IETF Logo Mail Archive

[openpgp] [internet-drafts@ietf.org] New Version Notification for draft-dkg-openpgp-abuse-resistant-keystore-04.txt

Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 22 August 2019 22:03 UTC

Return-Path: <dkg@fifthhorseman.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3942812001E for <openpgp@ietfa.amsl.com>; Thu, 22 Aug 2019 15:03:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.299
X-Spam-Level:
X-Spam-Status: No, score=-4.299 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=fifthhorseman.net header.b=jBbfSIyd; dkim=pass (2048-bit key) header.d=fifthhorseman.net header.b=aBnQtPd0
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q3VvftlysvCb for <openpgp@ietfa.amsl.com>; Thu, 22 Aug 2019 15:03:29 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [162.247.75.118]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2A18212007C for <openpgp@ietf.org>; Thu, 22 Aug 2019 15:03:29 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019; t=1566511408; h=from : to : subject : references : date : message-id : mime-version : content-type : from; bh=xZ4Mk8XGrCnYFuStiZI+ELgJDoLIDadBZRNoLhdl4Y4=; b=jBbfSIydo9LNdyqEWrVUytDA/9ChkVkkLzffIMhdGRi67L/gFVQLGOmZ 7GH2Vw6GR71YpzL1n+WTP6gGYAYZAA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019rsa; t=1566511408; h=from : to : subject : references : date : message-id : mime-version : content-type : from; bh=xZ4Mk8XGrCnYFuStiZI+ELgJDoLIDadBZRNoLhdl4Y4=; b=aBnQtPd0AAJSnLIva6HAY1vX6wxWk2MVYum/Wz1TvnJW0L6Qja80vW2C c/+5PwYn6hc8/Ayktm0U+WKTu/1GGPGnWX6GLKcgnbHTSIUt1dhG+TP1Yn O6iBnNt2eN1BxWaCui9QSvrk8pXP75f2+xHY6UQSx+96eVmCWOc30p6OAO cgBkspuLytNu82gwdrmSEw3Ppqi3RNGHr3FuElOeMlSs7VsDKv62V78XxA W3FWG/eyAb0tsxH8f3JCb4i/UZ9DYY/iOl2/vTTNLeEMyyDQ49hYWYuaOk CD5aLeCTqpye4vH4hyFJpaX4mCvt9u8QxfAUQVjvr0ehrLE1xKgIVw==
Received: from fifthhorseman.net (unknown [38.109.115.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id D55FBF99E for <openpgp@ietf.org>; Thu, 22 Aug 2019 18:03:27 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000) id 1607420316; Thu, 22 Aug 2019 17:08:45 -0400 (EDT)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: openpgp@ietf.org
References: <156650274021.14785.10325255315266801149.idtracker@ietfa.amsl.com>
Autocrypt: addr=dkg@fifthhorseman.net; prefer-encrypt=mutual; keydata= mDMEXEK/AhYJKwYBBAHaRw8BAQdAr/gSROcn+6m8ijTN0DV9AahoHGafy52RRkhCZVwxhEe0K0Rh bmllbCBLYWhuIEdpbGxtb3IgPGRrZ0BmaWZ0aGhvcnNlbWFuLm5ldD6ImQQTFggAQQIbAQUJA8Jn AAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBMS8Lds4zOlkhevpwvIGkReQOOXGBQJcQsbzAhkB AAoJEPIGkReQOOXG4fkBAO1joRxqAZY57PjdzGieXLpluk9RkWa3ufkt3YUVEpH/AP9c+pgIxtyW +FwMQRjlqljuj8amdN4zuEqaCy4hhz/1DbgzBFxCv4sWCSsGAQQB2kcPAQEHQERSZxSPmgtdw6nN u7uxY7bzb9TnPrGAOp9kClBLRwGfiPUEGBYIACYWIQTEvC3bOMzpZIXr6cLyBpEXkDjlxgUCXEK/ iwIbAgUJAeEzgACBCRDyBpEXkDjlxnYgBBkWCAAdFiEEyQ5tNiAKG5IqFQnndhgZZSmuX/gFAlxC v4sACgkQdhgZZSmuX/iVWgD/fCU4ONzgy8w8UCHGmrmIZfDvdhg512NIBfx+Mz9ls5kA/Rq97vz4 z48MFuBdCuu0W/fVqVjnY7LN5n+CQJwGC0MIA7QA/RyY7Sz2gFIOcrns0RpoHr+3WI+won3xCD8+ sVXSHZvCAP98HCjDnw/b0lGuCR7coTXKLIM44/LFWgXAdZjm1wjODbg4BFxCv50SCisGAQQBl1UB BQEBB0BG4iXnHX/fs35NWKMWQTQoRI7oiAUt0wJHFFJbomxXbAMBCAeIfgQYFggAJhYhBMS8Lds4 zOlkhevpwvIGkReQOOXGBQJcQr+dAhsMBQkB4TOAAAoJEPIGkReQOOXGe/cBAPlek5d9xzcXUn/D kY6jKmxe26CTws3ZkbK6Aa5Ey/qKAP0VuPQSCRxA7RKfcB/XrEphfUFkraL06Xn/xGwJ+D0hCw==
Date: Thu, 22 Aug 2019 17:08:44 -0400
Message-ID: <875zmodi1v.fsf@fifthhorseman.net>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="=-=-="
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/t6BlEr0MsGc2Fy6qPVGYx7YMHRs>
Subject: [openpgp] [internet-drafts@ietf.org] New Version Notification for draft-dkg-openpgp-abuse-resistant-keystore-04.txt
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Aug 2019 22:03:31 -0000

Hi all--

I've just released version -04 of the OpenPGP Abuse-Resistant Keystores
draft.

substantive changes bewteen -03 and -04:

 * change "certificate update" to "certificate refresh" for clarity
 * relax first-party-attested third-party certification constraints
   at the suggestion of Valodim
 * introduce "primary key sovereignty" concept explicitly
 * describe how to distribute and consume attestation revocations
 * introduce augmentation to TPK for third-party certification revocation
   distribution

Please take a look!

       --dkg
--- Begin Message --- 
A new version of I-D, draft-dkg-openpgp-abuse-resistant-keystore-04.txt
has been successfully submitted by Daniel Kahn Gillmor and posted to the
IETF repository.

Name:		draft-dkg-openpgp-abuse-resistant-keystore
Revision:	04
Title:		Abuse-Resistant OpenPGP Keystores
Document date:	2019-08-22
Group:		Individual Submission
Pages:		58
URL:            https://www.ietf.org/internet-drafts/draft-dkg-openpgp-abuse-resistant-keystore-04.txt
Status:         https://datatracker.ietf.org/doc/draft-dkg-openpgp-abuse-resistant-keystore/
Htmlized:       https://tools.ietf.org/html/draft-dkg-openpgp-abuse-resistant-keystore-04
Htmlized:       https://datatracker.ietf.org/doc/html/draft-dkg-openpgp-abuse-resistant-keystore
Diff:           https://www.ietf.org/rfcdiff?url2=draft-dkg-openpgp-abuse-resistant-keystore-04

Abstract:
   OpenPGP transferable public keys are composite certificates, made up
   of primary keys, direct key signatures, user IDs, identity
   certifications ("signature packets"), subkeys, and so on.  They are
   often assembled by merging multiple certificates that all share the
   same primary key, and are distributed in public keystores.

   Unfortunately, since many keystores permit any third-party to add a
   certification with any content to any OpenPGP certificate, the
   assembled/merged form of a certificate can become unwieldy or
   undistributable.  Furthermore, keystores that are searched by user ID
   or fingerprint can be made unusable for specific searches by public
   submission of bogus certificates.  And finally, keystores open to
   public submission can also face simple resource exhaustion from
   flooding with bogus submissions, or legal or other risks from uploads
   of toxic data.

   This draft documents techniques that an archive of OpenPGP
   certificates can use to mitigate the impact of these various attacks,
   and the implications of these concerns and mitigations for the rest
   of the OpenPGP ecosystem.

                                                                                  


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat
--- End Message ---

v2.23.0 | Report a Bug | By Email