Re: [openpgp] v5 in the crypto-refresh draft

Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 24 June 2021 15:40 UTC

Return-Path: <dkg@fifthhorseman.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 54B0F3A2123 for <openpgp@ietfa.amsl.com>; Thu, 24 Jun 2021 08:40:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.306
X-Spam-Level:
X-Spam-Status: No, score=-1.306 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RDNS_NONE=0.793, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=fifthhorseman.net header.b=uz82KJpu; dkim=pass (2048-bit key) header.d=fifthhorseman.net header.b=OL/GDApV
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O-LmXs700mJ8 for <openpgp@ietfa.amsl.com>; Thu, 24 Jun 2021 08:40:37 -0700 (PDT)
Received: from che.mayfirst.org (unknown [162.247.75.117]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8D00F3A2122 for <openpgp@ietf.org>; Thu, 24 Jun 2021 08:40:37 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019; t=1624549235; h=from : to : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=k1CfFBotulJK+L9btj6+CsbQ2XhZEPnOz0ZXTSQNIO8=; b=uz82KJpuL7vEJzUVyr9ZhxyTi3qV0pdxowjjOiFKfAg7ch3twJumZCz4cOX21GDSCtU3G kRQoJ1Sh1/J3JExBg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019rsa; t=1624549235; h=from : to : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=k1CfFBotulJK+L9btj6+CsbQ2XhZEPnOz0ZXTSQNIO8=; b=OL/GDApVyy3SFKIrCURJO4/XY9ZrKEHHy1AX7RePXkH7rUsbbcIHa9qD/9qyO7DOTN9PX 4tYN7sqTrpYq9NAObPEBgou1l3fqAFp+DI73PvVSpkT+YhOiEwMK0HWz4B9l0IZCkLnUtkm Agzf29AKzy2knG27ioH4f0AD9sGmnDYNEvaCHkOiyTb3gdHZjbz7hwvuOj1EUwH33ZLHhhV PaaRGQshJOgHVKGAZTzyhCo+ILHEivZD57hImvRR9S/nfez3g4jYrNfJwn+v3jdr+OAeJg7 F0M8Jho4HhnNicyiGv8/8f5+3KZjqteIvJlsjC/Hbn2WwCmljPIfgcVuYQtw==
Received: from fifthhorseman.net (c-73-106-144-119.hsd1.ga.comcast.net [73.106.144.119]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id E0784F9A5 for <openpgp@ietf.org>; Thu, 24 Jun 2021 11:40:35 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000) id E654120362; Thu, 24 Jun 2021 11:17:00 -0400 (EDT)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: openpgp@ietf.org
In-Reply-To: <SY4PR01MB6251ADA05B055670FCFF080CEE359@SY4PR01MB6251.ausprd01.prod.outlook.com>
References: <SY4PR01MB6251ADA05B055670FCFF080CEE359@SY4PR01MB6251.ausprd01.prod.outlook.com>
Autocrypt: addr=dkg@fifthhorseman.net; prefer-encrypt=mutual; keydata= mDMEX+i03xYJKwYBBAHaRw8BAQdACA4xvL/xI5dHedcnkfViyq84doe8zFRid9jW7CC9XBiI0QQf FgoAgwWCX+i03wWJBZ+mAAMLCQcJEOCS6zpcoQ26RxQAAAAAAB4AIHNhbHRAbm90YXRpb25zLnNl cXVvaWEtcGdwLm9yZ/tr8E9NA10HvcAVlSxnox6z62KXCInWjZaiBIlgX6O5AxUKCAKbAQIeARYh BMKfigwB81402BaqXOCS6zpcoQ26AADZHQD/Zx9nc3N2kj13AUsKMr/7zekBtgfSIGB3hRCU74Su G44A/34Yp6IAkndewLxb1WdRSokycnaCVyrk0nb4imeAYyoPtBc8ZGtnQGZpZnRoaG9yc2VtYW4u bmV0PojRBBMWCgCDBYJf6LTfBYkFn6YAAwsJBwkQ4JLrOlyhDbpHFAAAAAAAHgAgc2FsdEBub3Rh dGlvbnMuc2VxdW9pYS1wZ3Aub3JnL0Gwxvypz2tu1IPG+yu1zPjkiZwpscsitwrVvzN3bbADFQoI ApsBAh4BFiEEwp+KDAHzXjTYFqpc4JLrOlyhDboAAPkXAP0Z29z7jW+YzLzPTQML4EQLMbkHOfU4 +s+ki81Czt0WqgD/SJ8RyrqDCtEP8+E4ZSR01ysKqh+MUAsTaJlzZjehiQ24MwRf6LTfFgkrBgEE AdpHDwEBB0DkKHOW2kmqfAK461+acQ49gc2Z6VoXMChRqobGP0ubb4kBiAQYFgoBOgWCX+i03wWJ BZ+mAAkQ4JLrOlyhDbpHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3Jnfvo+ nHoxDwaLaJD8XZuXiaqBNZtIGXIypF1udBBRoc0CmwICHgG+oAQZFgoAbwWCX+i03wkQPp1xc3He VlxHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnaheiqE7Pfi3Atb3GGTw+ jFcBGOaobgzEJrhEuFpXREEWIQQttUkcnfDcj0MoY88+nXFzcd5WXAAAvrsBAIJ5sBg8Udocv25N stN/zWOiYpnjjvOjVMLH4fV3pWE1AP9T6hzHz7hRnAA8d01vqoxOlQ3O6cb/kFYAjqx3oMXSBhYh BMKfigwB81402BaqXOCS6zpcoQ26AADX7gD/b83VObe14xrNP8xcltRrBZF5OE1rQSPkMNy+eWpk eCwA/1hxiS8ZxL5/elNjXiWuHXEvUGnRoVj745Vl48sZPVYMuDgEX+i03xIKKwYBBAGXVQEFAQEH QIGex1WZbH6xhUBve5mblScGYU+Y8QJOomXH+rr5tMsMAwEICYjJBBgWCgB7BYJf6LTfBYkFn6YA CRDgkus6XKENukcUAAAAAAAeACBzYWx0QG5vdGF0aW9ucy5zZXF1b2lhLXBncC5vcmcEAx9vTD3b J0SXkhvcRcCr6uIDJwic3KFKxkH1m4QW0QKbDAIeARYhBMKfigwB81402BaqXOCS6zpcoQ26AAAX mwD8CWmukxwskU82RZLMk5fm1wCgMB5z8dA50KLw3rgsCykBAKg1w/Y7XpBS3SlXEegIg1K1e6dR fRxL7Z37WZXoH8AH
Date: Thu, 24 Jun 2021 11:16:59 -0400
Message-ID: <871r8rwavo.fsf@fifthhorseman.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/dyM_jdG_eT7Nc-f8FwHMJI5Jhks>
Subject: Re: [openpgp] v5 in the crypto-refresh draft
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Jun 2021 15:40:42 -0000

On Thu 2021-06-10 05:40:34 +0000, Peter Gutmann wrote:
> Daniel Kahn Gillmor writes:
>
>>Key ID or fingerprint comparison has been recommended in the past by the
>>OpenPGP community as a reasonable way that one communications peer can
>>confirm that they have the "right key".
>
> Ah, good point, so it's a human-factors thing rather than just (say) mapping 
> a signature to the key that signed it, where even if you can create a 
> collision to point to a different key the signature check will still fail.
>
>>which i'll call the "comparison-verification" practice:
>
> Is it worth mentioning this in the text?  The current text just says "this 
> thing is the fingerprint" with an implicit use elsewhere in the doc of
> "the thing used to identify which key is being used", without mentioning its 
> second, non-protocol use, to verify someone's key.

I would welcome a proposal for brief text that describes this use for
the revision of RFC 4880, though i think a full description of
fingerprint-based verification (and other alternatives for key
confirmation) is probably beyond the scope for the crypto refresh
document.  It gets complicated, and the best practices are still pretty
unclear.

> (Is this still done?  When was the last time someone here attended a key 
> signing party?).

Yes, it is "still" done, though i'm not sure it's ever been done to the
extent that the OpenPGP community has traditionally imagined it would
be.  "key signing party" is not the only context, either.  i've got
dozens of business cards or small slips of paper which contain OpenPGP
fingerprints (either as text or as QR codes) that people have given me
at free software conferences, and i've given them out myself.

do people *actually* verify them effectively?  that's another story…

   --dkg