IETF Logo Mail Archive

[openpgp] Re: I-D Action: draft-ietf-openpgp-replacementkey-02.txt

Daniel Huigens <d.huigens@protonmail.com> Mon, 27 January 2025 17:03 UTC

Return-Path: <d.huigens@protonmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 77A6BC1D52FF for <openpgp@ietfa.amsl.com>; Mon, 27 Jan 2025 09:03:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.103
X-Spam-Level:
X-Spam-Status: No, score=-2.103 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=protonmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4FthhzlYucfW for <openpgp@ietfa.amsl.com>; Mon, 27 Jan 2025 09:03:51 -0800 (PST)
Received: from mail-40131.protonmail.ch (mail-40131.protonmail.ch [185.70.40.131]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5BA3EC1D4A94 for <openpgp@ietf.org>; Mon, 27 Jan 2025 09:03:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1737997429; x=1738256629; bh=3QI8YNg/L8PAviyikCQxfzTS+8RaMf1O68Z1oEvL5p4=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector:List-Unsubscribe:List-Unsubscribe-Post; b=nftgdcaJs5/CsGBDybC8fa6z12l4AhKSCTozkPBBpJGIa/IMlZvFcvOQxuoNN0blF /wUJcmN8FCCXh//gLZjNb99ZpjdRXksXnJVTUT7Gh0P8BItcPDbqeFMTFdXji9IO8t Fk9HIIKdbd0Gyv901r/ssAAFFYLAdcC5Qo1LPHhzXcHUx6KXwDycJmkVjMxm3xkVL7 B3SdTl3rwWiUM/sXP/7yuurOdq+088PbuKjwC7VEJSGQrMzQ6U7SGzSBUJZvqwXNHM ppIJ94KZ1f1BZZ0UVpp++KpeNnObDtIpEn6uIIxCArQOJ3+u+BmSxxnPa+Ad1QQYVu IIJa6STTVFZPA==
Date: Mon, 27 Jan 2025 17:03:43 +0000
To: Andrew Gallagher <andrewg@andrewg.com>
From: Daniel Huigens <d.huigens@protonmail.com>
Message-ID: <ulkJ1A_n5kJrFx8x1nTrrFWgsxaz4gdgZLwQk18UEg4bJPC5MI83kCvjGo4GSl4XU2a-bheeigDmiXM3MaAd93Qlq795wFpRwHb58y9QauI=@protonmail.com>
In-Reply-To: <7A36921B-C6A1-44D2-9E9C-76D5104BCEC0@andrewg.com>
References: <173264571597.581885.1047714570419252899@dt-datatracker-5679c9c6d-qbvvv> <14B07CCC-BD69-4302-9E1C-96B853942C5F@andrewg.com> <cb1627a3-1257-4177-9917-9ea7d73652b1@mtg.de> <EEED1E4F-973E-4424-88F0-5D81BD6F997F@andrewg.com> <2649917e-59f4-4f9a-a3fb-b348061a3f35@mtg.de> <2014BBED-66A4-4C75-8F53-C272028358B7@andrewg.com> <EFF27E24-69BE-41E1-B595-6818E7BD65AC@andrewg.com> <BEeS2ActRDMBc7u_4OgmX06FsbP4SQRe-bS1rRTWUUjJEay00OYlNcp7hxhHwCY3Y1dMU3XKXF346dBAVwiQrGxvJKz6iznQyNC1u9LC1Cs=@protonmail.com> <7A36921B-C6A1-44D2-9E9C-76D5104BCEC0@andrewg.com>
Feedback-ID: 2934448:user:proton
X-Pm-Message-ID: 276c38fec4ebcb6ac894914cb518282ffb15d808
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="b1=_E3Mq1FwoRu7PtvJgsIOZ5qOmbuR5b5WYFLKvDnEuOE"
Message-ID-Hash: KR3FZVXSSPKFPXKUXHJGIWZ5EQHMRLXJ
X-Message-ID-Hash: KR3FZVXSSPKFPXKUXHJGIWZ5EQHMRLXJ
X-MailFrom: d.huigens@protonmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-openpgp.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Johannes Roth <johannes.roth@mtg.de>, IETF OpenPGP WG <openpgp@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [openpgp] Re: I-D Action: draft-ietf-openpgp-replacementkey-02.txt
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/jOYigIEHQSEvjfgNIr3hrWeKoIE>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Owner: <mailto:openpgp-owner@ietf.org>
List-Post: <mailto:openpgp@ietf.org>
List-Subscribe: <mailto:openpgp-join@ietf.org>
List-Unsubscribe: <mailto:openpgp-leave@ietf.org>

On Monday, January 27th, 2025 at 17:55, Andrew Gallagher wrote:

> If you have the secret key material to A, yes that would be a better method. Unfortunately loss of secret key material is still a common occurrence. And publishing an escrowed (hard) revocation would invalidate both the forward replacement subpacket and any historical signatures, so a user may not wish to avail of that option.

Right, OK.

But, if you lost the key material to key A, what's the use case for key B to say that it's the replacement of A? Nobody should trust that information(without any confirmation), because otherwise anyone could claim to replace anyone else's key. So, it might be best to just publish key B (without any binding to key A), get it verified and so on, and then just tell people manually to use that one (if they're still sending you emails encrypted using key A).

Best,
Daniel

v2.34.0 | Report a Bug | By Email | System Status