IETF Logo Mail Archive

Re: [openpgp] To bind or not to bind

Justus Winter <justus@sequoia-pgp.org> Fri, 22 March 2024 18:06 UTC

Return-Path: <justus@sequoia-pgp.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C0A0FC14F6F4 for <openpgp@ietfa.amsl.com>; Fri, 22 Mar 2024 11:06:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (4096-bit key) header.d=sequoia-pgp.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dsIoyZhsCqvf for <openpgp@ietfa.amsl.com>; Fri, 22 Mar 2024 11:06:26 -0700 (PDT)
Received: from harrington.uberspace.de (harrington.uberspace.de [185.26.156.85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 31C6AC14F6E8 for <openpgp@ietf.org>; Fri, 22 Mar 2024 11:06:25 -0700 (PDT)
Received: (qmail 20596 invoked by uid 500); 22 Mar 2024 18:06:22 -0000
Authentication-Results: harrington.uberspace.de; auth=pass (plain)
Received: from unknown (HELO unkown) (::1) by harrington.uberspace.de (Haraka/3.0.1) with ESMTPSA; Fri, 22 Mar 2024 19:06:22 +0100
From: Justus Winter <justus@sequoia-pgp.org>
To: Kai Engert <KaiE@kuix.de>
Cc: Aron Wussler <aron@wussler.it>, "openpgp@ietf.org" <openpgp@ietf.org>
In-Reply-To: <8d5636f9-9cbb-433d-b6e2-cac85d929919@kuix.de>
References: <EGivTgyfjNm_TAvhds1OPA2c0O6LP9lFnkwWHHKLJY8ReJOgtDh3tnYsCSR8yrrBLbpeehtUgIJEhynae8L3daRimNiGO7BAb3cVvC66q-4=@wussler.it> <8d5636f9-9cbb-433d-b6e2-cac85d929919@kuix.de>
Date: Fri, 22 Mar 2024 19:06:21 +0100
Message-ID: <87edc2i1k2.fsf@europ.lan>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
X-Rspamd-Bar: ----
X-Rspamd-Report: BAYES_HAM(-2.496646) SIGNED_PGP(-2) MIME_GOOD(-0.2)
X-Rspamd-Score: -4.696646
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=sequoia-pgp.org; s=uberspace; h=from:to:cc:subject:date; bh=T3ZHxCn+juHDcnT1JzkfqG6LGYq0iEkxClTECWbQOGk=; b=vZfhPReY5ZDA3wit6Zz24dsrODrp1eXdiVZf6CBfxjORvu4bImVNoeCiZ8ngQ8rNwq4MW9nhoT k2zA+rylsmFRE+XOmOf2kEqTbpEi87k0SQE0c3bmcdMfOyWIo/Te8NeP+aJ+iI8W1d+/d88LUD0b p6j2/RxSK+tizrPIQ+wvDsVgzJug5Y0qnjqvHeZwICH71BtbLwCW+ZheX1UCMCTs1B5Wt4bBjqjz zkH7Ep+jUx6ItLRkPet6fCuVZ7vcvChg0nVgut6JgHrbXu3cMR231o3HQP/qR+gY3FFFxxiXA2xY xXAxtIUJcrggbeqTLc0vbnWvPgkodrNi6e/MjV471/0ge2YltKTT6kt3sL553jN0xwfjUDgZUTps D823XpzyJNGcSyz6eG7oCHrpUGEU34T754+CFDsa1sJLn7A0RdVzVMVxukbxeVMhafUiwT7mLuLy b2vm/7KqQt+oA/WVtl+C2I01VhCId1F9/+/ugcCrbtKnihqSwvye6DkewaBXLBUHZs9SMbqZEsnL McBe+2UaNvrgFEktT7zgrjS/g1vywbj439kmbbmGIO6I+rT7FneyIqLa054kSM6hSygJWMoH2fG2 BA7lqXY6pmb/AgB2MqBCkIawpdcxNUx3s0kuVhWOWcekcoNS+s4phcrBKEEIDCB/nhaMYD6G8iZS I=
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/suNe8uPsnbCIbslGvPwSFT2gAyc>
Subject: Re: [openpgp] To bind or not to bind
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Mar 2024 18:06:30 -0000

Hi Kai :)

Kai Engert <KaiE@kuix.de> writes:

> On 21.03.24 21:26, Aron Wussler wrote:
>>   - (1) may be justified because some implementations fail parsing keys [1]. Of this plot is particularly relevant the 3rd line (Unknown algo, opaque encoding, small), that would be equivalent to attach an ML-KEM + X25519 subkey to an existing v4 certificate. All V6 implementations are required not to choke on unknown algorithms.
>
> What kind of failures can be seen with those implementations?
>
> Will they allow importing it, but then run into a failure later on when
> trying to use it? That would be an argument for not distributing such
> keys at all.
>
> Or will ALL of them detect the incompatibilityat import time, and refuse
> the import? That would be less problematic. Then probably v4-pqc and v6
> keys would be rejected in the same way.

The test models an opportunistic upgrade path by taking a v4 certificate
with an usable classical encryption subkey, and adding a fake PQ
encryption subkey.  It then asks the implementations to encrypt a
message for that cert.

SOP, being the Stateless OpenPGP Protocol, doesn't import certificates
as a separate operation, therefore it is impossible to tell where
exactly the whole process fails by looking at the test results alone.

> Users of both v4-pqc and v6 keys would equally have the problem that
> they need to provide classic v4 keys for their incompatible correspondents.
>
> However, if v4-pqc is allowed, it might allow some implementations to
> become compatible with pqc more easily.

That seems to be optimistic speculation, whereas the data says that such
a cert is not a viable opportunistic upgrade path.

Best,
Justus

v2.23.0 | Report a Bug | By Email