Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F116921F89B3 for ; Thu, 7 Mar 2013 10:59:39 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CgHiSL4bwSsW for ; Thu, 7 Mar 2013 10:59:39 -0800 (PST) Received: from mail.merrymeet.com (merrymeet.com [173.164.244.100]) by ietfa.amsl.com (Postfix) with ESMTP id 7197821F8992 for ; Thu, 7 Mar 2013 10:59:36 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by mail.merrymeet.com (Postfix) with ESMTP id C592B22B8BCA; Thu, 7 Mar 2013 10:59:35 -0800 (PST) X-Virus-Scanned: amavisd-new at merrymeet.com Received: from mail.merrymeet.com ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hrhHtcI+Z39S; Thu, 7 Mar 2013 10:59:26 -0800 (PST) Received: from keys.merrymeet.com (keys.merrymeet.com [173.164.244.97]) by mail.merrymeet.com (Postfix) with ESMTPSA id 4457822B8BB1; Thu, 7 Mar 2013 10:59:25 -0800 (PST) Received: from [172.16.13.170] ([23.24.110.141]) by keys.merrymeet.com (PGP Universal service); Thu, 07 Mar 2013 10:59:26 -0800 X-PGP-Universal: processed; by keys.merrymeet.com on Thu, 07 Mar 2013 10:59:26 -0800 Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\)) From: Jon Callas In-Reply-To: <513899DF.60109@fifthhorseman.net> Date: Thu, 7 Mar 2013 10:59:20 -0800 Message-Id: <781CC72A-0F9F-4672-BE5F-1330EA2F9131@callas.org> References: <5135BDE6.1070200@fifthhorseman.net> <6F1173CD-290C-4A38-BD80-152C5E553D1F@jabberwocky.com> <513899DF.60109@fifthhorseman.net> To: Daniel Kahn Gillmor X-Mailer: Apple Mail (2.1499) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Cc: IETF OpenPGP , Jon Callas Subject: Re: [openpgp] marking subkeys as constrained for specific use -- new key usage flags? X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Mar 2013 18:59:40 -0000 On Mar 7, 2013, at 5:45 AM, Daniel Kahn Gillmor = wrote: >=20 > If criticality is fraught with problems, doesn't that suggest = extending > the usage flags is a more responsible way to go? No, because either you want *that* to be critical, too, which has the = same criticality issue, or criticality is not important in which case = the notation works too. My comment was one about criticality in general. We have criticality = because there were people in the late '90s who thought it was a good = idea. It *is* a good idea, but it is such a subtle idea that it's = Shannon information, kolmogorov complexity, etc. is more than one bit. >=20 > or should i create a subkey with all usage flags set to 0, and then > include a notation to indicate the use? that way, the subkey wouldn't > be used by any existing system except the ones willing to parse and > interpret the notation, regardless of its criticality. Well, if you did that, you wouldn't not be RFC 4880 compliant. There is = a way to do this within the standard -- the notation. The whole reason that we have notations is so that if you want to do = something on your own, there's a supported way to do that. What's wrong = with using the supported way, as opposed to violating the standard with = hacks? (I'm not above violating standards with hacks, but I expect to = have to answer that question, myself.) If my cynical beliefs about criticality scared you away from doing the = right thing, then I apologize. I never intended to do that. I was merely = pointing out that if you put the critical flag on it, then it possibly = would have unintended failure modes and meta-failures. The correct thing to do is a notation. Put the critical flag on it. = Please. Jon