IETF Logo Mail Archive

Re: [openpgp] Code-signing in OpenPGP [was: Re: SLH-DSA code points]

Andrew Gallagher <andrewg@andrewg.com> Wed, 27 March 2024 11:37 UTC

Return-Path: <andrewg@andrewg.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 363BBC14F5E7 for <openpgp@ietfa.amsl.com>; Wed, 27 Mar 2024 04:37:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=andrewg.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CAU53TvSIq65 for <openpgp@ietfa.amsl.com>; Wed, 27 Mar 2024 04:37:55 -0700 (PDT)
Received: from fum.andrewg.com (fum.andrewg.com [IPv6:2a01:4f9:c011:23ad::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 06C76C14F6A6 for <openpgp@ietf.org>; Wed, 27 Mar 2024 04:37:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=andrewg.com; s=andrewg-com; t=1711539471; bh=d+rBollSwGn0DvvvsZAHmhAc0GZWy70nzqvsSA0c7ds=; h=From:Subject:Date:In-Reply-To:Cc:To:References:From; b=MKMPdgHhF7jdkRItCdQxIV1tnNZTd0B2duWQ9COPvumyB00u48JudfXi9uq7XJW7y fszMI25KaAmoLSizmXrPkd2Y3JBPjiHr/toJyibi17vKgtWuvdlOdrhWqeyi9atIEc NCf6NwcewzryFhE77BzXZ7TD4oowcu5IRjUNxPka2FfjsM0jA3PMTaDAdMyBdbNTt5 FTWCP8H7AQOny6Oa9g4BmbY0toy8tOF5R/nBqac0gGrk99EHBaQYeRy/98smGF8U+f AJMwz2uPZzk14NWKx/wQbCGkvuuRMZkLDYOnSFO6sSuJ/9ZHXLT9zry6V0PRx51Nnu 1qs1SMDdH/DLA==
Received: from smtpclient.apple (serenity [IPv6:fc93:5820:7349:eda2:99a7::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by fum.andrewg.com (Postfix) with ESMTPSA id 28F585DC44; Wed, 27 Mar 2024 11:37:51 +0000 (UTC)
From: Andrew Gallagher <andrewg@andrewg.com>
Message-Id: <919A5F8C-8943-4BBA-8E6B-F08260CE19E8@andrewg.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_3D10623D-673B-4854-9F05-02A7D5FA09BF"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.700.6.1.1\))
Date: Wed, 27 Mar 2024 11:37:34 +0000
In-Reply-To: <a7dj0COE8fCSe-gDvJNBZCDdpvirmbqOa7BCFVnxldzltqHqQxQITHOo5qXSFNBMm8_LChRIhAf7uWEx6Z_j9J18i1pn5F54vxXklOf2DcA=@protonmail.com>
Cc: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, IETF OpenPGP WG <openpgp@ietf.org>
To: Daniel Huigens <d.huigens=40protonmail.com@dmarc.ietf.org>
References: <42ff8d55-88a9-4c84-99bd-688f1d29b508@mtg.de> <cmw0WtLf6I-72e-G31FTB9xrwcccedIXaLi0QxYKjN-q9HAwCryEfqHwv6tZnlc2O3STIbVEoFY7gRzENrRBS8EDd_2lKWwx33UQBPrG204=@protonmail.com> <87bk763ykr.fsf@fifthhorseman.net> <p86TXWysxVMhaMALowJJ-XayfefZDjgA7v6oFb8YX7H8bXPdC-IYo8-GBsbfQg_xlzUJdzA5UCeOGfXfJUrQ_dxyYxwPtOm9DDKtIb1aubQ=@protonmail.com> <877chokidv.fsf@fifthhorseman.net> <a7dj0COE8fCSe-gDvJNBZCDdpvirmbqOa7BCFVnxldzltqHqQxQITHOo5qXSFNBMm8_LChRIhAf7uWEx6Z_j9J18i1pn5F54vxXklOf2DcA=@protonmail.com>
X-Mailer: Apple Mail (2.3731.700.6.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/YNP9fQCgkQpGnGr3Kjw6IjrNnrI>
Subject: Re: [openpgp] Code-signing in OpenPGP [was: Re: SLH-DSA code points]
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Mar 2024 11:37:59 -0000

On 27 Mar 2024, at 11:28, Daniel Huigens <d.huigens=40protonmail.com@dmarc.ietf.org> wrote:
> 
> Note that security and longevity would be orthogonal to but potentially
> affected by the profiles - e.g. --profile=rfc4880 --security=high might
> lead to using 4096-bit RSA, and so on. Some combinations might not be
> possible, e.g. --profile=rfc4880 --longevity=high could return an error.

This is essentially an opinionated risk matrix, something along the lines of the TLS “HIGH/LOW” cipher suite categorisation. While this would be convenient for users, I wonder would it introduce extra confusion unless there was a standard reference for what each category means. It also raises a few more questions: will these categories be updated with the results of ongoing research, who updates the reference table, and how quickly will those updates be reflected in software?

A

v2.23.0 | Report a Bug | By Email