IETF Logo Mail Archive

Re: [openpgp] marking subkeys as constrained for specific use -- new key usage flags?

Jon Callas <jon@callas.org> Tue, 05 March 2013 16:10 UTC

Return-Path: <jon@callas.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4AE9521F8999 for <openpgp@ietfa.amsl.com>; Tue, 5 Mar 2013 08:10:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zi75LrvL3l2g for <openpgp@ietfa.amsl.com>; Tue, 5 Mar 2013 08:10:43 -0800 (PST)
Received: from mail.merrymeet.com (merrymeet.com [173.164.244.100]) by ietfa.amsl.com (Postfix) with ESMTP id CD90121F8901 for <openpgp@ietf.org>; Tue, 5 Mar 2013 08:10:43 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mail.merrymeet.com (Postfix) with ESMTP id 67B3F225F883; Tue, 5 Mar 2013 08:10:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at merrymeet.com
Received: from mail.merrymeet.com ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4h01IISKpIP7; Tue, 5 Mar 2013 08:10:34 -0800 (PST)
Received: from keys.merrymeet.com (keys.merrymeet.com [173.164.244.97]) by mail.merrymeet.com (Postfix) with ESMTPSA id E8FD8225F860; Tue, 5 Mar 2013 08:10:30 -0800 (PST)
Received: from [172.16.13.170] ([23.24.110.141]) by keys.merrymeet.com (PGP Universal service); Tue, 05 Mar 2013 08:10:34 -0800
X-PGP-Universal: processed; by keys.merrymeet.com on Tue, 05 Mar 2013 08:10:34 -0800
Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\))
From: Jon Callas <jon@callas.org>
In-Reply-To: <6F1173CD-290C-4A38-BD80-152C5E553D1F@jabberwocky.com>
Date: Tue, 05 Mar 2013 08:10:30 -0800
Message-Id: <B18461E9-7F88-4B85-AAD7-83E31C79DBD4@callas.org>
References: <5135BDE6.1070200@fifthhorseman.net> <6F1173CD-290C-4A38-BD80-152C5E553D1F@jabberwocky.com>
To: David Shaw <dshaw@jabberwocky.com>
X-Mailer: Apple Mail (2.1499)
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Cc: IETF OpenPGP <openpgp@ietf.org>, Jon Callas <jon@callas.org>, Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Subject: Re: [openpgp] marking subkeys as constrained for specific use -- new key usage flags?
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Mar 2013 16:10:44 -0000

On Mar 5, 2013, at 7:19 AM, David Shaw <dshaw@jabberwocky.com> wrote:

> 
> I'd do this with a notation (option B, which can be marked as critical if you desire).  The Usage flags are helpful but I don't think they have the ability to carry enough information to really state what you are trying to say.  Usage is more "this key can may be used for authentication", and it sounds like what you're looking for is "this key may be used for authentication, but only in the context of OTR".

Usage flags are there for broad declarations. For example, so that you use an RSA key for encryption but not signing, or a signing key for authentication-based signing, but not documents.

If you're really going to put protocol-specific notes in, then notations are the way to go.

> 
> I can't speak for all OpenPGP implementations, but GPG will correctly reject a subkey binding signature if it has a critical notation that GPG doesn't know about.  I'm not sure if that helps or hurts your plan, though, as without adding code to GPG to understand your notation, you won't easily be able to show a connection from your OpenPGP key to the OTR subkey.

There's a problem with criticality as a concept in general, and that is that if you really do private development, it can cause things to explode in ways that are not useful.

In this case, we have an authentication-only subkey that's intended to be used for OTR. If you mark it as authentication-only, it's not going to be used for document signing, which is really what you want. It's possible that some other authentication protocol could grab it, but is that really a problem?

This brings us to the problem with criticality. It's supposed to keep some item from being used in an unknown way. But it can also fail in unexpected ways. I've seen criticality flags cause all sorts of weird issues in other systems, and the usual fix is not to make it critical.

	Jon

v2.23.0 | Report a Bug | By Email