Re: [openpgp] Genart last call review of draft-ietf-openpgp-crypto-refresh-12
Daniel Kahn Gillmor <dkg@fifthhorseman.net> Wed, 29 November 2023 21:46 UTC
Return-Path: <dkg@fifthhorseman.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ADC2AC1522B9; Wed, 29 Nov 2023 13:46:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.314
X-Spam-Level:
X-Spam-Status: No, score=-1.314 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, RDNS_NONE=0.793, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=fifthhorseman.net header.b="231xmN0L"; dkim=pass (2048-bit key) header.d=fifthhorseman.net header.b="qL82TlnX"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 907GC-jLSq5E; Wed, 29 Nov 2023 13:45:57 -0800 (PST)
Received: from che.mayfirst.org (unknown [162.247.75.117]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2C674C1519B1; Wed, 29 Nov 2023 13:45:56 -0800 (PST)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019; t=1701294355; h=from : to : cc : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=JUDpKw4O7VzWF1WsFebd9ob1GQHPKBZXhmQCbHbn6UA=; b=231xmN0L7TdpXM1NFdiEIbiy1ZmEsvFXZPhiW+WahsIgA/lJ1/SxD5ib833aaZaB2c13W MO7B7o1hFo5KB06Aw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019rsa; t=1701294355; h=from : to : cc : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=JUDpKw4O7VzWF1WsFebd9ob1GQHPKBZXhmQCbHbn6UA=; b=qL82TlnXgRScqH1HRD9l3QqIbEvyA+49NJIdhIFWIGnOO0cQd/w/OcZbJmgSJ+wZTf6UA IBuGb0l5E0GcfYYs1V3Y+ufhKmUM0kQ6+hCWXeX0XOB/5ex6PXPp9r5AT9HgxTEVKppJeEO y9W1Tk0FCD+zbqhMcUbPUQl2GSp0pHHQhpWKpPjIQlswEOH7TtRl+mQ4CXZ6UMhtVmIWe5w KaouXr0ecyks42nyzeeWaGjC2Wiar7wNvjTYrqIJ04jp0ESwRu2hwk8kAQVm1nb1jgFw99V zGNe+ISBgg4PGoTwon5ZhwNa/7FYy88tfHMai3rHHnuu7e/sYsceAjPGVroA==
Received: from fifthhorseman.net (AMERICAN-CI.ear2.NewYork6.Level3.net [4.59.214.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1)) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id B5BC3F9E6; Wed, 29 Nov 2023 16:45:55 -0500 (EST)
Received: by fifthhorseman.net (Postfix, from userid 1000) id 3DF8E2019F; Wed, 29 Nov 2023 16:45:53 -0500 (EST)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Linda Dunbar <linda.dunbar@futurewei.com>, "gen-art@ietf.org" <gen-art@ietf.org>
Cc: "draft-ietf-openpgp-crypto-refresh.all@ietf.org" <draft-ietf-openpgp-crypto-refresh.all@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>, "openpgp@ietf.org" <openpgp@ietf.org>
In-Reply-To: <CO1PR13MB492026C069FC0B5A7D3CD12A8583A@CO1PR13MB4920.namprd13.prod.outlook.com>
References: <170128013486.27263.12173786341571585191@ietfa.amsl.com> <874jh4xsxu.fsf@fifthhorseman.net> <CO1PR13MB492026C069FC0B5A7D3CD12A8583A@CO1PR13MB4920.namprd13.prod.outlook.com>
Autocrypt: addr=dkg@fifthhorseman.net; prefer-encrypt=mutual; keydata= mDMEX+i03xYJKwYBBAHaRw8BAQdACA4xvL/xI5dHedcnkfViyq84doe8zFRid9jW7CC9XBiI0QQf FgoAgwWCX+i03wWJBZ+mAAMLCQcJEOCS6zpcoQ26RxQAAAAAAB4AIHNhbHRAbm90YXRpb25zLnNl cXVvaWEtcGdwLm9yZ/tr8E9NA10HvcAVlSxnox6z62KXCInWjZaiBIlgX6O5AxUKCAKbAQIeARYh BMKfigwB81402BaqXOCS6zpcoQ26AADZHQD/Zx9nc3N2kj13AUsKMr/7zekBtgfSIGB3hRCU74Su G44A/34Yp6IAkndewLxb1WdRSokycnaCVyrk0nb4imeAYyoPtBc8ZGtnQGZpZnRoaG9yc2VtYW4u bmV0PojRBBMWCgCDBYJf6LTfBYkFn6YAAwsJBwkQ4JLrOlyhDbpHFAAAAAAAHgAgc2FsdEBub3Rh dGlvbnMuc2VxdW9pYS1wZ3Aub3JnL0Gwxvypz2tu1IPG+yu1zPjkiZwpscsitwrVvzN3bbADFQoI ApsBAh4BFiEEwp+KDAHzXjTYFqpc4JLrOlyhDboAAPkXAP0Z29z7jW+YzLzPTQML4EQLMbkHOfU4 +s+ki81Czt0WqgD/SJ8RyrqDCtEP8+E4ZSR01ysKqh+MUAsTaJlzZjehiQ24MwRf6LTfFgkrBgEE AdpHDwEBB0DkKHOW2kmqfAK461+acQ49gc2Z6VoXMChRqobGP0ubb4kBiAQYFgoBOgWCX+i03wWJ BZ+mAAkQ4JLrOlyhDbpHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3Jnfvo+ nHoxDwaLaJD8XZuXiaqBNZtIGXIypF1udBBRoc0CmwICHgG+oAQZFgoAbwWCX+i03wkQPp1xc3He VlxHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnaheiqE7Pfi3Atb3GGTw+ jFcBGOaobgzEJrhEuFpXREEWIQQttUkcnfDcj0MoY88+nXFzcd5WXAAAvrsBAIJ5sBg8Udocv25N stN/zWOiYpnjjvOjVMLH4fV3pWE1AP9T6hzHz7hRnAA8d01vqoxOlQ3O6cb/kFYAjqx3oMXSBhYh BMKfigwB81402BaqXOCS6zpcoQ26AADX7gD/b83VObe14xrNP8xcltRrBZF5OE1rQSPkMNy+eWpk eCwA/1hxiS8ZxL5/elNjXiWuHXEvUGnRoVj745Vl48sZPVYMuDgEX+i03xIKKwYBBAGXVQEFAQEH QIGex1WZbH6xhUBve5mblScGYU+Y8QJOomXH+rr5tMsMAwEICYjJBBgWCgB7BYJf6LTfBYkFn6YA CRDgkus6XKENukcUAAAAAAAeACBzYWx0QG5vdGF0aW9ucy5zZXF1b2lhLXBncC5vcmcEAx9vTD3b J0SXkhvcRcCr6uIDJwic3KFKxkH1m4QW0QKbDAIeARYhBMKfigwB81402BaqXOCS6zpcoQ26AAAX mwD8CWmukxwskU82RZLMk5fm1wCgMB5z8dA50KLw3rgsCykBAKg1w/Y7XpBS3SlXEegIg1K1e6dR fRxL7Z37WZXoH8AH
Date: Wed, 29 Nov 2023 16:45:52 -0500
Message-ID: <87v89kw7vz.fsf@fifthhorseman.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/Uyz8neS8ly0Wwk-vAMLjxId8Eco>
Subject: Re: [openpgp] Genart last call review of draft-ietf-openpgp-crypto-refresh-12
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Nov 2023 21:46:01 -0000
On Wed 2023-11-29 20:11:31 +0000, Linda Dunbar wrote: > Thank you very much for the explanation. My puzzle is when the Sender using its Public Key to encrypt the Session Key, can anyone who have the access of the sender's Public Key decrypt the Session Key? > > Is it true that the Session Key is encrypted with a symmetric key between the Sender and the Recipient? Hm, the session key *is* a symmetric key. but when using a PKESK, it is encrypted using the *recipient's* public key (not the sender's public key), and can only be decrypted by the recipient's private key. The way that encryption is done, for public key algorithms that are based on Diffie-Hellman, is that the sender generates an ephemeral secret, and includes the ephemeral public in the PKESK, and wraps the session key using a keywrap based on a key derived from the DH shared secret, which in turn comes from the ephemeral secret key and the recipient's public key (or, from the recipient's perspective, from the recipient's secret key and the ephemeral public key). See for example the definition of X25519 PKESK: https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-algorithm-specific-fields-for- But note also that some PKESKs don't use DH at all (e.g. RSA), which is why §2.1 doesn't talk about DH explicitly. --dkg
- [openpgp] Genart last call review of draft-ietf-o… Linda Dunbar via Datatracker
- Re: [openpgp] [Last-Call] Genart last call review… Paul Wouters
- Re: [openpgp] Genart last call review of draft-ie… Daniel Kahn Gillmor
- Re: [openpgp] Genart last call review of draft-ie… Linda Dunbar
- Re: [openpgp] Genart last call review of draft-ie… Daniel Kahn Gillmor
- Re: [openpgp] Genart last call review of draft-ie… Linda Dunbar