IETF Logo Mail Archive

Re: [openpgp] 1PA3PC: first-party attested third-party certifications (making Key Server Prefs no-modify actionable)

Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 29 August 2019 01:57 UTC

Return-Path: <dkg@fifthhorseman.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC06312024E for <openpgp@ietfa.amsl.com>; Wed, 28 Aug 2019 18:57:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=fifthhorseman.net header.b=HZDNX5at; dkim=pass (2048-bit key) header.d=fifthhorseman.net header.b=iFbkTpwj
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kgz1ZMwfxRaH for <openpgp@ietfa.amsl.com>; Wed, 28 Aug 2019 18:57:52 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [IPv6:2001:470:1:116::7]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 20848120013 for <openpgp@ietf.org>; Wed, 28 Aug 2019 18:57:52 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019; t=1567043871; h=from : to : cc : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=Ntvo9ICktoNeuHAA6iWDVHFK3uribh9huil5UsgzYXI=; b=HZDNX5athNIrVqhCAg4Oq0ZjLnotAIsgN8gZBcEvOZGGsbhLpreHWSkN 7cEmaO9tI6EdIIqQBX6EXyYrwz7DAA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019rsa; t=1567043871; h=from : to : cc : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=Ntvo9ICktoNeuHAA6iWDVHFK3uribh9huil5UsgzYXI=; b=iFbkTpwjv5LmN74e7gpMFyVK1hz04+XL3MoMWcMMYWJLquwQODcLriLu eDLS2Lf5YOfVkbbyf5WrWl/2/x34i17x0/bwL/DBVDpREVbLuI/PuUxrZJ I0IAEDj2iT+4X9VgiUOmnwxY1jPBbcmb3AnVWbuVydNx/eL/Nxxxvqbrz1 /cha+lfl7cdsyMNLVoKNUubBvQwHyduLfgju/6nuuULPSoW5ZuBKowN3DO Pr19r+SCmcDuTfacrQvqt7HdLvcSsps+Oo07OBNAJ6DOXGYiLxJhYRFvpy 409cIEnywlCtn6BjLZnQVdFS1gYbYhjIgee/0fTFOSg0gHUt1y9HDg==
Received: from fifthhorseman.net (unknown [IPv6:2001:470:1f07:60d:c41:39ff:fef3:974f]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id 33498F99D; Wed, 28 Aug 2019 21:57:50 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000) id 18F0F2024E; Wed, 28 Aug 2019 21:57:39 -0400 (EDT)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Werner Koch <wk@gnupg.org>
Cc: openpgp@ietf.org, Heiko Stamer <HeikoStamer@gmx.net>
In-Reply-To: <87blw94tfg.fsf@wheatstone.g10code.de>
References: <87tva1am9t.fsf@fifthhorseman.net> <87blw94tfg.fsf@wheatstone.g10code.de>
Autocrypt: addr=dkg@fifthhorseman.net; prefer-encrypt=mutual; keydata= mDMEXEK/AhYJKwYBBAHaRw8BAQdAr/gSROcn+6m8ijTN0DV9AahoHGafy52RRkhCZVwxhEe0K0Rh bmllbCBLYWhuIEdpbGxtb3IgPGRrZ0BmaWZ0aGhvcnNlbWFuLm5ldD6ImQQTFggAQQIbAQUJA8Jn AAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBMS8Lds4zOlkhevpwvIGkReQOOXGBQJcQsbzAhkB AAoJEPIGkReQOOXG4fkBAO1joRxqAZY57PjdzGieXLpluk9RkWa3ufkt3YUVEpH/AP9c+pgIxtyW +FwMQRjlqljuj8amdN4zuEqaCy4hhz/1DbgzBFxCv4sWCSsGAQQB2kcPAQEHQERSZxSPmgtdw6nN u7uxY7bzb9TnPrGAOp9kClBLRwGfiPUEGBYIACYWIQTEvC3bOMzpZIXr6cLyBpEXkDjlxgUCXEK/ iwIbAgUJAeEzgACBCRDyBpEXkDjlxnYgBBkWCAAdFiEEyQ5tNiAKG5IqFQnndhgZZSmuX/gFAlxC v4sACgkQdhgZZSmuX/iVWgD/fCU4ONzgy8w8UCHGmrmIZfDvdhg512NIBfx+Mz9ls5kA/Rq97vz4 z48MFuBdCuu0W/fVqVjnY7LN5n+CQJwGC0MIA7QA/RyY7Sz2gFIOcrns0RpoHr+3WI+won3xCD8+ sVXSHZvCAP98HCjDnw/b0lGuCR7coTXKLIM44/LFWgXAdZjm1wjODbg4BFxCv50SCisGAQQBl1UB BQEBB0BG4iXnHX/fs35NWKMWQTQoRI7oiAUt0wJHFFJbomxXbAMBCAeIfgQYFggAJhYhBMS8Lds4 zOlkhevpwvIGkReQOOXGBQJcQr+dAhsMBQkB4TOAAAoJEPIGkReQOOXGe/cBAPlek5d9xzcXUn/D kY6jKmxe26CTws3ZkbK6Aa5Ey/qKAP0VuPQSCRxA7RKfcB/XrEphfUFkraL06Xn/xGwJ+D0hCw==
Date: Wed, 28 Aug 2019 21:57:38 -0400
Message-ID: <87h860ag31.fsf@fifthhorseman.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="==-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/rjzEoSSEij7v2IjiVpa1RcXunUg>
Subject: Re: [openpgp] 1PA3PC: first-party attested third-party certifications (making Key Server Prefs no-modify actionable)
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Aug 2019 01:57:55 -0000

Hi Werner--

Thanks for the prompt feedback.  I've updated the merge request to
account for these suggestions.  I've pushed my changes to gitlab, i'd be
happy for any review, either on the merge request or here.

The overall patch is also attached below, along with some discussion.

On Wed 2019-08-28 09:53:39 +0200, Werner Koch wrote:
> Putting this into a standard-self signature is troublesome because this
> requires to update and distribute the self-signature as soon as one
> uploads to a keyserver.

I agree with you that moving it to its own, dedicated signature class
helps to keep the concepts and updates separate, and that's a win.  In
particular, it allows the keyholder to make a distinct set of
attestations without having to worry that some legacy implementation
that updates the traditional self-sigs (e.g. updating the expiration
date) will accidentally drop the attestations in the meantime.  It also
lets clients update their self-sigs and their attestations in a
different cadence.

In my revised merge request, i've added a dedicated signature class
(0x16: Attestation Key Signature) which is the only thing that holds the
Attested Certifications subpacket.

> We need to have a way do include more key signatures.  This can easily
> be done with several of such self-signatures using the same creation
> date or another mechanism to connect them. An upper limit on the number
> of such self-signatures may be suggested in the implementation nits.

I am not convinced that anyone has a meaningful need to attest to more
than two thousand third-party certifications (a 64K-octet subpacket
containing 2K 32-octet SHA256 digests), but you're right that we can use
this "matching creation timestamp" approach to extend such a mechanism
to arbitrary numbers of attestations.  I've included those semantics in
my revision.

> The requirement to sort the hashes is not really helpful because that
> requires that the implementation must check the order and decide what to
> do if they are not sorted. In practice the implementation will sort them
> anyway (in particular if several self-signatures are required).

You're right that this MUST was too strict, and that implementations
will end up sorting them anyway.  I've reduced it to a SHOULD because it
can be handy, but obviously things shouldn't break if they're not
sorted.  Thanks for catching this.

> It should also be up to the implementation on how to match them.

I'm not sure what you mean by this -- it seems very important to me that
there is a clear and unambiguous way to match an attestation to a
third-party certification.  These attestations are not merely pointers
to certifications, they are cryptographic assertions about them.

> The subpacket definition should include a version number or digest
> algorithm to be future prove.

I think that including a version number in the subpacket is premature
optimization.  If we decide to do something different in the future, we
can use a new subpacket definition, and just deprecate this one.  We
have lots of room to spare, and making something simple and fixed is
better.

If we start running out of subpacket identifiers, we can designate one
last remaining subpacket identifier to be a multiplexer into a new space
of subpacket IDs, but i don't want every existing subpacket to itself be
multiplexed internally.

> We should of course use SHA-256 and not SHA-512.

I agree with you that we want the choice of digest fixed in the
subpacket -- and all attestations in the signature should use the same
digest.  And i don't want to include any sort of explicit digest field
identifier in the subpacket, because i don't want consumers of these
things to have to reason about "is it going to be OK to have a signature
made over blake2b covering a series of MD5-based attestations".

But rather than hard-code SHA-256 (or SHA-512 or something else), I've
bound the digest used in the Attested Certifications subpacket to the
digest used in the Attestation Key Signature itself.  This means:

 * we don't have to get into any arguments about the relative strength
   of a digest in one place or another.  if you're ok with it for the
   signature, you should be ok with it as the attestation.

 * if the certficate holder is uncomfortable with the properties of any
   particular digest (or they're deploying in a highly-opinionated or
   constrained environment), they can just choose to make their
   Attestation Key Signature with a digest that meets their needs.
   Their certificate as a whole can depend on one specific digest,
   without having accidentally introduced a hard-coded dependency.

FWIW, i agree that SHA256 sense to use today, but if someone wants to
make a certificate that is entirely free of SHA256, this lets them do
it, without providing enough rope to get tangled up in.

I've made some new demonstration certificates with this new approach
(and my example does use SHA256):

The signer's certificate (the "third party"):

-----BEGIN PGP PUBLIC KEY BLOCK-----

xjMEXWcuXBYJKwYBBAHaRw8BAQdAIjn6AW4wgrQ7hI66BZkaCzL2X/bRX+yf1tm8
4OxSkULNJkNlcnRpZmljYXRlIEF1dGhvcml0eSA8Y2FAZXhhbXBsZS5jb20+woQE
ExYIACwFAl1m9hwCGwECFQgCF4ACGQECHgEWIQTBvMlvJO6/G++jDVQ953dEaeBc
DQAKCRA953dEaeBcDc8hAP9it7GkIgG1Sisa8e46SJIZRfWAcT1vzAmv8k57jY/P
HAEAizCu8jGLKp5AHWLNIU2ah9tEEEch5q4GI7tqMbu5IQU=
=rn/T
-----END PGP PUBLIC KEY BLOCK-----

The first party, along with a standard self-sig, a third-party
certification, and an Attestation Key Signature attesting to the
third-party certification:

-----BEGIN PGP PUBLIC KEY BLOCK-----

xjMEXWcuXBYJKwYBBAHaRw8BAQdAPeDThwKKsiEAR8GwQBzv94FnDhyc9+NtXoH+
4LGxhh7NHFRlc3QgVXNlciA8dGVzdEBleGFtcGxlLmNvbT7ChAQTFggALAUCXWb2
HAIbAQIVCAIXgAIZAQIeARYhBHZ7/PJBbYUZS/wOEE/bnIu8dqmjAAoJEE/bnIu8
dqmjYvcA+wbxprn1NQfP6uY19plBu/WRPnCAj6Tnte4KUThl48dMAQCuIURYGmK4
znKmav/bnDgp+bLSrfo/4tE1SK1/fudRAMJ1BBAWCAAdBQJdZvYmFiEEwbzJbyTu
vxvvow1UPed3RGngXA0ACgkQPed3RGngXA3pGAEAzyIb8BtrLb6Oi1eY/JLje/i/
lmWO46EoWe0Rh8J8gC8BAPV6/txR65Qa4DaMw26GyHk8uGTzxiRyH6q62Xpwcx8K
wpcEFhYIAD8FAl1m9jAhJTA+FEO+y68KkjvvIGaLNBfj/pHb2IeYj2/C6ecXEJgy
FiEEdnv88kFthRlL/A4QT9uci7x2qaMACgkQT9uci7x2qaOxNwD/SLpQxMKZX4ys
nmjuV2+VwpwOhlBBAZsX+eRkqDlPUicBAI9EZo/fmuzXzG3D6FrUB0rfgVdiDTy6
EB6DaIpVWGQJ
=FDhV
-----END PGP PUBLIC KEY BLOCK-----

Please let me know what you think!

       --dkg

v2.23.0 | Report a Bug | By Email