Re: [openpgp] Revocations of third-party certifications (TPK+"CRL") [was: draft-dkg-openpgp-abuse-resistant-keystore-04.txt]

vedaal@nym.hush.com Fri, 23 August 2019 15:48 UTC

Return-Path: <vedaal@nym.hush.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A84E120105 for <openpgp@ietfa.amsl.com>; Fri, 23 Aug 2019 08:48:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=hush.ai
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0mTmEKW8-bSr for <openpgp@ietfa.amsl.com>; Fri, 23 Aug 2019 08:48:44 -0700 (PDT)
Received: from smtp10.hushmail.com (smtp10.hushmail.com [65.39.178.143]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 37CBB12008A for <openpgp@ietf.org>; Fri, 23 Aug 2019 08:48:44 -0700 (PDT)
Received: from smtp10.hushmail.com (localhost [127.0.0.1]) by smtp10.hushmail.com (Postfix) with SMTP id D1276C0AB7 for <openpgp@ietf.org>; Fri, 23 Aug 2019 15:48:42 +0000 (UTC)
X-hush-tls-connected: 1
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=hush.ai; h=date:to:subject:from; s=hush; bh=7xtqGuq2NO3AIi06jwpWTFI9VU2zV5M2AqL4dmuP7JQ=; b=0ZNfQ8fg4bb6AT4rv15/ThTscajEUgGx7R4Uw6DqwC2ALLWMb2HVp6s2PZ3A67+DXhyoPtKPPFIGMZIFhUkfWlBJcXymJLHz1bMUpvi0AUtSmASyobdH9GBFWddH7UD4yji81sXDXJ2ac9c5OsfbjFqvH1yXoHR8p4DFb4LDs3qt62xyNV+bV6CSpXo7yDz9PH3k4TCOpuJSfouQ1a8g5TscMl8rgxokvMlpp5UAFzUW5h6HZ6fINSTXqtJi/cHaIRY+2cKkioa9DMJb4r8JhgDmfjaBREhc30CPbUaK2cVOXaevA/2wSj+SklHmkj3oIEIci1fHnotKBf1LzSACXg==
Received: from smtp.hushmail.com (w5.hushmail.com [65.39.178.80]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp10.hushmail.com (Postfix) with ESMTPS; Fri, 23 Aug 2019 15:48:42 +0000 (UTC)
Received: by smtp.hushmail.com (Postfix, from userid 99) id 0F675A017C; Fri, 23 Aug 2019 15:48:42 +0000 (UTC)
MIME-Version: 1.0
Date: Fri, 23 Aug 2019 11:48:41 -0400
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, openpgp@ietf.org
From: vedaal@nym.hush.com
In-Reply-To: <8736hsdfm4.fsf@fifthhorseman.net>
References: <156650274021.14785.10325255315266801149.idtracker@ietfa.amsl.com> <875zmodi1v.fsf@fifthhorseman.net> <8736hsdfm4.fsf@fifthhorseman.net>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="UTF-8"
Message-Id: <20190823154842.0F675A017C@smtp.hushmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/3xJaoIZ3DYZv8Cpup8bZT8p8rYg>
Subject: Re: [openpgp] Revocations of third-party certifications (TPK+"CRL") [was: draft-dkg-openpgp-abuse-resistant-keystore-04.txt]
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Aug 2019 15:48:45 -0000


On 8/22/2019 at 6:03 PM, "Daniel Kahn Gillmor" <dkg@fifthhorseman.net> wrote:
>
>On Thu 2019-08-22 17:08:44 -0400, Daniel Kahn Gillmor wrote:
>>  * introduce augmentation to TPK for third-party certification 
>revocation  distribution

>A concrete example:
>
>- Alice is a popular and well-respected certifier.
>
>- Bob meets Alice and they exchange fingerprints.  Alice certifies 
>Bob's identity, and Bob attests to Alice's 3rd-party certification, 
>shipping it with his OpenPGP certificate.
>
>- They go their separate ways.
>
>- Later, Alice learns from a reliable source that Bob's OpenPGP 
>secret key material has fallen into the hands of Eve, or that Bob was 
>not who he claimed to be, or whatever.  She decides to revoke her
>  certification, and she tries to reach Bob but he is 
>uncontactable.

=====

What if the third party signature just had an 'expiration' option ?

(e.g.    Signature validity:  0,  Forever;     1,  1 year;    n,  n years)

This allows for 'expiration' of validation in the event of possible compromise, 
and if it is not compromised, then the signer can 're-sign'/'update' the certification, 
send it to the key owner, who can then upload it to the server.


vedaal