Re: [openpgp] subkey revocation signatures -- RFC compliance?
David Shaw <dshaw@jabberwocky.com> Fri, 27 July 2012 12:53 UTC
Return-Path: <dshaw@jabberwocky.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C0F9821F865A for <openpgp@ietfa.amsl.com>; Fri, 27 Jul 2012 05:53:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MausXVQQYnxG for <openpgp@ietfa.amsl.com>; Fri, 27 Jul 2012 05:53:57 -0700 (PDT)
Received: from walrus.jabberwocky.com (walrus.jabberwocky.com [173.9.29.57]) by ietfa.amsl.com (Postfix) with ESMTP id F41A921F8667 for <openpgp@ietf.org>; Fri, 27 Jul 2012 05:53:56 -0700 (PDT)
Received: from grover.home.jabberwocky.com (grover.home.jabberwocky.com [172.24.84.28]) (authenticated bits=0) by walrus.jabberwocky.com (8.14.4/8.14.4) with ESMTP id q6RCrs0x004073 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Fri, 27 Jul 2012 08:53:55 -0400
Mime-Version: 1.0 (Apple Message framework v1278)
Content-Type: text/plain; charset="us-ascii"
From: David Shaw <dshaw@jabberwocky.com>
In-Reply-To: <87ehnxg6lj.fsf@pip.fifthhorseman.net>
Date: Fri, 27 Jul 2012 08:53:54 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <23DE1DDA-670B-4BDB-84C4-71BAF63AA928@jabberwocky.com>
References: <87ehnxg6lj.fsf@pip.fifthhorseman.net>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
X-Mailer: Apple Mail (2.1278)
Cc: IETF OpenPGP <openpgp@ietf.org>
Subject: Re: [openpgp] subkey revocation signatures -- RFC compliance?
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Jul 2012 12:53:57 -0000
On Jul 27, 2012, at 12:39 AM, Daniel Kahn Gillmor wrote: > Hi folks-- > > I think i'm seeing a discrepancy between packets generated by a popular > OpenPGP implementation (GnuPG) and RFC 4880. I'm wondering if anyone > can help clarify my understanding of the RFC. > > https://tools.ietf.org/html/rfc4880#section-5.2.4 says: > > [...] > When a signature is made over a key, the hash data starts with the > octet 0x99, followed by a two-octet length of the key, and then body > of the key packet. (Note that this is an old-style packet header for > a key packet with two-octet length.) A subkey binding signature > (type 0x18) or primary key binding signature (type 0x19) then hashes > the subkey using the same format as the main key (also using 0x99 as > the first octet). Key revocation signatures (types 0x20 and 0x28) > hash only the key being revoked. > [...] > > Note that 0x28 is a subkey revocation signature. > > The subkey revocation packet generated by GnuPG 1.4.12 appears to be > made over a digest that includes both the primary key and the subkey. > > This seems to be in contrast to the idea that it "revocation signatures > hash only the key being revoked." Interesting. Digging around a bit, it seems that this was noticed by Marc Horowitz in 2000 (see http://www.mhonarc.org/archive/html/ietf-openpgp/2000-12/msg00001.html ), but for one reason or another it wasn't resolved before publication. Nice catch! I think this would be a good errata item for the RFC. http://www.rfc-editor.org/how_to_report.html David
- [openpgp] subkey revocation signatures -- RFC com… Daniel Kahn Gillmor
- Re: [openpgp] subkey revocation signatures -- RFC… Werner Koch
- Re: [openpgp] subkey revocation signatures -- RFC… David Shaw
- Re: [openpgp] subkey revocation signatures -- RFC… Daniel Kahn Gillmor