IETF Logo Mail Archive

Re: [openpgp] Call for adoption of draft-gallagher-openpgp-replacementkey

Andrew Gallagher <andrewg@andrewg.com> Mon, 08 April 2024 09:51 UTC

Return-Path: <andrewg@andrewg.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 70557C14F71E for <openpgp@ietfa.amsl.com>; Mon, 8 Apr 2024 02:51:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=andrewg.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9tIELxmb0-pi for <openpgp@ietfa.amsl.com>; Mon, 8 Apr 2024 02:51:53 -0700 (PDT)
Received: from fum.andrewg.com (fum.andrewg.com [IPv6:2a01:4f9:c011:23ad::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 128C8C14F5E2 for <openpgp@ietf.org>; Mon, 8 Apr 2024 02:51:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=andrewg.com; s=andrewg-com; t=1712569910; bh=POCDFlzz422KdBucMFTYQeQPpxKkaoKUv6EiB8p0Xic=; h=From:Subject:Date:In-Reply-To:Cc:To:References:From; b=LzhGerdqAn4/LKuiugwBtHiwg7ZUmRl+kEQ0Z3xVDz0aDCxQ630Gbkj3Xpat1wtQd wkKFAdrI0UbcLS8u19qFvD4OVqeJrqZsy1p4PRYrvDFi8Tv79DpzeyRBdHK4g2u3mV oZenO6T7mHNd0dC8iwOmrsSxYZpu+5NU/CD45jrmPZ+ldVq3PZWJ7owXKX6RqtOB+i CB5r4NzH8JQlZooQPnk61nEJosZHe8rbezLJo+diFkfeh4fXLJwlmjOIWfK97QWIBr UBTd7eP0D/0Vxdj4TalXs3wLiWrspMYxm7+Oct5CBrnVzqDnE/EVYl/3ti/PLD8YI2 JQs5yjKbLwHyQ==
Received: from smtpclient.apple (serenity [IPv6:fc93:5820:7349:eda2:99a7::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by fum.andrewg.com (Postfix) with ESMTPSA id B22385DE33; Mon, 8 Apr 2024 09:51:49 +0000 (UTC)
From: Andrew Gallagher <andrewg@andrewg.com>
Message-Id: <DACF1338-AF41-4BD0-82E3-1F4F2F9C1663@andrewg.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_E9D7E575-25E7-4DF3-A35C-62F67A6555B7"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.700.6.1.1\))
Date: Mon, 08 Apr 2024 10:51:32 +0100
In-Reply-To: <87a5m4qji9.fsf@kaka.sjd.se>
Cc: Andrew Gallagher <andrewg=40andrewg.com@dmarc.ietf.org>, Daniel Kahn Gillmor <dkg@fifthhorseman.net>, IETF OpenPGP WG <openpgp@ietf.org>
To: Simon Josefsson <simon=40josefsson.org@dmarc.ietf.org>
References: <87ttkdr5e0.fsf@kaka.sjd.se> <F0D472E0-0B37-416A-9587-F64FF646B0E1@andrewg.com> <87plv1r2sf.fsf@kaka.sjd.se> <874jcdi0em.fsf@fifthhorseman.net> <87edbhqdof.fsf@kaka.sjd.se> <00E3FD5F-F5DE-4B85-A34D-E3E12EFD5DB7@andrewg.com> <87a5m4qji9.fsf@kaka.sjd.se>
X-Mailer: Apple Mail (2.3731.700.6.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/grTE641_3Jk37pZBcRo_GtoMRoQ>
Subject: Re: [openpgp] Call for adoption of draft-gallagher-openpgp-replacementkey
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Apr 2024 09:51:57 -0000

On 8 Apr 2024, at 10:41, Simon Josefsson <simon=40josefsson.org@dmarc.ietf.org> wrote:
> 
> One aspect is that a machine readable form is only useful if machines
> can make useful decisions based on the data.  Is that the case?  There
> are security concerns with automated key transition mechanisms.
> Consider if someone manages to get me to sign a replacementkey binding
> to a new vulnerable RSA1024 key, how to revoke that statement?  How to
> evaluate it on the recieving side?

This is why the draft states that no extra trust should be inferred from the subpacket itself - you still have to validate the new key by the usual means (WOT, provenance etc.). Broader questions of how to improve verifications in general are beyond the scope of this draft.

A

v2.23.0 | Report a Bug | By Email