Re: [openpgp] Code-signing in OpenPGP [was: Re: SLH-DSA code points]
Daniel Kahn Gillmor <dkg@fifthhorseman.net> Tue, 26 March 2024 22:46 UTC
Return-Path: <dkg@fifthhorseman.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C5ABCC14CE40 for <openpgp@ietfa.amsl.com>; Tue, 26 Mar 2024 15:46:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=fifthhorseman.net header.b="BaIu1bN4"; dkim=pass (2048-bit key) header.d=fifthhorseman.net header.b="sZ0Lt/wA"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HZQBbzcnlTB2 for <openpgp@ietfa.amsl.com>; Tue, 26 Mar 2024 15:46:06 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [IPv6:2001:470:1:116::7]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 21E1BC14F5E3 for <openpgp@ietf.org>; Tue, 26 Mar 2024 15:46:05 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019; t=1711493162; h=from : to : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=jx2ljfURqBz5346RyZ+rOUYuu689gwBPsx3FW2CK07Y=; b=BaIu1bN4gki4yQETijYO7KQNpd5Xk//99s8jaLL4BgAmtHEHFNKcV92a0P0wir5i08dc/ JHZ+QiRnKoMx9EeDw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019rsa; t=1711493162; h=from : to : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=jx2ljfURqBz5346RyZ+rOUYuu689gwBPsx3FW2CK07Y=; b=sZ0Lt/wAbagIsihCEUWGeNG50OnDKcHU0X0Zf7U6vPya3lrc2NjMfAHQd3LtZDKrT611N NcVjR8Az3ins6zLHqpydGiuijcjcfrYGDPtLc2TLiAvyuoB9SlBmxzpaBtJgXfuy34oMxVJ Mpt4lobDN2A8vwCYqL5oIh/TWieYf+bITIrfLymaxH0yfKy71n1WIfkLv9189RrBZfSifgk FBYp0MRftjLEbu/6U42qgUizN4PbTHilBGCeBmnDMs8k4bUNzL1qq/ItgBqitCHIsrssSH9 L9cQL/vr4K6Oz4SEnlGkS5UmXb6zo2wybmRKbXWY8qvhvkGCjrd/ckgCe2iQ==
Received: from fifthhorseman.net (lair.fifthhorseman.net [108.58.6.98]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1)) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id B6187F9DA for <openpgp@ietf.org>; Tue, 26 Mar 2024 18:46:02 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000) id BBF9B20771; Tue, 26 Mar 2024 13:33:33 -0400 (EDT)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: openpgp@ietf.org
In-Reply-To: <p86TXWysxVMhaMALowJJ-XayfefZDjgA7v6oFb8YX7H8bXPdC-IYo8-GBsbfQg_xlzUJdzA5UCeOGfXfJUrQ_dxyYxwPtOm9DDKtIb1aubQ=@protonmail.com>
References: <42ff8d55-88a9-4c84-99bd-688f1d29b508@mtg.de> <cmw0WtLf6I-72e-G31FTB9xrwcccedIXaLi0QxYKjN-q9HAwCryEfqHwv6tZnlc2O3STIbVEoFY7gRzENrRBS8EDd_2lKWwx33UQBPrG204=@protonmail.com> <87bk763ykr.fsf@fifthhorseman.net> <p86TXWysxVMhaMALowJJ-XayfefZDjgA7v6oFb8YX7H8bXPdC-IYo8-GBsbfQg_xlzUJdzA5UCeOGfXfJUrQ_dxyYxwPtOm9DDKtIb1aubQ=@protonmail.com>
Autocrypt: addr=dkg@fifthhorseman.net; prefer-encrypt=mutual; keydata= xjMEZXEJyxYJKwYBBAHaRw8BAQdA5BpbW0bpl5qCng/RiqwhQINrplDMSS5JsO/YO+5Zi7HCi QQfFgoAMQWCZadnIAUJBdtHCwMLCQcDFQoIApsBAh4BFiEE1HcEDHDCFWpcKYVJu36RAUlea/ cACgkQu36RAUlea/edDQD+M2QjnoEyu/TjI+gRXBpXQ5jCsnnp9FdYhaSSUW/vZ8kBAJByWlj A9aMfVaVrmvgcYw7jzJz+gmZspBRB++5LZ20NzRc8ZGtnQGZpZnRoaG9yc2VtYW4ubmV0PsLA EQQTFgoAeQMLCQdHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnEu/CS CeyWwC6j4ihJr2u/z6delsF1pvYW3ufgf1L538DFQoIApsBAh4BFiEE1HcEDHDCFWpcKYVJu3 6RAUlea/cFAmWnX5AFCQXZ8EUACgkQu36RAUlea/cjVwD+ONjdHM74rAa6EEiiqaPjlptiaZx CVqFYXnib6EbZARkBAPnnR8pW8vCBnDXHKu65jNqwF3aH761NaOqqMFfppg8GzjMEZXEJyxYJ KwYBBAHaRw8BAQdAjX25Fq2Q9IUFeHy6yByIQPBnFOedFliuEiCIUzJsENDCwMUEGBYKAS1HF AAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnwqKWsw56uoWVLIFcs7ZecJ gwpsSNevWCzbviKQ8yRLUCmwK+oAQZFgoAbwWCZXEJywkQdy0WHjXNS4FHFAAAAAAAHgAgc2F sdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnEIJSOxuw2y/UJmg5M3BLpN0JYjODZpXiEVFu 1byARzMWIQR0vATEPYYIS+hnLAZ3LRYeNc1LgQAAsH8BAKg1C5LK/D7pSkXCD+jfTSP+CqM58 iHLjh4vKhpOKsTJAQCHldtEjxJ1ksPTFgG9HihHH7qc6/wvvLw77ETMpwlrAxYhBNR3BAxwwh VqXCmFSbt+kQFJXmv3BQJlp1+rBQkCF4lgAAoJELt+kQFJXmv3ydsA/2roQZ2Jm/7iUrg/2C5 ClWA/xbvPC31LyMkGGH2/rq8tAP9BgqLuCPnNTVPqeX9+9qqMmaFq7wmvjq5I+yycAw9CDc44 BGVxCcsSCisGAQQBl1UBBQEBB0BZMsRrRaaeFSYMF1ZdfRmVgBriDUIr99eDQ085BK14DgMBC AfCwAYEGBYKAG5HFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnsazAWX tEHUPmSTmcRZAIsAsNiO8k0hdjsfRlRVipgJgCmwwWIQTUdwQMcMIValwphUm7fpEBSV5r9wU CZadfqwUJAheJYAAKCRC7fpEBSV5r90AjAPwLgY1iKiFJEj32SVD5f721929l79VxQB5FlQss x1n5kQEA6Uct2tPvbB6T7p5KG3Gl+tbi7oJAuxFmpkpW5/N2Owg=
Date: Tue, 26 Mar 2024 13:33:32 -0400
Message-ID: <877chokidv.fsf@fifthhorseman.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/sNR4ja_quCkC6jc2SndlfNYP8Fk>
Subject: Re: [openpgp] Code-signing in OpenPGP [was: Re: SLH-DSA code points]
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Mar 2024 22:46:10 -0000
On Fri 2024-03-22 20:37:36 +0000, Daniel Huigens wrote: > This sounds like a useful distinction to me, but to me the most > important difference seems to be not how secure they need to be today, > but rather how long they need to be secure for. E.g. emails that are > read once might not need a signature that will verify successfully in > 10 years, but a tarball might. Thanks for this way of looking at the problem, i find it a useful re-framing, and i think i've changed my perspective on the issue now. > So, perhaps, to serve this use case, you could have an SLH-DSA primary > key with an EdDSA subkey, and indicate when signing, how long you want > the signature to be used/trustworthy? (Obviously that's a rather > advanced option and I'm not sure what a good UI would be.) right, i don't think there's a good UI for this either -- "make signature likely to be invalidated sooner" is not an option most users will reasonably want to check. At best i can imagine a "don't bother trying to sign with keys that i don't have available", but > I'd argue, if someone accepts an EdDSA signature today, even if you > normally make an SLH-DSA signature, that's perfectly fine, only once > EdDSA is (expected to shortly be) broken should the validity of such a > signature change. So the incentive for you to sign with SLH-DSA should > be to make a longer-lived signature, not a more trusted one. I think this is the right answer. It's simple, and it's straightforward and clear. And the corollary seems to be that if there are multiple secret keys, just sign with each of them. I'm proposing to make this the default for `sop`, since sop was previously ambiguous about that. If anyone is interested, please see: https://gitlab.com/dkg/openpgp-stateless-cli/-/merge_requests/29 Where i'm contemplating how to specify this behavior clearly in `sop` without making it too messy. Regards, --dkg
- [openpgp] SLH-DSA code points Falko Strenzke
- Re: [openpgp] SLH-DSA code points Daniel Kahn Gillmor
- [openpgp] Fwd: SLH-DSA code points Falko Strenzke
- Re: [openpgp] SLH-DSA code points Falko Strenzke
- Re: [openpgp] SLH-DSA code points Falko Strenzke
- Re: [openpgp] SLH-DSA code points Daniel Huigens
- Re: [openpgp] SLH-DSA code points Daniel Huigens
- Re: [openpgp] SLH-DSA code points Simon Josefsson
- Re: [openpgp] SLH-DSA code points Daniel Huigens
- [openpgp] Code-signing in OpenPGP [was: Re: SLH-D… Daniel Kahn Gillmor
- Re: [openpgp] Code-signing in OpenPGP [was: Re: S… Daniel Huigens
- Re: [openpgp] Code-signing in OpenPGP [was: Re: S… Andrew Gallagher
- Re: [openpgp] Code-signing in OpenPGP [was: Re: S… Simon Josefsson
- Re: [openpgp] Code-signing in OpenPGP [was: Re: S… Michael Richardson
- Re: [openpgp] Code-signing in OpenPGP [was: Re: S… Simon Josefsson
- Re: [openpgp] Code-signing in OpenPGP [was: Re: S… Daniel Kahn Gillmor
- Re: [openpgp] Code-signing in OpenPGP [was: Re: S… Daniel Huigens
- Re: [openpgp] Code-signing in OpenPGP [was: Re: S… Daniel Huigens
- Re: [openpgp] Code-signing in OpenPGP [was: Re: S… Andrew Gallagher
- Re: [openpgp] Code-signing in OpenPGP [was: Re: S… Daniel Kahn Gillmor