[openpgp] Re: I-D Action: draft-ietf-openpgp-replacementkey-01.txt
Andrew Gallagher <andrewg@andrewg.com> Fri, 01 November 2024 17:10 UTC
Return-Path: <andrewg@andrewg.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A5859C1D61EC for <openpgp@ietfa.amsl.com>; Fri, 1 Nov 2024 10:10:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=andrewg.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iEfDviwP2gew for <openpgp@ietfa.amsl.com>; Fri, 1 Nov 2024 10:10:02 -0700 (PDT)
Received: from fum.andrewg.com (fum.andrewg.com [135.181.198.78]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 18D4AC1516EB for <openpgp@ietf.org>; Fri, 1 Nov 2024 10:10:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=andrewg.com; s=andrewg-com; t=1730481000; bh=ZQFo5oWc11mJ8E0Dkg4ZFe99GEbhcahKYCtji+mxlFc=; h=From:Subject:Date:References:To:In-Reply-To:From; b=Sn/onkbjF9J4RJwYsAuRUQUiXgQVphU5fjeOnLZIkR7ur18j3DfRQULWfThYgc3xx zgd3SKen50ohifb6SOr5CA1U1+du74c01vivWNR6bmyqSYFRitUy7Vr8bwGNmPIgsp kwtHN1K6+5Ued0RrPQGRiMFV24Gc/u5tK+azs2/J0nv0LDCuPqfoH9bDXbj31Pq7dY gcGfzi2HViQnCRTC7ftI6t0aBdqVe7wg0QLSz6/LPMn7qJodmXCHBO+cHi26tW/V2e BlaNtpM6sOWwQl7LKA/AJ9rCOnT4JKOXCMgKFsBBo7/eAMzjWNxEG5Xxq8Hof2oeOS lv5yeZornv/WA==
Received: from smtpclient.apple (serenity [IPv6:fc93:5820:7349:eda2:99a7::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by fum.andrewg.com (Postfix) with ESMTPSA id 3EF275ED3B for <openpgp@ietf.org>; Fri, 1 Nov 2024 17:10:00 +0000 (UTC)
From: Andrew Gallagher <andrewg@andrewg.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_F0C354EF-7C7E-4A99-9B4F-38F4E50B82D3"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.700.6.1.2\))
Date: Fri, 01 Nov 2024 16:58:41 +0000
References: <172954607466.2080527.11129941200377024335@dt-datatracker-78dc5ccf94-w8wgc> <B498EDD0-1FE4-405B-81AD-8E4854720B6F@andrewg.com>
To: "openpgp\\\\@ietf.org" <openpgp@ietf.org>
In-Reply-To: <B498EDD0-1FE4-405B-81AD-8E4854720B6F@andrewg.com>
Message-Id: <9FEE4C94-A47F-4A1B-A6DA-7C610B4D711C@andrewg.com>
X-Mailer: Apple Mail (2.3731.700.6.1.2)
Message-ID-Hash: VNEKNTF6JMFHNPE55HJ6DYFEEHP6BVFN
X-Message-ID-Hash: VNEKNTF6JMFHNPE55HJ6DYFEEHP6BVFN
X-MailFrom: andrewg@andrewg.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-openpgp.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [openpgp] Re: I-D Action: draft-ietf-openpgp-replacementkey-01.txt
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/BPixi3Qo8NHIZCQUnLqPizStQTk>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Owner: <mailto:openpgp-owner@ietf.org>
List-Post: <mailto:openpgp@ietf.org>
List-Subscribe: <mailto:openpgp-join@ietf.org>
List-Unsubscribe: <mailto:openpgp-leave@ietf.org>
Hi, all. > On 22 Oct 2024, at 15:08, Andrew Gallagher <andrewg@andrewg.com> wrote: > > As I see it, there are three broad options (in order of preference) [1]: > > 1. Both fingerprint and imprint are required (no change) > 2. Imprint is optional, either: > a. iff it is the same as the fingerprint > b. at the key owner’s discretion > 3. Fingerprint is optional, either: > a. iff it is the same as the imprint > b. at the key owner’s discretion > > The “opportunistic truncation” options 2a and 3a are effectively the same, just with the fields reordered on the wire. They complicate the parser in exchange for saving some bytes on the wire, but otherwise have the same functional and security properties as option 1. > > If we choose option 2b, we have to accept that (1) the imprint is not necessary for key equivalence, or (2) key equivalence is not always achieved even with matching forwards and reverse subpackets. > > If we choose the “aggressive truncation" option 3b, or wish to keep it open for some later date, we need to reorder the fields so that the fingerprint comes at the end of the record, and we will have to accept that fingerprint search may no longer be possible, which is a significant breaking change in the ecosystem. I’ve seen no further discussion of this on the list or elsewhere. If there is no strong consensus in favour of any of the other options, the default will be to stick with option 1, i.e. no change to the current draft. A
- [openpgp] I-D Action: draft-ietf-openpgp-replacem… internet-drafts
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Andrew Gallagher
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Andrew Gallagher
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Andrew Gallagher
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Daniel Huigens
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Andrew Gallagher
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Heiko Schäfer
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Andrew Gallagher
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Daniel Kahn Gillmor
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Daniel Huigens
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Andrew Gallagher
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… andrewg
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Daniel Huigens
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Andrew Gallagher
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Daniel Huigens
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Andrew Gallagher
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Andrew Gallagher