Re: [openpgp] Call for adoption of draft-gallagher-openpgp-replacementkey
Heiko Schäfer <heiko.schaefer@posteo.de> Tue, 09 April 2024 12:30 UTC
Return-Path: <heiko.schaefer@posteo.de>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 68C3EC14F695 for <openpgp@ietfa.amsl.com>; Tue, 9 Apr 2024 05:30:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.393
X-Spam-Level:
X-Spam-Status: No, score=-4.393 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=posteo.de
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LLJqPcWkJK5P for <openpgp@ietfa.amsl.com>; Tue, 9 Apr 2024 05:30:14 -0700 (PDT)
Received: from mout01.posteo.de (mout01.posteo.de [185.67.36.65]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 46D87C14F617 for <openpgp@ietf.org>; Tue, 9 Apr 2024 05:30:12 -0700 (PDT)
Received: from submission (posteo.de [185.67.36.169]) by mout01.posteo.de (Postfix) with ESMTPS id 8A1D1240028 for <openpgp@ietf.org>; Tue, 9 Apr 2024 14:30:10 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.de; s=2017; t=1712665810; bh=KXOIOHNS90IeaEYsjmxjl5I7K0fnZmJADH28YfXWCVA=; h=Content-Type:Message-ID:Date:MIME-Version:Subject:To:From:From; b=GfcNtwMdqeR3RsGhlm+9AhiWmYf52B6ZDlomUZPxYi9WitXFi7GxGNLFei8fxpMPW ieiq4xvX+/2wpmdRGBIeVS2HKd7S7SJCbPNRYW2pp6VeaRC6TnI61Ttvz6284C/b2D LXJF1HpOcCl5j5o746E/O/024XLdNioT5RwCofYMUQk13ueYw2WNZROSJzwsg1p8Cc uZpn+qPKl6nIRkDrKeBG4Fr6lhghbxyRGLrrOqItqQf0qU61/KR5KkksISHwJkZXR8 l2UYa9l94gDiY6ec9bPT6B0GTAt/7yPpOp2wpNwdx2BAxaL9rzzyF/cPipvXi6bic9 b9axPvBWVRWBQ==
Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 4VDQJy1P7tz6tm8 for <openpgp@ietf.org>; Tue, 9 Apr 2024 14:30:10 +0200 (CEST)
Received: from services.foundation.hs (services.foundation.hs [192.168.21.4]) by mail.foundation.hs (Postfix) with ESMTP id BF09C4EA82 for <openpgp@ietf.org>; Tue, 9 Apr 2024 14:30:09 +0200 (CEST)
Content-Type: multipart/alternative; boundary="------------XRfATftCxRwNgJD0WgZDI58Y"
Message-ID: <719f35dd-3505-4fa6-9749-522881f49849@posteo.de>
Date: Tue, 09 Apr 2024 12:30:08 +0000
MIME-Version: 1.0
To: openpgp@ietf.org
References: <87o7anhybr.fsf@fifthhorseman.net>
Content-Language: en-US
From: Heiko Schäfer <heiko.schaefer@posteo.de>
In-Reply-To: <87o7anhybr.fsf@fifthhorseman.net>
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/L8AVtSTJPYTFrVwESOKRkAT_yUg>
Subject: Re: [openpgp] Call for adoption of draft-gallagher-openpgp-replacementkey
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Apr 2024 12:30:18 -0000
Hello all, On 4/6/24 07:09, Daniel Kahn Gillmor wrote: > This draft describes a way to signal an OpenPGP replacement key without > revoking the current key, which is intended to be a mechanism for > adoption of new versions or algorithms that might otherwise be difficult > to deploy: > > https://datatracker.ietf.org/doc/draft-gallagher-openpgp-replacementkey/ > > Andrew Gallagher wrote a good description of the motivation and > mechanism in the draft here: > > https://mailarchive.ietf.org/arch/msg/openpgp/FdKennEntF4ZaR_UO82m_fe_ea0 > > Please review the draft and consider whether you support its adoption by > the WG. Please share any thoughts with the list to indicate support or > opposition -- this is not a vote. after a careful read of the draft, as well as reading the discussion in this thread, I believe the concept that this draft outlines addresses an unpleasant papercut in OpenPGP. I think the direction is reasonable, and the draft thus worth adopting. My understanding of the problem this draft addresses is: A mechanism that allows the software of an OpenPGP user to automatically obtain a new certificate (or multiple) that their correspondent suggests for consideration. However, trust calculations (e.g. when using web of trust calculations) are handled as a separate issue by this draft (after some thought and discussion, this seems like a good approach to me). I imagine Simon's concerns could be (at least in part?) addressed by an additional section in the draft that outlines guidance for what the WG considers good practice. This might include that the key holder should ask their contacts to verify the new key and issue third party certifications for it. It might also include that the key holder should issue a delegation/trust signature for their new certificate, using their old key. Heiko
- Re: [openpgp] Call for adoption of draft-gallaghe… Simon Josefsson
- Re: [openpgp] Call for adoption of draft-gallaghe… Andrew Gallagher
- Re: [openpgp] Call for adoption of draft-gallaghe… Simon Josefsson
- [openpgp] Call for adoption of draft-gallagher-op… Daniel Kahn Gillmor
- Re: [openpgp] Call for adoption of draft-gallaghe… Stephen Farrell
- Re: [openpgp] Call for adoption of draft-gallaghe… Simon Josefsson
- Re: [openpgp] Call for adoption of draft-gallaghe… Daniel Kahn Gillmor
- Re: [openpgp] Call for adoption of draft-gallaghe… Andrew Gallagher
- Re: [openpgp] Call for adoption of draft-gallaghe… Simon Josefsson
- Re: [openpgp] Call for adoption of draft-gallaghe… Andrew Gallagher
- Re: [openpgp] Call for adoption of draft-gallaghe… Simon Josefsson
- Re: [openpgp] Call for adoption of draft-gallaghe… Andrew Gallagher
- Re: [openpgp] Call for adoption of draft-gallaghe… Heiko Schäfer
- Re: [openpgp] Call for adoption of draft-gallaghe… Daniel Kahn Gillmor
- Re: [openpgp] Call for adoption of draft-gallaghe… Falko Strenzke
- Re: [openpgp] Call for adoption of draft-gallaghe… Andrew Gallagher
- Re: [openpgp] Call for adoption of draft-gallaghe… Simon Josefsson
- Re: [openpgp] Call for adoption of draft-gallaghe… Andrew Gallagher
- Re: [openpgp] Call for adoption of draft-gallaghe… Daniel Kahn Gillmor
- Re: [openpgp] Call for adoption of draft-gallaghe… Andrew Gallagher
- Re: [openpgp] Call for adoption of draft-gallaghe… Daniel Huigens
- Re: [openpgp] Call for adoption of draft-gallaghe… Andrew Gallagher
- Re: [openpgp] Call for adoption of draft-gallaghe… Daniel Huigens
- Re: [openpgp] Call for adoption of draft-gallaghe… Andrew Gallagher
- Re: [openpgp] Call for adoption of draft-gallaghe… Daniel Huigens
- Re: [openpgp] Call for adoption of draft-gallaghe… Bart Butler
- Re: [openpgp] Call for adoption of draft-gallaghe… Andrew Gallagher
- [openpgp] Re: Call for adoption of draft-gallaghe… Daniel Huigens
- [openpgp] Re: Call for adoption of draft-gallaghe… Stephen Farrell
- [openpgp] Re: Call for adoption of draft-gallaghe… Falko Strenzke
- [openpgp] Re: Call for adoption of draft-gallaghe… Falko Strenzke
- [openpgp] Re: Call for adoption of draft-gallaghe… Andrew Gallagher
- [openpgp] Re: Call for adoption of draft-gallaghe… Simon Josefsson
- [openpgp] Re: Call for adoption of draft-gallaghe… Stephen Farrell
- [openpgp] Re: Call for adoption of draft-gallaghe… Stephen Farrell
- [openpgp] Re: Call for adoption of draft-gallaghe… Andrew Gallagher
- [openpgp] Re: Call for adoption of draft-gallaghe… Stephen Farrell
- [openpgp] Re: Call for adoption of draft-gallaghe… Falko Strenzke
- [openpgp] Re: Call for adoption of draft-gallaghe… Andrew Gallagher
- [openpgp] Re: Call for adoption of draft-gallaghe… Stephen Farrell
- [openpgp] Re: Call for adoption of draft-gallaghe… Stephen Farrell
- [openpgp] Re: Call for adoption of draft-gallaghe… Andrew Gallagher
- [openpgp] Re: Call for adoption of draft-gallaghe… Andrew Gallagher
- [openpgp] Re: Call for adoption of draft-gallaghe… Andrew Gallagher