IETF Logo Mail Archive

Re: [openpgp] Call for adoption of draft-gallagher-openpgp-replacementkey

Daniel Kahn Gillmor <dkg@fifthhorseman.net> Sun, 07 April 2024 16:49 UTC

Return-Path: <dkg@fifthhorseman.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 961F7C14F604 for <openpgp@ietfa.amsl.com>; Sun, 7 Apr 2024 09:49:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.397
X-Spam-Level:
X-Spam-Status: No, score=-4.397 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=fifthhorseman.net header.b="s90+MAvU"; dkim=pass (2048-bit key) header.d=fifthhorseman.net header.b="MCO7b4Vw"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JdQTve6gPaQX for <openpgp@ietfa.amsl.com>; Sun, 7 Apr 2024 09:49:01 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [IPv6:2001:470:1:116::7]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5E8F7C14F602 for <openpgp@ietf.org>; Sun, 7 Apr 2024 09:49:00 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019; t=1712508537; h=from : to : cc : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=j5e/qvONt0MuVVdwnsmeX2YLfEvFlAwFhVk4QXRG7aE=; b=s90+MAvU/XuUqaMGHXW4U5QEncxE6RUHc8A4QOMHak+lrfuWsms9abl1hZGDPrTf86Pal Eaijyb6UrOVPZgIBg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019rsa; t=1712508537; h=from : to : cc : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=j5e/qvONt0MuVVdwnsmeX2YLfEvFlAwFhVk4QXRG7aE=; b=MCO7b4Vw/f0ass95CQjYfkprxGcGgZJx9qOipo76OOBQB6Wa0SQG+dmz+Rde991Nu9LEo JuljzuV3lH272bGzT6KcAgZ4R6EdCZNGdat+9KaeQe05p3zO/hqP1JqWsd1RPriEU9nFYC5 pQ9Aw2p1Zw+XKIYkph0kCWmpiukwIQviQ5dQ9Jos/F1GF4nJk+/TQUvfj5RyulDAEse84yI 8U6O/xfI+TLtnhwR8wagT5HvHdcQuqZDIRTr/M21ca5TSp1Smx2z8tkf8JAwdRZIBqo/PHm ngYaYe20yFSaaVuFRbogveDtLJh6Gg7RFVi27TLMZlSuf2MpR0bpiU343P3g==
Received: from fifthhorseman.net (lair.fifthhorseman.net [108.58.6.98]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1)) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id 1F126F9DA; Sun, 7 Apr 2024 12:48:56 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000) id 9601520592; Sun, 7 Apr 2024 12:48:50 -0400 (EDT)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Simon Josefsson <simon@josefsson.org>, Andrew Gallagher <andrewg@andrewg.com>
Cc: openpgp@ietf.org
In-Reply-To: <87plv1r2sf.fsf@kaka.sjd.se>
References: <87ttkdr5e0.fsf@kaka.sjd.se> <F0D472E0-0B37-416A-9587-F64FF646B0E1@andrewg.com> <87plv1r2sf.fsf@kaka.sjd.se>
Autocrypt: addr=dkg@fifthhorseman.net; prefer-encrypt=mutual; keydata= xjMEZXEJyxYJKwYBBAHaRw8BAQdA5BpbW0bpl5qCng/RiqwhQINrplDMSS5JsO/YO+5Zi7HCi QQfFgoAMQWCZadnIAUJBdtHCwMLCQcDFQoIApsBAh4BFiEE1HcEDHDCFWpcKYVJu36RAUlea/ cACgkQu36RAUlea/edDQD+M2QjnoEyu/TjI+gRXBpXQ5jCsnnp9FdYhaSSUW/vZ8kBAJByWlj A9aMfVaVrmvgcYw7jzJz+gmZspBRB++5LZ20NzRc8ZGtnQGZpZnRoaG9yc2VtYW4ubmV0PsLA EQQTFgoAeQMLCQdHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnEu/CS CeyWwC6j4ihJr2u/z6delsF1pvYW3ufgf1L538DFQoIApsBAh4BFiEE1HcEDHDCFWpcKYVJu3 6RAUlea/cFAmWnX5AFCQXZ8EUACgkQu36RAUlea/cjVwD+ONjdHM74rAa6EEiiqaPjlptiaZx CVqFYXnib6EbZARkBAPnnR8pW8vCBnDXHKu65jNqwF3aH761NaOqqMFfppg8GzjMEZXEJyxYJ KwYBBAHaRw8BAQdAjX25Fq2Q9IUFeHy6yByIQPBnFOedFliuEiCIUzJsENDCwMUEGBYKAS1HF AAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnwqKWsw56uoWVLIFcs7ZecJ gwpsSNevWCzbviKQ8yRLUCmwK+oAQZFgoAbwWCZXEJywkQdy0WHjXNS4FHFAAAAAAAHgAgc2F sdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnEIJSOxuw2y/UJmg5M3BLpN0JYjODZpXiEVFu 1byARzMWIQR0vATEPYYIS+hnLAZ3LRYeNc1LgQAAsH8BAKg1C5LK/D7pSkXCD+jfTSP+CqM58 iHLjh4vKhpOKsTJAQCHldtEjxJ1ksPTFgG9HihHH7qc6/wvvLw77ETMpwlrAxYhBNR3BAxwwh VqXCmFSbt+kQFJXmv3BQJlp1+rBQkCF4lgAAoJELt+kQFJXmv3ydsA/2roQZ2Jm/7iUrg/2C5 ClWA/xbvPC31LyMkGGH2/rq8tAP9BgqLuCPnNTVPqeX9+9qqMmaFq7wmvjq5I+yycAw9CDc44 BGVxCcsSCisGAQQBl1UBBQEBB0BZMsRrRaaeFSYMF1ZdfRmVgBriDUIr99eDQ085BK14DgMBC AfCwAYEGBYKAG5HFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnsazAWX tEHUPmSTmcRZAIsAsNiO8k0hdjsfRlRVipgJgCmwwWIQTUdwQMcMIValwphUm7fpEBSV5r9wU CZadfqwUJAheJYAAKCRC7fpEBSV5r90AjAPwLgY1iKiFJEj32SVD5f721929l79VxQB5FlQss x1n5kQEA6Uct2tPvbB6T7p5KG3Gl+tbi7oJAuxFmpkpW5/N2Owg=
Date: Sun, 07 Apr 2024 12:48:49 -0400
Message-ID: <874jcdi0em.fsf@fifthhorseman.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/nPUcy9S84sOugbrQwUTnRq1ILis>
Subject: Re: [openpgp] Call for adoption of draft-gallagher-openpgp-replacementkey
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 07 Apr 2024 16:49:05 -0000

On Sun 2024-04-07 10:32:32 +0200, Simon Josefsson wrote:
> If automatic processing is intended, I think readers should come away
> with some understanding of how that automatic processing is intended to
> be implemented given a key that has 0, 1, 2 and 300.000 replacementkey
> subpackets.

I agree that this draft would be significantly more useful if it
described some explicit processing steps and gave implementers guidance
about how to expect processing to happen.

Incorporating some of the motivating text from Andrew into the
introduction would also be useful.

Andrew, Daphne, do you think the draft could accomodate those kinds of
additions if the working group were to adopt it?

Simon, would you be up for proposing some of this text if the working
group were to adopt?

it doesn't need to be perfect initially, or to cover every possible use
case, but having some initial description of a common use case when
consuming these signals would i think motivate both readers and
implementers to think through how to make the thing effective.  It would
also probably help trigger some discussions about how it could
potentially be abused, and maybe the WG can build in some mitigations
once the potential abuses are clearer.

            --dkg

v2.23.0 | Report a Bug | By Email