IETF Logo Mail Archive

Re: [openpgp] Call for adoption of draft-gallagher-openpgp-replacementkey

Simon Josefsson <simon@josefsson.org> Sun, 07 April 2024 08:33 UTC

Return-Path: <simon@josefsson.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B9B5CC14F610; Sun, 7 Apr 2024 01:33:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.098
X-Spam-Level:
X-Spam-Status: No, score=-7.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=josefsson.org header.b="t6IU2fVB"; dkim=pass (2736-bit key) header.d=josefsson.org header.b="LukhJW56"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GP5_-FzkvsnR; Sun, 7 Apr 2024 01:33:33 -0700 (PDT)
Received: from uggla.sjd.se (uggla.sjd.se [IPv6:2001:9b1:8633::107]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CDC71C14F609; Sun, 7 Apr 2024 01:33:31 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; q=dns/txt; c=relaxed/relaxed; d=josefsson.org; s=ed2303; h=Content-Type:MIME-Version:Message-ID:In-Reply-To :Date:References:Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding :Content-ID:Content-Description; bh=rVZXbt1r4DUno8yTmpMtf/8My9SnONu2k3PrHGRvANY=; t=1712478800; x=1713688400; b=t6IU2fVBMSTwn9S5swq0eRnTwR2holx6pTyc8lHloLp1R7wQCgYLTSrR+u5FZY4z5Y/WhDdD3ao 2kUmun8dcDg==;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=josefsson.org; s=rsa2303; h=Content-Type:MIME-Version:Message-ID: In-Reply-To:Date:References:Subject:Cc:To:From:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=rVZXbt1r4DUno8yTmpMtf/8My9SnONu2k3PrHGRvANY=; t=1712478800; x=1713688400; b=LukhJW56ykRUBjBFUIq31jgINRriqUWSbvepRBA2Q1i+91NZHudVh9e0JLyfAm3pFW2ftVD4V9j 0pVUbQjPXx2sStBczB/NoLm6AQYWze6VYNDQIUHyq3MFgKpehLjC35Oboo2Pf+0gz5Glq2XDi7CWs WEPnQHInVLenriduyYOW/20LkUCS5b2XunhoIBYZRTdhzYFFgKS7B3PhihZP0UzdAi2N7n+0gRCqy KZb5imP2JpRDoyCK1fNe/9w0ufTg8Ck4pf1CGEnBD8KPbsdt661Eto8+ku16RDytWu7mW6Nyuy/GF 1D7WmxQNIeb3cPiiZ/U3jQmcBQU7xQgayiHb1kRSNZco4o77utukxDiQvgzjMRhqQDollBo1SDRYj Cyw01j/kdeOlFtxfywc+dktpB9rDJyRZbQp9Kq0VnW+YJ1gtbOyim8uHlFTstc7OChO3ZKeAd;
Received: from [2001:9b1:41ac:ff00:823f:5dff:fe09:16ac] (port=54418 helo=kaka) by uggla.sjd.se with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from <simon@josefsson.org>) id 1rtNxk-00AIUn-L4; Sun, 07 Apr 2024 08:33:16 +0000
From: Simon Josefsson <simon@josefsson.org>
To: Andrew Gallagher <andrewg=40andrewg.com@dmarc.ietf.org>
Cc: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, openpgp@ietf.org
References: <87ttkdr5e0.fsf@kaka.sjd.se> <F0D472E0-0B37-416A-9587-F64FF646B0E1@andrewg.com>
OpenPGP: id=B1D2BD1375BECB784CF4F8C4D73CF638C53C06BE; url=https://josefsson.org/key-20190320.txt
X-Hashcash: 1:23:240407:simon=40josefsson.org@dmarc.ietf.org::o2OA4GuoHbLK4qXF:4TMX
X-Hashcash: 1:23:240407:andrewg=40andrewg.com@dmarc.ietf.org::k3FPwllxUrUZ3ChK:B/61
X-Hashcash: 1:23:240407:openpgp@ietf.org::3b/WJkaBmsucfLXy:0Ozyh
X-Hashcash: 1:23:240407:dkg@fifthhorseman.net::2Np+2Uwx8VZ6tfML:0moyI
Date: Sun, 07 Apr 2024 10:32:32 +0200
In-Reply-To: <F0D472E0-0B37-416A-9587-F64FF646B0E1@andrewg.com> (Andrew Gallagher's message of "Sun, 7 Apr 2024 09:07:17 +0100")
Message-ID: <87plv1r2sf.fsf@kaka.sjd.se>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/O2Vo-U1GNQpU3_j1sz12Tsglm18>
Subject: Re: [openpgp] Call for adoption of draft-gallagher-openpgp-replacementkey
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 07 Apr 2024 08:33:38 -0000

Andrew Gallagher <andrewg=40andrewg.com@dmarc.ietf.org> writes:

> On 7 Apr 2024, at 08:37, Simon Josefsson <simon=40josefsson.org@dmarc.ietf.org> wrote:
>> 
>> There seems to be a gap between the draft and the motivation above,
>> regarding one crucial aspect: the draft does not suggest that any
>> automatic processing of the new key should be done, but instead rather
>> recommends against that, saying that the replacement key should be
>> validated as any other key.  
>
> There is no conflict here - trust calculations are generally performed
> automatically, as are key discovery and key selection.  The draft
> merely says that the new subpacket conveys no *extra* trust to the new
> key that it would not otherwise have. It does not prevent automatic
> processing.
>
> a) if a trusted key has a replacement key subpacket pointing to an
> unknown key, that key can be automatically obtained (by the usual
> means), and
>
> b) if two trusted keys are available, and one has a replacement key
> subpacket pointing to the other, the second should be preferred
>
> Neither of these require explicit user intervention.

Hi Andrew.  If automatic processing is one intended purpose use of the
specification, some discussion of how that is intended to happen is
needed.  Right now it was not possible for me to tell what the purpose
of the draft is, so I think going back and answer "What problem are we
trying to solve?" first will help get a reviews for this in the right
context.  Hopefully that isn't difficult?

If automatic processing is intended, I think readers should come away
with some understanding of how that automatic processing is intended to
be implemented given a key that has 0, 1, 2 and 300.000 replacementkey
subpackets.

/Simon

v2.23.0 | Report a Bug | By Email