Re: [openpgp] To bind or not to bind
Falko Strenzke <falko.strenzke@mtg.de> Mon, 25 March 2024 10:42 UTC
Return-Path: <falko.strenzke@mtg.de>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8DF7AC14F685 for <openpgp@ietfa.amsl.com>; Mon, 25 Mar 2024 03:42:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.106
X-Spam-Level:
X-Spam-Status: No, score=-7.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mtg.de
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AWNYQmOsmvZd for <openpgp@ietfa.amsl.com>; Mon, 25 Mar 2024 03:42:50 -0700 (PDT)
Received: from www.mtg.de (www.mtg.de [IPv6:2a02:b98:8:2::2]) (using TLSv1.3 with cipher TLS_CHACHA20_POLY1305_SHA256 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AFD29C14F605 for <openpgp@ietf.org>; Mon, 25 Mar 2024 03:42:48 -0700 (PDT)
Received: from minka.mtg.de (minka [IPv6:2a02:b98:8:1:0:0:0:9]) by www.mtg.de (8.18.1/8.18.1) with ESMTPS id 42PAgfNb023979 (version=TLSv1.3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256 verify=NOT); Mon, 25 Mar 2024 11:42:41 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mtg.de; s=mail201801; t=1711363361; bh=Oc0WmQ+RCqm62z5C6WbBQOXNBiu2U5iZWwt2LabnhVE=; h=Date:Subject:To:References:From:In-Reply-To; b=qyUYmF9zL537IndE5HNmw3G2HchUAiCMpNbg+9sMH6xQ+lsayhqR5gPt1Hoyh+x8T 5/uSrtHN0OPdMB/tNoHMn8QAfadXpSNbuUaxddERvPpCybfyZiicMHMH16imaKjnxc nD/VwFoXlGJ9mnBLc72UNzAZcZxHMTmnB6jtcIGDA41ZuLE+QgOItmOuN2TReBMqcy DNRlxK1vwwCricIXXXJLnHQv/vi0y+TB8KZ3d1FR6wlCUBP3W++InCProuPuqVlAUX VyiJwzHZI6hS0PNI2DIUgvvPgG6SxQXPL9vGhtsia90DgJVgFwE+y0j+yTCmcK9cmm py+dACo0PWLng==
Received: from [10.8.0.100] (vpn-10-8-0-100 [10.8.0.100]) by minka.mtg.de (8.18.1/8.18.1) with ESMTPS id 42PAgeR0032453 (version=TLSv1.3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256 verify=NOT); Mon, 25 Mar 2024 11:42:40 +0100
Message-ID: <3aa2e29c-fffb-4797-b8ed-0d8dabd7a633@mtg.de>
Date: Mon, 25 Mar 2024 11:42:40 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, openpgp@ietf.org
References: <EGivTgyfjNm_TAvhds1OPA2c0O6LP9lFnkwWHHKLJY8ReJOgtDh3tnYsCSR8yrrBLbpeehtUgIJEhynae8L3daRimNiGO7BAb3cVvC66q-4=@wussler.it> <87y1a938fl.fsf@fifthhorseman.net>
Content-Language: en-GB
From: Falko Strenzke <falko.strenzke@mtg.de>
In-Reply-To: <87y1a938fl.fsf@fifthhorseman.net>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-512"; boundary="------------ms050806020305020701020602"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/QZdliPdIFlISzNsSkKFRxZU8QNA>
Subject: Re: [openpgp] To bind or not to bind
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Mar 2024 10:42:54 -0000
Am 23.03.24 um 04:59 schrieb Daniel Kahn Gillmor: > Thanks for asking this question, Aron. > > With no hats on, here are my preferences: > > On Thu 2024-03-21 20:26:26 +0000, Aron Wussler wrote: > >> (1) Whether PQC encryption algorithms can be used only in v6 keys > I am still undecided on (1). I think the main question is how we anticipate the evolution of two different aspects: How fast the lack of forward compatibility regarding unknown algorithm IDs can be fixed in the major implementations on the one hand and how fast v6 will be widely supported on the other hand. I don't want to sound negative, but currently I don't expect a fast way to a widely deployed support for v6. Given the well-known problem of the competing successors of v4, I think most of the maintainers of applications and Linux distributions will be conservative here because an unimpaired user experience has number one priority for them (else it's them who'll have to deal with the complaints etc.). Enabling PQC with v4 in a backwards compatible manner by 1) fixing the forward compatibility of the affected implementations 2) introducing v4 PQC encryption support seems to be easier to achieve. And, in line with Aron's argument, I would see this as a first step towards modernization in OpenPGP deployments which would hopefully build the confidence and experience for the v6 migration as the next step. > >> (2) Whether PQC encryption algorithms can be used only with SEIPDv2 > I think the answer here should be: "PQC encryption-capable subkeys MAY > be used with SEIPDv1 when encrypting a single message to multiple > parties, and some of the recipient parties do not support SEIPDv2". > > I would not object to a statement like "Binding a PQC encryption-capable > subkey into a certificate implies setting Feature Flag 0x08 (SEIPDv2 > support)". We basically already require implementations to impute > Feature Flag 0x01 (SEIPDv1 support) even if it is not explicitly set, > because SED encryption needs to go away. And an implementation that can > implement PQC but is incapable of implementing SEIPDv2 would be very > surprising. Why not couple them explicitly to move users to the more > robust format? This proposal sounds reasonable to me. > > OTOH, I would *not* want to introduce a new failure mode for a case > where i can encrypt to two distinct certs individually, but i cannot > encrypt to the two of them together. That strikes me as terribly > unfriendly to the application layer. Does anyone think that would be an > acceptable outcome? No, I think it is clear that we need the compatibility to SEIPDv1 where it is necessary. - Falko > > --dkg > > _______________________________________________ > openpgp mailing list > openpgp@ietf.org > https://www.ietf.org/mailman/listinfo/openpgp -- *MTG AG* Dr. Falko Strenzke Executive System Architect Phone: +49 6151 8000 24 E-Mail: falko.strenzke@mtg.de Web: mtg.de <https://www.mtg.de> <https://www.linkedin.com/search/results/all/?fetchDeterministicClustersOnly=true&heroEntityKey=urn%3Ali%3Aorganization%3A13983133&keywords=mtg%20ag&origin=RICH_QUERY_SUGGESTION&position=0&searchId=d5bc71c3-97f7-4cae-83e7-e9e16d497dc2&sid=3S5&spellCorrectionEnabled=false> Follow us ------------------------------------------------------------------------ <https://www.mtg.de/de/aktuelles/MTG-AG-erhaelt-Innovationspreis-des-Bundesverbands-IT-Sicherheit-e.V-00001.-TeleTrust/> <https://www.itsa365.de/de-de/companies/m/mtg-ag> MTG AG - Dolivostr. 11 - 64293 Darmstadt, Germany Commercial register: HRB 8901 Register Court: Amtsgericht Darmstadt Management Board: Jürgen Ruf (CEO), Tamer Kemeröz Chairman of the Supervisory Board: Dr. Thomas Milde This email may contain confidential and/or privileged information. If you are not the correct recipient or have received this email in error, please inform the sender immediately and delete this email.Unauthorised copying or distribution of this email is not permitted. Data protection information: Privacy policy <https://www.mtg.de/en/privacy-policy>
- [openpgp] To bind or not to bind Aron Wussler
- Re: [openpgp] To bind or not to bind Justus Winter
- Re: [openpgp] To bind or not to bind Johannes Roth
- Re: [openpgp] To bind or not to bind Kai Engert
- Re: [openpgp] To bind or not to bind Andrew Gallagher
- Re: [openpgp] To bind or not to bind Kai Engert
- Re: [openpgp] To bind or not to bind Daniel Huigens
- Re: [openpgp] To bind or not to bind Andrew Gallagher
- Re: [openpgp] To bind or not to bind Daniel Kahn Gillmor
- Re: [openpgp] To bind or not to bind Andrew Gallagher
- Re: [openpgp] To bind or not to bind Daniel Kahn Gillmor
- Re: [openpgp] To bind or not to bind Justus Winter
- Re: [openpgp] To bind or not to bind Aron Wussler
- Re: [openpgp] To bind or not to bind Kai Engert
- Re: [openpgp] To bind or not to bind Bart Butler
- Re: [openpgp] To bind or not to bind Justus Winter
- Re: [openpgp] To bind or not to bind Daniel Kahn Gillmor
- Re: [openpgp] To bind or not to bind Daniel Kahn Gillmor
- Re: [openpgp] To bind or not to bind Aron Wussler
- Re: [openpgp] To bind or not to bind Aron Wussler
- Re: [openpgp] To bind or not to bind Andrew Gallagher
- Re: [openpgp] To bind or not to bind Daniel Kahn Gillmor
- Re: [openpgp] To bind or not to bind Aron Wussler
- Re: [openpgp] To bind or not to bind Justus Winter
- Re: [openpgp] To bind or not to bind Kai Engert
- Re: [openpgp] To bind or not to bind Justus Winter
- Re: [openpgp] To bind or not to bind Aron Wussler
- Re: [openpgp] To bind or not to bind Falko Strenzke
- Re: [openpgp] To bind or not to bind Johannes Roth
- Re: [openpgp] To bind or not to bind Andrew Gallagher
- Re: [openpgp] To bind or not to bind Justus Winter
- Re: [openpgp] To bind or not to bind Nickolay Olshevsky
- Re: [openpgp] To bind or not to bind Nickolay Olshevsky
- Re: [openpgp] To bind or not to bind Falko Strenzke
- Re: [openpgp] To bind or not to bind Werner Koch
- Re: [openpgp] To bind or not to bind Justus Winter
- Re: [openpgp] To bind or not to bind Andrew Gallagher
- Re: [openpgp] To bind or not to bind Justus Winter
- Re: [openpgp] To bind or not to bind Andrew Gallagher
- Re: [openpgp] To bind or not to bind Bart Butler
- Re: [openpgp] To bind or not to bind Michael Richardson
- Re: [openpgp] To bind or not to bind Falko Strenzke
- Re: [openpgp] To bind or not to bind Andrew Gallagher
- Re: [openpgp] To bind or not to bind Aron Wussler
- Re: [openpgp] To bind or not to bind Heiko Schäfer
- Re: [openpgp] To bind or not to bind Bart Butler