[openpgp] Re: I-D Action: draft-ietf-openpgp-replacementkey-02.txt
Daniel Huigens <d.huigens@protonmail.com> Mon, 27 January 2025 17:47 UTC
Return-Path: <d.huigens@protonmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 46B73C1D4A7C for <openpgp@ietfa.amsl.com>; Mon, 27 Jan 2025 09:47:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=protonmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p46NkMsGaMrQ for <openpgp@ietfa.amsl.com>; Mon, 27 Jan 2025 09:47:05 -0800 (PST)
Received: from mail-40133.protonmail.ch (mail-40133.protonmail.ch [185.70.40.133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E487AC1D3DE9 for <openpgp@ietf.org>; Mon, 27 Jan 2025 09:47:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1738000022; x=1738259222; bh=S5pYfyjL4Ov4uS6/QQi9bjhQHcdtKwj93rKNQoYaeCQ=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector:List-Unsubscribe:List-Unsubscribe-Post; b=kBhVA/m8SeS9GTR2ZqLXZGdkz9HsQaEFPSSkSU20wsD8uDlhds5ETATG7/KNugTn7 Ml9dHCxw1rcfineh61wqv3iuzi8sV6hc5G3RMZFqwillZZyVzRyV5RLnRHzGL1CXPL k1qxm33sZONB1D2LeCDW2z/oCwhMI6Jilov05LdFJ1WEZjBzOp6hXNVzEKOJWksmKB x4ovmvr0b5QdJvkC2WSDv+/wIpEkLvPNYRrueEU1ucJAOHvOyJ3b4Wj2gDxeNUIij9 U0Tk6MIlG+/XrUvD+rv3UTxIRgYE3g2ykz9V6opQn2PbKsX6A+wxHtbvFdyTYzvPvz WXLxSYpEo1KHQ==
Date: Mon, 27 Jan 2025 17:46:56 +0000
To: Andrew Gallagher <andrewg@andrewg.com>
From: Daniel Huigens <d.huigens@protonmail.com>
Message-ID: <zJEuKuOes96mldx9QVexJER4Xu1HgbuZZU2ujDtZPt81yV4g7GBptGs3A_hoXvxU5GwigsA-OW_2pVJ_g093EVo461FY4plg114qPFHBAYo=@protonmail.com>
In-Reply-To: <3C1A2A62-DF22-452C-B933-200AE07DAAFA@andrewg.com>
References: <173264571597.581885.1047714570419252899@dt-datatracker-5679c9c6d-qbvvv> <EEED1E4F-973E-4424-88F0-5D81BD6F997F@andrewg.com> <2649917e-59f4-4f9a-a3fb-b348061a3f35@mtg.de> <2014BBED-66A4-4C75-8F53-C272028358B7@andrewg.com> <EFF27E24-69BE-41E1-B595-6818E7BD65AC@andrewg.com> <BEeS2ActRDMBc7u_4OgmX06FsbP4SQRe-bS1rRTWUUjJEay00OYlNcp7hxhHwCY3Y1dMU3XKXF346dBAVwiQrGxvJKz6iznQyNC1u9LC1Cs=@protonmail.com> <7A36921B-C6A1-44D2-9E9C-76D5104BCEC0@andrewg.com> <ulkJ1A_n5kJrFx8x1nTrrFWgsxaz4gdgZLwQk18UEg4bJPC5MI83kCvjGo4GSl4XU2a-bheeigDmiXM3MaAd93Qlq795wFpRwHb58y9QauI=@protonmail.com> <3C1A2A62-DF22-452C-B933-200AE07DAAFA@andrewg.com>
Feedback-ID: 2934448:user:proton
X-Pm-Message-ID: fefc47a766effce6f32237284aa317429b1563cf
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="b1=_N8jG9dBAl71H0ZqepRVlkmk8eqbRurQ3UdQQDBVNE"
Message-ID-Hash: 4GNSUQ3ZMXEIFM3B5MPEN3VFI5OEWJKQ
X-Message-ID-Hash: 4GNSUQ3ZMXEIFM3B5MPEN3VFI5OEWJKQ
X-MailFrom: d.huigens@protonmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-openpgp.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Johannes Roth <johannes.roth@mtg.de>, IETF OpenPGP WG <openpgp@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [openpgp] Re: I-D Action: draft-ietf-openpgp-replacementkey-02.txt
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/TYOy5Oqi7t7EYyI-61bnPnDXHJk>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Owner: <mailto:openpgp-owner@ietf.org>
List-Post: <mailto:openpgp@ietf.org>
List-Subscribe: <mailto:openpgp-join@ietf.org>
List-Unsubscribe: <mailto:openpgp-leave@ietf.org>
On Monday, January 27th, 2025 at 18:09, Andrew Gallagher <andrewg@andrewg.com> wrote: > It would only work if B was already the (bound equivalent) replacement of A, and then the key holder subsequently lost access to A. It could be years later they misplaced the passphrase or some such. They could still say “upgrade from A to B if you can”, but without encouraging fallback. In this scenario, perhaps key A could designate key B as a [delegated revoker](https://www.ietf.org/archive/id/draft-dkg-openpgp-revocation-01.html#delegated-revoker) as well, such that key B can revoke key A once it's time for that? (And once that idea or some variant of it is implemented, of course..) Best, Daniel
- [openpgp] I-D Action: draft-ietf-openpgp-replacem… internet-drafts
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Andrew Gallagher
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Johannes Roth
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Andrew Gallagher
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Johannes Roth
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Daniel Huigens
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Andrew Gallagher
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Johannes Roth
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Andrew Gallagher
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Daniel Huigens
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Andrew Gallagher
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Daniel Huigens
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Andrew Gallagher
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Daniel Huigens
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Andrew Gallagher