Re: [openpgp] Device Certificates for RFC4880bis
"Derek Atkins" <derek@ihtfp.com> Fri, 12 February 2016 12:32 UTC
Return-Path: <derek@ihtfp.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AD2071B44B9 for <openpgp@ietfa.amsl.com>; Fri, 12 Feb 2016 04:32:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.389
X-Spam-Level:
X-Spam-Status: No, score=-1.389 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_MISMATCH_ORG=0.611] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l4DLj2GqaeeT for <openpgp@ietfa.amsl.com>; Fri, 12 Feb 2016 04:32:01 -0800 (PST)
Received: from mail2.ihtfp.org (MAIL2.IHTFP.ORG [204.107.200.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 983521B44C0 for <openpgp@ietf.org>; Fri, 12 Feb 2016 04:32:01 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mail2.ihtfp.org (Postfix) with ESMTP id D5170E2030; Fri, 12 Feb 2016 07:31:58 -0500 (EST)
Received: from mail2.ihtfp.org ([127.0.0.1]) by localhost (mail2.ihtfp.org [127.0.0.1]) (amavisd-maia, port 10024) with ESMTP id 24176-10; Fri, 12 Feb 2016 07:31:55 -0500 (EST)
Received: by mail2.ihtfp.org (Postfix, from userid 48) id 2D461E2036; Fri, 12 Feb 2016 07:31:55 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ihtfp.com; s=default; t=1455280315; bh=Tjl37f+WsL0hW8VzjGaxwIOtknyk/rCXk3REWv9yAc4=; h=In-Reply-To:References:Date:Subject:From:To:Cc; b=PjITWTDLbunbFHTWMDs37iJgS54ZFvuuiurfCsq24S6XCG+vOxw61u+ljLlcffUVU 99mHO4t58R6qsQ98begY/skUOFgE4DMDq3HFU/uqSKgNcSHO+hKlJgsVcqEYl6XKUg +lRQDFzgdCi068OarKoIXiRegaPG9vHFFN5Pvml4=
Received: from 192.168.248.159 (SquirrelMail authenticated user warlord) by mail2.ihtfp.org with HTTP; Fri, 12 Feb 2016 07:31:55 -0500
Message-ID: <03fe2fe4a9bef61c569bb436a5303d40.squirrel@mail2.ihtfp.org>
In-Reply-To: <8737sybb5l.fsf@vigenere.g10code.de>
References: <sjmegci3oto.fsf@securerf.ihtfp.org> <8737sybb5l.fsf@vigenere.g10code.de>
Date: Fri, 12 Feb 2016 07:31:55 -0500
From: Derek Atkins <derek@ihtfp.com>
To: openpgp@ietf.org
User-Agent: SquirrelMail/1.4.22-14.fc20
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
X-Virus-Scanned: Maia Mailguard 1.0.2a
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/M-8QArkbEIoi-6oEf4lzz-7A2Nw>
Cc: Werner Koch <wk@gnupg.org>
Subject: Re: [openpgp] Device Certificates for RFC4880bis
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Feb 2016 12:32:03 -0000
On Fri, February 12, 2016 3:11 am, Werner Koch wrote: > On Thu, 11 Feb 2016 22:43, derek@ihtfp.com said: > >> +Implementations MUST accept encryption-only primary keys without a >> +signature. It also MUST allow importing any key accompanied either by >> +a certification signature or a signature on itself. It MAY accept >> +signature-capable primary keys without an accompanying signature. > > Why do you want a MUST accept/import here? I think it would be better > to relax it to SHOULD so that implementations which do not want to > support operations on device certifications can still claim to be > OpenPGP compliant. Having a need to support encryption only primary > keys does not make sense to all implementations. OOPS. You are absolutely correct. This was an oversight when I did a cut-and-paste from my previous document. The MUST made sense when device certificates were a standalone document, but you're right that this should be a SHOULD now that it's integrated into 4880bis. Would you like an updated patch? Or just change it in your copy? Thanks, > > Shalom-Salam, > > Werner -derek > -- > Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. > > _______________________________________________ > openpgp mailing list > openpgp@ietf.org > https://www.ietf.org/mailman/listinfo/openpgp > -- Derek Atkins 617-623-3745 derek@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant
- [openpgp] Device Certificates for RFC4880bis Derek Atkins
- Re: [openpgp] Device Certificates for RFC4880bis Werner Koch
- Re: [openpgp] Device Certificates for RFC4880bis Derek Atkins
- Re: [openpgp] Device Certificates for RFC4880bis Werner Koch
- Re: [openpgp] Device Certificates for RFC4880bis Werner Koch