IETF Logo Mail Archive

[openpgp] Re: Encryption subkey selection

Daniel Huigens <d.huigens@protonmail.com> Tue, 06 May 2025 08:15 UTC

Return-Path: <d.huigens@protonmail.com>
X-Original-To: openpgp@mail2.ietf.org
Delivered-To: openpgp@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 5206E253CF01 for <openpgp@mail2.ietf.org>; Tue, 6 May 2025 01:15:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=protonmail.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k_N5g-HjSsnv for <openpgp@mail2.ietf.org>; Tue, 6 May 2025 01:15:59 -0700 (PDT)
Received: from mail-4316.protonmail.ch (mail-4316.protonmail.ch [185.70.43.16]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id E84B8253CEFC for <openpgp@ietf.org>; Tue, 6 May 2025 01:15:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1746519357; x=1746778557; bh=/kMyuWUZzzuCnSuTBN6L+xr94axI2LmJkorqxedgzxw=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector:List-Unsubscribe:List-Unsubscribe-Post; b=dtt7O8YOap51NU35hu501zp1YYe8kl9WHeCRyTSCWF9TsoQG2oJYTwXLgFr/zJWYY 0M4Ed1cjLFBBTq2uA8sjYGTCUoOdxTrDRW44sSaI6Lo2ZpRtAEoFqU1nOzhqUMmMuy 3CNuVY2DuTC5Zbg71CjHRQitV0P6/H3LkSxCMdVVT9U6Cb0UIrPNTVe0FAdk6ewJ2Y 0iNWMFJWdePJ5RG2NmlD1WJaKTxyhbAYYOTM1r5lyLWDeNLJnNjPxKhTEcaKQtPFDM U5hXAuB1+plZioTbMZlq0h/vZXol2P6bZd8406kVGdGfDWXsnt6tuPE5rIB8S0uj1t 71lFezgi7gP1w==
Date: Tue, 06 May 2025 08:15:54 +0000
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
From: Daniel Huigens <d.huigens@protonmail.com>
Message-ID: <7A1MlNotxZz2mOzBwnGav1Ozae9RCILINWm9i08ifsvuCiqFo7-e0qLeztMckwmC-et2Na2dvjUv9i_9uyZZJ33x1j_kLEzn6rG5QegEeak=@protonmail.com>
In-Reply-To: <878qnahdhv.fsf@fifthhorseman.net>
References: <87h631mvol.fsf@thinbox> <dI4YtuyWCyCqKizRafc2sNHBFSRSuQEt-03l8CBI-bRD4SPN7701nRDLFYtu0hwve96cG3Q4kIglx6oVTIAiJbVJseQRzLrt2AoKpSLes28=@protonmail.com> <87ecxupx9w.fsf@europ.lan> <ToH9iWOoC_CgdIu1k9gaMAaNzpZ5nwHbPScoiuJr_RIQpz6Wv1Z7qY9iaKepYMwLlynVkNytyotr-FWEFRBA5saNHy7N_1dmbcMC310quFM=@protonmail.com> <878qnahdhv.fsf@fifthhorseman.net>
Feedback-ID: 2934448:user:proton
X-Pm-Message-ID: 1c94d5fcbfacf8e2e53ff0a0f07d90baf122eae5
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: NJJQGSUFBRBAM2QXZU4CRLYZZAQLDA37
X-Message-ID-Hash: NJJQGSUFBRBAM2QXZU4CRLYZZAQLDA37
X-MailFrom: d.huigens@protonmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-openpgp.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: openpgp@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [openpgp] Re: Encryption subkey selection
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/_YY0t6nm8u3tJ5eUVg7A1tKOmcM>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Owner: <mailto:openpgp-owner@ietf.org>
List-Post: <mailto:openpgp@ietf.org>
List-Subscribe: <mailto:openpgp-join@ietf.org>
List-Unsubscribe: <mailto:openpgp-leave@ietf.org>

Hi dkg,

On Tuesday, May 6th, 2025 at 00:58, Daniel Kahn Gillmor wrote:
> Are you imagining this as a flag in the Features subpacket? or some
> other way to implement the flag?

I was thinking we could define a new signature subpacket for this;
maybe "Key Usage/Selection Preferences" in case we want to reserve
the possibility to define other similar preferences in the future?

> Some algorithm IDs support multiple security levels, right? for
> example, an RSA encryption key (algo ID 1) can have a 1024-bit modulus
> or a 3072-bit modulus. Or a generic "ECDH" key (algo ID 18) can
> (depending on OID) offer brainpoolP256r1, Curve25519Legacy, or NIST
> p521. It seems not impossible to have two ECDH subkeys with different
> curves on the same certificate (possibly even created at the same time).
> What should happen in that case? Maybe we should explicitly allow the
> implementer to choose their own preference ordering between curve OIDs
> for this legacy EDCH case rather than bikeshedding over some strict
> ordering?

Yeah, I think it's fine to leave certain very specific cases undefined,
and the implementation can either do something clever or just pick the
first one, if it prefers.

> Semantically, i think when you say "valid encryption subkey" you mean
> "supported valid encryption subkey", right? that is, the sender allows
> fallback to "older" keys (or "lower" algorithm IDs) when the newest (or
> highest by algorithm ID) isn't supported.

Yeah, indeed; from the perspective of the older implementation, the newer
subkey wouldn't be valid because it doesn't understand it.

Best,
Daniel

v2.31.3 | Report a Bug | By Email | System Status