IETF Logo Mail Archive

Re: [openpgp] Clarifiction on v5 signatures

Werner Koch <wk@gnupg.org> Tue, 13 November 2018 15:10 UTC

Return-Path: <wk@gnupg.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1C8FB128A6E for <openpgp@ietfa.amsl.com>; Tue, 13 Nov 2018 07:10:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.001
X-Spam-Level:
X-Spam-Status: No, score=-7.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=gnupg.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HQwtH8nQTbtk for <openpgp@ietfa.amsl.com>; Tue, 13 Nov 2018 07:10:10 -0800 (PST)
Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7AA24128D09 for <openpgp@ietf.org>; Tue, 13 Nov 2018 07:10:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnupg.org; s=20181017; h=Content-Type:MIME-Version:Message-ID:In-Reply-To:Date: References:Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=itkGspcKvmACtMaHumCR84cc3DPkvmegKPiLagcPx2Q=; b=lycw+rcKOX4hpO+J2j0/QkYsJU esO1K47m+FIlHOwvdcA23NzvIxaDQbZHuwNzIr8ShzPNZ3u8uIsubx3p8SxBrEcqXIVXcXCM0ExE7 vFYWcPsHhJ29FTr7sJPVaq9MS+v1R1ywvljvokmeoKGKd+bZfXPtfJzqbHmyLy9qy66s=;
Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.89 #1 (Debian)) id 1gMaKO-0005sb-Tz for <openpgp@ietf.org>; Tue, 13 Nov 2018 16:10:08 +0100
Received: from wk by wheatstone.g10code.de with local (Exim 4.84 #3 (Debian)) id 1gMaGy-00008o-Ag; Tue, 13 Nov 2018 16:06:36 +0100
From: Werner Koch <wk@gnupg.org>
To: Paul Fawkesley <paul@fluidkeys.com>
Cc: openpgp@ietf.org
References: <877ei9szyc.fsf@wheatstone.g10code.de> <dda2d47e-b06e-cd6c-9bab-d8f30149c2ad@gmx.net> <87mur2nyt6.fsf@wheatstone.g10code.de> <f2770475-3b73-3849-33cf-91aaf52c1999@metacode.biz> <87tvlam1iz.fsf@wheatstone.g10code.de> <d9ece307-8153-24ce-2de4-07792e3c1ffb@metacode.biz> <87lg6lm2w8.fsf@wheatstone.g10code.de> <486d2345-69c1-c329-d887-f164b5dc90d4@metacode.biz> <8736ssn94c.fsf@wheatstone.g10code.de> <de0d4b33-b7ca-d17a-6abb-323112ce48ee@fluidkeys.com>
Organisation: GnuPG e.V.
X-message-flag: Mails containing HTML will not be read! Please send only plain text.
Mail-Followup-To: Paul Fawkesley <paul@fluidkeys.com>, openpgp@ietf.org
Date: Tue, 13 Nov 2018 16:06:35 +0100
In-Reply-To: <de0d4b33-b7ca-d17a-6abb-323112ce48ee@fluidkeys.com> (Paul Fawkesley's message of "Fri, 26 Oct 2018 14:42:45 +0100")
Message-ID: <87bm6tnhj8.fsf@wheatstone.g10code.de>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=Waco,_Texas_Zachawi_Ron_Brown_JUWTF_NORAD_Bosnia_fraud_clandestine=a"; micalg="pgp-sha256"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/WA2CvhwdCCfR-sNZ57BMXekKbNs>
Subject: Re: [openpgp] Clarifiction on v5 signatures
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Nov 2018 15:10:13 -0000

On Fri, 26 Oct 2018 15:42, paul@fluidkeys.com said:

> If a key has multiple valid encryption subkeys, it's advertising that
> it's OK to pick *any* of those subkeys. That's pretty arbitrary. I don't
> see why picking *all* would be any worse than picking an arbitrary one.

Because they might not be intended for encryption of mail or the keys
are offline etc.  Further if you use wildcards extra encryption subkeys
are extra annoying.

>> does but a more selective approach.  OTOH, I am not sure whether one can
>> find a threat model where such a scheme would be useful.
>
> Not sure I understand what you mean about threat model here?

A threat model which can be mitigated by having different private
subkeys on each device.  The problem is that you want to read the mails
on every device and thus the sender needs to encrypt it to all subkeys.
The compromise of a single device and its subkey will anyway compromise
all your mails encrypted to that set of subkeys.  Thus my conclusion is
copying the private key onto all device is much easier.


Shalom-Salam,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

v2.23.0 | Report a Bug | By Email