IETF Logo Mail Archive

[openpgp] Re: I-D Action: draft-ietf-openpgp-replacementkey-02.txt

Andrew Gallagher <andrewg@andrewg.com> Mon, 27 January 2025 17:10 UTC

Return-Path: <andrewg@andrewg.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 64A5EC1D4A78 for <openpgp@ietfa.amsl.com>; Mon, 27 Jan 2025 09:10:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.396
X-Spam-Level:
X-Spam-Status: No, score=0.396 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FONT_INVIS_MSGID=2.499, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=andrewg.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bkHW-cATj12N for <openpgp@ietfa.amsl.com>; Mon, 27 Jan 2025 09:10:05 -0800 (PST)
Received: from fum.andrewg.com (fum.andrewg.com [135.181.198.78]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 285C1C1654F3 for <openpgp@ietf.org>; Mon, 27 Jan 2025 09:10:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=andrewg.com; s=andrewg-com; t=1737997801; bh=IDjsLkUJefHXknFDZm19LMwW5uE13gL7sR3loVSfIqI=; h=From:Subject:Date:In-Reply-To:Cc:To:References:From; b=iMVE5/npqFhCz7ueZNSXxAgRA7+RTfOpUtGtiNp8FX0+lo91X/5/fJs0dr7rP3ZPb +Pq6FTSP1e7hc8Guf09XGMpbbJjci67IMmen0uMOydi59KRrloopHEAbKkNgRKjBR4 CGE1SZo2VUtHmVeOPKX1QCo2xSQPzm5g3kPwFDQFhDyPRzDZAy+Z1Z594UoyvaTEUh MZsk300Lv/zL6h2OtNWqqfHurMSzJKgRI+O6czRCJ4vPYSDzuJDlhNsSvUg++9BiDW 7d0Lv27SIi93T5ZbpfvRMYhQe+Edc/JnqIBDA+B87WJ663b/aV3vbaR+LOmdq+fNKf ZDA8F70OBWukw==
Received: from smtpclient.apple (serenity [IPv6:fc93:5820:7349:eda2:99a7::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by fum.andrewg.com (Postfix) with ESMTPSA id 641E15DC93; Mon, 27 Jan 2025 17:10:01 +0000 (UTC)
From: Andrew Gallagher <andrewg@andrewg.com>
Message-Id: <3C1A2A62-DF22-452C-B933-200AE07DAAFA@andrewg.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_FDFE0639-88B6-49CB-86C3-5EAD3D46EE6C"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.700.6.1.9\))
Date: Mon, 27 Jan 2025 17:09:42 +0000
In-Reply-To: <ulkJ1A_n5kJrFx8x1nTrrFWgsxaz4gdgZLwQk18UEg4bJPC5MI83kCvjGo4GSl4XU2a-bheeigDmiXM3MaAd93Qlq795wFpRwHb58y9QauI=@protonmail.com>
To: Daniel Huigens <d.huigens@protonmail.com>
References: <173264571597.581885.1047714570419252899@dt-datatracker-5679c9c6d-qbvvv> <14B07CCC-BD69-4302-9E1C-96B853942C5F@andrewg.com> <cb1627a3-1257-4177-9917-9ea7d73652b1@mtg.de> <EEED1E4F-973E-4424-88F0-5D81BD6F997F@andrewg.com> <2649917e-59f4-4f9a-a3fb-b348061a3f35@mtg.de> <2014BBED-66A4-4C75-8F53-C272028358B7@andrewg.com> <EFF27E24-69BE-41E1-B595-6818E7BD65AC@andrewg.com> <BEeS2ActRDMBc7u_4OgmX06FsbP4SQRe-bS1rRTWUUjJEay00OYlNcp7hxhHwCY3Y1dMU3XKXF346dBAVwiQrGxvJKz6iznQyNC1u9LC1Cs=@protonmail.com> <7A36921B-C6A1-44D2-9E9C-76D5104BCEC0@andrewg.com> <ulkJ1A_n5kJrFx8x1nTrrFWgsxaz4gdgZLwQk18UEg4bJPC5MI83kCvjGo4GSl4XU2a-bheeigDmiXM3MaAd93Qlq795wFpRwHb58y9QauI=@protonmail.com>
X-Mailer: Apple Mail (2.3731.700.6.1.9)
Message-ID-Hash: 4QDFN3WZNLE4NTGNFBHFEE2ZGUXZ3XYM
X-Message-ID-Hash: 4QDFN3WZNLE4NTGNFBHFEE2ZGUXZ3XYM
X-MailFrom: andrewg@andrewg.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-openpgp.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Johannes Roth <johannes.roth@mtg.de>, IETF OpenPGP WG <openpgp@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [openpgp] Re: I-D Action: draft-ietf-openpgp-replacementkey-02.txt
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/i9FYtmgFdSdmVXHYs-iaTcedTWI>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Owner: <mailto:openpgp-owner@ietf.org>
List-Post: <mailto:openpgp@ietf.org>
List-Subscribe: <mailto:openpgp-join@ietf.org>
List-Unsubscribe: <mailto:openpgp-leave@ietf.org>

On 27 Jan 2025, at 17:03, Daniel Huigens <d.huigens@protonmail.com> wrote:
> 
> On Monday, January 27th, 2025 at 17:55, Andrew Gallagher wrote:
>> If you have the secret key material to A, yes that would be a better method. Unfortunately loss of secret key material is still a common occurrence. And publishing an escrowed (hard) revocation would invalidate both the forward replacement subpacket and any historical signatures, so a user may not wish to avail of that option.
> 
> Right, OK.
> 
> But, if you lost the key material to key A, what's the use case for key B to say that it's the replacement of A? Nobody should trust that information (without any confirmation), because otherwise anyone could claim to replace anyone else's key. So, it might be best to just publish key B (without any binding to key A), get it verified and so on, and then just tell people manually to use that one (if they're still sending you emails encrypted using key A).

It would only work if B was already the (bound equivalent) replacement of A, and then the key holder subsequently lost access to A. It could be years later they misplaced the passphrase or some such. They could still say “upgrade from A to B if you can”, but without encouraging fallback.

Admittedly this is a rare scenario...

A

v2.35.0 | Report a Bug | By Email | System Status