[openpgp] Re: I-D Action: draft-ietf-openpgp-replacementkey-01.txt

Andrew Gallagher <andrewg@andrewg.com> Tue, 22 October 2024 14:08 UTC

Return-Path: <andrewg@andrewg.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8104DC14CE4A for <openpgp@ietfa.amsl.com>; Tue, 22 Oct 2024 07:08:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=andrewg.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qJWvamM2Gzxx for <openpgp@ietfa.amsl.com>; Tue, 22 Oct 2024 07:08:44 -0700 (PDT)
Received: from fum.andrewg.com (fum.andrewg.com [IPv6:2a01:4f9:c011:23ad::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AA5D1C151536 for <openpgp@ietf.org>; Tue, 22 Oct 2024 07:08:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=andrewg.com; s=andrewg-com; t=1729606119; bh=6l+Ldu4WnB7mlmYKKRC2hAelKDWblKOGAvDa/Y+bK8E=; h=From:Subject:Date:References:To:In-Reply-To:From; b=vf36EmRxGfE5MXRG6hsJuUsKk4KuXC5OC4XDn6U1In41n/Yn9VJykeAQH3wVwaNL+ 22IS5J2EYuukEmALZvcvh7CqQYp3uSmH9LOtOVsn8kQlWLPh9bCecj/stj2kf/qIWK W8wrawrScdlGN+KX7LBOeOwJQx9ZWy1ikn6dz2gkrVsHJ6TX74wxU83n/VOKskzSyy GSMxSWd8m6M58WcPx/xZtUZOSH5btgG4LPzT3KgOcWEfY/RyT3QPdH3seflLeZ6FcR R+oMs9eO1CkjEilP7KH2bBIY7bfXlGLwKbEp/lLrA5xNvKgrN3A40pRfb1c4GId3y5 O18Vmag51Esqg==
Received: from smtpclient.apple (serenity [IPv6:fc93:5820:7349:eda2:99a7::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by fum.andrewg.com (Postfix) with ESMTPSA id B93EE5DE60 for <openpgp@ietf.org>; Tue, 22 Oct 2024 14:08:39 +0000 (UTC)
From: Andrew Gallagher <andrewg@andrewg.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_E10965A9-2EF0-4325-8FA9-DE2A6D260F1F"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.700.6.1.1\))
Date: Tue, 22 Oct 2024 15:08:21 +0100
References: <172954607466.2080527.11129941200377024335@dt-datatracker-78dc5ccf94-w8wgc>
To: "openpgp\\\\@ietf.org" <openpgp@ietf.org>
In-Reply-To: <172954607466.2080527.11129941200377024335@dt-datatracker-78dc5ccf94-w8wgc>
Message-Id: <B498EDD0-1FE4-405B-81AD-8E4854720B6F@andrewg.com>
X-Mailer: Apple Mail (2.3731.700.6.1.1)
Message-ID-Hash: 4PHVQL36AWXQRRFUUMHVPJSQSITA7DRB
X-Message-ID-Hash: 4PHVQL36AWXQRRFUUMHVPJSQSITA7DRB
X-MailFrom: andrewg@andrewg.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-openpgp.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [openpgp] Re: I-D Action: draft-ietf-openpgp-replacementkey-01.txt
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/lFXbqZ49PCClD924u8-BN9-BNvM>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Owner: <mailto:openpgp-owner@ietf.org>
List-Post: <mailto:openpgp@ietf.org>
List-Subscribe: <mailto:openpgp-join@ietf.org>
List-Unsubscribe: <mailto:openpgp-leave@ietf.org>

Hi, everyone.

I have updated the replacement key draft based on feedback received at (and subsequent to) the interim meeting [0]. The main changes are:

* Updated references to RFC9580
* Removed subpacket version field
* Added record-length fields (for robust parsing of unknown fingerprint versions)
* Added explicit guidance for encryption subkey selection
* Renamed to “OpenPGP Key Replacement” for brevity
* Further disambiguation of “key” in the text, using “primary key” or “certificate (TPK)” as appropriate

The most urgent open question is the target record format. Specifically, whether we want the imprint (or fingerprint) field of a target record to be optional (truncation of the record), and under what circumstances it may take place. The addition of the record-length field allows truncation to be directly detected, so we could defer a truncation policy to some later date without further wire format changes.

As I see it, there are three broad options (in order of preference) [1]:

1. Both fingerprint and imprint are required (no change)
2. Imprint is optional, either:
	a. iff it is the same as the fingerprint
	b. at the key owner’s discretion
3. Fingerprint is optional, either:
	a. iff it is the same as the imprint
	b. at the key owner’s discretion

The “opportunistic truncation” options 2a and 3a are effectively the same, just with the fields reordered on the wire. They complicate the parser in exchange for saving some bytes on the wire, but otherwise have the same functional and security properties as option 1.

If we choose option 2b, we have to accept that (1) the imprint is not necessary for key equivalence, or (2) key equivalence is not always achieved even with matching forwards and reverse subpackets.

If we choose the “aggressive truncation" option 3b, or wish to keep it open for some later date, we need to reorder the fields so that the fingerprint comes at the end of the record, and we will have to accept that fingerprint search may no longer be possible, which is a significant breaking change in the ecosystem.

Other remaining open questions are:

* Do we need further UX guidance, and if so what should be included? [2]
* Is the current guidance on encryption key selection sufficient? [3]
* Is the terminology used in the draft clear and unambiguous?

Please discuss the above on the list, and I will raise any discussion outcomes at IETF121. Unfortunately I won’t be able to be present in person as I had previously hoped.

To the chairs: please allocate a slot for discussion of this draft.

Thanks,
A

[0] https://datatracker.ietf.org/doc/minutes-interim-2024-openpgp-03-202409091100/
[1] https://gitlab.com/andrewgdotcom/openpgp-replacementkey/-/issues/15#note_2170090925
[2] https://gitlab.com/andrewgdotcom/openpgp-replacementkey/-/issues/17
[3] https://gitlab.com/andrewgdotcom/openpgp-replacementkey/-/issues/14

> On 21 Oct 2024, at 22:27, internet-drafts@ietf.org wrote:
> 
> Internet-Draft draft-ietf-openpgp-replacementkey-01.txt is now available. It
> is a work item of the Open Specification for Pretty Good Privacy (OPENPGP) WG
> of the IETF.
> 
>   Title:   OpenPGP Key Replacement
>   Authors: Daphne Shaw
>            Andrew Gallagher
>   Name:    draft-ietf-openpgp-replacementkey-01.txt
>   Pages:   13
>   Dates:   2024-10-21
> 
> Abstract:
> 
>   This document specifies a method in OpenPGP to suggest a replacement
>   for an expired, revoked, or deprecated primary key.
> 
> The IETF datatracker status page for this Internet-Draft is:
> https://datatracker.ietf.org/doc/draft-ietf-openpgp-replacementkey/
> 
> There is also an HTMLized version available at:
> https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-replacementkey-01
> 
> A diff from the previous version is available at:
> https://author-tools.ietf.org/iddiff?url2=draft-ietf-openpgp-replacementkey-01
> 
> Internet-Drafts are also available by rsync at:
> rsync.ietf.org::internet-drafts
> 
> 
> _______________________________________________
> openpgp mailing list -- openpgp@ietf.org
> To unsubscribe send an email to openpgp-leave@ietf.org