IETF Logo Mail Archive

Re: [openpgp] Combining signature with signer's public key

Wiktor Kwapisiewicz <wiktor@metacode.biz> Fri, 11 December 2020 09:01 UTC

Return-Path: <wiktor@metacode.biz>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 27D1C3A083C for <openpgp@ietfa.amsl.com>; Fri, 11 Dec 2020 01:01:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=metacode.biz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WRkXgTFsu59M for <openpgp@ietfa.amsl.com>; Fri, 11 Dec 2020 01:01:55 -0800 (PST)
Received: from mail-ej1-x644.google.com (mail-ej1-x644.google.com [IPv6:2a00:1450:4864:20::644]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EDC573A082F for <openpgp@ietf.org>; Fri, 11 Dec 2020 01:01:54 -0800 (PST)
Received: by mail-ej1-x644.google.com with SMTP id a16so11295690ejj.5 for <openpgp@ietf.org>; Fri, 11 Dec 2020 01:01:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=metacode.biz; s=2017; h=subject:to:cc:references:from:organization:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=qn+bs68vJ4by8UMx3pEtjZhxbFshvNqTEdJtYtF6teU=; b=bp0wIp+nIgK4VoY+olVXgPAcOxAHfvZFJ8AliVeo7JRSmrue2jXc/ggRwidwCshQJF 1qmGIMdUDKxPZuu2oSMdaKJ9/eljqgnjWqyUjXxWMKIOswpsGQxVYeqtQLpZNhNFm+7H Fbtl9px5Sr7uf73aDSqK5EGfS7OiDUgwGknu7ZXxDVxsifOmrMyg/LzemjiueJbNFnQb G9/1eadGPZsWpxVo4iSRsBs4+g/FIHfiAYzrfMZDTeROVLGvFKX1UKYLbE4ff6FznPES 8GcbjF4zjZmIOs7kDFuZCrahgRy/MHSSQ4aLhJGcwtIbGEn6paCQZ7izxeJFLg+jN36E yBfw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:organization :message-id:date:user-agent:mime-version:in-reply-to :content-language:content-transfer-encoding; bh=qn+bs68vJ4by8UMx3pEtjZhxbFshvNqTEdJtYtF6teU=; b=aXJGuElENhXvM50BEDkRwPYQkJ4yds2F0KwkhJldpS10rKna+uVBkJtvMB0VR3R1KV QU3ha4mODQbaWelwbAeW9aDk2Xx+/tJndsYfsL4hVOe9uumLfZJY+r5jWeGYx/PJYLqb uK9dwv+PgBbk+y0RkYmJpigELHqBCGAb1ETJUD0S0nDcSquxWsRPSIXrFVyru//5xbwa k0nC/aJRzMOHKZqm3XwKbDHiCTtRHu0RjOJAl0w2LDoI44fu+8ydHgLOsRjRLCXIEops GHu76ND3DJI1+4t4VZcdXgX5KjHT2ofKnygrJYqUxUoX4lqoCs/wg64ahQv/YZTLRv0Q 6D6Q==
X-Gm-Message-State: AOAM530TDAtFy+uEvFh+AMIqqd/J6kyUgusSIkYLAZqbNmxRMdQTM7/m dvGMEnxthtSjZ41VciKzzsXRNUhBgE7Cgg==
X-Google-Smtp-Source: ABdhPJy4+SeZDrwJ9+L2BCQtLuc8davZvglANolIbqHbGKX0oKS0cfVNEFGprgxRNtAlQtpmgEhHSQ==
X-Received: by 2002:a17:906:e082:: with SMTP id gh2mr9658815ejb.406.1607677312939; Fri, 11 Dec 2020 01:01:52 -0800 (PST)
Received: from [192.168.2.69] (aeca158.neoplus.adsl.tpnet.pl. [79.186.52.158]) by smtp.googlemail.com with ESMTPSA id pk19sm6404682ejb.32.2020.12.11.01.01.51 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 11 Dec 2020 01:01:52 -0800 (PST)
To: "Neal H. Walfield" <neal@walfield.org>
Cc: Kai Engert <kaie@kuix.de>, openpgp@ietf.org
References: <48be3fcf-cdce-9ef4-655b-63b6dddf9310@kuix.de> <5ecf5a5c-6eaa-7929-bb8e-c1bf776fb3d4@metacode.biz> <87h7osyc4j.wl-neal@walfield.org>
From: Wiktor Kwapisiewicz <wiktor@metacode.biz>
Organization: Metacode
Message-ID: <d9a21d21-1951-9c4d-afc6-b75692e3d0ad@metacode.biz>
Date: Fri, 11 Dec 2020 10:01:49 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.4.3
MIME-Version: 1.0
In-Reply-To: <87h7osyc4j.wl-neal@walfield.org>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/RFR8hMcylRRjhrq9ut6m-oWVi-4>
Subject: Re: [openpgp] Combining signature with signer's public key
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Dec 2020 09:01:57 -0000

Hi Neal,

On 11.12.2020 09:34, Neal H. Walfield wrote:
> One thing to be aware of: the subpacket areas can only hold 64kb of
> data.  So, you really should minimize the certificate.

Minimizing the certificate is actually a good idea regardless of the 
certificate transport method (Autocrypt header, signature subpacket, 
notation etc.).

It would be good to specify what actually would that minimized cert 
contain. I think the primary key + valid encryption subkey + signing key 
that signed the e-mail + User ID of the sender which contains their 
e-mail address (or the primary one if there is no better match) would 
constitute the minimal set. Of course clients on the receiving side 
should properly merge the cert with what they already have (*not* 
replace it).

Kind regards,
Wiktor

-- 
https://metacode.biz/@wiktor

v2.23.0 | Report a Bug | By Email