IETF Logo Mail Archive

Re: [openpgp] primary key binding signature requirement

Paul Schaub <vanitasvitae@riseup.net> Fri, 02 December 2022 22:51 UTC

Return-Path: <vanitasvitae@riseup.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C1D95C14CF15 for <openpgp@ietfa.amsl.com>; Fri, 2 Dec 2022 14:51:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.797
X-Spam-Level:
X-Spam-Status: No, score=-2.797 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=riseup.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kIZ0E2ivBuLt for <openpgp@ietfa.amsl.com>; Fri, 2 Dec 2022 14:51:27 -0800 (PST)
Received: from mx0.riseup.net (mx0.riseup.net [198.252.153.6]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 94BCBC14F748 for <openpgp@ietf.org>; Fri, 2 Dec 2022 14:51:27 -0800 (PST)
Received: from fews1.riseup.net (fews1-pn.riseup.net [10.0.1.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "mail.riseup.net", Issuer "R3" (not verified)) by mx0.riseup.net (Postfix) with ESMTPS id 4NP7Tp6pzPz9sFV; Fri, 2 Dec 2022 22:51:26 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1670021487; bh=L1tVDW4piCMFYMPHN9+aIzY/dQf0psFDUTZ1N6Xvh5c=; h=Date:From:To:CC:Subject:In-Reply-To:References:From; b=agnd+cLp7Kj7AvOTLvkl7U6cgt8qrbeAFRwWeb3G9VM6p8CDCXquRRsGh78Qj1nZr UoHd+KBFvGWaGmSlURyiiCkh41Gi/UuX0EmJbNvvfE/pg0fsQ/mvVxLafLxp/vD0Pg OH7GebOzeriFzX2wB09LTP55nVQveAuPYRAtRhlI=
X-Riseup-User-ID: 1F2857669293693095CE84A69EFF25B31941036056D5825198CB90D89895D259
Received: from [127.0.0.1] (localhost [127.0.0.1]) by fews1.riseup.net (Postfix) with ESMTPSA id 4NP7Tn6Hh7z5vNH; Fri, 2 Dec 2022 22:51:25 +0000 (UTC)
Date: Fri, 02 Dec 2022 23:51:21 +0100
From: Paul Schaub <vanitasvitae@riseup.net>
To: openpgp@ietf.org, Aron Wussler <aron@wussler.it>, "Neal H. Walfield" <neal@walfield.org>
CC: IETF OpenPGP WG <openpgp@ietf.org>
In-Reply-To: <4xf4guGg2quiLcVvBQI78yHRQmwuV3NK-tyKFMw9pdwv5MXBmgnAUIu0vDxYK0L8dz3zQdwV5JoPozx98gIoCtgFVbNBg03UQSt8YfE_7YM=@wussler.it>
References: <87v8mv4gfe.wl-neal@walfield.org> <4xf4guGg2quiLcVvBQI78yHRQmwuV3NK-tyKFMw9pdwv5MXBmgnAUIu0vDxYK0L8dz3zQdwV5JoPozx98gIoCtgFVbNBg03UQSt8YfE_7YM=@wussler.it>
Message-ID: <DAD8D9FD-E0CD-4D7A-BD8F-776F07207C06@riseup.net>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----FEM9AMAJPDM8AV5BKBYASXHQB2TBLE"
Content-Transfer-Encoding: 7bit
Autocrypt: addr=vanitasvitae@riseup.net; keydata= mQINBFfz1ucBEADXSvUjnOWSzgW5hXki1xUpGv7vacT8XqqGbO9Z32P3eFxa4E9JvveJmx+voxRW pleZ/L6XCYYmCKnagjF0fMxFD1Zxicp5tzbruC1cm/Els0IJVjFVRLke3SegTHxHncA8+BYn2k/V nTKwDXzP0ZLyc7mUbDl8CCtWGGUkXpaa7WyZIA/qmvUqh7671Vr4vJlq0kFbUibsFblZjk9uydHv vqaVpmBzbr/gWDyirHXwPl5lCnWpORjT7tc8hjyt+dxpmnGdqlDIcqUjdCWoN6NxffLtKz/XpJ+d BvA8rXT/QaPSaVCGo0DbgybvRF1HvX30udx4FF9fFsVAbYP1mvZx4fHy+Z1rJJhODZv1YpH7YY1b mG02vfFkwpW4AyAdsONA+n/XdMCsA006/pljNd3GxjcqB5D6BhpdUvcgUslkuELsVYWbEyhxKzzJ vZNjQ/iHsaThooy9SFHc71PgYdyEL/WzoGr421GwpCL6BuE0rlumgaTmjoU/9ydLO6zpbV4RYDgt saGQxOxVc0y1Lj8CWTi/XYIVRnmqrjGmubRV7q8pTxrgoyk2zwQ+twyxp/8ZRHzl5ISiDLKSDlcM K1oa7NqyL+MCwiswpaObk56HxgF2ZwEbJZYCwetxyTK7HX4/WV0V6TaPzS7dHAsb6t1Aq8IS1JdG jWKRPkjkhR95nQARAQABtCVQYXVsIFNjaGF1YiA8dmFuaXRhc3ZpdGFlQHJpc2V1cC5uZXQ+iQS+ BBMBCgKoAhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAFiEEf5EW/qkKWYOTbHz6oCfbLz4eEYoF AmAMGzk1FIAAAAAAEgAacHJvb2ZAbWV0YWNvZGUuYml6ZG5zOmphYmJlcmhlYWQudGs/dHlwZT1U WFQ+FIAAAAAAEgAjcHJvb2ZAbWV0YWNvZGUuYml6aHR0cHM6Ly9mb3NzdG9kb24ub3JnL0B2YW5p dGFzdml0YWWQFIAAAAAAEgB1cHJvb2ZAbWV0YWNvZGUuYml6eG1wcDp2YW5pdGFzdml0YWVAamFi YmVyaGVhZC50az9vbWVtby1zaWQtMjA5MzY4MTU0NT02Mjg5YWEzYmQ4YTUwMWEzNjMyMmEwZjg5 NGY4ZDFkOTcxOGRlZDAzNjE2MDM5ZjFjZjQ4YjJhNDFlZTM1OTIwjxSAAAAAABIAdHByb29mQG1l dGFjb2RlLmJpenhtcHA6dmFuaXRhc3ZpdGFlQGphYmJlcmhlYWQudGs/b21lbW8tc2lkLTE5OTE0 MTgyMD1mNGE4ZmY4NDAwNDM5M2E4N2Y3MDEzYzYwMDY1YmRjODliMTE2OWViY2ZiODA2MGM0Zjk2 NjliNDNiYTBjODE0kBSAAAAAABIAdXByb29mQG1ldGFjb2RlLmJpenhtcHA6dmFuaXRhc3ZpdGFl QGphYmJlcmhlYWQudGs/b21lbW8tc2lkLTE0Mjk2NzcxMjU9ZThhN2IxMjM2Yjg1MGI0NjdhNTA5 MmMwYmRmZWE4NmE1M2UzNjg0MjgzYTFkNWZlMjZlZjU4NzJkZDBhZWY0MUgUgAAAAAASAC1wcm9v ZkBtZXRhY29kZS5iaXpodHRwczovL2NvZGViZXJnLm9yZy92YW5pdGFzdml0YWUvZ2l0ZWFfcHJv b2YACgkQoCfbLz4eEYrCxQ//Wjn7sEx+1rWCxVIQG9qqYJkMrSMvsyjeDZJrKLD5o5XIVQhjL/9g t3hBkYiOftarTXmmMD+xLAAS1netQTvgAJuLb1gypKqB8wG+4Po7e7ZO9XTLkjqjMZSTA/ZyJw2V fGdw40oGl8NEZrVUMiDiCEYzv8CXgBoEwiE0BA4lLUWKh9dnuonuMornsFjx7W5R+DQoKE+//G7b XCuErLwO6wHPs9K3xLwoG2Kyy3wyr57DystEVtnQX+XlWC9251VJpHWaZJOhG+YqCLZEeMizuGUQ TBGv51YY71JpbSjE1tXKAyU/+ksSfVH1T3i0DEMteCZoNgvY01fDKRrm4EouzLV0depe6Qo9LynL Y9mG7YUkwtTT6aX6zaRNsDYHN7uyVE66IY8mD1bOi8JBhUNqbx5p8YMwLpDf3cdcf6DGrb0tGDYu 6V/g0m2iw7glVs7LN55F3kWVmRSInu9uJWojMY3yN6Xwyv800oJyhyTCavLW7ckCvCA1KpH5S/4J 4fjjpuaV9nomvApZBFy4pVF+tca5PjpiagVJomOOVMBNRXFxS5A2QWVDpuJuZ3MSYVoqlVJBR/yB ecSMuHvwruR3HzVz1yYhTgau6Ura7MZBQu3dSArK3Kth/kQ7CqdusMOEBhEXByVthGO89RlKVNag Kji7vaA67F1FYODJr0hzRie5Ag0EV/PW5wEQALNTc5Gh0TR1rtmIkJPJU3LXIhY8jJVR/1ctvMmU n6R1q7ezAs4ZGitT2LFpZyYnzpQp788g1tuqLi6mz0edZc0RbPVCA9Xc4OEQrjzLNE8JSH3FAmwU XN5atwJ/eNbBMA9PoILhqINaCLptq3oAH7Z20qEI/9fjqGWc9M6ng5B6K0HAg03NxH2LC47MIhYq IqDj1oD4xug0mt/cX9O2Ha1tAzsKSfzPjAlaD8URKm1wv6AmFEPOYeFeumvGDGK5pHh86tZLl+x1 7qCSrV/Ft7xwoj6P7FP8Be+G9KA4rJH3l8DGmaEYVT5GBgRCIQDup/balrbks8VpjFh/0w8PIdhj OoQmuu2D1bok587TXa/BUfQ91haXIs6WzSRY+hwXK3zuiMA+TSvIeX4qhXiEACH6NTy/PDgvIw1Y 7HBdGKCXgoiPLERYz/9cvzG2GiiEeHwPj26IHlv5JRniPG6ePXRkGvvHJ64A3J8zUtU14dWXGqG/ R/gwx3Ugjd+4R7X66BQwQq+ikUOeVswU3Ufs5om2Q45BmOE9LmkIxUABrITzRnK+t6wklsmZyJ8d R+FlsJ7FKrk7e0/qrdEwDn3fvbIYD6s/3SypJBfO5gbUuNt3RnQ6egWSebeJaZfCxokrpPaf3JKA eDBE/tYi42lPhRAixciIPeb+hpNTmBcXg55xABEBAAGJAn4EGAEIAHIFgl/4kEMJEKAn2y8+HhGK RxQAAAAAAB4AIHNhbHRAbm90YXRpb25zLnNlcXVvaWEtcGdwLm9yZ2FgE3f7bnBndxQ4h2+ACXWf TabWwHHHGpI9ZqZhZTBJAhsMFiEEf5EW/qkKWYOTbHz6oCfbLz4eEYoAADAdD/0Szb4rHGgdyItG SzLOsEDrGJCfztXOH5vGo5s/meZYBIYFW3hYZrKiRyIJP54uFHHRwLCiAcH3FcWT80fpx9YOQiHf xNpmVwnAoufOmfI8p/G9+Fcf62HSVZKsgS9zrUvhDjAUTrwOVbDVqyFZtAaxqsxI5tJilLkZXaWc ozUcw9m3iEyZDgpNR/1arfmwl5sW9mpG/tOmwdDaihvpI0b5Qp0sAb2fkcol1aznnqI+Dg4BsrWt FvkbZ6GvgF6a+SROrgXN2fr4Gaw53agYA/0mVF4zQv/2NzOqsX44vOHvB15hc7mXHJks8B/jqejJ YeF4j4asZi+fwCaBPEMQlJwm+JhDXJ3xnZp5Zlhq2wKTZHZm94Vw16WQic0WIHT7VBLlief5pZtP e/f2xfG9BzdHghtOlaqDYvp0jW3rYe3/+ILHqutA6XCWn+JRlbPQII1xTRlksmZh7hcDPlKXx2Yk V36a24pQe2QYX4cfXdDGe5bshQGtSHQo2926Xb2TD0ksfMaFuKG3LhMVWsicyc9RwnlsK98GLs1e EpFm0pt2FjgXyvRGhnNkaIE7vPXrJsgsFtrrJXEq52Eug6dJQnAtQl7CpWSlldhmYG2QFCPsO0+9 VE+A8Pz+Kjr7iiH6rw9kidGX6CqFdaGuWDR6qbCVJpnPlF5n02YHz9eMcwVMlQ==
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/8W2Bn5ND7w3aKQiyv5RkRkEQxKo>
Subject: Re: [openpgp] primary key binding signature requirement
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Dec 2022 22:51:31 -0000

Hey!

If we add a section about certification capable subkeys, I would like to see them forbidden.

The protocol is complex enough as it is today. I believe there are no use-cases that require subkeys of subkeys which cannot be solved in other ways.

Paul

Am 2. Dezember 2022 23:38:05 MEZ schrieb Aron Wussler <aron@wussler.it>:
>Hi Neal,
>
>> if a subkey binding signature includes the Key Flags subpacket and
>> the certification capability (0x1) or the signing capability (0x2)
>> is set, then the subkey binding signature must also contain a valid
>> primary key binding signature issued by the subkey over the primary
>> key.
>
>I agree with this.
>
>As a side note, I don't know whether we should allow subkeys to issue certifications.
>
>In real life I found poor support for subkeys with certification capability. I found no real way to create such keys (without messing with them manually) and other implementations didn't understand certifications made from that key.
>
>Maybe we should either forbid that entirely or explicitly support it.
>
>Cheers,
>Aron
>
>
>--
>Aron Wussler
>Sent with ProtonMail, OpenPGP key 0x7E6761563EFE3930
>
>
>
>------- Original Message -------
>On Thursday, December 1st, 2022 at 10:33, Neal H. Walfield <neal@walfield.org> wrote:
>
>
>> Section 11.1.1 Common requirements says:
>> 
>
>> Each Subkey packet MUST be followed by one Signature packet, which
>> should be a subkey binding signature issued by the top-level key.
>> For subkeys that can issue signatures, the subkey binding signature
>> MUST contain an Embedded Signature subpacket with a primary key
>> binding signature (0x19) issued by the subkey on the top-level key.
>> 
>
>> https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-07#section-11.1.4
>> 
>
>> What does it mean for a subkey to issue signatures? I think
>> authentication subkeys technically issue signatures, but they don't
>> normally include a primary key binding signature. For instance,
>> here's the `sq packet dump` output for an authentication-capable
>> subkey created using gpg 2.2.27:
>> 
>
>> Public-Subkey Packet, old CTB, 397 bytes
>> Version: 4
>> Creation time: 2022-12-01 09:26:21 UTC
>> Pk algo: RSA
>> Pk size: 3072 bits
>> Fingerprint: 136ABFA01DD47269514F757B10F4A631F1CB5D14
>> KeyID: 10F4A631F1CB5D14
>> 
>
>> Signature Packet, old CTB, 438 bytes
>> Version: 4
>> Type: SubkeyBinding
>> Pk algo: RSA
>> Hash algo: SHA512
>> Hashed area:
>> Issuer Fingerprint: 188A993D54814E76FF988779E962990F14D5ACA4
>> Signature creation time: 2022-12-01 09:26:21 UTC
>> Key flags: A
>> Unhashed area:
>> Issuer: E962990F14D5ACA4
>> Digest prefix: 3C63
>> Level: 0 (signature over data)
>> 
>
>> Should authentication-capable subkeys include a primary key binding
>> signature? If not, perhaps it makes sense to change the language in
>> 11.1.1 to say something like:
>> 
>
>> if a subkey binding signature includes the Key Flags subpacket and
>> the certification capability (0x1) or the signing capability (0x2)
>> is set, then the subkey binding signature must also contain a valid
>> primary key binding signature issued by the subkey over the primary
>> key.
>> 
>
>> Neal
>> 
>
>> _______________________________________________
>> openpgp mailing list
>> openpgp@ietf.org
>> https://www.ietf.org/mailman/listinfo/openpgp

v2.23.0 | Report a Bug | By Email