IETF Logo Mail Archive

Re: [openpgp] Multi-algo pubkey, or how to create future-proof keys

Stephen Farrell <stephen.farrell@cs.tcd.ie> Mon, 21 June 2021 21:07 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4D8083A19BC for <openpgp@ietfa.amsl.com>; Mon, 21 Jun 2021 14:07:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.437
X-Spam-Level:
X-Spam-Status: No, score=-0.437 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, MSGID_FROM_MTA_HEADER=0.001, NICE_REPLY_A=-0.338, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Nmf2b8UzfkqS for <openpgp@ietfa.amsl.com>; Mon, 21 Jun 2021 14:07:04 -0700 (PDT)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2092.outbound.protection.outlook.com [40.107.22.92]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2A2503A19BA for <openpgp@ietf.org>; Mon, 21 Jun 2021 14:07:03 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XS5Sg7wCjaiH6qdZMqtzUjbK1W/a1pGhOVPPrPIj25xVUvQW4osQe0b5R1I1iyHp4wXs46zRx7s9vvhJ8g24bkyN2aMEKOZ/2gOHLoSZYs/J7nedUz5bQQMyFDaEngcSutzzlkKHMdo9bA68kMQyOAIGl96zidXS07wzmi3oqAZNAy8GEd8cdqOq6WvSB4zeGLbwPwIP1SwvdSgLr6njbjY49eLLI8ge+N0JHeeT5iqJ9AUt9hvS5qsSmoFl6vijYJgduS3nHIpvIG92pZ6y2Qe4U7lYiaeXQu68eAnXK6jj8rgs0JPBLoxPiL1QgKlutnJu4j9kYb8G9dtjvN2Dog==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fyoE07yDGiqIHobFQCc1ZDaMDicRDHlc18i9DajRt9s=; b=QpZeAi9FB1HgNp8F4mgs3btqJNqe+eJcaQxramHX6m9BRYI8FJ3esbE2Xwk1u/FtCJapJHJazKajr704/C4bTUNAPfu7qqFo6sBKZu4ASB76RHmuDZHLHiWY1ewNGzBpvuz5QvpAYM8EIs43znGZMwoX2iovlJcBuy4Z1CRH/I3EzcrfeGgJVmNZ85qg+AGckqyA+ay680ipLBhR5wTBkV/0GpjEkMmry4z3ObOk53Txt94eJO+ojHCnTxHV1d7ix6ordFlsi8v8MRLOAp2WjQy9bn0QbH4Plq07t+DO7NUioJltWVVlm99jfxvlwW1d+MHWOBbntlmqAmkohNpZGg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cs.tcd.ie; dmarc=pass action=none header.from=cs.tcd.ie; dkim=pass header.d=cs.tcd.ie; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.tcd.ie; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fyoE07yDGiqIHobFQCc1ZDaMDicRDHlc18i9DajRt9s=; b=cxC3uIMQGGwvxkDAl+fLiZN2z8GhMTLZKM3Vb+iV4eEP0NEiAOtPoh9vl0mxjVDL2ctbhCgQ64if1TUgiKLpI41FMe0wcMavsxxHc2mGtk6cEcWNcqv2ssJOX/v8y4khBFMKXfbqoqqZiK9HN11XjXMzWl3FdtKCvTuU3bb78q85VpYS9wZxAjFR5J3jJZODFp+DwfkppeRgsRsMXRen93ft0ocWbuiwfs7XD0bFS39MmH60znIX0FkTBiGvsgfj3wvSLeODhUXrO5yapS8Q2gsIdiayTm/1k7im2mA/GgAAVLQ9uYy8bLMJfBnjQ5ZAmOo7xY5o+Vl3ejHkUEjv7g==
Authentication-Results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=cs.tcd.ie;
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15) by DB7PR02MB3979.eurprd02.prod.outlook.com (2603:10a6:10:4e::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4242.21; Mon, 21 Jun 2021 21:06:59 +0000
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::9c71:9f6:9136:f849]) by DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::9c71:9f6:9136:f849%6]) with mapi id 15.20.4242.023; Mon, 21 Jun 2021 21:06:59 +0000
To: Ángel <angel@16bits.net>, openpgp@ietf.org
References: <cbf99ad67b5de1b7c4e0051e76b3b8d73f5192ff.camel@16bits.net>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Message-ID: <5c434bc7-009d-09d6-6864-f62835802273@cs.tcd.ie>
Date: Mon, 21 Jun 2021 22:06:57 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.8.1
In-Reply-To: <cbf99ad67b5de1b7c4e0051e76b3b8d73f5192ff.camel@16bits.net>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="0ELIrc1IcXWpnIG8N4U2votdWDmOyuL2L"
X-Originating-IP: [2001:bb6:5e5e:b458:b76f:139f:30e2:a79d]
X-ClientProxiedBy: DB3PR08CA0010.eurprd08.prod.outlook.com (2603:10a6:8::23) To DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from [IPv6:2001:bb6:5e5e:b458:b76f:139f:30e2:a79d] (2001:bb6:5e5e:b458:b76f:139f:30e2:a79d) by DB3PR08CA0010.eurprd08.prod.outlook.com (2603:10a6:8::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4242.18 via Frontend Transport; Mon, 21 Jun 2021 21:06:59 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: d43da306-18d7-457b-c7b0-08d934f8825a
X-MS-TrafficTypeDiagnostic: DB7PR02MB3979:
X-MS-Exchange-SharedMailbox-RoutingAgent-Processed: True
X-Microsoft-Antispam-PRVS: <DB7PR02MB3979386578CC90517281D9DBA80A9@DB7PR02MB3979.eurprd02.prod.outlook.com>
X-TCD-Routed-via-EOP: Routed via EOP
X-TCD-ROUTED: Passed-Transport-Routing-Rules
X-MS-Oob-TLC-OOBClassifiers: OLM:4125;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: tx3AVT2RfN9TeUBxFIQDnSTYAOVvJ31HC8C65FGhzVlXpXCSD19KcQbe6VQeoYD0ZfP0qveKdCaT8tJaBdgKKMnwJtA2HBgNQsAoI8IakQafSPl9z9W1c5FOH6TZ4KbLCAs9UPM8Sj9tc5Y6BDYAv3JSXPsp7RybIlkTn1W60c0HAtZuvH0dTy/5lSJWPgtnQt3aTC0TI1sOw+MFwm7uRHBxfRvO813v/O3FcmyeD+bmNuyVAZfNtUgO3/UBxAyAsHCnXzqZXIWeFjp7m76cKaqhZmjO8ag020a5LHvoS2MDaOrhDRDrr4/29CCUlfK465FtvFK2CXsaQqf48WeUUGeOnFQP4XEfUwWM6y3wOp7xUieQs5qogANKrtSy3tt4aThAINPU4xANVaIObIDrz2cpqots2JEbfIq2TDalwsu5ajD7ErDAle+DUmKRaScAzFlywF+juNZpWprcSonR5rgs/S7uTCXvgc0ZETcpmscRFF6D4fKR+PicB4cp4z2/M1BSbQkJa0KMmQvUeppJQdlx+Zzalm8qOOCB0oPiicBoYSeTLUZcQu0JjrZnT8p2aRHjJ6lnQ/OKz6d8e7g2swNN07+XuOc/m3rqoK0BDXfrVO3CqRwQvhlLCvvwSxRQ1NTnK8GsnEjD/vuU05pKjzj7PzdvoIDm5Y+5TrONexdA7HzFLs7CKSnI6/+R/NIK
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB7PR02MB5113.eurprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(136003)(376002)(346002)(366004)(396003)(39850400004)(6486002)(83380400001)(66946007)(186003)(16526019)(8676002)(478600001)(36756003)(38100700002)(66616009)(86362001)(2616005)(33964004)(31686004)(66556008)(44832011)(66476007)(5660300002)(235185007)(31696002)(8936002)(2906002)(21480400003)(53546011)(316002)(786003)(43740500002)(45980500001); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: kp4M6tiF4XiVMkJHV/1jfMIqbjqN987lopV/wFFe+EWQJfdVEOpPu5ZpPMr/Sapv3+8ti+0FUTMKXTLskSZGN+vgxWvNPkuSUFK86FOJQQOFyn97DvcGCsAMKUD88PZTFrVA96TVwvG16DfrpZvReTG+kVRInVLmxxsKyvLOpOW+0iAFAWL3NcCxnjhDIVE2KW0gHoydanEKytYNbfJpCAn9J88oU5FNjw1Z1taGbwLW5abGPXCR8zktKecLaw83mqKwsHl50877MYFCAT00xNWj7mWEmvibV/HfHWb6zLeebw7Pdy5emcRFuYp/9xOdjJSXd2josSOABCo8Dhs0O0AniHWm/bTove+B+RA6A4bM3JDrC3FhGiMl30GBzhZ4+6rY7fl1apDwW+4kca61xVGdQcN3WMbc8TstFc21qNeobTDRBHggk2mpVrhMEu+3HpcRT0QhmMc6P/gPwt8WWDLqFgPeQpUsIfkRfl945twMYQHTWdng7fr4JdvosNbw8/NgtRvtLeagZR7f+n0TCTpUx7dAw+HX1D48pOGRZy3O9SeUOapGCXJLlYndGr3q3qR+oR3afve+BUXMZ9qV2fJBaTSKX4lLQwMisw22bp9LJBKx0xPRWRvhy4PbcqqBkcWiKzHGqC/3kaohRfVOU+9bUb2bKyr+4zHD0wRxnxRTk1QnmvJrlb0W/rvcj/p280hKiFR1BQeZgw/QnFC+d/0hX+GwGr9AsxfLZbE/x3xWqgOrkm7mSNPutW69hVWkjv1LXnmLxDpObduWKNaq8Q3MUTxKwDW45qXDH24HCu7PqMYa4gHKxbq1wJ39JaaqS+xWPng2e4EeIEHaMQPJfhrQMflwtqLplfpSAwahZ3esxTuALtjdXTDqTOtM2z32OajrcrSH/fiD1UFYPQQELTf0IwSmaf6odjeBy6HP2PHU4bwL0TPFyZb3gWBqQlQVSxhKYn5rX7MlwKfEGf10f0iI2Fd7hD5IP2GYHe2Nnihc/4ur2eZ0T5DAhmQw54deevUKXAkM5z9J6CJGKSaPsYKeGxlIRR8DAcX26tG+fJsUa2fwnDHAG+S30LWul8k4cIq0dd+SgD6AyJl2sHaftHpe7gaaQaj+43K2/uR0xcQ3t5eyupMZa2i3TQd4iKV67Y0GE3uzhcujw33iD2ME4AuqGbpN+2ADI9TqAuX3cnEZU+tnOCwz5mIssOOngpw3poTnI3IMwynTiGq0G2/PrqiU6bqA2ZQfx2PKwTmpZcD/f2wbHBgGR+IzA7Xo7ynp7laHET991ZW8qQwufsaTULkPBRluZEG5n180g6MjKKkSXv5EcaCj9gf8kI6OMY2akcmPRnMQCxlVdWReoat2MdpO5pCvfWk5SRSszsYtzsckTfBsamdkr+9JBmWvyWyr
X-OriginatorOrg: cs.tcd.ie
X-MS-Exchange-CrossTenant-Network-Message-Id: d43da306-18d7-457b-c7b0-08d934f8825a
X-MS-Exchange-CrossTenant-AuthSource: DB7PR02MB5113.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Jun 2021 21:06:59.4886 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: d595be8d-b306-45f4-8064-9e5b82fbe52b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: iQvSdZdSLFqhI6mWl8M2l9L1pv21PUOSj8Mu2pcCaXh4BIDs7yjnWZlJk8qCPeft
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR02MB3979
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/rLfd8AI99NpzkCqyiSdY38gIhpU>
Subject: Re: [openpgp] Multi-algo pubkey, or how to create future-proof keys
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Jun 2021 21:07:09 -0000

Hiya,

(This is just my personal reaction - as chair, if there were
a load of people wanting this now, I'd re-evaluate...)

On 21/06/2021 02:16, Ángel wrote:
> I would like to bring up a point I had noticed some time ago, about
> having multiple public keys combined. A few days ago, we have been
> talking about v5 keys, potential Post-Quantum algorithms, etc.

I think I agree with Werner that this is better one for
later. My particular reasons are that moving from 1 to many
keys isn't so much a crypto change as an architectural one
and that as you point out, such a change if/when it comes, is
likely to be intertwined with PQC (assuming the model of
mixing "classic" and PQ algs seeming to find favour with
e.g. TLS is also sensible for pgp).

Lastly, (and this time looking at, but not quite wearing, a
chair hat:-), I'd prefer see us progress the "easier" work
first and then attempt more ambitious things.

Cheers,
S.

v2.23.0 | Report a Bug | By Email