IETF Logo Mail Archive

Re: [openpgp] Call for adoption of draft-gallagher-openpgp-replacementkey

Simon Josefsson <simon@josefsson.org> Sun, 07 April 2024 07:37 UTC

Return-Path: <simon@josefsson.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B0EFBC14F6A2 for <openpgp@ietfa.amsl.com>; Sun, 7 Apr 2024 00:37:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.398
X-Spam-Level:
X-Spam-Status: No, score=-4.398 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=josefsson.org header.b="nyOkknM5"; dkim=pass (2736-bit key) header.d=josefsson.org header.b="IsLLNocy"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zh0C0Tv4StoF for <openpgp@ietfa.amsl.com>; Sun, 7 Apr 2024 00:37:27 -0700 (PDT)
Received: from uggla.sjd.se (uggla.sjd.se [IPv6:2001:9b1:8633::107]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C0754C14F5EC for <openpgp@ietf.org>; Sun, 7 Apr 2024 00:37:26 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; q=dns/txt; c=relaxed/relaxed; d=josefsson.org; s=ed2303; h=Content-Type:MIME-Version:Message-ID:In-Reply-To :Date:References:Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding :Content-ID:Content-Description; bh=NH0Tn0RH2wB5PBi8FN2aDgoqd4u0hWeADGVBb+iAVa8=; t=1712475434; x=1713685034; b=nyOkknM5pTh2jswo6UnQVK13+//thKVo/X1YcueuUPJ2syRF0eqK1XPNzSlmCe+6H1gXn1Zt88I ndEtSLlMSAg==;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=josefsson.org; s=rsa2303; h=Content-Type:MIME-Version:Message-ID: In-Reply-To:Date:References:Subject:Cc:To:From:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=NH0Tn0RH2wB5PBi8FN2aDgoqd4u0hWeADGVBb+iAVa8=; t=1712475434; x=1713685034; b=IsLLNocyb7R1gZa4HCVd1uAEmRc3MkZSbdxg5Up5/vsKeQbtnGDy/DHb5Ssb9pViOLAcex2XL8r vT6sBXlwZrkQTT62UOkP9sz9mra3epL6bPaAZ4Qf2rAwoBAywst525iLxI7wBtEpbMNUjZZv71en4 16vLr2mIJw4J7HyEm3IjfKFfH0JtNq2hYxvhxBO0JDzdDQvtCTrnjEHoosEq7L56EXRzyO0+l2+MU CbBYO+qq+bdXcpv0KlKL6KX+SS6G3vpjpo11D16ysTa6aIxsejB13rua3Enun2KR3134kgbpt/CoC rLC9k1HpN3vZDPzNWt8bDjwZ9ulidLkBAJcAYuBj5jpTvkT2BWhDaRNU785UVE45Nw/idGspmF7zh S5ggMaMlRTRvU/xTEK/cVooucQvIz7+hQU4AdW+gtsmXPBrBFAw80P30JBLt6dWOlXrIykQY1;
Received: from [2001:9b1:41ac:ff00:823f:5dff:fe09:16ac] (port=40572 helo=kaka) by uggla.sjd.se with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from <simon@josefsson.org>) id 1rtN5S-00AENj-6H; Sun, 07 Apr 2024 07:37:10 +0000
From: Simon Josefsson <simon@josefsson.org>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Cc: openpgp@ietf.org
References: <87o7anhybr.fsf@fifthhorseman.net>
OpenPGP: id=B1D2BD1375BECB784CF4F8C4D73CF638C53C06BE; url=https://josefsson.org/key-20190320.txt
X-Hashcash: 1:23:240407:openpgp@ietf.org::ts5Fy+SzAcrmqtNi:SJNk
X-Hashcash: 1:23:240407:dkg@fifthhorseman.net::W8WaGdEA3bOMaiu+:PJ5i
Date: Sun, 07 Apr 2024 09:36:23 +0200
In-Reply-To: <87o7anhybr.fsf@fifthhorseman.net> (Daniel Kahn Gillmor's message of "Sat, 06 Apr 2024 01:09:12 -0400")
Message-ID: <87ttkdr5e0.fsf@kaka.sjd.se>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/NLnVnWX5XkCd0P2bIL6zFCmyHE4>
Subject: Re: [openpgp] Call for adoption of draft-gallagher-openpgp-replacementkey
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 07 Apr 2024 07:37:33 -0000

Daniel Kahn Gillmor <dkg@fifthhorseman.net> writes:

> This draft describes a way to signal an OpenPGP replacement key without
> revoking the current key, which is intended to be a mechanism for
> adoption of new versions or algorithms that might otherwise be difficult
> to deploy:
>
>    https://datatracker.ietf.org/doc/draft-gallagher-openpgp-replacementkey/
>
> Andrew Gallagher wrote a good description of the motivation and
> mechanism in the draft here:
>
>    https://mailarchive.ietf.org/arch/msg/openpgp/FdKennEntF4ZaR_UO82m_fe_ea0

While I would support anything that ease strong transition to new keys,
a quick read of these two links leaves me feeling that something more is
to be desired here.

There seems to be a gap between the draft and the motivation above,
regarding one crucial aspect: the draft does not suggest that any
automatic processing of the new key should be done, but instead rather
recommends against that, saying that the replacement key should be
validated as any other key.  The motivation above says that this may
'allows clients to automatically upgrade their correspondence to use
more modern keys without user intervention'.  I agree that would be
nice, but to be honest I'm not certain that is possible to achieve in a
secure way.  The draft does not claim to solve that problem, and does
not achieve it as far as I can tell.

One way to test robustness of the draft would be this: what should an
implementation do (if anything) if it receives 300.000 replacementkey
subpackets on a key that it parses?  Would it be different from
receiving 1 replacementkey subpackets?  Different from receiving 0
replacementkey subpackets?

So that leaves me with a basic question: actually what problem does this
specification intend to solve?  My reading of the draft suggests that
the replacement key information is intended towards human consumption
only, although this is not explicitly stted.  If the target is indeed
human consumption, what is achieved compared to traditional key
transition statements like the following?
https://josefsson.org/key-transition-2019-03-20.txt

Therefore, I would suggest to more clearly establish what problem we are
trying to solve before adopting this draft.

/Simon

v2.23.0 | Report a Bug | By Email