[openpgp] Re: I-D Action: draft-ietf-openpgp-replacementkey-01.txt
Andrew Gallagher <andrewg@andrewg.com> Fri, 01 November 2024 15:18 UTC
Return-Path: <andrewg@andrewg.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB93EC14F703 for <openpgp@ietfa.amsl.com>; Fri, 1 Nov 2024 08:18:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=andrewg.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j7QzJroAkm2U for <openpgp@ietfa.amsl.com>; Fri, 1 Nov 2024 08:18:47 -0700 (PDT)
Received: from fum.andrewg.com (fum.andrewg.com [IPv6:2a01:4f9:c011:23ad::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 93134C14F61C for <openpgp@ietf.org>; Fri, 1 Nov 2024 08:18:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=andrewg.com; s=andrewg-com; t=1730474323; bh=XbSG3H/Utf9MoYNe3n+dnbQCNvSb7zy0zJNFAQ8KV1c=; h=Subject:From:In-Reply-To:Date:Cc:References:To:From; b=oA7wRc5Lr8IECq9TLcO4aB1eTNmauWhGumwNBY0hQOdu1BJiBCtOHs/dERDFUjM8m DqF4ZWjXqUIoXcM0g3nSCXQW34zhWxOAliyi9nVTUWtArxmJmPb1Ggwm+VEKep0rMx CBHu6Xo9OwmgbqJM/Us0WmlLwNTZXA/5nDF1AcKSvg+xCY2MsAjJB0QijjudUWtYzQ x71JUuVFYqXAn9Ht6hsh4/oXItviZfUg8yikqVwHrOurs4VgW+jUfRyWlfRvbWysph fskDOTyAjKdqSwMhcPa6YH8Oxuy3YqkcFfW+XurcX5BFEBaSJ8A+Le0o5iJ396kNEx MIrJZv2zQ43Kw==
Received: from smtpclient.apple (serenity [IPv6:fc93:5820:7349:eda2:99a7::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by fum.andrewg.com (Postfix) with ESMTPSA id 7F12A5ED3B; Fri, 1 Nov 2024 15:18:43 +0000 (UTC)
Content-Type: multipart/signed; boundary="Apple-Mail=_7ED2A7D2-0EB5-4EF0-8EAC-FF38A1A2F175"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.700.6.1.2\))
From: Andrew Gallagher <andrewg@andrewg.com>
In-Reply-To: <B498EDD0-1FE4-405B-81AD-8E4854720B6F@andrewg.com>
Date: Fri, 01 Nov 2024 15:18:21 +0000
Message-Id: <F082F1E1-8779-45AA-897B-CDE8DDF95B40@andrewg.com>
References: <172954607466.2080527.11129941200377024335@dt-datatracker-78dc5ccf94-w8wgc> <B498EDD0-1FE4-405B-81AD-8E4854720B6F@andrewg.com>
To: Andrew Gallagher <andrewg=40andrewg.com@dmarc.ietf.org>
X-Mailer: Apple Mail (2.3731.700.6.1.2)
Message-ID-Hash: PZIWBETM7UCYJFUJUCMNGQXNY3QNOUFA
X-Message-ID-Hash: PZIWBETM7UCYJFUJUCMNGQXNY3QNOUFA
X-MailFrom: andrewg@andrewg.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-openpgp.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "openpgp\\\\@ietf.org" <openpgp@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [openpgp] Re: I-D Action: draft-ietf-openpgp-replacementkey-01.txt
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/9wocX-1XaKqSMjzRdSx9u3g49AI>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Owner: <mailto:openpgp-owner@ietf.org>
List-Post: <mailto:openpgp@ietf.org>
List-Subscribe: <mailto:openpgp-join@ietf.org>
List-Unsubscribe: <mailto:openpgp-leave@ietf.org>
Hi, all. On 22 Oct 2024, at 15:08, Andrew Gallagher <andrewg=40andrewg.com@dmarc.ietf.org> wrote: > > * Do we need further UX guidance, and if so what should be included? [2] Please consider the following proposed text before next week’s meeting: — On creation of a new primary key, or on triggering an expert option, an implementation SHOULD: • If used interactively, ask the user whether this is a replacement key for an original key or keys • If a list of original keys is supplied (either interactively or via an expert option), obtain/refresh the corresponding certificates and make a selfsig over the new primary key with an inverse replacement key subpacket • If any of the original private keys are available, make a new selfsig on the corresponding certificate(s) with a forwards replacement key subpacket to create key equivalence bindings On revocation of an existing primary key, or on triggering an expert option, an implementation SHOULD: • If used interactively, ask the user whether this key has a replacement key • If a replacement key is supplied (either interactively or via an expert option), obtain/refresh the corresponding certificate and add an inverse replacement key subpacket to the revocation sig over the original primary key • If the replacement private key is available, make a new selfsig on the corresponding certificate with a new or updated inverse replacement key subpacket, to create a key equivalence binding On receipt of a new or updated certificate, an implementation SHOULD: • Check to see if it contains an unpaired replacement key subpacket that refers to any of the available private keys • Notify the user that a unidirectional reference exists • If used interactively, ask the user to confirm that they wish to complete the equivalence binding • If the user indicates (whether interactively or via an expert option) their acceptance of the equivalence binding, make a selfsig over the affected primary key(s) with the corresponding replacement key subpacket — A
- [openpgp] I-D Action: draft-ietf-openpgp-replacem… internet-drafts
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Andrew Gallagher
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Andrew Gallagher
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Andrew Gallagher
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Daniel Huigens
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Andrew Gallagher
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Heiko Schäfer
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Andrew Gallagher
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Daniel Kahn Gillmor
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Daniel Huigens
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Andrew Gallagher
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… andrewg
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Daniel Huigens
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Andrew Gallagher
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Daniel Huigens
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Andrew Gallagher
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Andrew Gallagher