[openpgp] Re: I-D Action: draft-ietf-openpgp-replacementkey-01.txt
andrewg <andrewg@andrewg.com> Mon, 04 November 2024 12:51 UTC
Return-Path: <andrewg@andrewg.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7813CC151092 for <openpgp@ietfa.amsl.com>; Mon, 4 Nov 2024 04:51:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=andrewg.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vIQoz-3pQ8xZ for <openpgp@ietfa.amsl.com>; Mon, 4 Nov 2024 04:51:04 -0800 (PST)
Received: from fum.andrewg.com (fum.andrewg.com [135.181.198.78]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 786E0C14CE3F for <openpgp@ietf.org>; Mon, 4 Nov 2024 04:51:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=andrewg.com; s=andrewg-com; t=1730724661; bh=+YuvqNprLhzblsnnly+BsqljKdwxkPCUa/CoEjKhiIc=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=TWytdFfeNpJziMRFKc/uXgPueZIKGyJr7Yijltae+Rx6yRe+99fJMoNkUBqk27ZGN Kc8tZIlubt3XU2d6KAJNO7hPYlU+NQIfph+iyXGK9ibuHxMJ71lvpsOE8bxPTMMC/V 9yMJsM8r0NS0nlt3pVUdmMtX/KJsrJo5KQMD67+M958ySZKL/dkw7T/P2HJlCVfqQQ UHLNzzx9b2nI0xuRsw+noNkEP5E8zjzl0D689OgxtWVq9Okan9adNVQ3T7Tuyo7Jy7 9BjdwbrFwk2WrFCx9rmSvGDN2rkw6VyvpE4sdl3xfXt/5eJNcazf70t+oeSgIIyWFv PSt4cvPhphPTw==
Received: from mail.andrewg.com (localhost [127.0.0.1]) by fum.andrewg.com (Postfix) with ESMTP id A79845DE46; Mon, 4 Nov 2024 12:51:01 +0000 (UTC)
MIME-Version: 1.0
Date: Mon, 04 Nov 2024 12:51:01 +0000
From: andrewg <andrewg@andrewg.com>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
In-Reply-To: <87v7x4qx2f.fsf@fifthhorseman.net>
References: <d3d5e59e-2ddb-4b4d-867e-b8a7f1df203c@posteo.de> <B20FD242-AD3D-4A30-86F4-8AA8A9157DC8@andrewg.com> <87v7x4qx2f.fsf@fifthhorseman.net>
Message-ID: <035e2d8c7923f8754d5acb7ab98cd51e@andrewg.com>
X-Sender: andrewg@andrewg.com
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Content-Transfer-Encoding: 7bit
Message-ID-Hash: N3VA563JRNE7FZNKZVFTGSLLOPYAPHM5
X-Message-ID-Hash: N3VA563JRNE7FZNKZVFTGSLLOPYAPHM5
X-MailFrom: andrewg@andrewg.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-openpgp.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: openpgp@ietf.org, Heiko Schäfer <heiko.schaefer@posteo.de>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [openpgp] Re: I-D Action: draft-ietf-openpgp-replacementkey-01.txt
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/tChYc9XenbwQOZVm5__PN2b5V5g>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Owner: <mailto:openpgp-owner@ietf.org>
List-Post: <mailto:openpgp@ietf.org>
List-Subscribe: <mailto:openpgp-join@ietf.org>
List-Unsubscribe: <mailto:openpgp-leave@ietf.org>
On 2024-11-03 13:14, Daniel Kahn Gillmor wrote: > > With no chair hat on, my preference is for a mandatory imprint with an > optional fingerprint (i think that's your option 3b). ... > This allows an isolated implementation ecosystem that expects to have > no > interaction with the keyserver network to not consume the extra space, > but generally discourages it, which is the appropriate approach for the > current scenario. I am extremely skeptical of specifying this, because it violates one of OpenPGP's longstanding basic assumptions, that all keys have a single unique identifier. Even assuming that a particular cert will never be uploaded to a keyserver (and that's a big assumption), encouraging implementations to use context-specific identifiers, even internally, will almost certainly cause more problems than it solves. We're only talking about 32 bytes on the wire, and PQ signatures are going to be kilobytes in size, so it's proportionately not a big deal. Stepping back, I'm concerned that a kludge that I threw together to cover a theoretical cryptographic shortfall has grown legs far beyond its initial intent. The imprint is only included in order to ensure that automated fallback from a v6 key to a v4 key has exactly the same cryptographic strength as going the other way. It is arguable that it is already overkill... A
- [openpgp] I-D Action: draft-ietf-openpgp-replacem… internet-drafts
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Andrew Gallagher
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Andrew Gallagher
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Andrew Gallagher
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Daniel Huigens
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Andrew Gallagher
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Heiko Schäfer
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Andrew Gallagher
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Daniel Kahn Gillmor
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Daniel Huigens
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Andrew Gallagher
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… andrewg
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Daniel Huigens
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Andrew Gallagher
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Daniel Huigens
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Andrew Gallagher
- [openpgp] Re: I-D Action: draft-ietf-openpgp-repl… Andrew Gallagher