IETF Logo Mail Archive

[openpgp] Re: Primary Key Binding sigs on authentication subkeys

Bart Butler <bart+ietf@pm.me> Sun, 02 February 2025 13:28 UTC

Return-Path: <bart+ietf@pm.me>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1769BC1CAF2D for <openpgp@ietfa.amsl.com>; Sun, 2 Feb 2025 05:28:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=pm.me
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pmq6z61mUUOs for <openpgp@ietfa.amsl.com>; Sun, 2 Feb 2025 05:28:06 -0800 (PST)
Received: from mail-10630.protonmail.ch (mail-10630.protonmail.ch [79.135.106.30]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 886B9C1CAF40 for <openpgp@ietf.org>; Sun, 2 Feb 2025 05:28:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pm.me; s=protonmail3; t=1738502884; x=1738762084; bh=WPIH/RWU9C4OfZvRvjiGn0kmkgmIPZ9+hyKPOmVRTPk=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector:List-Unsubscribe:List-Unsubscribe-Post; b=E4u67wJYr+K2vo48QU8WvEMRv/1Fuhjt7jDZcWCIUoO4U+74n3+TM5bQHDMdo5e2h lBECE7pWlseGFXY5VtV7ebrl5fDsfdgZzjI6PMzJ99WOHlplqqRkZEjMAKwKQT9J5g 7aUljFsXg6+gYy+MrYvc9Bx0s2C0rHnsQXSUyv69dfPSpflHP0CjKOtoYa9oflXM6f J+x1YDnp9HY90QHOTsvJAHXPd1FDCGE6IwB3p4wK88FKkNKRi8V/raoKOCOKUjDIbd RrNN8lNYw+7gevZsCsXZ2ZH+WvAYbhWqGeozJuvJtgsGs9bFl1rF+hGM08G4rMKo4Y qrgmh0jamOW1Q==
Date: Sun, 02 Feb 2025 13:27:59 +0000
To: Stephan Verbücheln <stephan=40verbuecheln.ch@dmarc.ietf.org>
From: Bart Butler <bart+ietf@pm.me>
Message-ID: <ZGz8Ojbci4YgOtTaCDMu74NHJiHzOLh5UlPYY9Q7Lhhzj2OLANbY600wG0fHOD7M8po7SKYXvZvmlV4oqx7CKYjkY3zcPNoYjKp-seJ_nvA=@pm.me>
In-Reply-To: <c7ca0acc7298dcccb4f14d8b81a45b5733a93a1b.camel@verbuecheln.ch>
References: <D6B824E8-5559-41FB-8EC4-ACC0C35FAEB0@andrewg.com> <HBqO7fta_A4PuuS2EkZ4W5g6SAnzgN38ZYjpGWqgZJHCFqCQUNQ-BAXEHRqa7pwGU5jI7s6XpvGV2ZYLpa6se9e-SJDujNO6yknALtzlAW8=@protonmail.com> <875xm64wtk.fsf@europ.lan> <LIWr-Fiz5EpXR5DQtFrZRqWCtNc1_ADJN-d8TrWsw0s9auDsh76eXn6jdo0J1d3WTrWkxNnnSufHRlUcuBqsyxYhnReLn3fPR8ZUR4CPSNc=@protonmail.com> <c7ca0acc7298dcccb4f14d8b81a45b5733a93a1b.camel@verbuecheln.ch>
Feedback-ID: 5683226:user:proton
X-Pm-Message-ID: 7eb2d89e5d323a7cf95218d904177230f801e5f3
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="pgp-sha512"; boundary="------5895cb1ae8db4e51a0be9417c2609e5aeb087be4582a06eb201aef89fce4b570"; charset="utf-8"
Message-ID-Hash: Q7EWN3NWL4OQHUDZWMIAGHE4TGZJ6BSB
X-Message-ID-Hash: Q7EWN3NWL4OQHUDZWMIAGHE4TGZJ6BSB
X-MailFrom: bart+ietf@pm.me
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-openpgp.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: openpgp@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [openpgp] Re: Primary Key Binding sigs on authentication subkeys
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/v0hcPEDompPDeeUqeDANBAvBwhw>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Owner: <mailto:openpgp-owner@ietf.org>
List-Post: <mailto:openpgp@ietf.org>
List-Subscribe: <mailto:openpgp-join@ietf.org>
List-Unsubscribe: <mailto:openpgp-leave@ietf.org>

While a bit off-topic, I will also note that this statement is inaccurate. Proton does not manage keys for their users, in the sense that it does not have access to private key material.

Cheers,
Bart

On Tuesday, January 28th, 2025 at 11:51 PM, Stephan Verbücheln <stephan=40verbuecheln.ch@dmarc.ietf.org> wrote:

> Also note that many PGP use cases require that the users manage their
> keys personally. Proton managing PGP keys for their users disqualifies
> the PGP key for other use cases such as release signatures. There was a
> discussion at Debian to ban Proton for maintainers because of this.
> 

> Regards
> Stephan
> 

> _______________________________________________
> openpgp mailing list -- openpgp@ietf.org
> To unsubscribe send an email to openpgp-leave@ietf.org

v2.34.0 | Report a Bug | By Email | System Status