[openpgp] Re: I-D Action: draft-ietf-openpgp-replacementkey-01.txt

andrewg <andrewg@andrewg.com> Mon, 04 November 2024 12:51 UTC

Return-Path: <andrewg@andrewg.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7813CC151092 for <openpgp@ietfa.amsl.com>; Mon, 4 Nov 2024 04:51:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=andrewg.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vIQoz-3pQ8xZ for <openpgp@ietfa.amsl.com>; Mon, 4 Nov 2024 04:51:04 -0800 (PST)
Received: from fum.andrewg.com (fum.andrewg.com [135.181.198.78]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 786E0C14CE3F for <openpgp@ietf.org>; Mon, 4 Nov 2024 04:51:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=andrewg.com; s=andrewg-com; t=1730724661; bh=+YuvqNprLhzblsnnly+BsqljKdwxkPCUa/CoEjKhiIc=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=TWytdFfeNpJziMRFKc/uXgPueZIKGyJr7Yijltae+Rx6yRe+99fJMoNkUBqk27ZGN Kc8tZIlubt3XU2d6KAJNO7hPYlU+NQIfph+iyXGK9ibuHxMJ71lvpsOE8bxPTMMC/V 9yMJsM8r0NS0nlt3pVUdmMtX/KJsrJo5KQMD67+M958ySZKL/dkw7T/P2HJlCVfqQQ UHLNzzx9b2nI0xuRsw+noNkEP5E8zjzl0D689OgxtWVq9Okan9adNVQ3T7Tuyo7Jy7 9BjdwbrFwk2WrFCx9rmSvGDN2rkw6VyvpE4sdl3xfXt/5eJNcazf70t+oeSgIIyWFv PSt4cvPhphPTw==
Received: from mail.andrewg.com (localhost [127.0.0.1]) by fum.andrewg.com (Postfix) with ESMTP id A79845DE46; Mon, 4 Nov 2024 12:51:01 +0000 (UTC)
MIME-Version: 1.0
Date: Mon, 04 Nov 2024 12:51:01 +0000
From: andrewg <andrewg@andrewg.com>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
In-Reply-To: <87v7x4qx2f.fsf@fifthhorseman.net>
References: <d3d5e59e-2ddb-4b4d-867e-b8a7f1df203c@posteo.de> <B20FD242-AD3D-4A30-86F4-8AA8A9157DC8@andrewg.com> <87v7x4qx2f.fsf@fifthhorseman.net>
Message-ID: <035e2d8c7923f8754d5acb7ab98cd51e@andrewg.com>
X-Sender: andrewg@andrewg.com
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Content-Transfer-Encoding: 7bit
Message-ID-Hash: N3VA563JRNE7FZNKZVFTGSLLOPYAPHM5
X-Message-ID-Hash: N3VA563JRNE7FZNKZVFTGSLLOPYAPHM5
X-MailFrom: andrewg@andrewg.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-openpgp.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: openpgp@ietf.org, Heiko Schäfer <heiko.schaefer@posteo.de>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [openpgp] Re: I-D Action: draft-ietf-openpgp-replacementkey-01.txt
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/tChYc9XenbwQOZVm5__PN2b5V5g>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Owner: <mailto:openpgp-owner@ietf.org>
List-Post: <mailto:openpgp@ietf.org>
List-Subscribe: <mailto:openpgp-join@ietf.org>
List-Unsubscribe: <mailto:openpgp-leave@ietf.org>

On 2024-11-03 13:14, Daniel Kahn Gillmor wrote:
> 
> With no chair hat on, my preference is for a mandatory imprint with an
> optional fingerprint (i think that's your option 3b).
...
> This allows an isolated implementation ecosystem that expects to have 
> no
> interaction with the keyserver network to not consume the extra space,
> but generally discourages it, which is the appropriate approach for the
> current scenario.

I am extremely skeptical of specifying this, because it violates one of 
OpenPGP's longstanding basic assumptions, that all keys have a single 
unique identifier. Even assuming that a particular cert will never be 
uploaded to a keyserver (and that's a big assumption), encouraging 
implementations to use context-specific identifiers, even internally, 
will almost certainly cause more problems than it solves. We're only 
talking about 32 bytes on the wire, and PQ signatures are going to be 
kilobytes in size, so it's proportionately not a big deal.

Stepping back, I'm concerned that a kludge that I threw together to 
cover a theoretical cryptographic shortfall has grown legs far beyond 
its initial intent. The imprint is only included in order to ensure that 
automated fallback from a v6 key to a v4 key has exactly the same 
cryptographic strength as going the other way. It is arguable that it is 
already overkill...

A