IETF Logo Mail Archive

Re: [openpgp] To bind or not to bind

Justus Winter <justus@sequoia-pgp.org> Wed, 27 March 2024 12:22 UTC

Return-Path: <justus@sequoia-pgp.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A6E49C14F6E4 for <openpgp@ietfa.amsl.com>; Wed, 27 Mar 2024 05:22:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.108
X-Spam-Level:
X-Spam-Status: No, score=-2.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (4096-bit key) header.d=sequoia-pgp.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 49VteLJ3DJbS for <openpgp@ietfa.amsl.com>; Wed, 27 Mar 2024 05:22:52 -0700 (PDT)
Received: from harrington.uberspace.de (harrington.uberspace.de [185.26.156.85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1D4DCC14F71B for <openpgp@ietf.org>; Wed, 27 Mar 2024 05:22:51 -0700 (PDT)
Received: (qmail 7966 invoked by uid 500); 27 Mar 2024 12:22:48 -0000
Authentication-Results: harrington.uberspace.de; auth=pass (plain)
Received: from unknown (HELO unkown) (::1) by harrington.uberspace.de (Haraka/3.0.1) with ESMTPSA; Wed, 27 Mar 2024 13:22:48 +0100
From: Justus Winter <justus@sequoia-pgp.org>
To: Andrew Gallagher <andrewg@andrewg.com>
Cc: Falko Strenzke <falko.strenzke@mtg.de>, Daniel Kahn Gillmor <dkg@fifthhorseman.net>, Aron Wussler <aron@wussler.it>, openpgp@ietf.org
In-Reply-To: <8169558D-E770-495C-89BB-93F9BD42035A@andrewg.com>
References: <87a5mqi0xi.fsf@europ.lan> <23B46D65-EAF7-43D0-A5F1-04D28B698559@andrewg.com> <87sf0h32d3.fsf@fifthhorseman.net> <cd9a18d9-2d13-48d2-98e0-2ae268f68215@mtg.de> <87y1a6has4.fsf@europ.lan> <14a80b96-9860-461d-b9fe-e38e3bf651b1@mtg.de> <87v858gcmv.fsf@europ.lan> <8169558D-E770-495C-89BB-93F9BD42035A@andrewg.com>
Date: Wed, 27 Mar 2024 13:22:47 +0100
Message-ID: <87sf0bhnjc.fsf@europ.lan>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
X-Rspamd-Bar: --
X-Rspamd-Report: BAYES_HAM(-0.59883) SIGNED_PGP(-2) MIME_GOOD(-0.2) R_MISSING_CHARSET(0.5)
X-Rspamd-Score: -2.29883
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=sequoia-pgp.org; s=uberspace; h=from:to:cc:subject:date; bh=XCVqKAW+6lD5wLuZcnMoF76JANSKNEWN/tumMrSLUdY=; b=DCkHovCP2e9KwpQ11ovkVheCQL2He9tIVYjmfjg2x4m57CMVfdxcQWlgJ3p4b4fwtuVdkuruhn bpkJ6Tfj78ZyuEyWKGNPKkDEASsUu0v0u0K7F6HFFqqFJexMgHSEjrN1Bc7H53uhqDg2/Auh5GHe Umx0330uGXo7TbD3K9LbFzncifJxKQn8leVUYzawDd1uaSMUccyQHsUFBmMRbkCAwBEq+9SfMK21 aC90IP2YzY3nLZrWuGmQD71vxdDp0uyw1Sj4IyBYjyvrX6xO4/by8Xgz2w+ziriXBYgBssuNzUgl b/85KYL9Ebw8nu/Gfs/9MOnqu8r/YI9fnNj02Jia8GevCPvzuKcdh5FC/peZuozLgSH2wnQPLpDF bupkOmpwI6Vn4NzaLXwTTsI7Hsuwsb3DmO1dlpLNxepspQOkY4jVK2tlanP1PSS4VL9HRTqAZMhh 2LjnQp2R9Pa7oyrZyc3fDZp9UzTcM+Al1D0SV5rsjPwDl87XBAx9DDCVwItrwqwN9UmxmOVOR44R wTuBI9SzUIoZB5wG/z1L63G+0lcg87dJeOmd9CD9YGQtPK4Q6mnpEhRE0jsAVTZ2/WdwIrvfSzq4 kjqgBjMntc92yTco9mwdsQtPt5js53yR2sqWAbPrfPDsLZXefT5R1R1JTFVcMhY1C0dDDBXZlDnH g=
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/ZqsfYs8_0nbl6tsy0vLrcrU4YQQ>
Subject: Re: [openpgp] To bind or not to bind
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Mar 2024 12:22:56 -0000

Hi Andrew :)

Andrew Gallagher <andrewg@andrewg.com> writes:

> On 27 Mar 2024, at 11:03, Justus Winter <justus@sequoia-pgp.org> wrote:
>> 
>> I could also add a PQC encryption subkey to my *existing* v4 key.
>> In this case, I think it is not unreasonable to expect it to continue to
>> work with PGPy (or GopenPGPv2), but it does not.
>
> I think this is a valid concern, however the impact is highly
> dependent on how many deployed clients rely on these libs. If Proton
> and Thunderbird were able to migrate themselves within a reasonable
> timeframe, what would be left outstanding? Are we getting worked up
> over something that has a relatively straightforward fix?

I don't think the fix is as straight forward.  Because there are a great
number of v4 implementations out there, some of which we don't even know
exist.  How can we know how these are sufficiently robust to support
this opportunistic upgrade path?

We can not, of course, but we can make an educated guess based on the
available data.  I survey a subset of implementations, among them the
most notable ones.  And the results indicate that even among the most
notable ones (which are presumably of higher quality), we don't see the
required robustness that we'd need to do this right now.

This leads me to believe that many of the unknown implementations (which
are presumably of lower quality, not because of a lack of skill, but due
to a lower amount of (public) exposure) will also not be robust enough.

As a single data point, we know that Github uses an implementation
derived from Google's OpenPGP implementation for Go (which aiui GopenPGP
is also derived from).  Assuming the test results for GopenPGPv2 hold
for x/crypto/openpgp, adding a PQC encryption subkey to a v4 key would
break Github's signature verification.

Best,
Justus

v2.23.0 | Report a Bug | By Email