Re: [openpgp] WKD for OpenPGP certificate "Intevation File Distribution Key <distribution-key@intevation.de>"

Daniel Kahn Gillmor <dkg@fifthhorseman.net> Tue, 06 August 2019 13:09 UTC

Return-Path: <dkg@fifthhorseman.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0FC51120183 for <openpgp@ietfa.amsl.com>; Tue, 6 Aug 2019 06:09:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=fifthhorseman.net header.b=3LeZEbVJ; dkim=pass (2048-bit key) header.d=fifthhorseman.net header.b=FP/oNDCM
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MFFWmjeGBJfF for <openpgp@ietfa.amsl.com>; Tue, 6 Aug 2019 06:09:30 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [IPv6:2001:470:1:116::7]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2AAB812013E for <openpgp@ietf.org>; Tue, 6 Aug 2019 06:09:30 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019; t=1565096968; h=from : to : cc : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=pgEYQGinjxHRaaGVFnVGSlxxKNYYTBDK1QWGIoRKnMc=; b=3LeZEbVJCBsW25XqWPhpJU9ZNE06vwZhAH4TF+MbIyXTN6y15GtTV4c7 cZ/O6Eg/XPutUIVyl3d0IizU/W+jBw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019rsa; t=1565096968; h=from : to : cc : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=pgEYQGinjxHRaaGVFnVGSlxxKNYYTBDK1QWGIoRKnMc=; b=FP/oNDCMutGZBPoh406xIisKv7ULtgfVwmt6vG9YmUBIcSVsp8WeeKIo 6pYbRzWw+rXCfl5IQ3oAm1qnlWubI8HfJ+ZqNHh1I0eWDOY2h7RCHU13MG zzY3gqaxghAE5XjZzI49Oa+qyjdyymQ2n8e2kL3LjJxekMNodtXJCGdOFo 9GyDNS2RH6pt6xA802LcquVFYzRWJJggkMY3Ifri7lR9vfjyNQKBwBIyU2 rCIM4NIwqUJQVmfMuw0Vrh5j73DUmzQcO059yCzzCyHGiFaG+v5OXHWG39 J576FWhxuMXq/ioGcsfNxD5a9T0UQuFtSv4JHNMDty1WGcAJdUzArQ==
Received: from fifthhorseman.net (unknown [98.11.158.111]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id 4FEBCF99F; Tue, 6 Aug 2019 09:09:27 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000) id CA7BA2024E; Tue, 6 Aug 2019 08:25:07 -0400 (EDT)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Thomas Arendsen Hein <thomas@intevation.de>
Cc: gpg4win-users-en@wald.intevation.org, openpgp@ietf.org
In-Reply-To: <20190805132446.482087064.thomas@intevation.de>
References: <87ftmnro0l.fsf@fifthhorseman.net> <20190805132446.482087064.thomas@intevation.de>
Autocrypt: addr=dkg@fifthhorseman.net; prefer-encrypt=mutual; keydata= mDMEXEK/AhYJKwYBBAHaRw8BAQdAr/gSROcn+6m8ijTN0DV9AahoHGafy52RRkhCZVwxhEe0K0Rh bmllbCBLYWhuIEdpbGxtb3IgPGRrZ0BmaWZ0aGhvcnNlbWFuLm5ldD6ImQQTFggAQQIbAQUJA8Jn AAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBMS8Lds4zOlkhevpwvIGkReQOOXGBQJcQsbzAhkB AAoJEPIGkReQOOXG4fkBAO1joRxqAZY57PjdzGieXLpluk9RkWa3ufkt3YUVEpH/AP9c+pgIxtyW +FwMQRjlqljuj8amdN4zuEqaCy4hhz/1DbgzBFxCv4sWCSsGAQQB2kcPAQEHQERSZxSPmgtdw6nN u7uxY7bzb9TnPrGAOp9kClBLRwGfiPUEGBYIACYWIQTEvC3bOMzpZIXr6cLyBpEXkDjlxgUCXEK/ iwIbAgUJAeEzgACBCRDyBpEXkDjlxnYgBBkWCAAdFiEEyQ5tNiAKG5IqFQnndhgZZSmuX/gFAlxC v4sACgkQdhgZZSmuX/iVWgD/fCU4ONzgy8w8UCHGmrmIZfDvdhg512NIBfx+Mz9ls5kA/Rq97vz4 z48MFuBdCuu0W/fVqVjnY7LN5n+CQJwGC0MIA7QA/RyY7Sz2gFIOcrns0RpoHr+3WI+won3xCD8+ sVXSHZvCAP98HCjDnw/b0lGuCR7coTXKLIM44/LFWgXAdZjm1wjODbg4BFxCv50SCisGAQQBl1UB BQEBB0BG4iXnHX/fs35NWKMWQTQoRI7oiAUt0wJHFFJbomxXbAMBCAeIfgQYFggAJhYhBMS8Lds4 zOlkhevpwvIGkReQOOXGBQJcQr+dAhsMBQkB4TOAAAoJEPIGkReQOOXGe/cBAPlek5d9xzcXUn/D kY6jKmxe26CTws3ZkbK6Aa5Ey/qKAP0VuPQSCRxA7RKfcB/XrEphfUFkraL06Xn/xGwJ+D0hCw==
Date: Tue, 06 Aug 2019 08:25:07 -0400
Message-ID: <87sgqepjks.fsf@fifthhorseman.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/68U6vWa4J4QzDxwnt2SUAlsCzgg>
Subject: Re: [openpgp] WKD for OpenPGP certificate "Intevation File Distribution Key <distribution-key@intevation.de>"
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Aug 2019 13:09:32 -0000

[ Adding openpgp@ietf.org as i think this discussion is more
  standards-relevant, and is not just gpg4win-specific ]

On Mon 2019-08-05 13:32:33 +0200, Thomas Arendsen Hein wrote:
> The WKD RFC does not allow publishing multiple keys for the same
> email address, unless all but one of they keys has been revoked.
>
> But it makes sense to only publish the new key, so I just replaced
> it.

Thanks for updating the key!

I read
https://tools.ietf.org/html/draft-koch-openpgp-webkey-service-08#page-5
and i can see how to read it via your interpretation, but i confess i
read it with some ambiguity:

   The HTTP GET method MUST return the binary representation of the
   OpenPGP key for the given mail address.  The key needs to carry a
   User ID packet ([RFC4880]) with that mail address.  Note that the key
   may be revoked or expired - it is up to the client to handle such
   conditions.  To ease distribution of revoked keys, a server may
   return revoked keys in addition to a new key.  The keys are returned
   by a single request as concatenated key blocks.

So when i read this, i think the MUST applies to the fact that a binary
representation of the key needs to be present in the HTTPS response
body, but other material can also be included.

I don't see any constraint like "MUST NOT return multiple non-revoked
keyblocks", and i *do* see "it is up to the client to handle such
conditions…" which makes me think that clients will need to understand
what to do if multiple non-revoked OpenPGP certificates are returned
anyway.

What should a sensible OpenPGP client do if it encounters this case?

Even if there was a "MUST NOT" added, what should a sensible OpenPGP
client do if it encounters such a response?  reject all the
certificates?  take only the first non-revoked one?  take only the last
non-revoked one?  take the one with the most recent creation date that
has algorithms that the local implementation can handle?

What if two subsequent queries to the WKD endpoint (within an hour of
each other, let's say) return different certificates?  what should a
client do?

> Andre, do you think it would be helpful to keep old keys available
> via WKD? If yes, either the WKD RFC needs to be adjusted (which
> possibly can be helpful for people having multiple keys, too, e.g.
> ed25519 and a more compatible fallback rsa3072 key, or during key
> rollover when emails are still signed with the old key, but a new
> key already is available)

I think it would be concretely useful in cases of a planned key
transition to be able to return multiple still-valid certificates via
WKD.

> or we need to use different email addresses,
> e.g. distribution-key+2016@... for a key generated in 2016.

Please don't resort to this approach.  E-mail addresses should establish
a constant long-term identity.

  --dkg