IETF Logo Mail Archive

[openpgp] Re: Primary Key Binding sigs on authentication subkeys

Daniel Huigens <d.huigens@protonmail.com> Wed, 22 January 2025 17:32 UTC

Return-Path: <d.huigens@protonmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D17B4C1E0144 for <openpgp@ietfa.amsl.com>; Wed, 22 Jan 2025 09:32:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.102
X-Spam-Level:
X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=protonmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ovz2p_tH7iBP for <openpgp@ietfa.amsl.com>; Wed, 22 Jan 2025 09:32:27 -0800 (PST)
Received: from mail-10629.protonmail.ch (mail-10629.protonmail.ch [79.135.106.29]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D3BEFC1F6416 for <openpgp@ietf.org>; Wed, 22 Jan 2025 09:31:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1737567115; x=1737826315; bh=prbmPo11/e2mzKC/OrE6SKHPkYuHvNyVtQ9OCMVHAkA=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector:List-Unsubscribe:List-Unsubscribe-Post; b=GK/rCrryzMnslQA+dQ2aF0Ee7j/J0UykPEbuYyNdcLwPbZV32NjKzgAYqHTEjllRd qdHKM9DlkoY+pQv1MizuGtm7bgWqAr2MV2ealrBz6Yyc1JKkIeoYTmdCsVhlarrRZu YEOYNiT5ORJ2eZiBWk4Mhom0Jm5v9nH1bCGgaBbpMknvRyWUoN+w123NBXHzChlwew zEXt/F5bl5klp0urOMLFS0NLMWUDZVh1zl3D3JdzbnpNdfP/SIJtmH1YuheiHU6ioj G++QRV97iwesd5VN6k3pdO6+xueylowFTQyJ0ekpddZQh4DOmWExWKtY7+8m9AfNFU B0qfT6b0DrpUw==
Date: Wed, 22 Jan 2025 17:31:50 +0000
To: Justus Winter <justus@sequoia-pgp.org>
From: Daniel Huigens <d.huigens@protonmail.com>
Message-ID: <LIWr-Fiz5EpXR5DQtFrZRqWCtNc1_ADJN-d8TrWsw0s9auDsh76eXn6jdo0J1d3WTrWkxNnnSufHRlUcuBqsyxYhnReLn3fPR8ZUR4CPSNc=@protonmail.com>
In-Reply-To: <875xm64wtk.fsf@europ.lan>
References: <D6B824E8-5559-41FB-8EC4-ACC0C35FAEB0@andrewg.com> <HBqO7fta_A4PuuS2EkZ4W5g6SAnzgN38ZYjpGWqgZJHCFqCQUNQ-BAXEHRqa7pwGU5jI7s6XpvGV2ZYLpa6se9e-SJDujNO6yknALtzlAW8=@protonmail.com> <875xm64wtk.fsf@europ.lan>
Feedback-ID: 2934448:user:proton
X-Pm-Message-ID: 0c5befabf9fd22b8d8fd95977d9c0c98d5694ef2
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: KTKVGD6N4PHX4K7OMJ5MSGY3DACT2PEF
X-Message-ID-Hash: KTKVGD6N4PHX4K7OMJ5MSGY3DACT2PEF
X-MailFrom: d.huigens@protonmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-openpgp.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Andrew Gallagher <andrewg@andrewg.com>, IETF OpenPGP WG <openpgp@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [openpgp] Re: Primary Key Binding sigs on authentication subkeys
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/GOlcFrkSJrSHDqFIZLgz7-JnbNU>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Owner: <mailto:openpgp-owner@ietf.org>
List-Post: <mailto:openpgp@ietf.org>
List-Subscribe: <mailto:openpgp-join@ietf.org>
List-Unsubscribe: <mailto:openpgp-leave@ietf.org>

Hi Justus,

On Wednesday, January 22nd, 2025 at 17:50, Justus Winter wrote:
> Wait, what? Counting individual uses, I think authentication as in
> creating signatures using my authentication-capable subkey is my primary
> use case for OpenPGP.

OK, my bad. I wasn't aware that this functionality is used in practice.
Mainly out of curiosity, which services/software support authenticating
in this way?

> FWIW, Sequoia requires primary key binding signatures on signatures
> binding authentication-capable subkeys.

Interesting, good to know. Have you encountered any compatibility issues
or complaints because of this?

Best,
Daniel

v2.34.0 | Report a Bug | By Email | System Status