IETF Logo Mail Archive

Re: [openpgp] To bind or not to bind

Falko Strenzke <falko.strenzke@mtg.de> Mon, 25 March 2024 10:42 UTC

Return-Path: <falko.strenzke@mtg.de>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8DF7AC14F685 for <openpgp@ietfa.amsl.com>; Mon, 25 Mar 2024 03:42:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.106
X-Spam-Level:
X-Spam-Status: No, score=-7.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mtg.de
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AWNYQmOsmvZd for <openpgp@ietfa.amsl.com>; Mon, 25 Mar 2024 03:42:50 -0700 (PDT)
Received: from www.mtg.de (www.mtg.de [IPv6:2a02:b98:8:2::2]) (using TLSv1.3 with cipher TLS_CHACHA20_POLY1305_SHA256 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AFD29C14F605 for <openpgp@ietf.org>; Mon, 25 Mar 2024 03:42:48 -0700 (PDT)
Received: from minka.mtg.de (minka [IPv6:2a02:b98:8:1:0:0:0:9]) by www.mtg.de (8.18.1/8.18.1) with ESMTPS id 42PAgfNb023979 (version=TLSv1.3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256 verify=NOT); Mon, 25 Mar 2024 11:42:41 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mtg.de; s=mail201801; t=1711363361; bh=Oc0WmQ+RCqm62z5C6WbBQOXNBiu2U5iZWwt2LabnhVE=; h=Date:Subject:To:References:From:In-Reply-To; b=qyUYmF9zL537IndE5HNmw3G2HchUAiCMpNbg+9sMH6xQ+lsayhqR5gPt1Hoyh+x8T 5/uSrtHN0OPdMB/tNoHMn8QAfadXpSNbuUaxddERvPpCybfyZiicMHMH16imaKjnxc nD/VwFoXlGJ9mnBLc72UNzAZcZxHMTmnB6jtcIGDA41ZuLE+QgOItmOuN2TReBMqcy DNRlxK1vwwCricIXXXJLnHQv/vi0y+TB8KZ3d1FR6wlCUBP3W++InCProuPuqVlAUX VyiJwzHZI6hS0PNI2DIUgvvPgG6SxQXPL9vGhtsia90DgJVgFwE+y0j+yTCmcK9cmm py+dACo0PWLng==
Received: from [10.8.0.100] (vpn-10-8-0-100 [10.8.0.100]) by minka.mtg.de (8.18.1/8.18.1) with ESMTPS id 42PAgeR0032453 (version=TLSv1.3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256 verify=NOT); Mon, 25 Mar 2024 11:42:40 +0100
Message-ID: <3aa2e29c-fffb-4797-b8ed-0d8dabd7a633@mtg.de>
Date: Mon, 25 Mar 2024 11:42:40 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, openpgp@ietf.org
References: <EGivTgyfjNm_TAvhds1OPA2c0O6LP9lFnkwWHHKLJY8ReJOgtDh3tnYsCSR8yrrBLbpeehtUgIJEhynae8L3daRimNiGO7BAb3cVvC66q-4=@wussler.it> <87y1a938fl.fsf@fifthhorseman.net>
Content-Language: en-GB
From: Falko Strenzke <falko.strenzke@mtg.de>
In-Reply-To: <87y1a938fl.fsf@fifthhorseman.net>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-512"; boundary="------------ms050806020305020701020602"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/QZdliPdIFlISzNsSkKFRxZU8QNA>
Subject: Re: [openpgp] To bind or not to bind
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Mar 2024 10:42:54 -0000

Am 23.03.24 um 04:59 schrieb Daniel Kahn Gillmor:
> Thanks for asking this question, Aron.
>
> With no hats on, here are my preferences:
>
> On Thu 2024-03-21 20:26:26 +0000, Aron Wussler wrote:
>
>>   (1) Whether PQC encryption algorithms can be used only in v6 keys
> I am still undecided on (1).

I think the main question is how we anticipate the evolution of two 
different aspects: How fast the lack of forward compatibility regarding 
unknown algorithm IDs can be fixed in the major implementations on the 
one hand and how fast v6 will be widely supported on the other hand.

I don't want to sound negative, but currently I don't expect a fast way 
to a widely deployed support for v6. Given the well-known problem of the 
competing successors of v4, I think most of the maintainers of 
applications and Linux distributions will be conservative here because 
an unimpaired user experience has number one priority for them (else 
it's them who'll have to deal with the complaints etc.). Enabling PQC 
with v4 in a backwards compatible manner by

1) fixing the forward compatibility of the affected implementations
2) introducing v4 PQC encryption support

seems to be easier to achieve. And, in line with Aron's argument, I 
would see this as a first step towards modernization in OpenPGP 
deployments which would hopefully build the confidence and experience 
for the v6 migration as the next step.

>
>>   (2) Whether PQC encryption algorithms can be used only with SEIPDv2
> I think the answer here should be: "PQC encryption-capable subkeys MAY
> be used with SEIPDv1 when encrypting a single message to multiple
> parties, and some of the recipient parties do not support SEIPDv2".
>
> I would not object to a statement like "Binding a PQC encryption-capable
> subkey into a certificate implies setting Feature Flag 0x08 (SEIPDv2
> support)".  We basically already require implementations to impute
> Feature Flag 0x01 (SEIPDv1 support) even if it is not explicitly set,
> because SED encryption needs to go away.  And an implementation that can
> implement PQC but is incapable of implementing SEIPDv2 would be very
> surprising.  Why not couple them explicitly to move users to the more
> robust format?
This proposal sounds reasonable to me.
>
> OTOH, I would *not* want to introduce a new failure mode for a case
> where i can encrypt to two distinct certs individually, but i cannot
> encrypt to the two of them together.  That strikes me as terribly
> unfriendly to the application layer.  Does anyone think that would be an
> acceptable outcome?

No, I think it is clear that we need the compatibility to SEIPDv1 where 
it is necessary.

- Falko

>
>     --dkg
>
> _______________________________________________
> openpgp mailing list
> openpgp@ietf.org
> https://www.ietf.org/mailman/listinfo/openpgp
-- 

*MTG AG*
Dr. Falko Strenzke
Executive System Architect

Phone: +49 6151 8000 24
E-Mail: falko.strenzke@mtg.de
Web: mtg.de <https://www.mtg.de>

<https://www.linkedin.com/search/results/all/?fetchDeterministicClustersOnly=true&heroEntityKey=urn%3Ali%3Aorganization%3A13983133&keywords=mtg%20ag&origin=RICH_QUERY_SUGGESTION&position=0&searchId=d5bc71c3-97f7-4cae-83e7-e9e16d497dc2&sid=3S5&spellCorrectionEnabled=false>
Follow us
------------------------------------------------------------------------
<https://www.mtg.de/de/aktuelles/MTG-AG-erhaelt-Innovationspreis-des-Bundesverbands-IT-Sicherheit-e.V-00001.-TeleTrust/> 
<https://www.itsa365.de/de-de/companies/m/mtg-ag>

MTG AG - Dolivostr. 11 - 64293 Darmstadt, Germany
Commercial register: HRB 8901
Register Court: Amtsgericht Darmstadt
Management Board: Jürgen Ruf (CEO), Tamer Kemeröz
Chairman of the Supervisory Board: Dr. Thomas Milde

This email may contain confidential and/or privileged information. If 
you are not the correct recipient or have received this email in error,
please inform the sender immediately and delete this email.Unauthorised 
copying or distribution of this email is not permitted.

Data protection information: Privacy policy 
<https://www.mtg.de/en/privacy-policy>

v2.23.0 | Report a Bug | By Email