Re: [openpgp] Call for adoption of draft-gallagher-openpgp-replacementkey
Andrew Gallagher <andrewg@andrewg.com> Tue, 30 April 2024 11:33 UTC
Return-Path: <andrewg@andrewg.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 28550C14F68C for <openpgp@ietfa.amsl.com>; Tue, 30 Apr 2024 04:33:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.097
X-Spam-Level:
X-Spam-Status: No, score=-7.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=andrewg.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eqmTQusRm9TB for <openpgp@ietfa.amsl.com>; Tue, 30 Apr 2024 04:33:32 -0700 (PDT)
Received: from fum.andrewg.com (fum.andrewg.com [IPv6:2a01:4f9:c011:23ad::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B88CBC14F70B for <openpgp@ietf.org>; Tue, 30 Apr 2024 04:33:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=andrewg.com; s=andrewg-com; t=1714476808; bh=jAfP6c64X7ln2KVclnBxv1ZI+oWYmMwyyeykDnyD9NI=; h=Subject:From:In-Reply-To:Date:Cc:References:To:From; b=HE4B1miwQQnOnKItKmPa5cl4xyBNwu3RJFOkycU5iamyCP4K2/Jw7aZd3F2qeo82u 9bpSsWyLEGYO1hb53eeRPySjkTRXdVUZA4XdllcXGlBf47/grvN2pClS6xBQ4V9mNk o7Je9coCAmHph02pihguCxXRxdYUprWFCFZ4aKqh4NjDjb2KfdHDLEDy4lr7/69bZv UvenpCTxzcWsxGIg3YEn9HORe2YGww9qKEtscOKvqqHPGvRq7MpqpJl10z0gGvzRRg PA+rPRdrX8hqKAsMooJ59UNGVgGSltwyiHPnpE5O4kGit+CiiuZUxoeCmZwv/JqSjz 77m0dNDxEZfvQ==
Received: from smtpclient.apple (serenity [IPv6:fc93:5820:7349:eda2:99a7::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by fum.andrewg.com (Postfix) with ESMTPSA id D66A25DE60; Tue, 30 Apr 2024 11:33:27 +0000 (UTC)
Content-Type: multipart/signed; boundary="Apple-Mail=_70058019-1C77-49E5-87BE-356C7DB7E91C"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.700.6.1.1\))
From: Andrew Gallagher <andrewg@andrewg.com>
In-Reply-To: <YdQAqCSppzuMJIV23pd0CROjA3ATRR-PLn6ojVQQLi3pJqDnd6KBbLQaDpCa5z3Qlgqe80SFzjzrl5hfwk-m08oBiFM4ppPuyAi3iOOUNr4=@protonmail.com>
Date: Tue, 30 Apr 2024 12:33:09 +0100
Cc: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, Simon Josefsson <simon@josefsson.org>, IETF OpenPGP WG <openpgp@ietf.org>
Message-Id: <25809E9B-BCD2-4205-B4E7-147F72887268@andrewg.com>
References: <87o7anhybr.fsf@fifthhorseman.net> <87jzkunest.fsf@fifthhorseman.net> <87y199g67k.fsf@kaka.sjd.se> <A0B535B4-215B-4159-9F39-0D33C24ECF2F@andrewg.com> <87frvhnhx0.fsf@fifthhorseman.net> <74AAE7BF-BD6C-4F27-9BFF-A4AA972056A4@andrewg.com> <tPdBr7QK7VoBsKag0QafjtDv9mB_jBTxHI00f_gSyM8SnUPkPukP2FqmSc-zcccXkvl13s8pDhnuNr9JkzgnY_XVNJlEEpUpqWvN1Ufw2Jg=@protonmail.com> <64E6E654-BE59-4F7F-83ED-34E9AFA89E52@andrewg.com> <YdQAqCSppzuMJIV23pd0CROjA3ATRR-PLn6ojVQQLi3pJqDnd6KBbLQaDpCa5z3Qlgqe80SFzjzrl5hfwk-m08oBiFM4ppPuyAi3iOOUNr4=@protonmail.com>
To: Daniel Huigens <d.huigens=40protonmail.com@dmarc.ietf.org>
X-Mailer: Apple Mail (2.3731.700.6.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/Bec73yy2fP6TZ5cFRqXIlbY4en8>
Subject: Re: [openpgp] Call for adoption of draft-gallagher-openpgp-replacementkey
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Apr 2024 11:33:38 -0000
On 29 Apr 2024, at 20:01, Daniel Huigens <d.huigens=40protonmail.com@dmarc.ietf.org> wrote: > > On Monday, April 29th, 2024 at 19:20, Andrew Gallagher wrote: >> To me at least, TOFU means (automatic) trust on first use (only), as implemented in SSH. > > TOFU as implemented in OpenSSH is not automatic though, you have to > explicitly accept the key, and (ideally) you should manually verify the > key using an external authenticated channel first. It depends on your settings, with StrictHostKeyChecking=accept-new it doesn’t warn on initial connection but does on subsequent key changes. > Is your position that Section 5 should be changed to say that the > subpacket may transfer some amount or type of trust that the user may > have in the original key (either due to having used it for a long time, > or by having explicitly trusted it after presumably having verified it > manually, for example)? In the strict OpenPGP meaning of “trust”, no. If you would use the new key anyway under your chosen trust model, then use it, otherwise don’t. But on top of that there’s an application-level decision about whether to notify the user that something has happened at the OpenPGP layer. That’s not a protocol issue, it’s a purely UX one, and I don’t think it should be specified here. >> Sure, but certifying key B with key A will generally result in a weaker trust value for B than A, and unless key A had explicit or delegated ownertrust, the trust value allocated to B due purely to A’s certification would probably be zero. Only by recommending that B is also certified by the same upstream signatories as A do we have a decent chance of B getting a meaningful trust value. > > OK, but then I think we should squabble about what the meaning of such > a certification should be, before we decide if we need a new mechanism > for this. For example, we could say that if key A with user ID u has > trust level x, and certifies key B with the same user ID u, then that > should transfer the full trust level. Yes, I did consider that we could define a “trust equivalence” signature that would be closer conceptually (and cryptographically) to a subkey binding signature than to a certification. But I’m not sure that belongs here either, and it certainly opens a *lot* more questions. > Yeah, fair enough, you still need to query by fingerprint to find out > the old key is revoked. But, querying by email address does give you > the new key, and tells you the old key is gone, which probably already > tells you that you should use the new key anyway, regardless of whether > the old key is revoked or not. Being absent from a particular keystore is not strong evidence of anything, as it depends heavily on the policy and/or capabilities of that keystore. I keep coming back to WKD… since it can only serve one key, it is impossible to use it for an optional (e.g. PQC) transition, so either I keep my old key on WKD and direct people elsewhere (somehow!) for my PQC key, or I put my PQC key on WKD and leave my non-PQC correspondents in limbo. A
- Re: [openpgp] Call for adoption of draft-gallaghe… Simon Josefsson
- Re: [openpgp] Call for adoption of draft-gallaghe… Andrew Gallagher
- Re: [openpgp] Call for adoption of draft-gallaghe… Simon Josefsson
- [openpgp] Call for adoption of draft-gallagher-op… Daniel Kahn Gillmor
- Re: [openpgp] Call for adoption of draft-gallaghe… Stephen Farrell
- Re: [openpgp] Call for adoption of draft-gallaghe… Simon Josefsson
- Re: [openpgp] Call for adoption of draft-gallaghe… Daniel Kahn Gillmor
- Re: [openpgp] Call for adoption of draft-gallaghe… Andrew Gallagher
- Re: [openpgp] Call for adoption of draft-gallaghe… Simon Josefsson
- Re: [openpgp] Call for adoption of draft-gallaghe… Andrew Gallagher
- Re: [openpgp] Call for adoption of draft-gallaghe… Simon Josefsson
- Re: [openpgp] Call for adoption of draft-gallaghe… Andrew Gallagher
- Re: [openpgp] Call for adoption of draft-gallaghe… Heiko Schäfer
- Re: [openpgp] Call for adoption of draft-gallaghe… Daniel Kahn Gillmor
- Re: [openpgp] Call for adoption of draft-gallaghe… Falko Strenzke
- Re: [openpgp] Call for adoption of draft-gallaghe… Andrew Gallagher
- Re: [openpgp] Call for adoption of draft-gallaghe… Simon Josefsson
- Re: [openpgp] Call for adoption of draft-gallaghe… Andrew Gallagher
- Re: [openpgp] Call for adoption of draft-gallaghe… Daniel Kahn Gillmor
- Re: [openpgp] Call for adoption of draft-gallaghe… Andrew Gallagher
- Re: [openpgp] Call for adoption of draft-gallaghe… Daniel Huigens
- Re: [openpgp] Call for adoption of draft-gallaghe… Andrew Gallagher
- Re: [openpgp] Call for adoption of draft-gallaghe… Daniel Huigens
- Re: [openpgp] Call for adoption of draft-gallaghe… Andrew Gallagher
- Re: [openpgp] Call for adoption of draft-gallaghe… Daniel Huigens
- Re: [openpgp] Call for adoption of draft-gallaghe… Bart Butler
- Re: [openpgp] Call for adoption of draft-gallaghe… Andrew Gallagher
- [openpgp] Re: Call for adoption of draft-gallaghe… Daniel Huigens
- [openpgp] Re: Call for adoption of draft-gallaghe… Stephen Farrell
- [openpgp] Re: Call for adoption of draft-gallaghe… Falko Strenzke
- [openpgp] Re: Call for adoption of draft-gallaghe… Falko Strenzke
- [openpgp] Re: Call for adoption of draft-gallaghe… Andrew Gallagher
- [openpgp] Re: Call for adoption of draft-gallaghe… Simon Josefsson
- [openpgp] Re: Call for adoption of draft-gallaghe… Stephen Farrell
- [openpgp] Re: Call for adoption of draft-gallaghe… Stephen Farrell
- [openpgp] Re: Call for adoption of draft-gallaghe… Andrew Gallagher
- [openpgp] Re: Call for adoption of draft-gallaghe… Stephen Farrell
- [openpgp] Re: Call for adoption of draft-gallaghe… Falko Strenzke
- [openpgp] Re: Call for adoption of draft-gallaghe… Andrew Gallagher
- [openpgp] Re: Call for adoption of draft-gallaghe… Stephen Farrell
- [openpgp] Re: Call for adoption of draft-gallaghe… Stephen Farrell
- [openpgp] Re: Call for adoption of draft-gallaghe… Andrew Gallagher
- [openpgp] Re: Call for adoption of draft-gallaghe… Andrew Gallagher
- [openpgp] Re: Call for adoption of draft-gallaghe… Andrew Gallagher