Re: [openpgp] Clarify status of subkeys with certification use
Leo Gaspard <ietf@leo.gaspard.ninja> Fri, 25 May 2018 21:54 UTC
Return-Path: <ietf@leo.gaspard.ninja>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E2C5C12D0C3 for <openpgp@ietfa.amsl.com>; Fri, 25 May 2018 14:54:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=leo.gaspard.ninja
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X8EIcuS02MXJ for <openpgp@ietfa.amsl.com>; Fri, 25 May 2018 14:54:28 -0700 (PDT)
Received: from smtp.gaspard.ninja (grym.ekleog.org [94.23.42.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 44AA6128959 for <openpgp@ietf.org>; Fri, 25 May 2018 14:54:27 -0700 (PDT)
Received: by smtp.gaspard.ninja (OpenSMTPD) with ESMTP id 4f09a8f0; Fri, 25 May 2018 21:54:21 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=leo.gaspard.ninja; h=subject:to:references:from:message-id:date:mime-version :in-reply-to:content-type:content-transfer-encoding; s= grym-20170528; bh=TgIeO1jbOuKVyOGGOPCY+lcDmfM=; b=Xh17jCk2z9Rgud qoCbhKSsY3+Ao1Tbnj4WQ8gSWGnUbFkKubzVJpts4ovnAi37kUKeaQwSzJz6SEkO /CfMuN2RanlL7vHCqFd+ANzWRMu/Y9ml66aX/u9Q1U/qwyr59RE+5tow6NQ1yMA0 ghY4JDHUEdoRmlr2pXrw61o+ib9V0=
Received: by smtp.gaspard.ninja (OpenSMTPD) with ESMTPSA id 891bfd02 (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128:NO); Fri, 25 May 2018 21:54:21 +0000 (UTC)
To: Kristian Fiskerstrand <kristian.fiskerstrand@sumptuouscapital.com>, openpgp@ietf.org
References: <c37c7f94-edef-7f2d-9151-787112abcbfc@sumptuouscapital.com> <8736yg2gz3.wl-neal@walfield.org> <7dcf3192-e004-c95f-7b62-cdbb31f40c0d@leo.gaspard.ninja> <df76b04b-8fc2-0ced-5415-744dc8032c4a@sumptuouscapital.com>
From: Leo Gaspard <ietf@leo.gaspard.ninja>
Message-ID: <df55ad0c-cfc8-37dd-5f63-565f2ae7e1be@leo.gaspard.ninja>
Date: Fri, 25 May 2018 23:54:21 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0
MIME-Version: 1.0
In-Reply-To: <df76b04b-8fc2-0ced-5415-744dc8032c4a@sumptuouscapital.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/lgsyap1De3yiUaXb9ph86tsVBR4>
Subject: Re: [openpgp] Clarify status of subkeys with certification use
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 May 2018 21:54:31 -0000
On 05/25/2018 05:25 PM, Kristian Fiskerstrand wrote: > On 05/25/2018 12:26 PM, Leo Gaspard wrote: >> Another use case supporting this opinion: certification subkeys are also >> a way to increase the security of an offline OpenPGP key, as with them >> it becomes possible to put the master key behind a diode while still >> being able to certify keys, and only ever move data out: >> 1. On the machine with the master key, generate a certification subkey >> 2. Move the certification subkey to another system, less trusted >> 3. Push the to-be-signed key to this other system >> 4. On this other system, certify the to-be-signed key >> 5. Rotate the certification subkey from time to time to be able to >> revoke one were it compromised > > I'm not sure I buy this argument, the WoT is expected to be long-term, > if needing to do rotation of certification subkey, it sounds like you're > making it more temporary of sorts. Wouldn't just having a separate CA > key that is fully trusted (presumably locally signed and not exportable) > accomplish much of the same for more "temporary" signatures, i.e those > not exported to view of the rest of the ecosystem / external users? Sorry if I was unclear, the idea was not to make the certification subkey temporary, but to only use it for a given period of time, and then delete it (while not revoking or expiring it). This way so long as there is no compromise of the certification subkey things stay exactly the same, but when a certification subkey is compromised (eg. because it had to parse a malformed public key to sign it, or due to an attack on the way the data was transferred or any other attack), it can simply be revoked, without compromising the master key and its UID signatures. The idea of rotation was thought to not invalidate all the previously-made signatures in case of compromise, but an alternative could be to not rotate so long as the certification subkey is not compromised, and on certification subkey compromise tighten the WoT by that much. Sorry for the wording of point 5, it was not clear at all indeed. Hopefully it's better now.
- [openpgp] Clarify status of subkeys with certific… Kristian Fiskerstrand
- Re: [openpgp] Clarify status of subkeys with cert… Daniel Kahn Gillmor
- Re: [openpgp] Clarify status of subkeys with cert… Neal H. Walfield
- Re: [openpgp] Clarify status of subkeys with cert… Leo Gaspard
- Re: [openpgp] Clarify status of subkeys with cert… Kristian Fiskerstrand
- Re: [openpgp] Clarify status of subkeys with cert… Kristian Fiskerstrand
- Re: [openpgp] Clarify status of subkeys with cert… Daniel Kahn Gillmor
- Re: [openpgp] Clarify status of subkeys with cert… Daniel Kahn Gillmor
- Re: [openpgp] Clarify status of subkeys with cert… Leo Gaspard
- Re: [openpgp] Clarify status of subkeys with cert… Leo Gaspard
- Re: [openpgp] Clarify status of subkeys with cert… Neal H. Walfield
- Re: [openpgp] Clarify status of subkeys with cert… Neal H. Walfield
- Re: [openpgp] Clarify status of subkeys with cert… Neal H. Walfield
- Re: [openpgp] Clarify status of subkeys with cert… Leo Gaspard
- Re: [openpgp] Clarify status of subkeys with cert… Neal H. Walfield
- Re: [openpgp] Clarify status of subkeys with cert… Leo Gaspard
- Re: [openpgp] Clarify status of subkeys with cert… Neal H. Walfield
- Re: [openpgp] Clarify status of subkeys with cert… Werner Koch