IETF Logo Mail Archive

Re: [openpgp] To bind or not to bind

Michael Richardson <mcr+ietf@sandelman.ca> Thu, 28 March 2024 00:26 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9AA5DC15153F for <openpgp@ietfa.amsl.com>; Wed, 27 Mar 2024 17:26:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sandelman.ca
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7UpcV8YpxtCA for <openpgp@ietfa.amsl.com>; Wed, 27 Mar 2024 17:26:00 -0700 (PDT)
Received: from relay.sandelman.ca (relay.cooperix.net [176.58.120.209]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 94297C14CE33 for <openpgp@ietf.org>; Wed, 27 Mar 2024 17:26:00 -0700 (PDT)
Received: from dyas.sandelman.ca (unknown [111.65.71.87]) by relay.sandelman.ca (Postfix) with ESMTPS id 4AD021F448; Thu, 28 Mar 2024 00:25:57 +0000 (UTC)
Authentication-Results: relay.sandelman.ca; dkim=pass (2048-bit key; secure) header.d=sandelman.ca header.i=@sandelman.ca header.b="NY6iotzN"; dkim-atps=neutral
Received: by dyas.sandelman.ca (Postfix, from userid 1000) id 24D62A1921; Thu, 28 Mar 2024 11:25:51 +1100 (AEDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=sandelman.ca; s=dyas; t=1711585551; bh=grjRC2LawH2E1EgkTTdcTLDyXAtMoZiYS9OQ6y8ZNrs=; h=From:To:Subject:In-reply-to:References:Date:From; b=NY6iotzNiS8V8lXfb/sHlYMCDCA5VhCICZc9jBkVzL5GNyS3QowoVuQTO1MfYnFC0 b8EUfa9zuuc6EPOK/5nuOqhg6U6zdCkFJLVIEQCTjFHq+wvnH0Pgn7mi/pxLjEcs15 BSa+gGQ2WJ1HDC6tGqOwHFmJ5anPjrABeNREcdH7BmcwPxc7uZBICgH00KBg1XtJoK Hp9zn/ZVWFIf8pSYxHZo065RPIv14B7M8J5PRLG/ffJpSNfA8phyNb6EqCkHmqnqFd rUfRv+9f4QpZbiLryRaoRzTNKN9dHpI2dJiF8a3haZa40Z3lZ1C6VkLbdV/RCwwwWZ xHACXZxBcO5HA==
Received: from dyas (localhost [127.0.0.1]) by dyas.sandelman.ca (Postfix) with ESMTP id 22578A190E; Thu, 28 Mar 2024 11:25:51 +1100 (AEDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Justus Winter <justus@sequoia-pgp.org>, openpgp@ietf.org
In-reply-to: <87sf0bhnjc.fsf@europ.lan>
References: <87a5mqi0xi.fsf@europ.lan> <23B46D65-EAF7-43D0-A5F1-04D28B698559@andrewg.com> <87sf0h32d3.fsf@fifthhorseman.net> <cd9a18d9-2d13-48d2-98e0-2ae268f68215@mtg.de> <87y1a6has4.fsf@europ.lan> <14a80b96-9860-461d-b9fe-e38e3bf651b1@mtg.de> <87v858gcmv.fsf@europ.lan> <8169558D-E770-495C-89BB-93F9BD42035A@andrewg.com> <87sf0bhnjc.fsf@europ.lan>
Comments: In-reply-to Justus Winter <justus@sequoia-pgp.org> message dated "Wed, 27 Mar 2024 13:22:47 +0100."
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.3
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Thu, 28 Mar 2024 11:25:51 +1100
Message-ID: <538503.1711585551@dyas>
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/AZROu-Bhg0QTGR2ijFUNQ0cJxF8>
Subject: Re: [openpgp] To bind or not to bind
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Mar 2024 00:26:04 -0000

Justus Winter <justus@sequoia-pgp.org> wrote:
    > We can not, of course, but we can make an educated guess based on the
    > available data.  I survey a subset of implementations, among them the
    > most notable ones.  And the results indicate that even among the most
    > notable ones (which are presumably of higher quality), we don't see the
    > required robustness that we'd need to do this right now.

Sounds like we could have used some GREASE for OpenPGP: RFC8701.

    > This leads me to believe that many of the unknown implementations (which
    > are presumably of lower quality, not because of a lack of skill, but due
    > to a lower amount of (public) exposure) will also not be robust enough.

:-(

    > As a single data point, we know that Github uses an implementation
    > derived from Google's OpenPGP implementation for Go (which aiui GopenPGP
    > is also derived from).  Assuming the test results for GopenPGPv2 hold
    > for x/crypto/openpgp, adding a PQC encryption subkey to a v4 key would
    > break Github's signature verification.

:-( :-(


--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-                      *I*LIKE*TRAINS*

v2.23.0 | Report a Bug | By Email