IETF Logo Mail Archive

Re: [openpgp] Offline key flag

David Shaw <dshaw@jabberwocky.com> Wed, 06 March 2013 00:26 UTC

Return-Path: <dshaw@jabberwocky.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DE44D21F8650 for <openpgp@ietfa.amsl.com>; Tue, 5 Mar 2013 16:26:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PVn0Z8neP1qK for <openpgp@ietfa.amsl.com>; Tue, 5 Mar 2013 16:26:45 -0800 (PST)
Received: from walrus.jabberwocky.com (walrus.jabberwocky.com [173.9.29.57]) by ietfa.amsl.com (Postfix) with ESMTP id 213F621F8523 for <openpgp@ietf.org>; Tue, 5 Mar 2013 16:26:45 -0800 (PST)
Received: from grover.home.jabberwocky.com (grover.home.jabberwocky.com [172.24.84.28]) (authenticated bits=0) by walrus.jabberwocky.com (8.14.4/8.14.4) with ESMTP id r260Qb2Z010102 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Tue, 5 Mar 2013 19:26:37 -0500
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\))
From: David Shaw <dshaw@jabberwocky.com>
In-Reply-To: <87k3pllrds.fsf@vigenere.g10code.de>
Date: Tue, 05 Mar 2013 19:26:37 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <E8BC3DD4-D872-45D6-BD26-31C91F2325F4@jabberwocky.com>
References: <5135BDE6.1070200@fifthhorseman.net> <6F1173CD-290C-4A38-BD80-152C5E553D1F@jabberwocky.com> <87obexlu3e.fsf@vigenere.g10code.de> <D491B5DB-5F6A-4C1C-9474-29EF5571D893@jabberwocky.com> <87k3pllrds.fsf@vigenere.g10code.de>
To: Werner Koch <wk@gnupg.org>
X-Mailer: Apple Mail (2.1499)
Cc: IETF OpenPGP <openpgp@ietf.org>
Subject: Re: [openpgp] Offline key flag
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Mar 2013 00:26:46 -0000

On Mar 5, 2013, at 11:53 AM, Werner Koch <wk@gnupg.org> wrote:

> On Tue,  5 Mar 2013 17:30, dshaw@jabberwocky.com said:
> 
>> Can you give an example why would someone want to publish that their private key is offline?  I'm not sure I see a use for that.
> 
> I have two encryption keys but only one marked as offline.  If someone
> wants to send a quick message he would encrypt to the non-offline key.
> If he has to tell me something really secret, he would select the
> offline key, assuming that I will move the message to a non-networked
> box where the offline key is stored.

Ah, that's a good point.  It's still up to the sender which key to use, but you can choose to give a hint.

> I am not sure whether this is really useful for most users, but split
> and group keys are also somewhat esoteric and not even defined in
> OpenPGP.

Yes.  I've wondered about the split key bit in the past.  The group key bit seems fairly straightforward: if the bit it set, then the verifier of a signature is effectively being told the sender isn't a person, but a group, so the verifier can't expect that a single person was responsible (and similar logic for encryption).  Of course, there is nothing forcing the owners of a group key to set the bit, but if they want to, it's there.

David

v2.23.0 | Report a Bug | By Email