IETF Logo Mail Archive

Re: [openpgp] User ID Attribute Subpacket

Justus Winter <justuswinter@gmail.com> Mon, 04 March 2019 16:27 UTC

Return-Path: <justuswinter@gmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C6050131065 for <openpgp@ietfa.amsl.com>; Mon, 4 Mar 2019 08:27:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ux_7w887qzEO for <openpgp@ietfa.amsl.com>; Mon, 4 Mar 2019 08:26:58 -0800 (PST)
Received: from mail-ed1-x52b.google.com (mail-ed1-x52b.google.com [IPv6:2a00:1450:4864:20::52b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7C0CB131069 for <openpgp@ietf.org>; Mon, 4 Mar 2019 08:26:49 -0800 (PST)
Received: by mail-ed1-x52b.google.com with SMTP id c55so4758265edb.0 for <openpgp@ietf.org>; Mon, 04 Mar 2019 08:26:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=pnpycuSHRQCztEbRTvCJ4gBe4FOvYHU+OG+6nR5kD40=; b=cYk1Pfeadym1rTMC8sh3uck+e4c8WtdX6q4GJ37V6Va2LmvV7oH1YhG2/fZas4whEx iDmXBRf8xVXEFE93hmD2vvbd2M2pMLEW1h9BA7QN3n31LRQJ3PVCj6q2llPe0f1r6MCY AdGClm5gBEPYztwpwG8EynzSkdmmMywQkMaJ8r8iJNNom+zGkPfNnJgzwcjctBQQAyhE VpfOeDMkl6XY0d9iSoNSZ22Gc8lOuXDYQvzE0HiOeTYP9qmiUGHPmn2UdGHUlUeYu0s6 +UCjXVExzBWbRjuP3i46UZsZnochz8Yb3c2WewgHKpaxYoNpHc8QnS6FPZJoPPnCi+gK lg3A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=pnpycuSHRQCztEbRTvCJ4gBe4FOvYHU+OG+6nR5kD40=; b=CSZYw53pJ4gKTTCadQ94YaX0U3bDCdpuxxvP/CYAwK5ruDEIwMu6OW15FCoqoNXgJP W7FUXHgusF2ZlUMDsuljccZgUzTc6mRsVQx/ugCpkcjN3jmaMyH6wvQZhjWYUguxkeQh 1TbZtgl+KdoYOWaK43fcof6r+w3kuQO8OZuGfDki7M+AQHJVT7mLOxJsHuxB82nwodON 9ttWXuCFSaR3f8pwUybnQaJ89h8aZv8IwfYAJpmYs1B39pe90zYnhU4qSaA53lF8I3/H jd4CnwAM21TFltgOnnaYUeAru9HmDWkAzmMcZ7YOMCJrTh8VusB7bIaM2M8x6uGBY8i6 /kLQ==
X-Gm-Message-State: APjAAAWzJ77mot34RkHFatMKwv5880CwpM3dtUankdm1OZ4K+jempFFr upIimqnavpD55+wyyK21RKUlZ8QlBihdTOUGClk=
X-Google-Smtp-Source: APXvYqy+32w4cRHA+SIncMIe6j3JtVPDXx9O61WXJ5Iv40SXtLSd0Q5/XYgiiGPAC1rrbNgCv/AMFtWy8n4ZUSn0zbQ=
X-Received: by 2002:a50:eb4a:: with SMTP id z10mr16064850edp.284.1551716807771; Mon, 04 Mar 2019 08:26:47 -0800 (PST)
MIME-Version: 1.0
References: <CA+t5QVsS871zG30dhW_GZ9ALq8bDASD-D3p0YQp9iGJEXUddmA@mail.gmail.com> <d34d0310-2851-dc4b-b5b3-79c7ec530e73@metacode.biz> <CA+t5QVsTATuw4pRhEdMOogh3YA237Rd2zOzzX3B3tZL04tfE0w@mail.gmail.com> <d7bf74c8-8415-da7a-4bf9-5bd455fb657e@metacode.biz> <sjmwolu30jc.fsf@securerf.ihtfp.org> <CA+t5QVuUEjR+6KmzPQJOZXaq3NhavMHa=qTMd8dQwdcT=2dwQQ@mail.gmail.com> <546b32d041f2cd0227aaa737f8841b26.squirrel@mail2.ihtfp.org> <CA+t5QVuWOpQ0=9=iZFrcTaH0b=O76vYuD0hXsKz3yj9kbQkEjg@mail.gmail.com> <48eadafb01b3c6e3872380cac3863c98.squirrel@mail2.ihtfp.org>
In-Reply-To: <48eadafb01b3c6e3872380cac3863c98.squirrel@mail2.ihtfp.org>
From: Justus Winter <justuswinter@gmail.com>
Date: Mon, 04 Mar 2019 17:26:36 +0100
Message-ID: <CA+t5QVv6xCpez6thgm7c0DSJBYj_rG10CsROmOHJ-nnGfK0SvQ@mail.gmail.com>
To: Derek Atkins <derek@ihtfp.com>
Cc: openpgp@ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/7fxUHLnm9W-wAlI_vG97EzzBByg>
Subject: Re: [openpgp] User ID Attribute Subpacket
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Mar 2019 16:27:01 -0000

On Mon, Mar 4, 2019 at 4:35 PM Derek Atkins <derek@ihtfp.com> wrote:
> On Mon, March 4, 2019 10:02 am, Justus Winter wrote:
> > So your usecase is to have a UserAttribute packet, with a single UserID
> > subpacket, and one or more Image subpackets, bound by a single signature.
> > Is that correct?
>
> I'm confused by your confusion.  What part of "additional attributes" do
> you not understand?  I'm not trying to be a PITA here, but I'm honestly
> not understanding your confusion about what is meant here by what I said.
>
> But to answer your question, yes, I want to have a UserID and an Image
> with one binding signature -- and possibly additional future attribute
> subpackets, too.

Well, your proposal is about adding some notation data, and I did not imagine
you wanting to burden your embedded devices (for which a mere URI as the
notation data's key is too much) with images.

> >> Note that you can already have multiple UserIDs on a key.  If your main
> >> gripe is that you could have multiple User ID Attribute Subpackets bound
> >> by the same signature, I am fine if you want to limit that and say that
> >> an
> >> implementation MUST NOT (or SHOULD NOT) include more than one in a
> >> single
> >> Attribute packet.
> >
> > My gripe is that UserID subpackets seem redundant, therefore needlessly
> > complicating the standard, and neither this discussion, your draft, nor
> > the
> > language that ended up in draft-06 properly motivates the redundancy.
>
> It's not redundant, because you cannot, in 4880, have a userid + image
> bound by a single signature.  It only SEEMS redundant to you because they
> are effectively performing similar operations, but as it currently stands
> you would have a UserID + signature, and then an Image + signature.  So
> there is no way to do { UserID + Image } + signature using what's
> available in 4880.  Therefore, it is not redundant.
>
> I should note that, having implemented this, the additional code to handle
> this is actually quite small!  You can actually reuse a great deal, so
> really it's just a protocol number and an additional branch.

Is it though?

At this point I need to stress that while such an addition seems trivial, lot's
of these trivial details add up and contribute to the complexity of
the protocol.
Therefore, every addition to it should face scrutiny, even more those that
introduce redundancy.

And it is not just a matter of implementation, but of semantics.

Say you parse a TPK into some data structure, and you have a way to
iterate over the user ids and their binding signatures.  Now, for consistency,
we want to include your user ids.  However, the iterator now has to deal with
two different ways of representing the same thing, and verification of the
corresponding binding signatures is no longer uniform.

So from my perspective, adding subpacket-based user ids has a high cost.
And now that I understand your use case, I wonder if there isn't an easier way
to do what you want, without complicating the standard.

For example, you could store the image as notation data in the binding
signature of a user id.  Seeing that you use notations for other data,
implementing this should be straight forward for you.

Speaking of implementations, GnuPG does not support the user id attribute.
Is there an publicly available implementation that does?

Thanks,
Justus

v2.23.0 | Report a Bug | By Email