IETF Logo Mail Archive

Re: [openpgp] Code-signing in OpenPGP [was: Re: SLH-DSA code points]

Daniel Kahn Gillmor <dkg@fifthhorseman.net> Fri, 29 March 2024 18:14 UTC

Return-Path: <dkg@fifthhorseman.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 53A17C14F60A for <openpgp@ietfa.amsl.com>; Fri, 29 Mar 2024 11:14:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.397
X-Spam-Level:
X-Spam-Status: No, score=-4.397 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=fifthhorseman.net header.b="0NvG9RFJ"; dkim=pass (2048-bit key) header.d=fifthhorseman.net header.b="0KNTITy0"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HpYZSjaw88Ch for <openpgp@ietfa.amsl.com>; Fri, 29 Mar 2024 11:14:47 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [IPv6:2001:470:1:116::7]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B899CC14F600 for <openpgp@ietf.org>; Fri, 29 Mar 2024 11:14:47 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019; t=1711736085; h=from : to : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=pp24JZ9JYc17WvXVPiRJa6S+bQG1uSQ3qDYeLQs1HaU=; b=0NvG9RFJkFXdFWD//6yL+RRD+v/0ypFHmqQbp21049hYQkDkCmMXqknt+UTol8nQnLUMF lC9fmSDT/BNWYs4Dw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019rsa; t=1711736085; h=from : to : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=pp24JZ9JYc17WvXVPiRJa6S+bQG1uSQ3qDYeLQs1HaU=; b=0KNTITy0QbbTsWtHK7rOC09ddKfPtSU7GT+7GfBSFve9IgUQYgcGOQy3+cp+sWjOCyOdu 9Yq1fhUXRnnjNEA1zTvs46P4vMzD66AXjvKrZSVm5S507LhiSaiDBeBoMNOJGkKOvqqf2s8 xIf4rcGaKYBgT7AckjwxfdBGXJ2YYvMgJzoiBDNA1DhmyhxdF0utM0Lw7outV9kBrNoavQt HVAlzXi95tzi4Z0M5NeMStqA2MPDJEC7xYipKZLfnlnNzOkdyltHTkaR8Z3mbWDe0ln0kuX e/pbCusBXNi8rw5nj17MejRs9cU0SXq50Aima8/wFdEE5tFX2ep1pDKopikw==
Received: from fifthhorseman.net (lair.fifthhorseman.net [108.58.6.98]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1)) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id 46C72F9DF for <openpgp@ietf.org>; Fri, 29 Mar 2024 14:14:45 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000) id D0F2F20884; Fri, 29 Mar 2024 14:11:49 -0400 (EDT)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: IETF OpenPGP WG <openpgp@ietf.org>
In-Reply-To: <INZIqen9r9w4wVX5IBklblkfYEuVYQn0ZkwaF9aXsU8phfaDocsnb6e12yoJg-AlJrGnY1W8OGt90VRlzvZCOxTJL5jYxTP8X3Nh6Upadik=@protonmail.com>
References: <42ff8d55-88a9-4c84-99bd-688f1d29b508@mtg.de> <cmw0WtLf6I-72e-G31FTB9xrwcccedIXaLi0QxYKjN-q9HAwCryEfqHwv6tZnlc2O3STIbVEoFY7gRzENrRBS8EDd_2lKWwx33UQBPrG204=@protonmail.com> <87bk763ykr.fsf@fifthhorseman.net> <p86TXWysxVMhaMALowJJ-XayfefZDjgA7v6oFb8YX7H8bXPdC-IYo8-GBsbfQg_xlzUJdzA5UCeOGfXfJUrQ_dxyYxwPtOm9DDKtIb1aubQ=@protonmail.com> <877chokidv.fsf@fifthhorseman.net> <a7dj0COE8fCSe-gDvJNBZCDdpvirmbqOa7BCFVnxldzltqHqQxQITHOo5qXSFNBMm8_LChRIhAf7uWEx6Z_j9J18i1pn5F54vxXklOf2DcA=@protonmail.com> <919A5F8C-8943-4BBA-8E6B-F08260CE19E8@andrewg.com> <INZIqen9r9w4wVX5IBklblkfYEuVYQn0ZkwaF9aXsU8phfaDocsnb6e12yoJg-AlJrGnY1W8OGt90VRlzvZCOxTJL5jYxTP8X3Nh6Upadik=@protonmail.com>
Autocrypt: addr=dkg@fifthhorseman.net; prefer-encrypt=mutual; keydata= xjMEZXEJyxYJKwYBBAHaRw8BAQdA5BpbW0bpl5qCng/RiqwhQINrplDMSS5JsO/YO+5Zi7HCi QQfFgoAMQWCZadnIAUJBdtHCwMLCQcDFQoIApsBAh4BFiEE1HcEDHDCFWpcKYVJu36RAUlea/ cACgkQu36RAUlea/edDQD+M2QjnoEyu/TjI+gRXBpXQ5jCsnnp9FdYhaSSUW/vZ8kBAJByWlj A9aMfVaVrmvgcYw7jzJz+gmZspBRB++5LZ20NzRc8ZGtnQGZpZnRoaG9yc2VtYW4ubmV0PsLA EQQTFgoAeQMLCQdHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnEu/CS CeyWwC6j4ihJr2u/z6delsF1pvYW3ufgf1L538DFQoIApsBAh4BFiEE1HcEDHDCFWpcKYVJu3 6RAUlea/cFAmWnX5AFCQXZ8EUACgkQu36RAUlea/cjVwD+ONjdHM74rAa6EEiiqaPjlptiaZx CVqFYXnib6EbZARkBAPnnR8pW8vCBnDXHKu65jNqwF3aH761NaOqqMFfppg8GzjMEZXEJyxYJ KwYBBAHaRw8BAQdAjX25Fq2Q9IUFeHy6yByIQPBnFOedFliuEiCIUzJsENDCwMUEGBYKAS1HF AAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnwqKWsw56uoWVLIFcs7ZecJ gwpsSNevWCzbviKQ8yRLUCmwK+oAQZFgoAbwWCZXEJywkQdy0WHjXNS4FHFAAAAAAAHgAgc2F sdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnEIJSOxuw2y/UJmg5M3BLpN0JYjODZpXiEVFu 1byARzMWIQR0vATEPYYIS+hnLAZ3LRYeNc1LgQAAsH8BAKg1C5LK/D7pSkXCD+jfTSP+CqM58 iHLjh4vKhpOKsTJAQCHldtEjxJ1ksPTFgG9HihHH7qc6/wvvLw77ETMpwlrAxYhBNR3BAxwwh VqXCmFSbt+kQFJXmv3BQJlp1+rBQkCF4lgAAoJELt+kQFJXmv3ydsA/2roQZ2Jm/7iUrg/2C5 ClWA/xbvPC31LyMkGGH2/rq8tAP9BgqLuCPnNTVPqeX9+9qqMmaFq7wmvjq5I+yycAw9CDc44 BGVxCcsSCisGAQQBl1UBBQEBB0BZMsRrRaaeFSYMF1ZdfRmVgBriDUIr99eDQ085BK14DgMBC AfCwAYEGBYKAG5HFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnsazAWX tEHUPmSTmcRZAIsAsNiO8k0hdjsfRlRVipgJgCmwwWIQTUdwQMcMIValwphUm7fpEBSV5r9wU CZadfqwUJAheJYAAKCRC7fpEBSV5r90AjAPwLgY1iKiFJEj32SVD5f721929l79VxQB5FlQss x1n5kQEA6Uct2tPvbB6T7p5KG3Gl+tbi7oJAuxFmpkpW5/N2Owg=
Date: Fri, 29 Mar 2024 14:11:48 -0400
Message-ID: <87ttkoj4bf.fsf@fifthhorseman.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/fYM78IjVUMvWRBbNpap6rkaK64A>
Subject: Re: [openpgp] Code-signing in OpenPGP [was: Re: SLH-DSA code points]
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Mar 2024 18:14:52 -0000

On Wed 2024-03-27 11:58:30 +0000, Daniel Huigens wrote:
> Or, we could provide some kind of suggestion for the tables in the SOP
> spec. But obviously we can't unilaterally force SOP implementations to
> update the set of algorithms immediately upon new research coming out,
> so even if we do that, there would still likely be some discrepancies
> between implementations eventually.

I don't think that including any sort of explicit wire format guidelines
in the SOP spec align with the level of abstraction that SOP is aiming
at.  The "Semantics vs. Wire Format" section of the SOP specification
reads:

>> The semantics of `sop` are deliberately simple and very high-level
>> compared to the vast complexity and nuance available within the OpenPGP
>> specification.  This reflects the perspective of nearly every piece of
>> tooling that relies on OpenPGP to accomplish its task: most toolchains
>> don't care about the specifics, they just want the high-level object
>> security properties.
>> 
>> Given this framing, this document generally tries to avoid
>> overconstraining the details of the wire format objects emitted, or what
>> kinds of wire format structures should be acceptable or unacceptable.
>> This allows a test suite to evaluate and contrast the wire format
>> choices made by different implementations in as close to their native
>> configuration as possible.  It also makes it easier to promote
>> interoperability by ensuring that the native wire formats emitted by one
>> implementation can be consumed by another, without relying on their
>> choices of wire format being constrained by this draft.
>> 
>> Where this draft does identify specific wire format requirements, that
>> might be due to an ambiguity in the existing specifications (which maybe
>> needs fixing elsewhere), or to a bug in this specification that could be
>> improved.


I am particularly resistant to adding any `--longevity` option to `sop
generate-key`, which i think would be a mistake.  SOP implementers
provide up to 4 profiles for `generate-key` already, with one of them
being the implementer's default, and there is room for an impementer to
describe (in a single line of text) what they think would help a user to
choose one over another.

We have a similar `--profile` option for `sop encrypt` at the moment,
which can be used by implementers to offer up to four different
preferences for encryption behavior.

If a bunch of different implementations all coalesce around the same
narrowly-chosen set of profile behaviors for key generation and
encryption, that would be an interesting outcome.  If there is broad
consensus around a particular profile, perhaps the working group would
want to write it down in a WG-owned internet draft directly.

I think what i'm taking away from this discussion is that there might be
some implementer interest in a complementary `--profile` option for `sop
sign` and `sop inline-sign`, which could allow for similarly
narrowly-scoped user control over "what flavor" of signature should be
made, in the event that there are multiple possible ways that an OpenPGP
Transferable Secret Key can make a signature.

But i wouldn't want to overdetermine the outcome about the range of
desired tradeoffs before we see some implementation choices.  The best
option for most users, and for most applications that use sop, is "do
the default thing".  I wouldn't want to encourage the application layer
to require users to hunt around amid a multidimensional array of subtle
nuance.

        --dkg

v2.23.0 | Report a Bug | By Email