Re: V3 secret keys
hal@finney.org ("Hal Finney") Tue, 07 February 2006 20:42 UTC
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F6ZfO-0003Dm-2i for openpgp-archive@megatron.ietf.org; Tue, 07 Feb 2006 15:42:26 -0500
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA28023 for <openpgp-archive@lists.ietf.org>; Tue, 7 Feb 2006 15:40:43 -0500 (EST)
Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id k17KQU7X096909; Tue, 7 Feb 2006 12:26:30 -0800 (PST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id k17KQUXw096908; Tue, 7 Feb 2006 12:26:30 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from finney.org (226-132.adsl2.netlojix.net [207.71.226.132]) by above.proper.com (8.12.11/8.12.9) with ESMTP id k17KQT2k096899 for <ietf-openpgp@imc.org>; Tue, 7 Feb 2006 12:26:29 -0800 (PST) (envelope-from hal@finney.org)
Received: by finney.org (Postfix, from userid 500) id 2113357FAE; Tue, 7 Feb 2006 12:30:13 -0800 (PST)
To: ben@algroup.co.uk, hal@finney.org
Subject: Re: V3 secret keys
Cc: ietf-openpgp@imc.org, nagydani@epointsystem.org, vedaal@hush.com
Message-Id: <20060207203013.2113357FAE@finney.org>
Date: Tue, 07 Feb 2006 12:30:13 -0800
From: hal@finney.org
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
Ben Laurie writes: > Hal Finney wrote: > > Daniel Nagy writes: > >> I sincerely hope that this whole mess will be cleaned up with V5, where > >> there seems to be a consensus not to implement encrypted private key packets > >> at all, but put unencrypted private key packets into integrity protected > >> symmetrically encrypted packets instead. > > > > I haven't participated in the recent discussion, partly because I think > > it is a little premature until we get the current spec put to bed. > > > > I am not sure I like this idea. We'll need to retain the old mechanism > > for many years at least, requiring us to support yet another set of > > incompatible mechanisms. And I don't know if the new proposal really > > simplifies things much. > > Surely you should already support this method? If you mean, can you send a secret key around in an encrypted file, and then decrypt and import it in a single operation... yes, there's a good chance that works. However some of the more advanced ideas, like having multiple secret keys in a single file, each encrypted in a different packet, I have no idea what would happen, it is not something we have tested to my knowledge. > > Complications have been pointed out regarding sending multiple keys > > encrypted with different passphrases, requiring us to explicitly support > > multiply-concatenated symmetric-encryption & SKESK packets, which is > > not necessary at present. > > It isn't? No, I don't know of any application for that. > > It might require us to bite the bullet and > > clarify exactly what sequences of packets are legal, with possible > > backwards-compatibility problems. > > Hmm. My implementation will eat _any_ sequence of packets. So what do you do if you decrypt a file and find a sequence of encrypted packets? Or perhaps some packets signed, some encrypted, some both, all concatenated? Do you concatenate the results into a single output file (erasing the boundaries between the plaintexts, as well as information about what was signed and what wasn't); do you concatenate them along with some header information to identify where each piece starts and ends (which won't be reliable due to spoofing); do you output each piece to separate output files? Or ask the user what he wants to do? This kind of operation introduces considerable complexity in terms of providing a reasonable interface. We generally assume we are dealing with a single message consisting of one or more PKESK/SKESK packets with an encrypted packet, or a similar signed message. Once you go beyond this and try to deal with arbitrary sequences of packets it becomes highly problematic to make sure the user is getting the full benefit from the cryptography. If you have a custom program which is using this for internal, program-to-program communication, then go ahead and knock yourself out, use the data structures as you wish. But for person to person communication I think it is difficult and often unwise to try to deal with arbitrary sequences. Hal Finney
- Re: V3 secret keys Ben Laurie
- Re: V3 secret keys Ian G
- Re: V3 secret keys "Hal Finney"
- V3 secret keys Ben Laurie
- Re: V3 secret keys Daniel A. Nagy
- Re: V3 secret keys Ben Laurie
- Re: V3 secret keys Adam Back
- Re: V3 secret keys Wim Lewis
- Re: V3 secret keys Daniel A. Nagy
- Re: V3 secret keys Ben Laurie
- Re: V3 secret keys Ben Laurie
- Re: V3 secret keys Ben Laurie
- Re: V3 secret keys Daniel A. Nagy
- V3 secret keys Ben Laurie
- Re: V3 secret keys "Hal Finney"
- Re: V3 secret keys vedaal
- Re: V3 secret keys Daniel A. Nagy
- Re: V3 secret keys "Hal Finney"
- Re: V3 secret keys Ben Laurie
- Re: V3 secret keys "Hal Finney"
- Re: V3 secret keys "Hal Finney"
- Re: V3 secret keys Peter Gutmann
- Re: V3 secret keys Ian G
- Re: V3 secret keys Ben Laurie
- Re: V3 secret keys Ben Laurie
- Re: V3 secret keys Ben Laurie
- Re: V3 secret keys "Hal Finney"
- Re: V3 secret keys Ben Laurie
- Re: V3 secret keys Peter Gutmann
- Re: V3 secret keys "Hal Finney"
- Re: V3 secret keys David Shaw
- Re: V3 secret keys Ben Laurie
- Re: V3 secret keys Jon Callas
- Re: V3 secret keys David Shaw
- Re: V3 secret keys Ben Laurie
- Re: V3 secret keys Jon Callas