[openpgp] Re: I-D Action: draft-ietf-openpgp-replacementkey-01.txt

Daniel Huigens <d.huigens@protonmail.com> Mon, 04 November 2024 13:41 UTC

Return-Path: <d.huigens@protonmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D8CBC20C8D8 for <openpgp@ietfa.amsl.com>; Mon, 4 Nov 2024 05:41:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=protonmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l0MI5WCkT-tm for <openpgp@ietfa.amsl.com>; Mon, 4 Nov 2024 05:41:43 -0800 (PST)
Received: from mail-4322.protonmail.ch (mail-4322.protonmail.ch [185.70.43.22]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 672EAC06EEE6 for <openpgp@ietf.org>; Mon, 4 Nov 2024 05:41:36 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1730727693; x=1730986893; bh=AOV7VgfIEAjP5a9BITnJ2CU1inp/TXZCKz4mu/yk6W4=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector:List-Unsubscribe:List-Unsubscribe-Post; b=fsXtty2kYINENBgGO9EQacxGVowNKN35O8UWzPeWBjmZf8Db9ccrzIw+RRNoYQXAZ 5QG3Zs0ZjksTLZymJj0oG4LcegL6N4pitVbwQp2ztxNKcvQbppbIqE0512Zw6TdylU jxDt7NYYrur9tn9qKYEB8uwTl1ojZ1tJdj27pt/LFkZhkGFIlr0/UVis+YvLQrq0Tf XQZOMikv+dKOKDRfbWoOX4ftWrpBx63zTXxieCj28CDCItsjtZYKNlFMvGKJozBSwv BvHrnwYzBMe87pxesuEdXQOaxU7cdisQUHE1cO4svPCulsckM0/sP59TLVnZjEn9ua st5GczFPfYiYA==
Date: Mon, 04 Nov 2024 13:41:28 +0000
To: andrewg <andrewg=40andrewg.com@dmarc.ietf.org>
From: Daniel Huigens <d.huigens@protonmail.com>
Message-ID: <NTlxBlhH2JhYDKmwkH7V4sD2Y8w0smzvTlZ4tNh9zTLuNPVlt-MNv1Vhf13YXwJTb8MAISj6NU2F_m92zA5lT1oJ3BaF7-wEpeXQN9KY-5g=@protonmail.com>
In-Reply-To: <035e2d8c7923f8754d5acb7ab98cd51e@andrewg.com>
References: <d3d5e59e-2ddb-4b4d-867e-b8a7f1df203c@posteo.de> <B20FD242-AD3D-4A30-86F4-8AA8A9157DC8@andrewg.com> <87v7x4qx2f.fsf@fifthhorseman.net> <035e2d8c7923f8754d5acb7ab98cd51e@andrewg.com>
Feedback-ID: 2934448:user:proton
X-Pm-Message-ID: 2200ac49fc516686cc5fcbb06c6726767df7a02e
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: UJJE7NTMWQN7IUK4EJDBQ3ZDVEI53JUF
X-Message-ID-Hash: UJJE7NTMWQN7IUK4EJDBQ3ZDVEI53JUF
X-MailFrom: d.huigens@protonmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-openpgp.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, openpgp@ietf.org, Heiko Schäfer <heiko.schaefer@posteo.de>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [openpgp] Re: I-D Action: draft-ietf-openpgp-replacementkey-01.txt
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/T0y_JrF0g7EJg4sMiUEpj7KnZRU>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Owner: <mailto:openpgp-owner@ietf.org>
List-Post: <mailto:openpgp@ietf.org>
List-Subscribe: <mailto:openpgp-join@ietf.org>
List-Unsubscribe: <mailto:openpgp-leave@ietf.org>

On Monday, November 4th, 2024 at 13:51, andrewg wrote:
> The imprint is only included in order to ensure that
> automated fallback from a v6 key to a v4 key has exactly the same
> cryptographic strength as going the other way. It is arguable that it is
> already overkill...

Yeah. I personally also don't think the v6->v4 binding is all that
important. I would expect/hope that the primary use of this draft is to
switch from a v4 to a v6 key (identified by a SHA256 fingerprint
already). Even for cases where you care about the reverse somehow,
I don't think the issue with using SHA1 is all that critical.

That being said, I also don't think the imprint is a large burden to
implement, since we (Proton) already have the concept of SHA256-
Fingerprints for v4 keys (for Key Transparency), admittedly for similar
reasons (not having to rely on SHA1 simplifies the security story - but
again, even that I'm not sure really applies here if what we care about
is the v4->v6 transition).

So either way, I'm not strongly opposed to any of the options but having
only the fingerprint seems simplest to me.

Best,
Daniel