IETF Logo Mail Archive

Re: [openpgp] To bind or not to bind

Daniel Kahn Gillmor <dkg@fifthhorseman.net> Sat, 23 March 2024 04:42 UTC

Return-Path: <dkg@fifthhorseman.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0D8CBC151535 for <openpgp@ietfa.amsl.com>; Fri, 22 Mar 2024 21:42:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=fifthhorseman.net header.b="vIq35WeZ"; dkim=pass (2048-bit key) header.d=fifthhorseman.net header.b="kYe7KscK"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jBDEmwxMAjJz for <openpgp@ietfa.amsl.com>; Fri, 22 Mar 2024 21:42:37 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [IPv6:2001:470:1:116::7]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BF6D4C15152F for <openpgp@ietf.org>; Fri, 22 Mar 2024 21:42:37 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019; t=1711168954; h=from : to : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=gyCXG98PSJHG2F0y+4BKqmH7dTJF9PI+6nCnRZN6Iqs=; b=vIq35WeZvSanldUrnuxIT5hcqIVktjQO4Dzxip0EjXKFXx9lzWet4e+BmhAjK9Hq1zmnK 4eKtFC42A8/1ubRBw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019rsa; t=1711168954; h=from : to : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=gyCXG98PSJHG2F0y+4BKqmH7dTJF9PI+6nCnRZN6Iqs=; b=kYe7KscKAJc+BP2HUzWaRfGSHFvq/yNx+2gt5gRZi8XMkbKzoic6lo4JPoZAZkkDo2P59 dDBWxbOZCrbUYhIP++jHTT4xsGsBMhaLKxcZBiigqtPP+oDKWNE9zB5gmXTu9qmzrl6n5f0 tDGKg319QRQbd9Uozd2mZ95gzft/3vCCswjKl1hK2rIu1Muf6xILqKEyOou+ZkrKp1vOQs3 gTuhB/tRu+pBakENR88r3ZcLRPlKyl1BltNFmaiF6EoLYpxnAs8kDZCkE6kWf41GA2RjFSm Tcwp+eiZXwEv8ApWkcEvM08aaS4nt12Z57G04RGbjyLVCTFQlJ940llUzjHQ==
Received: from fifthhorseman.net (lair.fifthhorseman.net [108.58.6.98]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1)) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id D2816F9D8; Sat, 23 Mar 2024 00:42:33 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000) id 395C1204BC; Sat, 23 Mar 2024 00:36:58 -0400 (EDT)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Kai Engert <KaiE@kuix.de>, openpgp@ietf.org
In-Reply-To: <06d0d603-cf99-4ed3-9353-d3e20c1db0a1@kuix.de>
References: <87a5mqi0xi.fsf@europ.lan> <23B46D65-EAF7-43D0-A5F1-04D28B698559@andrewg.com> <Oc3B14xagqpcToZdfQTIYHn_AolBg0i0_DTI4wPnXkFJntVv6A8hvmCMFUK9gjaK-gtfQLGnuQaTqqJzgz71IvhHutyn8Yd4UAErTOHXmzk=@protonmail.com> <06d0d603-cf99-4ed3-9353-d3e20c1db0a1@kuix.de>
Autocrypt: addr=dkg@fifthhorseman.net; prefer-encrypt=mutual; keydata= xjMEZXEJyxYJKwYBBAHaRw8BAQdA5BpbW0bpl5qCng/RiqwhQINrplDMSS5JsO/YO+5Zi7HCi QQfFgoAMQWCZadnIAUJBdtHCwMLCQcDFQoIApsBAh4BFiEE1HcEDHDCFWpcKYVJu36RAUlea/ cACgkQu36RAUlea/edDQD+M2QjnoEyu/TjI+gRXBpXQ5jCsnnp9FdYhaSSUW/vZ8kBAJByWlj A9aMfVaVrmvgcYw7jzJz+gmZspBRB++5LZ20NzRc8ZGtnQGZpZnRoaG9yc2VtYW4ubmV0PsLA EQQTFgoAeQMLCQdHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnEu/CS CeyWwC6j4ihJr2u/z6delsF1pvYW3ufgf1L538DFQoIApsBAh4BFiEE1HcEDHDCFWpcKYVJu3 6RAUlea/cFAmWnX5AFCQXZ8EUACgkQu36RAUlea/cjVwD+ONjdHM74rAa6EEiiqaPjlptiaZx CVqFYXnib6EbZARkBAPnnR8pW8vCBnDXHKu65jNqwF3aH761NaOqqMFfppg8GzjMEZXEJyxYJ KwYBBAHaRw8BAQdAjX25Fq2Q9IUFeHy6yByIQPBnFOedFliuEiCIUzJsENDCwMUEGBYKAS1HF AAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnwqKWsw56uoWVLIFcs7ZecJ gwpsSNevWCzbviKQ8yRLUCmwK+oAQZFgoAbwWCZXEJywkQdy0WHjXNS4FHFAAAAAAAHgAgc2F sdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnEIJSOxuw2y/UJmg5M3BLpN0JYjODZpXiEVFu 1byARzMWIQR0vATEPYYIS+hnLAZ3LRYeNc1LgQAAsH8BAKg1C5LK/D7pSkXCD+jfTSP+CqM58 iHLjh4vKhpOKsTJAQCHldtEjxJ1ksPTFgG9HihHH7qc6/wvvLw77ETMpwlrAxYhBNR3BAxwwh VqXCmFSbt+kQFJXmv3BQJlp1+rBQkCF4lgAAoJELt+kQFJXmv3ydsA/2roQZ2Jm/7iUrg/2C5 ClWA/xbvPC31LyMkGGH2/rq8tAP9BgqLuCPnNTVPqeX9+9qqMmaFq7wmvjq5I+yycAw9CDc44 BGVxCcsSCisGAQQBl1UBBQEBB0BZMsRrRaaeFSYMF1ZdfRmVgBriDUIr99eDQ085BK14DgMBC AfCwAYEGBYKAG5HFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnsazAWX tEHUPmSTmcRZAIsAsNiO8k0hdjsfRlRVipgJgCmwwWIQTUdwQMcMIValwphUm7fpEBSV5r9wU CZadfqwUJAheJYAAKCRC7fpEBSV5r90AjAPwLgY1iKiFJEj32SVD5f721929l79VxQB5FlQss x1n5kQEA6Uct2tPvbB6T7p5KG3Gl+tbi7oJAuxFmpkpW5/N2Owg=
Date: Sat, 23 Mar 2024 00:36:56 -0400
Message-ID: <87v85d36on.fsf@fifthhorseman.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/d7nsRKtCon6XCuN69rwA3cnmA3w>
Subject: Re: [openpgp] To bind or not to bind
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 23 Mar 2024 04:42:42 -0000

On Fri 2024-03-22 21:57:04 +0100, Kai Engert wrote:
> If we find that it works, and if it were decided that v4-pqc keys shall 
> be supported, we could consider to enable the flag, in the hope that it 
> doesn't introduce other side effects. However, it would be preferable to 
> get an updated version of RNP that fixes the intolerance problem.

This isn't just for v4-pqc keys -- it's for any new pubkey algorithm,
PQC or otherwise.  One of the weird things about the semantics of this
flag is that it seems to mix semantics about storage with semantics
about use.

Presumably a rigorous stateful OpenPGP implementation would want to do
something like (ignoring questions about third-party certifications for
the purposes of this discussion):

 - on ingesting a certificate with self-signed material, only ingest the 
   self-signed components that actually cryptographically verify.
   
 - avoid discarding unknown-but-verified self-signed components (unless
   you run into storage constraints) -- those components might be useful
   later, after an upgrade

 - if the application layer wants to know whether the certificate is
   usable for a given purpose or not (e.g. signature verification,
   encryption), only report on the *known* components, even though the
   unknown components are stored.

 - on upgrade, a given certificate might suddenly become usable, that's
   good!

But the RNP_LOAD_SAVE_PERMISSIVE semantics are a strange combination
that doesn't really match the above reasoning that i can tell, whether
it is set or cleared.

You might want to weigh in on https://github.com/rnpgp/rnp/issues/2204
where i'm trying to raise the issue directly with RNP folks.

      --dkg

v2.23.0 | Report a Bug | By Email