IETF Logo Mail Archive

[openpgp] Re: Splitting replacement keys subpacket into related keys and trust equivalence?

Bart Butler <bart+ietf@pm.me> Fri, 13 September 2024 11:48 UTC

Return-Path: <bart+ietf@pm.me>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A23CC151083; Fri, 13 Sep 2024 04:48:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.105
X-Spam-Level:
X-Spam-Status: No, score=-7.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=pm.me
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vW8jy1OCnajp; Fri, 13 Sep 2024 04:48:48 -0700 (PDT)
Received: from mail-40133.protonmail.ch (mail-40133.protonmail.ch [185.70.40.133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0EF8AC151095; Fri, 13 Sep 2024 04:48:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pm.me; s=protonmail3; t=1726228126; x=1726487326; bh=RkbIR/pHgH8QldhExN4i54g9bGKw7w1EFC9/066wDhk=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=LqcNB4mzz3fIe3VGVagjSloFNoLARubkow9+7jQ6NGantVNGDKslEYUOvz6cXT3/k MD3JoF4ABTRh2TjnL7UiSKVrTaPbyvKQXcCfwUfSlcofWlyT5Yeuyagk1Z0//q78Um t+60IbeUhS6T3tTDYpkEOlTQLsErexcdcMe1b3sxRjX+VzNnJOp0235qQFyIR43HvJ dWEkTgYAeDLVyVRKOPyJQ0yYFO91T4PXQwi5Qn5S6RWD5vAK815fHsY98gUv56SiTf FkZpZKjVZ4lqfFm40wvz5dnqBYmq75KcozJnA4d8KAwMKRYSUnV9iKjtTa9s+cYnW6 rqxN1faOZdEOA==
Date: Fri, 13 Sep 2024 11:48:40 +0000
To: Andrew Gallagher <andrewg=40andrewg.com@dmarc.ietf.org>
From: Bart Butler <bart+ietf@pm.me>
Message-ID: <8dasmNRbHHCaM5m_appBMcCDLKuk4fT1CMnWZMmzAK77m_C4lRKIR1dlYqBzL9zW5CdFXUfv5LPuU46w5uMEGMtnN-cCxJaeGRzks0gQYC0=@pm.me>
In-Reply-To: <5ED82E08-5973-4C4D-8726-49B24646DF2D@andrewg.com>
References: <I1AVKcpZIk0c47n7JbfpMHn0RmQv7YTkXvRC7JbH_MRPfKvd4V6jn50E0pIcaANbAZ4-khxFgIGLk5D1rDsJgPTQgvNoqbPzbj5WEd5rUc0=@protonmail.com> <5ED82E08-5973-4C4D-8726-49B24646DF2D@andrewg.com>
Feedback-ID: 5683226:user:proton
X-Pm-Message-ID: e12c2aa6a2d526a47fbf1cac7d7580955ada84ff
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="pgp-sha256"; boundary="------1f9d0107b5c5ef50f3daa03102e785f02ee4ebaf68ebaff933a160939d53251c"; charset="utf-8"
Message-ID-Hash: IBYHLZFCCZ2GTCSEOWZM4HVF2U2Z5X2D
X-Message-ID-Hash: IBYHLZFCCZ2GTCSEOWZM4HVF2U2Z5X2D
X-MailFrom: bart+ietf@pm.me
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-openpgp.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Bart Butler <bart+ietf@pm.me>, Daniel Huigens <d.huigens=40protonmail.com@dmarc.ietf.org>, Justus Winter <justus@sequoia-pgp.org>, "draft-ietf-openpgp-replacementkey@ietf.org" <draft-ietf-openpgp-replacementkey@ietf.org>, "openpgp\\@ietf.org" <openpgp@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [openpgp] Re: Splitting replacement keys subpacket into related keys and trust equivalence?
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/k2Gx___1CVmUe_CTCUO2tiYwE9A>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Owner: <mailto:openpgp-owner@ietf.org>
List-Post: <mailto:openpgp@ietf.org>
List-Subscribe: <mailto:openpgp-join@ietf.org>
List-Unsubscribe: <mailto:openpgp-leave@ietf.org>

I’m fairly agnostic on this as long as we don’t make it optional and introduce yet another degree of freedom. One other advantage of not including the fingerprint would be to force implementations to verify using the imprint. But either approach is fine.  
On Fri, Sep 13, 2024 at 11:01 AM, Andrew Gallagher &lt;andrewg=40andrewg.com@dmarc.ietf.org&gt; wrote:  On 13 Sep 2024, at 08:42, Daniel Huigens &lt;d.huigens@protonmail.com&gt; wrote:
&gt;
&gt; In the email case specifically, you _could_ take it as a signal to say,
&gt; "oh there's a replacement key, but I don't know where/which it is,
&gt; so I need to go fetch this contact's keys again (by email address)".

Sure, but I’m thinking specifically of the cases where lookup by email address isn’t efficient, e.g. if there is no WKD on the domain and there are a number of fake keys on the keyservers. If we compare with the design goal of trying to match the behaviour of subkeys as much as possible, leaving out fingerprints does complicate the lookup process in the general case.

A
_______________________________________________
openpgp mailing list -- openpgp@ietf.org
To unsubscribe send an email to openpgp-leave@ietf.org

v2.46.0 | Report a Bug | By Email | System Status