IETF Logo Mail Archive

Re: [openpgp] Call for adoption of draft-gallagher-openpgp-replacementkey

Simon Josefsson <simon@josefsson.org> Fri, 19 April 2024 07:30 UTC

Return-Path: <simon@josefsson.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 08AFDC14F5F3 for <openpgp@ietfa.amsl.com>; Fri, 19 Apr 2024 00:30:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=josefsson.org header.b="y3ta9bbZ"; dkim=pass (2736-bit key) header.d=josefsson.org header.b="SxEdHDUK"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p7oW3AT64P5u for <openpgp@ietfa.amsl.com>; Fri, 19 Apr 2024 00:30:24 -0700 (PDT)
Received: from uggla.sjd.se (uggla.sjd.se [IPv6:2001:9b1:8633::107]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7D3DDC14F5E8 for <openpgp@ietf.org>; Fri, 19 Apr 2024 00:30:23 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; q=dns/txt; c=relaxed/relaxed; d=josefsson.org; s=ed2303; h=Content-Type:MIME-Version:Message-ID:In-Reply-To :Date:References:Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding :Content-ID:Content-Description; bh=8Cr2F/cWO2Zg1L0JTqAHCnNafP2x/bIYrfpavVtCzy0=; t=1713511819; x=1714721419; b=y3ta9bbZbTs3ZyvRb0GbBNHt+iR+Z9VBCk8AJsnQDt2025uFDEbP3h8GCLI4EPRj0VBog5mArpE T3OtEFuOkBA==;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=josefsson.org; s=rsa2303; h=Content-Type:MIME-Version:Message-ID: In-Reply-To:Date:References:Subject:Cc:To:From:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=8Cr2F/cWO2Zg1L0JTqAHCnNafP2x/bIYrfpavVtCzy0=; t=1713511819; x=1714721419; b=SxEdHDUKRLpAc2gf1fwHhuF8JA33FHMZ+y+nOzLx34rn5OlWOz0xrgDlcwQHNjqRC1bGEhY0sha BS4JhHgSKFuSpEhdB2A/1Olv/3W90NmmXP4TxL4HtWHKiP7YGltmJNXlPzHFaIKAzyUvYGAiStLvQ 5SqVzB9EovNZHUKYUL7rzo61wpv27z1v/g1lxzeinNqtSfJ5gmKQJsYGeFv0VfBDDfS850OEKMKzs EDsTSEFHxAOJnT+ooSDWOiZUjI7VN+vacLSvPeorkDd4GW7WHnUVbZbe0ESvOyqMWKLC8ObQW3Q+R ObvDuyjwTd+dAD1852n7bQSmBLpeIPKWIM8abgJH7AfabyHp0AKBBMTP5XLbYL5UvTxESMNFrbOKh 9ocOaPk3aQQ4R2zIcT8QTKrx7gnfuFc72geI3NVWYicAkfNWphLGCocvJw+7xp8bB1Yo65OWJ;
Received: from [2001:9b1:41ac:ff00:823f:5dff:fe09:16ac] (port=40308 helo=kaka) by uggla.sjd.se with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from <simon@josefsson.org>) id 1rxihL-00DbKQ-OD; Fri, 19 Apr 2024 07:30:15 +0000
From: Simon Josefsson <simon@josefsson.org>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Cc: openpgp@ietf.org
References: <87o7anhybr.fsf@fifthhorseman.net> <87jzkunest.fsf@fifthhorseman.net>
OpenPGP: id=B1D2BD1375BECB784CF4F8C4D73CF638C53C06BE; url=https://josefsson.org/key-20190320.txt
X-Hashcash: 1:23:240419:dkg@fifthhorseman.net::sNlr0wYaYaw5Mlq9:6e8B
X-Hashcash: 1:23:240419:openpgp@ietf.org::9qgDneWW1dUxcLO/:0G9kA
Date: Fri, 19 Apr 2024 09:30:23 +0200
In-Reply-To: <87jzkunest.fsf@fifthhorseman.net> (Daniel Kahn Gillmor's message of "Fri, 19 Apr 2024 00:42:58 -0400")
Message-ID: <87y199g67k.fsf@kaka.sjd.se>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/lYGgudkLDf6ItsJboxl6sLHvSzU>
Subject: Re: [openpgp] Call for adoption of draft-gallagher-openpgp-replacementkey
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Apr 2024 07:30:30 -0000

Daniel Kahn Gillmor <dkg@fifthhorseman.net> writes:

> My understanding is that the editors proposed some changes to address
> Simon's concerns about scope and use patterns, but haven't released a
> new draft with those changes.  Those proposed changes are here:
>
>   https://gitlab.com/andrewgdotcom/draft-gallagher-openpgp-replacementkey/-/merge_requests/2/diffs

Those changes seems nice, but my basic question still doesn't seem to
have a clear answer (at least that I've been able to understand): what
is the problem this draft is intended to solve?

Two rough outlines of problem statements:

   1) replace human written key transition documents

   2) enable automatic non-interactive upgrades to PQ keys

Are both these problems in scope?  Are other problems in scope?  Is
there some problem that we know is not in scope?

There is a bunch of different modifications I can think of for this
draft but have hesitated to suggest.  Without understanding the problem
we are trying to solve, it is hard to evaluate if a suggested
modification is a good idea or not.  The two goals 1) and 2) may lead to
conflicting requirements on the protocol.  This make me unable to feel
that I can contribute anything other than raising this question.

/Simon

v2.23.0 | Report a Bug | By Email