IETF Logo Mail Archive

Re: [openpgp] Call for adoption of draft-gallagher-openpgp-replacementkey

Falko Strenzke <falko.strenzke@mtg.de> Fri, 19 April 2024 06:49 UTC

Return-Path: <falko.strenzke@mtg.de>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3D412C14F60E for <openpgp@ietfa.amsl.com>; Thu, 18 Apr 2024 23:49:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mtg.de
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ybZg8Zk1SQJ8 for <openpgp@ietfa.amsl.com>; Thu, 18 Apr 2024 23:49:12 -0700 (PDT)
Received: from www.mtg.de (www.mtg.de [IPv6:2a02:b98:8:2::2]) (using TLSv1.3 with cipher TLS_CHACHA20_POLY1305_SHA256 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E51FCC14F5FF for <openpgp@ietf.org>; Thu, 18 Apr 2024 23:49:10 -0700 (PDT)
Received: from minka.mtg.de (minka [IPv6:2a02:b98:8:1:0:0:0:9]) by www.mtg.de (8.18.1/8.18.1) with ESMTPS id 43J6mvq7007250 (version=TLSv1.3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256 verify=NOT); Fri, 19 Apr 2024 08:48:57 +0200
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mtg.de; s=mail201801; t=1713509337; bh=KAQXeR/9pCxNpUuvOWmQv3a8Gq+HqB2+sWD2asuVS9w=; h=Date:Subject:To:References:From:In-Reply-To; b=Dlll5t5QdF92S17cy+tJuFRWTFRmLyySB6PWc4xMxAr5b1cosuZUTKHhoSv1ABMvZ GdyRhJVsqWIrgweF+0VpJE81EuAf9OnDzWoCS4gv1huzdpuPe+tAjHFjg9UzaDGPDc V98ZTsOgVQed2JU0ImT38CZYYxzD/HfH1b6sizRccug+b/aCdjUMI/FNy+JiNI1/ew NK8wfxfsMfbFRkX3AwvbHv6Dq10oPgjtHKlsZWTqHodoY6LApeqvlQkLm7sp0qIC1E RisC0YbZ4VYoT54D+oo1SYtBg9+RAR1QfnsQhP9BhnSxoE2iq6mhyUqQzkgvSWvHr+ Dfj/5+8dg77Rw==
Received: from [10.8.0.100] (vpn-10-8-0-100 [10.8.0.100]) by minka.mtg.de (8.18.1/8.18.1) with ESMTPS id 43J6mumW027337 (version=TLSv1.3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256 verify=NOT); Fri, 19 Apr 2024 08:48:56 +0200
Message-ID: <77c4139f-3532-4b11-9771-6ac7c448e6a3@mtg.de>
Date: Fri, 19 Apr 2024 08:48:56 +0200
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, openpgp@ietf.org
References: <87o7anhybr.fsf@fifthhorseman.net> <87jzkunest.fsf@fifthhorseman.net>
Content-Language: en-GB
From: Falko Strenzke <falko.strenzke@mtg.de>
In-Reply-To: <87jzkunest.fsf@fifthhorseman.net>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-512"; boundary="------------ms060102000203000308060504"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/CkJGk50SAX5vxn4SmQoetVvZoTE>
Subject: Re: [openpgp] Call for adoption of draft-gallagher-openpgp-replacementkey
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Apr 2024 06:49:17 -0000

I think that a mechanism as suggested 
draft-gallagher-openpgp-replacementkey can take on a useful role in v6 
or PQC transition. However, like Simon, I am not entirely convinced how 
well it actually supports key transition in its current form. I don't 
feel confident enough to state support for adoption at this point, but I 
would definitely like to see this draft being further discussed and 
refined and hopefully turned into a standard at some point.

As one (maybe naive?) concrete suggestion: Might it make sense to 
provide the option to simply include the whole replacement certificate 
in the subpacket? That would address the distribution problem directly. 
Of course any concerns regarding placement of trust into the replacement 
key would remain untouched by this.

- Falko

Am 19.04.24 um 06:42 schrieb Daniel Kahn Gillmor:
> Hey OpenPGP folks--
>
> On Sat 2024-04-06 01:09:12 -0400, Daniel Kahn Gillmor wrote:
>> This message starts a two-week adoption call for Daphne Shaw and Andrew
>> Gallagher's draft-gallagher-openpgp-replacementkey.  The call for
>> adoption will end on 2024-04-20.
> This call for adoption will end tomorrow!  So far on list, we've heard
> from the editors of the draft, the chairs, Simon Josefsson, and Heiko
> Schäfer.
>
> My understanding is that the editors proposed some changes to address
> Simon's concerns about scope and use patterns, but haven't released a
> new draft with those changes.  Those proposed changes are here:
>
>    https://gitlab.com/andrewgdotcom/draft-gallagher-openpgp-replacementkey/-/merge_requests/2/diffs
>    
> If other folks from the WG are interested, now would be good time to
> weigh in about whether this draft seems worth considering as a working
> group topic.
>
> In particular:
>
>> Please review the draft and consider whether you support its adoption by
>> the WG.  Please share any thoughts with the list to indicate support or
>> opposition -- this is not a vote.
>>
>> If you are willing to provide a more in-depth review, please state it
>> explicitly to give the chairs an indication of the energy level in the
>> working group willing to work on the document.
> So far, I'm not seeing a lot of on-list commitment to review, offer
> text, or consider implementing any resulting proposals.
>
> As Stephen said, you don't need to think that draft is fully correct now
> for adoption; if you think it is a reasonable starting point for WG
> work, and it's something worth pursuing, that's what we're looking for.
>
>        --dkg
>
> _______________________________________________
> openpgp mailing list
> openpgp@ietf.org
> https://www.ietf.org/mailman/listinfo/openpgp
-- 

*MTG AG*
Dr. Falko Strenzke
Executive System Architect

Phone: +49 6151 8000 24
E-Mail: falko.strenzke@mtg.de
Web: mtg.de <https://www.mtg.de>

<https://www.linkedin.com/search/results/all/?fetchDeterministicClustersOnly=true&heroEntityKey=urn%3Ali%3Aorganization%3A13983133&keywords=mtg%20ag&origin=RICH_QUERY_SUGGESTION&position=0&searchId=d5bc71c3-97f7-4cae-83e7-e9e16d497dc2&sid=3S5&spellCorrectionEnabled=false>
Follow us
------------------------------------------------------------------------
<https://www.mtg.de/de/aktuelles/MTG-AG-erhaelt-Innovationspreis-des-Bundesverbands-IT-Sicherheit-e.V-00001.-TeleTrust/> 
<https://www.itsa365.de/de-de/companies/m/mtg-ag>

MTG AG - Dolivostr. 11 - 64293 Darmstadt, Germany
Commercial register: HRB 8901
Register Court: Amtsgericht Darmstadt
Management Board: Jürgen Ruf (CEO), Tamer Kemeröz
Chairman of the Supervisory Board: Dr. Thomas Milde

This email may contain confidential and/or privileged information. If 
you are not the correct recipient or have received this email in error,
please inform the sender immediately and delete this email.Unauthorised 
copying or distribution of this email is not permitted.

Data protection information: Privacy policy 
<https://www.mtg.de/en/privacy-policy>

v2.23.0 | Report a Bug | By Email