IETF Logo Mail Archive

Re: [openpgp] Clarifiction on v5 signatures

Werner Koch <wk@gnupg.org> Fri, 26 October 2018 10:15 UTC

Return-Path: <wk@gnupg.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 31491130DD0 for <openpgp@ietfa.amsl.com>; Fri, 26 Oct 2018 03:15:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.001
X-Spam-Level:
X-Spam-Status: No, score=-7.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=gnupg.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Tpaj6vMJlbbC for <openpgp@ietfa.amsl.com>; Fri, 26 Oct 2018 03:15:15 -0700 (PDT)
Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E7828130DCD for <openpgp@ietf.org>; Fri, 26 Oct 2018 03:15:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnupg.org; s=20181017; h=Content-Type:MIME-Version:Message-ID:In-Reply-To:Date: References:Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=gr9bQxVll5DvSGeIJPRkk8kXvp5hSNIbIDI3MAewa/8=; b=gs7Sg8tNyPCvbOUlUF6PotWcEA 6QqSNNbWxLhdrLoJCtSdz7DGzhQ7uLRWswyzDZAuKKcWZHV6+B86B3039FmNEJl38+EHIlowFxCpb gKLSmDHgRVQi0vTd08OThMnqKpt0lVx+Lgf2oNNQgUFQWszpIwpWoCOBGbYzFVfqwl+4=;
Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.89 #1 (Debian)) id 1gFz93-0004nZ-BF for <openpgp@ietf.org>; Fri, 26 Oct 2018 12:15:09 +0200
Received: from wk by wheatstone.g10code.de with local (Exim 4.84 #3 (Debian)) id 1gFz7g-00086w-97; Fri, 26 Oct 2018 12:13:44 +0200
From: Werner Koch <wk@gnupg.org>
To: Wiktor Kwapisiewicz <wiktor=40metacode.biz@dmarc.ietf.org>
Cc: Heiko Stamer <HeikoStamer@gmx.net>, openpgp@ietf.org
References: <877ei9szyc.fsf@wheatstone.g10code.de> <dda2d47e-b06e-cd6c-9bab-d8f30149c2ad@gmx.net> <87mur2nyt6.fsf@wheatstone.g10code.de> <f2770475-3b73-3849-33cf-91aaf52c1999@metacode.biz> <87tvlam1iz.fsf@wheatstone.g10code.de> <d9ece307-8153-24ce-2de4-07792e3c1ffb@metacode.biz>
Organisation: GnuPG e.V.
X-message-flag: Mails containing HTML will not be read! Please send only plain text.
Mail-Followup-To: Wiktor Kwapisiewicz <wiktor=40metacode.biz@dmarc.ietf.org>, Heiko Stamer <HeikoStamer@gmx.net>, openpgp@ietf.org
Date: Fri, 26 Oct 2018 12:13:43 +0200
In-Reply-To: <d9ece307-8153-24ce-2de4-07792e3c1ffb@metacode.biz> (Wiktor Kwapisiewicz's message of "Thu, 25 Oct 2018 19:01:45 +0200")
Message-ID: <87lg6lm2w8.fsf@wheatstone.g10code.de>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=illuminati_FBI_MD5_interception_Soviet_smuggle_terrorism_assassinate"; micalg="pgp-sha256"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/gqoC_B4EHndzmxmGxvquCQiims4>
Subject: Re: [openpgp] Clarifiction on v5 signatures
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Oct 2018 10:15:16 -0000

On Thu, 25 Oct 2018 19:01, wiktor=40metacode.biz@dmarc.ietf.org said:

> Oh, got it, I'll try to find the previous discussion. The second octet
> key flags (ADSK and timestamping) look really interesting but the

The ADSK (Additional Decryption Subkey) is an idea of mine on how to
ease ease encryption to several devices.  You would install the separate
private subkeys on each device and if the sender supports the ADSK it
would encrypt to these subkeys.  This is similar to what OpenKeychain
does but a more selective approach.  OTOH, I am not sure whether one can
find a threat model where such a scheme would be useful.

We also have 2 other flags (group key and split key) which are also not
well defined, so the ADSK does not hurt too much.  I have no problems to
drop that flag, though.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

v2.23.0 | Report a Bug | By Email