Re: [openpgp] Call for adoption of draft-gallagher-openpgp-replacementkey
Daniel Huigens <d.huigens@protonmail.com> Mon, 29 April 2024 19:02 UTC
Return-Path: <d.huigens@protonmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1F578C18DB8B for <openpgp@ietfa.amsl.com>; Mon, 29 Apr 2024 12:02:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.094
X-Spam-Level:
X-Spam-Status: No, score=-7.094 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=protonmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xO2pX7NI7y2I for <openpgp@ietfa.amsl.com>; Mon, 29 Apr 2024 12:02:48 -0700 (PDT)
Received: from mail-40133.protonmail.ch (mail-40133.protonmail.ch [185.70.40.133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 79EA0C1D3D1E for <openpgp@ietf.org>; Mon, 29 Apr 2024 12:01:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1714417305; x=1714676505; bh=3RbtKtwz4imhhjciSrz2iP8K3n3SeFyyuvNg6lnF+Ro=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=GABMyEH0+9sio/ERP/GbfKoAU7GizYVbx2hDSuKg84wc6k/rj6YzZS1R1EMiy6xJZ JuBCDD/1UZU1b+6Vo29Ufe8c9sfphqqu/SHvXzfmSM5Jvcl9vwtFlfFLYGya2VomEO 7J+tBW+hmZsNPoaQQq9HCaIjEL4b0tWpdpWWzvoh+O0EVhDGl9IbdtmpkkcdulMpZr diemS4tIMqWmg8lloOQyXzyFDBxayar03L5YNjTFQ0PF0N15pDecmo44Q7pqEBZqUJ nwZ8d0e5X35ofx+2E2nTE/BHyXuvxQsfAW7NIisPABWvSR4jquUkxpXcwC0BhiyHKV ZYCYDuPW6G/7w==
Date: Mon, 29 Apr 2024 19:01:41 +0000
To: Andrew Gallagher <andrewg=40andrewg.com@dmarc.ietf.org>
From: Daniel Huigens <d.huigens@protonmail.com>
Cc: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, Simon Josefsson <simon@josefsson.org>, IETF OpenPGP WG <openpgp@ietf.org>
Message-ID: <YdQAqCSppzuMJIV23pd0CROjA3ATRR-PLn6ojVQQLi3pJqDnd6KBbLQaDpCa5z3Qlgqe80SFzjzrl5hfwk-m08oBiFM4ppPuyAi3iOOUNr4=@protonmail.com>
In-Reply-To: <64E6E654-BE59-4F7F-83ED-34E9AFA89E52@andrewg.com>
References: <87o7anhybr.fsf@fifthhorseman.net> <87jzkunest.fsf@fifthhorseman.net> <87y199g67k.fsf@kaka.sjd.se> <A0B535B4-215B-4159-9F39-0D33C24ECF2F@andrewg.com> <87frvhnhx0.fsf@fifthhorseman.net> <74AAE7BF-BD6C-4F27-9BFF-A4AA972056A4@andrewg.com> <tPdBr7QK7VoBsKag0QafjtDv9mB_jBTxHI00f_gSyM8SnUPkPukP2FqmSc-zcccXkvl13s8pDhnuNr9JkzgnY_XVNJlEEpUpqWvN1Ufw2Jg=@protonmail.com> <64E6E654-BE59-4F7F-83ED-34E9AFA89E52@andrewg.com>
Feedback-ID: 2934448:user:proton
X-Pm-Message-ID: e2b8fc7893248120646e9eda1887b87d294aa952
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/aetK5Fip7xbPgrZhxy40I764Zpo>
Subject: Re: [openpgp] Call for adoption of draft-gallagher-openpgp-replacementkey
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Apr 2024 19:02:52 -0000
On Monday, April 29th, 2024 at 19:20, Andrew Gallagher wrote: > To me at least, TOFU means (automatic) trust on first use (only), as implemented in SSH. TOFU as implemented in OpenSSH is not automatic though, you have to explicitly accept the key, and (ideally) you should manually verify the key using an external authenticated channel first. If you do that, then it makes sense to get a warning when the key later changes. But if you don't, it's rather meaningless, and you might as well accept the new key just as blindly as you accepted the first one - it's not that different from the YOLO model either way. Note also that in Signal and WhatsApp and so on, people usually ignore such warnings. That's why Key Transparency was invented, as it offers a much better UX (i.e. automatic key verification). And I'd argue we should head that direction with OpenPGP, too, rather than insisting on such warnings. > Not necessarily. Say that a particular correspondent’s emails starts to include a new key in their autocrypt header. In the absence of a replacement key subpacket on the old key, it could be considered suspicious. An MUA might use this to decide whether or not to display a “this person’s security key recently changed” notification (similar to e.g. WhatsApp). I don't really see how it's more suspicious than the original key, or why the replacement key subpacket would make it less so, in the absence of any other signals, or any text in the draft that says so. Is your position that Section 5 should be changed to say that the subpacket may transfer some amount or type of trust that the user may have in the original key (either due to having used it for a long time, or by having explicitly trusted it after presumably having verified it manually, for example)? > Sure, but certifying key B with key A will generally result in a weaker trust value for B than A, and unless key A had explicit or delegated ownertrust, the trust value allocated to B due purely to A’s certification would probably be zero. Only by recommending that B is also certified by the same upstream signatories as A do we have a decent chance of B getting a meaningful trust value. OK, but then I think we should squabble about what the meaning of such a certification should be, before we decide if we need a new mechanism for this. For example, we could say that if key A with user ID u has trust level x, and certifies key B with the same user ID u, then that should transfer the full trust level. > Say that a key has been hard revoked, and we are following the advice in https://datatracker.ietf.org/doc/html/draft-dkg-openpgp-abuse-resistant-keystore-06#section-7.4 : > > > If the primary key of a certificate is revoked via a key revocation signature (type 0x20), an abuse-resistant keystore SHOULD drop all the rest of the associated data (user IDs, user attributes, and subkeys, and all attendant certifications and subkey signatures). This defends against an adversary who compromises a primary key and tries to flood the certificate to hide the revocation. > > > In that case, key lookup by user ID will fail to return the revoked key, so we still need to update by fingerprint. Yeah, fair enough, you still need to query by fingerprint to find out the old key is revoked. But, querying by email address does give you the new key, and tells you the old key is gone, which probably already tells you that you should use the new key anyway, regardless of whether the old key is revoked or not. Especially if the new key is signed by the old key which you still have locally. (But, whether or not the old key is revoked is still relevant for signature validity, of course, so you might want to do both.) Best, Daniel
- Re: [openpgp] Call for adoption of draft-gallaghe… Simon Josefsson
- Re: [openpgp] Call for adoption of draft-gallaghe… Andrew Gallagher
- Re: [openpgp] Call for adoption of draft-gallaghe… Simon Josefsson
- [openpgp] Call for adoption of draft-gallagher-op… Daniel Kahn Gillmor
- Re: [openpgp] Call for adoption of draft-gallaghe… Stephen Farrell
- Re: [openpgp] Call for adoption of draft-gallaghe… Simon Josefsson
- Re: [openpgp] Call for adoption of draft-gallaghe… Daniel Kahn Gillmor
- Re: [openpgp] Call for adoption of draft-gallaghe… Andrew Gallagher
- Re: [openpgp] Call for adoption of draft-gallaghe… Simon Josefsson
- Re: [openpgp] Call for adoption of draft-gallaghe… Andrew Gallagher
- Re: [openpgp] Call for adoption of draft-gallaghe… Simon Josefsson
- Re: [openpgp] Call for adoption of draft-gallaghe… Andrew Gallagher
- Re: [openpgp] Call for adoption of draft-gallaghe… Heiko Schäfer
- Re: [openpgp] Call for adoption of draft-gallaghe… Daniel Kahn Gillmor
- Re: [openpgp] Call for adoption of draft-gallaghe… Falko Strenzke
- Re: [openpgp] Call for adoption of draft-gallaghe… Andrew Gallagher
- Re: [openpgp] Call for adoption of draft-gallaghe… Simon Josefsson
- Re: [openpgp] Call for adoption of draft-gallaghe… Andrew Gallagher
- Re: [openpgp] Call for adoption of draft-gallaghe… Daniel Kahn Gillmor
- Re: [openpgp] Call for adoption of draft-gallaghe… Andrew Gallagher
- Re: [openpgp] Call for adoption of draft-gallaghe… Daniel Huigens
- Re: [openpgp] Call for adoption of draft-gallaghe… Andrew Gallagher
- Re: [openpgp] Call for adoption of draft-gallaghe… Daniel Huigens
- Re: [openpgp] Call for adoption of draft-gallaghe… Andrew Gallagher
- Re: [openpgp] Call for adoption of draft-gallaghe… Daniel Huigens
- Re: [openpgp] Call for adoption of draft-gallaghe… Bart Butler
- Re: [openpgp] Call for adoption of draft-gallaghe… Andrew Gallagher
- [openpgp] Re: Call for adoption of draft-gallaghe… Daniel Huigens
- [openpgp] Re: Call for adoption of draft-gallaghe… Stephen Farrell
- [openpgp] Re: Call for adoption of draft-gallaghe… Falko Strenzke
- [openpgp] Re: Call for adoption of draft-gallaghe… Falko Strenzke
- [openpgp] Re: Call for adoption of draft-gallaghe… Andrew Gallagher
- [openpgp] Re: Call for adoption of draft-gallaghe… Simon Josefsson
- [openpgp] Re: Call for adoption of draft-gallaghe… Stephen Farrell
- [openpgp] Re: Call for adoption of draft-gallaghe… Stephen Farrell
- [openpgp] Re: Call for adoption of draft-gallaghe… Andrew Gallagher
- [openpgp] Re: Call for adoption of draft-gallaghe… Stephen Farrell
- [openpgp] Re: Call for adoption of draft-gallaghe… Falko Strenzke
- [openpgp] Re: Call for adoption of draft-gallaghe… Andrew Gallagher
- [openpgp] Re: Call for adoption of draft-gallaghe… Stephen Farrell
- [openpgp] Re: Call for adoption of draft-gallaghe… Stephen Farrell
- [openpgp] Re: Call for adoption of draft-gallaghe… Andrew Gallagher
- [openpgp] Re: Call for adoption of draft-gallaghe… Andrew Gallagher
- [openpgp] Re: Call for adoption of draft-gallaghe… Andrew Gallagher