[openpgp] Re: Encryption subkey selection
Falko Strenzke <falko.strenzke@mtg.de> Tue, 08 April 2025 05:31 UTC
Return-Path: <falko.strenzke@mtg.de>
X-Original-To: openpgp@mail2.ietf.org
Delivered-To: openpgp@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 4A4C418BFE09; Mon, 7 Apr 2025 22:31:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=mtg.de
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id prtM8wiqMI-y; Mon, 7 Apr 2025 22:31:30 -0700 (PDT)
Received: from www.mtg.de (www.mtg.de [IPv6:2a02:b98:8:2::2]) (using TLSv1.3 with cipher TLS_CHACHA20_POLY1305_SHA256 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 7A0CB18BFDFA; Mon, 7 Apr 2025 22:31:30 -0700 (PDT)
Received: from minka.mtg.de (minka [IPv6:2a02:b98:8:1:0:0:0:9]) by www.mtg.de (8.18.1/8.18.1) with ESMTPS id 5385VTnG008334 (version=TLSv1.3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256 verify=NOT); Tue, 8 Apr 2025 07:31:29 +0200
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mtg.de; s=mail201801; t=1744090289; bh=M+Vudlf5v977ThoHZzGle47HG3KrQ2dqx+j3wm9IQE8=; h=Date:Subject:To:Cc:References:From:In-Reply-To; b=IQlKplShm+qOy2JwgxaSG3p0g0S54LO9WoBBW0qtdm09qH6p1tU9Lqe0L5j2acIFB vbRrtKekTbvSUWyJuZhcqo1OvQzUxpPYNwmDxUWsLWzyS7lZZ7wfQn9/FlyjW25aRD 4lQcfSaCGsw2arHY/UzjsjmXFIueEKX+k6o0111UVt5JPcd3ZUujB7Dt9dy4o86QP6 z0+jm0BIcJ08CiRQeZCpmAUuB/Cu9tVjwkudfKWpYrwkCzOziYGj76c9XpwhKbISRw K6ufeiufpYKn0az5HGdQxWpjeXGBZ7/fJAp28KG/HFx2pAdtauR787nhSoFGvv82oz Y8WlUdXFSRUXg==
Received: from [10.8.0.100] (vpn-10-8-0-100 [10.8.0.100]) by minka.mtg.de (8.18.1/8.18.1) with ESMTPS id 5385VSap021591 (version=TLSv1.3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256 verify=NOT); Tue, 8 Apr 2025 07:31:28 +0200
Message-ID: <fb39ee36-3bca-43bc-893f-fd6c914633e8@mtg.de>
Date: Tue, 08 Apr 2025 07:31:28 +0200
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: Andrew Gallagher <andrewg=40andrewg.com@dmarc.ietf.org>
References: <26f46aef-dde6-4564-92b2-2914aa574944@mtg.de> <E84CD5EE-DAAF-44D6-BCEE-CB92AE6CBBEC@andrewg.com> <-r7DKP-up_y2Y19C3aR7UREiHK6ddwWmMF9wJ55R52gaDYWBiRBQYI5rMI6HXFbuWqZC9ykPncT3fj9Mu48g6S6P4wahJDwziqDkFZ0i5cc=@pm.me> <b1748002-189a-40c0-8221-50f475749c79@mtg.de> <178660AC-CC71-4CCE-98EA-6456677A31D9@andrewg.com>
Content-Language: en-GB
From: Falko Strenzke <falko.strenzke@mtg.de>
Organization: MTG AG
In-Reply-To: <178660AC-CC71-4CCE-98EA-6456677A31D9@andrewg.com>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-512"; boundary="------------ms010909070100040909030009"
Message-ID-Hash: WY3HEOVGASAV233LLAFYD74LSBTBG7IN
X-Message-ID-Hash: WY3HEOVGASAV233LLAFYD74LSBTBG7IN
X-MailFrom: falko.strenzke@mtg.de
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-openpgp.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Bart Butler <bart=2Bietf=40pm.me@dmarc.ietf.org>, Justus Winter <justus@sequoia-pgp.org>, "openpgp\\@ietf.org" <openpgp@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [openpgp] Re: Encryption subkey selection
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/uyyWnVtYRgQ5pZ__fiEtXHNo1mY>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Owner: <mailto:openpgp-owner@ietf.org>
List-Post: <mailto:openpgp@ietf.org>
List-Subscribe: <mailto:openpgp-join@ietf.org>
List-Unsubscribe: <mailto:openpgp-leave@ietf.org>
I think that is an absolutely logical progression. Still I am not sure how strongly the two mechanisms should be linked by their specifications. Even if this progression wasn't part of the normative spec, it could be mentioned as the recommended behaviour. But in any case, I am prepared to be convinced also of strongly linking the mechanisms if that should bring considerable advantage. Nevertheless, in the field there may always be implementations that support only one but not the other – or even neither –, so the certificate holder must be prepared that about anything can happen in terms of what set of encryption subkeys of his certificates will be used. Best regards, Falko Am 07.04.25 um 19:11 schrieb Andrew Gallagher: > On 7 Apr 2025, at 11:13, Falko Strenzke <falko.strenzke@mtg.de> wrote: >> >> In case of b) it doesn't seem to matter that much if we assign >> implicit rank 0 to keys or keep them outside the ESS selection >> algorithm altogether. I would tend to say in case the ESS selection >> fails, the sender should be be able to pick any set of encryption >> subkeys – whether they have an associated ESS or not. >> > In the case where a fallback cert exists, and no usable set of ranked > subkeys can be found on the preferred cert, should a receiving > implementation try the fallback cert's subkeys before or after > reverting to “any reasonable method” on the preferred cert? > > A > > > _______________________________________________ > openpgp mailing list --openpgp@ietf.org > To unsubscribe send an email toopenpgp-leave@ietf.org -- *MTG AG* Dr. Falko Strenzke Phone: +49 6151 8000 24 E-Mail: falko.strenzke@mtg.de Web: mtg.de <https://www.mtg.de> ------------------------------------------------------------------------ MTG AG - Dolivostr. 11 - 64293 Darmstadt, Germany Commercial register: HRB 8901 Register Court: Amtsgericht Darmstadt Management Board: Jürgen Ruf (CEO), Tamer Kemeröz Chairman of the Supervisory Board: Dr. Thomas Milde This email may contain confidential and/or privileged information. If you are not the correct recipient or have received this email in error, please inform the sender immediately and delete this email.Unauthorised copying or distribution of this email is not permitted. Data protection information: Privacy policy <https://www.mtg.de/en/privacy-policy>
- [openpgp] Encryption subkey selection Justus Winter
- [openpgp] Re: Encryption subkey selection Andrew Gallagher
- [openpgp] Re: Encryption subkey selection Falko Strenzke
- [openpgp] Re: Encryption subkey selection Bart Butler
- [openpgp] Re: Encryption subkey selection Falko Strenzke
- [openpgp] Re: Encryption subkey selection Andrew Gallagher
- [openpgp] Re: Encryption subkey selection Falko Strenzke
- [openpgp] Re: Encryption subkey selection Daniel Huigens
- [openpgp] Re: Encryption subkey selection Falko Strenzke
- [openpgp] Re: Encryption subkey selection Daniel Huigens
- [openpgp] Re: Encryption subkey selection Andrew Gallagher
- [openpgp] Re: Encryption subkey selection Falko Strenzke
- [openpgp] Re: Encryption subkey selection Falko Strenzke
- [openpgp] Re: Encryption subkey selection Andrew Gallagher
- [openpgp] Re: Encryption subkey selection Justus Winter
- [openpgp] Re: Encryption subkey selection Daniel Huigens
- [openpgp] Re: Encryption subkey selection Daniel Kahn Gillmor
- [openpgp] Re: Encryption subkey selection Falko Strenzke
- [openpgp] Re: Encryption subkey selection Daniel Huigens
- [openpgp] Re: Encryption subkey selection Daniel Huigens
- [openpgp] Re: Encryption subkey selection Johannes Roth
- [openpgp] Re: Encryption subkey selection Daniel Huigens