IETF Logo Mail Archive

[openpgp] Session-Key-Reuse and Intended Recipient

Kai Engert <kaie@kuix.de> Tue, 06 June 2023 13:24 UTC

Return-Path: <kaie@kuix.de>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8D7C0C151093 for <openpgp@ietfa.amsl.com>; Tue, 6 Jun 2023 06:24:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.096
X-Spam-Level:
X-Spam-Status: No, score=-7.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kuix.de
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9Xh7wkcSHxnC for <openpgp@ietfa.amsl.com>; Tue, 6 Jun 2023 06:24:35 -0700 (PDT)
Received: from cloud.kuix.de (cloud.kuix.de [IPv6:2001:8d8:1801:86::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 00163C14F73F for <openpgp@ietf.org>; Tue, 6 Jun 2023 06:24:34 -0700 (PDT)
Received: from [IPV6:2003:c8:af4d:1800:7808:339a:5ed1:b9b7] (p200300c8af4d18007808339a5ed1b9b7.dip0.t-ipconnect.de [IPv6:2003:c8:af4d:1800:7808:339a:5ed1:b9b7]) by cloud.kuix.de (Postfix) with ESMTPSA id 4B7C618B84A for <openpgp@ietf.org>; Tue, 6 Jun 2023 13:24:32 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=kuix.de; s=2018; t=1686057872; bh=/T/pHd9gWC0epwMec3FDKOCsfrFGPgDBnHJR01phI1s=; h=Date:To:From:Subject:From; b=oKIu7tfPPzMNKK03CloWhkuh0aAMVnYX2/nWAKpsRcP45QITZW7vsZuxE88edthrc OSunuH0rI9mYebUzJNwN/NbKryGP1nnkN3jX+TonJ26icQRILNip/8AYWW2t091rz9 Gjbg05WdWVzwZXEimvH79qo7ayANYlDayJIGa9xzHQcKNTcIjhYeujacO6J7rudwhV Fz+g11mEaInq8pNObaN3YS6UZClsyrlil9BgYrE287gCfj8O/o9chMLZDl1C/dvjAA w4epNAyTIRlJRwSTkc5KMu2SGyw4ZQDwkWCGcNf1aY+CWQnJwCZiETWjhEMO4CKUv4 aty5hmsGqfeNA==
Message-ID: <77d8aee8-19b2-ef0d-f49d-5e9c7cd1e44f@kuix.de>
Date: Tue, 06 Jun 2023 15:24:32 +0200
MIME-Version: 1.0
User-Agent: Thunderbird Daily
Content-Language: en-US
To: "openpgp@ietf.org" <openpgp@ietf.org>
From: Kai Engert <kaie@kuix.de>
Autocrypt: addr=kaie@kuix.de; keydata= xsFNBE8oE/UBEAC/Vx4tHVkfPdGf0BFMGcidXzAXKQ4+gI2F5rPBoV9fEtYngLHzm7+a6DL2 v5Jl5b4by9KtUbfIJysR1iniLWMJVPXZcyC4ovGouZ4MGK5cD9kMy+JdwebCs5/tj51vcvrS 08dP7r9Q0f0H7tsqhtVWuPFt+ZZEj8fIxjMgE3Z5BcyoGT1mXQ544RA0vr0fB9MngvfteD3L /wL2miDnYVtwB+VHC6kEB75Pte/yz1kFc/TDqKT8F45M3invhccY8Zwe7F88+uS+tgR5B3Ga RMc9WChZr5ed5vRxSLrGqBGSWBKomKuWXNFVMrZAOaq+W/+kOdNSXLdJSvXIAgV4Gywf1D0r ZTi8V+UoiTY8eDfT4OlBJrbbkge92/lrqaorAsuo/DVmfv7ARk7q2jvbSZD39zkWpLNsAulz gZOr+ffEHKy0f9fNwzenHpKvNtTUWGChEyDf7a6EtTBZsxAYco0xAtFOoQVwx5UzZk4tMVhv lrATrvmFdK5SLroDuwtSLUBJ5MhICyaB1kN7YSatQs33D+M5oPKVC+mn1WB/nznU475cssBW Asw+/K4VtXN08HxVFEvpV5MtpoYGe/cqsV87aVr/Igg45DVKtMMK8W5AmJDdGru3caxdVkkW fis9F1GBkk7ZPgip4cprh3KicuKsXhVrjk2mC/kCR+mrlY8ncQARAQABzSNLYWkgRW5nZXJ0 IChhdCB3b3JrKSA8a2FpZUBrdWl4LmRlPsLBgAQTAQIAKgIbAwIeAQIXgAIZAQUCZHkLkQUL CQgHAwUVCgkICwUWAgMBAAUJFyuTnAAKCRAcJ0I3JQB3JGDwD/44UZZisH0jk6a1xoUUFuNn 9dfASr3wU9K73UaArfm6tBClBVndYXTVsS/Neae3SqSgd/cXSqs4iJ90r4knEhCqcFQt8sd8 0TMpT73+oP3kikETDmRn1VyUTH2zja6qC47jPCIx37bleYEIETdAVsE9ol1k95Qr49HhyB2k NKyldbd9rgGF7FQi4DHAbGPlUr4UY6gIpofNge8BkD4Xna+wBf0AO47D/alQf8oSspzjakUC G3Ft0a9KDtvxrvuBatqKA34qvXYT5HPqcp25dQfEkyuiH+MGr9rUlr1ZdiPLWUDvIiYMkeDP 1pFbScI4azbi7U+QKK/Tm519PhoD4K+MovcQ1b1NwlcPHIRHU8VY7s28AgBrGJ35PvMjtRlA 1z/XKlXz4U15vIf6EkpcFbUsK/KHb/y7SWSy6IQnwgbwbW1LfmbFhRzVLXSbn7x1L5W+NO7w vViCQgYNZyPk+5BL4N9nuIxb+V4aisHnjQ3KeHm6NH7LG9xq3+R/LTYtvLaIDQB3kGODk+13 JkBGysMH4mjzVvjbib8DzsA0LGoeYk4/YDIrQzHrhQtI8A0NT1oKmeQ3BkU2fMpTHlLXiPmE JXMO/hr+wW4Bjj8c0DMXX/iv19dHOdBIqRVc/8+4zkdkOLCyY53GjUm75J/UKva423ogPSR/ MFpylQru2fI8/c7BTQRPKBP1ARAA54JU09VzBOPw44IYINiuQAEeyikO5sLT+Ixee8MM+T8t Xk0Z9RSwUVctu8DwM+f8NjRI+dvmGSgezsiNL1ZkVuN37GM4dg7ZJ8oZCB5/YQQCCx1z7q4d 68XsEfTsedl+Y2GcggbR6EpN4RbR38N6uhwKFZw0meuP6m1NaRCnihciJrXdoKxXcoHAxy3b alGTPAbvOUmQaqI7dY5DVFPOT5I2wl1cWbkkTcx4wu8190sSMeW/IbwIg7inC/nqXCSKL633 +Hv/2GcVzvBNK8JxO5YaHuHl+GBwP6cHlotHd2qr/BSyhYCt3CcMDHXR+vwSwawC+/zUpR5T HrVLT6E/hlpAZX5HQsY9BMrllI0Ap7MClj+kvRlkukNfc3/CKpAL1RjDV5+sr91ffBNXbZgp sp3/uCI6QuJpFdUY8js5aYNwHCFbX8xkzdFqG95vt+uNoq/F7p7dEQi3BE0H2b0c4kuJX4G9 MrAKdyfYr1KiPX513AQeIXZCE9UogON5jvKF6PBTTuzomsCZBa9ExbkLv+uCm7Q+EC4Wwvvp bUaaLpmut+oqnsSrYehg4ydm5NRhgfJy+Ris1sKAptyA7AlDWWsP5fFZE0rxeoDrTdbX6JVj xT509DtWa4rI0qgGTt625J6irm6nfbF8M1V5ZaBmSstWC/PDdggsfl35abQHxk8AEQEAAcLB ZQQYAQIADwUCZHkLkgIbDAUJFyuTnAAKCRAcJ0I3JQB3JCwYEACsdFvyqDE0mEv3mlA+RASV WdMSPZvmyzO9bHKCeU26RNiffn0DIoGdJ5UCCEOTeViLS3OZC1vDyNQqo+12CoY+7ggYtDMu Gr/AAE1kGeqN/WTh2Rto1mF34Ok7JjTMcx5X4rZbMGiGoWQYgkAvU/ur0kkVRjodj/1OvMtE atl95oJWmYp95NM7UMfgwVpkbfTmc/iEqT1art4E8Uw2Lz9oz/iwyrrjjWw9xL5L85UtoQzW pP034odxJlXlJLrT+Qoq0ggRr8FNw1VgJsArO0eW2JJnIWKOBx3MiWkTUoV4FXt33lW9mxap r813iXoeDQbLGxe+nCHHDXf8Ge83MQEdTQI0unLcjN1LrnJa5hKqcvQDcfDC87fL5GVxc7fb TjG6H3MLHzTfPkl6ThxbZkEQHIUHdKRCUiVXvfweFwoE0fyxcWYVPum3xa9QZN2O7hLed+dP GW8SA1dNzdLzoCFHVN22hLkJ6hmRudFxFoFqVA7wilMnknqrTLpbRAgqwcaTSstMgVlL8Zmf tfx+Jy56xTuZ7z1A/8ziOje6wIsQ8uiL9TNwvjs0u8497I20aLniWa3l1T47DP+2mIfN5KGl 6NdrfJTwV6e7a8egPdNofURPW28vhljMf5J+w1okNubL93SFJdsn33u/CBBNhkK3vgm6A7kN Vt1huoIDeqYvFQ==
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/IwSO51G5g9I0Mklf-cRmHVdxSiI>
Subject: [openpgp] Session-Key-Reuse and Intended Recipient
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Jun 2023 13:24:39 -0000

At the recent OpenPGP for email summit [1], we had a session in which we 
discussed the practicality of the Intended Recipient Subpackage (IRS) 
for PGP/MIME email. It was mentioned that it's recommended to use 
protected headers in such messages. With that, the intended recipients 
are already known. Having equivalent information twice, e.g. both 
protected headers with the TO/CC fields, plus IRS, might be 
unnecessarily complex, and MUA implementations might prefer to avoid the 
IRS.

Based on that, would it make sense to make the following two changes to 
the crypto-refresh document, in the places that mention IRS ?

Change 1:
=========

Section 5.2.3.7 currently says:

"To avoid surreptitious forwarding (see Section 13.12), implementations 
SHOULD also implement the "Intended Recipients" subpacket."

This could be changed to:

"To avoid surreptitious forwarding (see Section 13.12), implementations 
SHOULD also implement the "Intended Recipients" subpacket, unless the 
signed data uses an application data format that already lists the 
intended recipients."

Change 2:
=========

Section 13.8 currently says:

"Implementations are encouraged to use the Intended Recipient 
Fingerprint (Section 5.2.3.36) subpacket when composing messages and to 
use it to check the consistency of the set of recipients of a message 
before replying to it with session-key reuse."

This could be changed to:

"When composing messages, implementations are encouraged to check the 
consistency of the set of recipients of a message before replying to it 
with session-key reuse, either by using the Intended Recipient 
Fingerprint (Section 5.2.3.36) subpacket, or by using equivalent 
information contained in the signed data."

Kai

[1] https://wiki.gnupg.org/OpenPGPEmailSummit202305

v2.23.0 | Report a Bug | By Email