IETF Logo Mail Archive

[openpgp] Re: I-D Action: draft-ietf-openpgp-replacementkey-02.txt

Andrew Gallagher <andrewg@andrewg.com> Mon, 27 January 2025 16:55 UTC

Return-Path: <andrewg@andrewg.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 67D2AC1930D8 for <openpgp@ietfa.amsl.com>; Mon, 27 Jan 2025 08:55:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.103
X-Spam-Level:
X-Spam-Status: No, score=-2.103 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=andrewg.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eOIp30_IezlL for <openpgp@ietfa.amsl.com>; Mon, 27 Jan 2025 08:55:44 -0800 (PST)
Received: from fum.andrewg.com (fum.andrewg.com [135.181.198.78]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0266FC165518 for <openpgp@ietf.org>; Mon, 27 Jan 2025 08:55:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=andrewg.com; s=andrewg-com; t=1737996940; bh=hjWhZ+NsuXqHmAAp+tjf/dtLplGKzBpBl5ks6gj+A1s=; h=From:Subject:Date:In-Reply-To:Cc:To:References:From; b=r054hYIyfEYjVsV2fWv6paXC/6Eb/ZFYB0ur/rjGa/rZtV7u1qO0Xn9vtjNU/N4Kz aVoOihA71I3WcMbhNXDgKK4L7RJ+EWX3VwHjVngnOw+yENkUuqkCaN7G+yI5KbV7jl eh7eOdTcqw2YnkiScPyohwLLMi+aZl07qFqjxF4UsLPHzFs/leBFaPPeKPJfJAK97c UT2/btAA1tF4X8NUziX0RLn76wsmbtNyAz1BxhomwMFMV4pfA4kEmOoYXpJrLOCncp WuFviQvu0Mo4qIATjfb4Jf0vy0p2gUKpB7i77k5Fk1Ou4c7BeuRiTZtLH691gS71BE DZCCPJV3GD4VQ==
Received: from smtpclient.apple (serenity [IPv6:fc93:5820:7349:eda2:99a7::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by fum.andrewg.com (Postfix) with ESMTPSA id 916485DC93; Mon, 27 Jan 2025 16:55:40 +0000 (UTC)
From: Andrew Gallagher <andrewg@andrewg.com>
Message-Id: <7A36921B-C6A1-44D2-9E9C-76D5104BCEC0@andrewg.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_BCF4F2EB-0080-4140-9C90-DF284BFBA787"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.700.6.1.9\))
Date: Mon, 27 Jan 2025 16:55:15 +0000
In-Reply-To: <BEeS2ActRDMBc7u_4OgmX06FsbP4SQRe-bS1rRTWUUjJEay00OYlNcp7hxhHwCY3Y1dMU3XKXF346dBAVwiQrGxvJKz6iznQyNC1u9LC1Cs=@protonmail.com>
To: Daniel Huigens <d.huigens=40protonmail.com@dmarc.ietf.org>, IETF OpenPGP WG <openpgp@ietf.org>
References: <173264571597.581885.1047714570419252899@dt-datatracker-5679c9c6d-qbvvv> <14B07CCC-BD69-4302-9E1C-96B853942C5F@andrewg.com> <cb1627a3-1257-4177-9917-9ea7d73652b1@mtg.de> <EEED1E4F-973E-4424-88F0-5D81BD6F997F@andrewg.com> <2649917e-59f4-4f9a-a3fb-b348061a3f35@mtg.de> <2014BBED-66A4-4C75-8F53-C272028358B7@andrewg.com> <EFF27E24-69BE-41E1-B595-6818E7BD65AC@andrewg.com> <BEeS2ActRDMBc7u_4OgmX06FsbP4SQRe-bS1rRTWUUjJEay00OYlNcp7hxhHwCY3Y1dMU3XKXF346dBAVwiQrGxvJKz6iznQyNC1u9LC1Cs=@protonmail.com>
X-Mailer: Apple Mail (2.3731.700.6.1.9)
Message-ID-Hash: 4E5EK6WZLLLOAT65HTW6CJP2EBVFWM43
X-Message-ID-Hash: 4E5EK6WZLLLOAT65HTW6CJP2EBVFWM43
X-MailFrom: andrewg@andrewg.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-openpgp.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Andrew Gallagher <andrewg=40andrewg.com@dmarc.ietf.org>, Johannes Roth <johannes.roth@mtg.de>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [openpgp] Re: I-D Action: draft-ietf-openpgp-replacementkey-02.txt
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/TOm4XuXu8W8ptQROsRVPZLUDuRU>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Owner: <mailto:openpgp-owner@ietf.org>
List-Post: <mailto:openpgp@ietf.org>
List-Subscribe: <mailto:openpgp-join@ietf.org>
List-Unsubscribe: <mailto:openpgp-leave@ietf.org>

On 27 Jan 2025, at 16:37, Daniel Huigens <d.huigens=40protonmail.com@dmarc.ietf.org> wrote:
> 
>>>> B might want to state "I am a replacement for A". But in doing so, B forms an equivalence binding with A and legitimates the use of A's subkeys. Do we need a possibility to state "I replace this key but I don't want anyone to use it as fallback”?
> 
> I'm not sure this makes sense to me; can't/shouldn't I just revoke or expire key A in that case?

If you have the secret key material to A, yes that would be a better method. Unfortunately loss of secret key material is still a common occurrence. And publishing an escrowed (hard) revocation would invalidate both the forward replacement subpacket and any historical signatures, so a user may not wish to avail of that option.

> Also, A will only be used as a fallback to B if the sending implementation doesn't support key B. Is there any use case to being able to say something like, "existing correspondents may continue to communicate with me using key A, but new correspondents (looking up my key from a keyserver) must use key B, even if they don't support it"? That seems like a strange request to me.

It might be preferable for encryption to fail at the compose stage, instead of apparently succeeding only for decryption to fail at the receiving end?

A

v2.34.0 | Report a Bug | By Email | System Status