:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=andrewg.com; s=andrewg-com; t=1738002067; bh=evveWEQSIpH9pPIrC7NCrfFauwC6qHoxdfTQ9Ta2xic=; h=From:Subject:Date:In-Reply-To:Cc:To:References:From; b=dA97hB2pqigLutks6kUJdlZkk9M6F8xGCetT/jQPtBGzSL/iwcg0s9cN7x93owqiu Xl8Ru+LmjnlbfE7B/aqIW4c69iKwoXWCcmDfHVSu8dHgutkI/yl+a3kgIxINRunqFi clRbUTbVv8Lskf8wXAH97CJiivJN/xCWsoJWHTsyr3GEGmb/sCTSffzXTmBVumJsKo Ev4m3klNKsNFEuT8SqhZcAro4W3h8/pWxGjxleaWc7wymihUWWWFt4eRT76RBdC0T2 imMA+ZvZIUeiCu32WeLtoWquPkHu72t/7BMzvwCfIJ/9hS7iSLEu2/CgLbMyhcSUdu u0ObGNAmhdP3Q==
Received: from smtpclient.apple (serenity [IPv6:fc93:5820:7349:eda2:99a7::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by fum.andrewg.com (Postfix) with ESMTPSA id D56EB5DC93; Mon, 27 Jan 2025 18:21:06 +0000 (UTC)
From: Andrew Gallagher <andrewg@andrewg.com>
Message-Id: <27418AB6-4CEE-4A77-A834-B1993AE5CAC5@andrewg.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_B6C76F30-9F41-4F70-9A27-BD7E88DF6A18"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.700.6.1.9\))
Date: Mon, 27 Jan 2025 18:20:48 +0000
In-Reply-To: <zJEuKuOes96mldx9QVexJER4Xu1HgbuZZU2ujDtZPt81yV4g7GBptGs3A_hoXvxU5GwigsA-OW_2pVJ_g093EVo461FY4plg114qPFHBAYo=@protonmail.com>
To: Daniel Huigens <d.huigens@protonmail.com>, IETF OpenPGP WG <openpgp@ietf.org>
References: <173264571597.581885.1047714570419252899@dt-datatracker-5679c9c6d-qbvvv> <EEED1E4F-973E-4424-88F0-5D81BD6F997F@andrewg.com> <2649917e-59f4-4f9a-a3fb-b348061a3f35@mtg.de> <2014BBED-66A4-4C75-8F53-C272028358B7@andrewg.com> <EFF27E24-69BE-41E1-B595-6818E7BD65AC@andrewg.com> <BEeS2ActRDMBc7u_4OgmX06FsbP4SQRe-bS1rRTWUUjJEay00OYlNcp7hxhHwCY3Y1dMU3XKXF346dBAVwiQrGxvJKz6iznQyNC1u9LC1Cs=@protonmail.com> <7A36921B-C6A1-44D2-9E9C-76D5104BCEC0@andrewg.com> <ulkJ1A_n5kJrFx8x1nTrrFWgsxaz4gdgZLwQk18UEg4bJPC5MI83kCvjGo4GSl4XU2a-bheeigDmiXM3MaAd93Qlq795wFpRwHb58y9QauI=@protonmail.com> <3C1A2A62-DF22-452C-B933-200AE07DAAFA@andrewg.com> <zJEuKuOes96mldx9QVexJER4Xu1HgbuZZU2ujDtZPt81yV4g7GBptGs3A_hoXvxU5GwigsA-OW_2pVJ_g093EVo461FY4plg114qPFHBAYo=@protonmail.com>
X-Mailer: Apple Mail (2.3731.700.6.1.9)
Message-ID-Hash: S4IZ5BXVOVO7PC5MWA5VMZ7HEYTEVWVF
X-Message-ID-Hash: S4IZ5BXVOVO7PC5MWA5VMZ7HEYTEVWVF
X-MailFrom: andrewg@andrewg.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-openpgp.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Johannes Roth <johannes.roth@mtg.de>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [openpgp] Re: I-D Action: draft-ietf-openpgp-replacementkey-02.txt
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/3k-atguK-9MfNdte1PQasC5hXqQ>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Owner: <mailto:openpgp-owner@ietf.org>
List-Post: <mailto:openpgp@ietf.org>
List-Subscribe: <mailto:openpgp-join@ietf.org>
List-Unsubscribe: <mailto:openpgp-leave@ietf.org>
On 27 Jan 2025, at 17:46, Daniel Huigens <d.huigens@protonmail.com> wrote: > > On Monday, January 27th, 2025 at 18:09, Andrew Gallagher <andrewg@andrewg.com> wrote: >> It would only work if B was already the (bound equivalent) replacement of A, and then the key holder subsequently lost access to A. It could be years later they misplaced the passphrase or some such. They could still say “upgrade from A to B if you can”, but without encouraging fallback. > > In this scenario, perhaps key A could designate key B as a delegated revoker <https://www.ietf.org/archive/id/draft-dkg-openpgp-revocation-01.html#delegated-revoker> as well, such that key B can revoke key A once it's time for that? (And once that idea or some variant of it is implemented, of course..) That would definitely give us the desired functionality (and a bit more). The main semantic difference would be that delegated revocation is permanent by design, whereas replacement can evolve over time. And from a practical point of view, a delegated revoker would have to be created for every equivalence binding, because by the time you need one it’s to late to create one - and this might be too heavy for a feature that we expect to be rarely used. (Remember that we decided not to use certification signatures for equivalence to keep the mechanism lightweight, and delegated revokers would negate that saving) That said, you could equally argue that it’s not worth adding flag bits for a feature that we expect to be rarely used. And I suppose this whole subject comes down to a cost/benefit argument. A
- [openpgp] I-D Action: draft-ietf-openpgp-replacem… internet-drafts
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Andrew Gallagher
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Johannes Roth
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Andrew Gallagher
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Johannes Roth
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Daniel Huigens
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Andrew Gallagher
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Johannes Roth
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Andrew Gallagher
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Daniel Huigens
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Andrew Gallagher
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Daniel Huigens
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Andrew Gallagher
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Daniel Huigens
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Andrew Gallagher