IETF Logo Mail Archive

Re: [openpgp] [RFC4880bis PATCH] Deprecate "Revocation Key", replacing with full-key "Designated Revoker"

Daniel Kahn Gillmor <dkg@fifthhorseman.net> Sat, 03 August 2019 04:20 UTC

Return-Path: <dkg@fifthhorseman.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D5E81120077 for <openpgp@ietfa.amsl.com>; Fri, 2 Aug 2019 21:20:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=fifthhorseman.net header.b=docmoGJ6; dkim=pass (2048-bit key) header.d=fifthhorseman.net header.b=Jpeb3J74
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3KQ1RcAjI2-H for <openpgp@ietfa.amsl.com>; Fri, 2 Aug 2019 21:20:25 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [IPv6:2001:470:1:116::7]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A5C6B12001A for <openpgp@ietf.org>; Fri, 2 Aug 2019 21:20:25 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019; t=1564806024; h=from : to : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=FqevkwJQYegYvNrfikz9HvdY2Lx9b15LuCCXsSYclxM=; b=docmoGJ6OajocX6UV1pw88uxMJKmXQwixvc3cXuXk+lfdW3ctuuBZiU8 LzbRyHU4WA+Ht03TKCgrEWvZaaiyCw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019rsa; t=1564806024; h=from : to : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=FqevkwJQYegYvNrfikz9HvdY2Lx9b15LuCCXsSYclxM=; b=Jpeb3J74RYw5jhwm42OxBi4iJzDqK5wMNSyFqShov0suD1D2xVfkowJV QOW5z0QrPKa2fuF86bd3Pm/KtYznED3Q4Amxg0mzmx36J6CssfxsBmARDC 2yDzaUOLfGD8XNrPzDOteAmJCHIZizwxO2fnP0KLFyIEB0ZTBczQPyb5IP 1pkB7Jci10SSNLDjBXXQbaOeyS/wqmYV8IFjDWiYzJNPYgAqzi5ay7Enrl mFWXYkVZ5QvhyLfTTgPDlYrFSqHb/jinFD4E94qFMgCtwC8DyADZjb44kH Ux05y57tuI0Xvzfr6mV08A3dA7GtkJDf5gRrVclAidFAAOkDH9jN3A==
Received: from fifthhorseman.net (ool-6c3a0662.static.optonline.net [108.58.6.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id 63C1AF99E for <openpgp@ietf.org>; Sat, 3 Aug 2019 00:20:23 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000) id 8061520431; Sat, 3 Aug 2019 00:18:21 -0400 (EDT)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: IETF OpenPGP WG <openpgp@ietf.org>
In-Reply-To: <20190731203444.4822-1-dkg@fifthhorseman.net>
References: <87iocqepta.fsf@littlepip.fritz.box> <20190731203444.4822-1-dkg@fifthhorseman.net>
Autocrypt: addr=dkg@fifthhorseman.net; prefer-encrypt=mutual; keydata= mDMEXEK/AhYJKwYBBAHaRw8BAQdAr/gSROcn+6m8ijTN0DV9AahoHGafy52RRkhCZVwxhEe0K0Rh bmllbCBLYWhuIEdpbGxtb3IgPGRrZ0BmaWZ0aGhvcnNlbWFuLm5ldD6ImQQTFggAQQIbAQUJA8Jn AAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBMS8Lds4zOlkhevpwvIGkReQOOXGBQJcQsbzAhkB AAoJEPIGkReQOOXG4fkBAO1joRxqAZY57PjdzGieXLpluk9RkWa3ufkt3YUVEpH/AP9c+pgIxtyW +FwMQRjlqljuj8amdN4zuEqaCy4hhz/1DbgzBFxCv4sWCSsGAQQB2kcPAQEHQERSZxSPmgtdw6nN u7uxY7bzb9TnPrGAOp9kClBLRwGfiPUEGBYIACYWIQTEvC3bOMzpZIXr6cLyBpEXkDjlxgUCXEK/ iwIbAgUJAeEzgACBCRDyBpEXkDjlxnYgBBkWCAAdFiEEyQ5tNiAKG5IqFQnndhgZZSmuX/gFAlxC v4sACgkQdhgZZSmuX/iVWgD/fCU4ONzgy8w8UCHGmrmIZfDvdhg512NIBfx+Mz9ls5kA/Rq97vz4 z48MFuBdCuu0W/fVqVjnY7LN5n+CQJwGC0MIA7QA/RyY7Sz2gFIOcrns0RpoHr+3WI+won3xCD8+ sVXSHZvCAP98HCjDnw/b0lGuCR7coTXKLIM44/LFWgXAdZjm1wjODbg4BFxCv50SCisGAQQBl1UB BQEBB0BG4iXnHX/fs35NWKMWQTQoRI7oiAUt0wJHFFJbomxXbAMBCAeIfgQYFggAJhYhBMS8Lds4 zOlkhevpwvIGkReQOOXGBQJcQr+dAhsMBQkB4TOAAAoJEPIGkReQOOXGe/cBAPlek5d9xzcXUn/D kY6jKmxe26CTws3ZkbK6Aa5Ey/qKAP0VuPQSCRxA7RKfcB/XrEphfUFkraL06Xn/xGwJ+D0hCw==
Date: Sat, 03 Aug 2019 00:18:21 -0400
Message-ID: <87h86yrieq.fsf@fifthhorseman.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/QYVpoqUG4218ElDvuZrCmlKv5qY>
Subject: Re: [openpgp] [RFC4880bis PATCH] Deprecate "Revocation Key", replacing with full-key "Designated Revoker"
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 03 Aug 2019 04:20:29 -0000

On Wed 2019-07-31 16:34:44 -0400, Daniel Kahn Gillmor wrote:
> This patch to the spec deprecates the "revocation key" subpacket and
> replaces it with a "designated revoker" subpacket that includes the
> full key, rather than the fingerprint.
[...]
> @@ -1039,7 +1039,7 @@ The value of the subpacket type octet may be:
>             9   Key Expiration Time
>            10   Placeholder for backward compatibility
>            11   Preferred Symmetric Algorithms
> -          12   Revocation Key
> +          12   Revocation Key (deprecated)
>      13 to 15   Reserved
>            16   Issuer
>      17 to 19   Reserved
> @@ -1058,6 +1058,7 @@ The value of the subpacket type octet may be:
>            32   Embedded Signature
>            33   Issuer Fingerprint
>            34   Preferred AEAD Algorithms
> +          35   Designated Revoker
>    100 to 110   Private or experimental
>  
>  An implementation SHOULD ignore any subpacket of a type that it does

I've updated the above to use subpacket ID 36 for "Designated Revoker"
instead of 35, since 35 is already in use in the wild by the "Intended
Recipient Fingerprint" subpacket in at least two implementations i'm
aware of.  (see message-id: 20180305231951.GA21944@calamity from
2018-03-05 on this mailing list, and subsequent discussion)

I've opened https://gitlab.com/openpgp-wg/rfc4880bis/merge_requests/19
to track the "Intended Recipient Fingerprint" subpacket.

   --dkg

v2.23.0 | Report a Bug | By Email