Re: [openpgp] Clarify status of subkeys with certification use
Werner Koch <wk@gnupg.org> Mon, 28 May 2018 12:12 UTC
Return-Path: <wk@gnupg.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E78A41200C5 for <openpgp@ietfa.amsl.com>; Mon, 28 May 2018 05:12:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 29iAnGyIt9gg for <openpgp@ietfa.amsl.com>; Mon, 28 May 2018 05:12:56 -0700 (PDT)
Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9DDBC124D37 for <openpgp@ietf.org>; Mon, 28 May 2018 05:12:56 -0700 (PDT)
Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.89 #1 (Debian)) id 1fNH1B-0005v1-S1 for <openpgp@ietf.org>; Mon, 28 May 2018 14:12:53 +0200
Received: from wk by wheatstone.g10code.de with local (Exim 4.84 #3 (Debian)) id 1fNGt0-0003LK-4V; Mon, 28 May 2018 14:04:26 +0200
From: Werner Koch <wk@gnupg.org>
To: "Neal H. Walfield" <neal@walfield.org>
Cc: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, IETF OpenPGP <openpgp@ietf.org>, Kristian Fiskerstrand <kristian.fiskerstrand@sumptuouscapital.com>, Justus Winter <justus@sequoia-pgp.org>
References: <c37c7f94-edef-7f2d-9151-787112abcbfc@sumptuouscapital.com> <8736yg2gz3.wl-neal@walfield.org> <87h8mvfqth.fsf@fifthhorseman.net> <87y3g615ko.wl-neal@walfield.org>
Organisation: GnuPG e.V.
X-message-flag: Mails containing HTML will not be read! Please send only plain text.
Mail-Followup-To: "Neal H. Walfield" <neal@walfield.org>, Daniel Kahn Gillmor <dkg@fifthhorseman.net>, IETF OpenPGP <openpgp@ietf.org>, Kristian Fiskerstrand <kristian.fiskerstrand@sumptuouscapital.com>, Justus Winter <justus@sequoia-pgp.org>
Date: Mon, 28 May 2018 14:04:25 +0200
In-Reply-To: <87y3g615ko.wl-neal@walfield.org> (Neal H. Walfield's message of "Sat, 26 May 2018 23:15:51 +0200")
Message-ID: <871sdwj8ae.fsf@wheatstone.g10code.de>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=9/11_genetic_asset_insurgency_CIDA_jihad_threat_AIEWS_Project_Monarc"; micalg="pgp-sha256"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/DVJTcOIfHDHJ8eL1qshdE351XX0>
Subject: Re: [openpgp] Clarify status of subkeys with certification use
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 May 2018 12:12:59 -0000
On Sat, 26 May 2018 23:15, neal@walfield.org said: > First, OpenPGP foresees two types of encryption keys: > > 0x04 - This key may be used to encrypt communications. > 0x08 - This key may be used to encrypt storage. Which was done to mimic the X.509 usage. X.509 required such a flag to differentiate between a sinnging and an encryption certificate. Even in the case that two certificates are issued (additional costs to the user) there is no fine grained distinction. Note that I am talking about certificates for mail processing. OpenPGP does not need this because subkeys are a more useful thing than trying to find matching certificates. Fine grain key usage flags doesn't gain you anything than complexity and unclear semantics. See X.509's keyUsage and extendedKeyUsage extensions to see where it will lead. > the newest one, AFAIK. But, there is precedence for encrypting to all > valid encryption capable subkeys: this is what OpenKeychain does. I doubt that this has any practical security gain over copying all needed subkeys to all devices. After all you want to read with all devices and the sender has no way to tell which device you are currently using. Rotating the keys is a much cleaner way to limit damage in case of a device compromise. > advance. For instance, we will create keys covering, say, the next 6 > months. By setting the creation time and expiration time > appropriately, only one key per device will be valid at any given > time. AFAIUI, recent versions of GnuPG respect this. Actually this was implemented ~20 years ago after consultation with Caspar Bowden of FIPR and Ben Laurie. The use case back then was to limit the damage done by the RIPA. Salam-Shalom, Werner p.s. Proper key rotation requires a lot of OPSEC and diligent use of comminucation tools. The problem we have are not forward secrecy but the general non-use of encryption and, worse, the insecurity of the equipment. -- # Please read: Daniel Ellsberg - The Doomsday Machine # Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
- [openpgp] Clarify status of subkeys with certific… Kristian Fiskerstrand
- Re: [openpgp] Clarify status of subkeys with cert… Daniel Kahn Gillmor
- Re: [openpgp] Clarify status of subkeys with cert… Neal H. Walfield
- Re: [openpgp] Clarify status of subkeys with cert… Leo Gaspard
- Re: [openpgp] Clarify status of subkeys with cert… Kristian Fiskerstrand
- Re: [openpgp] Clarify status of subkeys with cert… Kristian Fiskerstrand
- Re: [openpgp] Clarify status of subkeys with cert… Daniel Kahn Gillmor
- Re: [openpgp] Clarify status of subkeys with cert… Daniel Kahn Gillmor
- Re: [openpgp] Clarify status of subkeys with cert… Leo Gaspard
- Re: [openpgp] Clarify status of subkeys with cert… Leo Gaspard
- Re: [openpgp] Clarify status of subkeys with cert… Neal H. Walfield
- Re: [openpgp] Clarify status of subkeys with cert… Neal H. Walfield
- Re: [openpgp] Clarify status of subkeys with cert… Neal H. Walfield
- Re: [openpgp] Clarify status of subkeys with cert… Leo Gaspard
- Re: [openpgp] Clarify status of subkeys with cert… Neal H. Walfield
- Re: [openpgp] Clarify status of subkeys with cert… Leo Gaspard
- Re: [openpgp] Clarify status of subkeys with cert… Neal H. Walfield
- Re: [openpgp] Clarify status of subkeys with cert… Werner Koch