[openpgp] Re: Splitting replacement keys subpacket into related keys and trust equivalence?
Andrew Gallagher <andrewg@andrewg.com> Fri, 13 September 2024 13:43 UTC
Return-Path: <andrewg@andrewg.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A4C0EC16940F for <openpgp@ietfa.amsl.com>; Fri, 13 Sep 2024 06:43:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.107
X-Spam-Level:
X-Spam-Status: No, score=-7.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=andrewg.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rRZ6p766wuka for <openpgp@ietfa.amsl.com>; Fri, 13 Sep 2024 06:43:52 -0700 (PDT)
Received: from fum.andrewg.com (fum.andrewg.com [135.181.198.78]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 657A3C1D6219 for <openpgp@ietf.org>; Fri, 13 Sep 2024 06:43:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=andrewg.com; s=andrewg-com; t=1726235024; bh=LmQMejohPwiYL1x04EyJcCYwQaGF/mgkidUmFAOQcT4=; h=From:Subject:Date:In-Reply-To:Cc:To:References:From; b=KbwpzBWNHblSMYSQcr4LLrkSr03XO4pEfjOU4+sB9X1pA/QIdjSdr75zFtQoqDtZO /cZ0VyQ5t3/yd0XMjR3rL8JPI6mz9m+pFxKup4ITjXKgGq/Mn+0mSJTC3HW1A/fsAz xZhVWuiGKbymEhyPkMT5qn6/FUj2Rb1TnGvZFewvNI+MsiLgeT4pnDJPB7temUWslM Pylt21vKriF0drRFYOlD/RxMPEqFRaWA1rCcEsmALp8YxQjmf1AhMfdDxCJGdNRfBg tlF/nWy0Uc8VKlLGg+DdCFk5EuYgQ0V3ixjtFh4fW8lBC1EMQo4qkzxdIGerLHUZJK VHhIa6GGuTMjg==
Received: from smtpclient.apple (serenity [IPv6:fc93:5820:7349:eda2:99a7::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by fum.andrewg.com (Postfix) with ESMTPSA id 42E445DFD5; Fri, 13 Sep 2024 13:43:44 +0000 (UTC)
From: Andrew Gallagher <andrewg@andrewg.com>
Message-Id: <9D5F628D-513A-4B67-AF3C-FD34A8F74391@andrewg.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_2C3C7B98-CCDD-4E6C-9BA0-BDE5BB1BBD0D"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.700.6.1.1\))
Date: Fri, 13 Sep 2024 14:43:26 +0100
In-Reply-To: <ePUGJvmji5T0hgZwyaCC6nYVhgPdTgd0wl_vaLWZFlkYUW_T5B13fTUevlWsxYEGeoSFtNvrkUjiENZSUG1BBhcijebhkI9hIWIZ4DX0zk0=@protonmail.com>
To: Daniel Huigens <d.huigens=40protonmail.com@dmarc.ietf.org>
References: <I1AVKcpZIk0c47n7JbfpMHn0RmQv7YTkXvRC7JbH_MRPfKvd4V6jn50E0pIcaANbAZ4-khxFgIGLk5D1rDsJgPTQgvNoqbPzbj5WEd5rUc0=@protonmail.com> <5ED82E08-5973-4C4D-8726-49B24646DF2D@andrewg.com> <8dasmNRbHHCaM5m_appBMcCDLKuk4fT1CMnWZMmzAK77m_C4lRKIR1dlYqBzL9zW5CdFXUfv5LPuU46w5uMEGMtnN-cCxJaeGRzks0gQYC0=@pm.me> <0aa16b8d-e217-481a-b039-c64f3b92937f@posteo.de> <ePUGJvmji5T0hgZwyaCC6nYVhgPdTgd0wl_vaLWZFlkYUW_T5B13fTUevlWsxYEGeoSFtNvrkUjiENZSUG1BBhcijebhkI9hIWIZ4DX0zk0=@protonmail.com>
X-Mailer: Apple Mail (2.3731.700.6.1.1)
Message-ID-Hash: WWJ5NQ4VS6LEFRCOTDJSKKGKTV3DAPUE
X-Message-ID-Hash: WWJ5NQ4VS6LEFRCOTDJSKKGKTV3DAPUE
X-MailFrom: andrewg@andrewg.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-openpgp.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Heiko Schäfer <heiko.schaefer@posteo.de>, "openpgp\\\\@ietf.org" <openpgp@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [openpgp] Re: Splitting replacement keys subpacket into related keys and trust equivalence?
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/vw2icWIX2jUUEk3X7-pQiDsYb3M>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Owner: <mailto:openpgp-owner@ietf.org>
List-Post: <mailto:openpgp@ietf.org>
List-Subscribe: <mailto:openpgp-join@ietf.org>
List-Unsubscribe: <mailto:openpgp-leave@ietf.org>
Hi, Daniel. If we split up, then we have two subpackets with similar/complementary semantics, and which might still end up being used in conjunction with each other more often than not, because in some lookup scenarios one of them may be redundant and therefore could be omitted. But we cannot predict what key lookup methods our correspondents will use. We could define a method that delivers all of our equivalent keys in one convenient response, but this does not exist yet (WKD only strictly allows one valid key per query). And even once it does, our correspondents will not be compelled to use it - so we will still need to support other lookup methods, in which case the fingerprint will be necessary again. A split subpacket design also increases the combinatorics and UX complexity, which is already quite heavy. I worry somewhat that we are quibbling over O(256) extra bits on the wire, when we are fast approaching a PQC future where keys and signatures are several kilobytes in size each. A > On 13 Sep 2024, at 13:01, Daniel Huigens <d.huigens=40protonmail.com@dmarc.ietf.org> wrote: > > OK, fair enough. > > Then, I want to try to go back to my original point: some people want this part, some people don't want it; ergo, should we split it up? :) > > Best, > Daniel > > On Friday, September 13th, 2024 at 13:56, Heiko Schäfer <heiko.schaefer@posteo.de> wrote: >> As Andrew outlined, in some of the existing PKI mechanisms, the fingerprint is currently the best/most specific lookup key. >> It would seem unfortunate to me not to include the fingerprint in a replacement key mechanism (which is presumably often going to involve client software attempting to do PKI lookups). >> >> Heiko >> >> >> On 9/13/24 1:48 PM, Bart Butler wrote: >>> I’m fairly agnostic on this as long as we don’t make it optional and introduce yet another degree of freedom. One other advantage of not including the fingerprint would be to force implementations to verify using the imprint. But either approach is fine. >>> >>> >>> On Fri, Sep 13, 2024 at 11:01 AM, Andrew Gallagher <andrewg=40andrewg.com@dmarc.ietf.org <mailto:On Fri, Sep 13, 2024 at 11:01 AM, Andrew Gallagher <<a href=>> wrote: >>>> >>>> On 13 Sep 2024, at 08:42, Daniel Huigens <d.huigens@protonmail.com> <mailto:d.huigens@protonmail.com> wrote: >>>> > >>>> > In the email case specifically, you _could_ take it as a signal to say, >>>> > "oh there's a replacement key, but I don't know where/which it is, >>>> > so I need to go fetch this contact's keys again (by email address)". >>>> >>>> Sure, but I’m thinking specifically of the cases where lookup by email address isn’t efficient, e.g. if there is no WKD on the domain and there are a number of fake keys on the keyservers. If we compare with the design goal of trying to match the behaviour of subkeys as much as possible, leaving out fingerprints does complicate the lookup process in the general case. >>>> >>>> A >>>> _______________________________________________ >>>> openpgp mailing list -- openpgp@ietf.org <mailto:openpgp@ietf.org> >>>> To unsubscribe send an email to openpgp-leave@ietf.org <mailto:openpgp-leave@ietf.org> >>> >>> >>> _______________________________________________ >>> openpgp mailing list -- openpgp@ietf.org <mailto:openpgp@ietf.org> >>> To unsubscribe send an email to openpgp-leave@ietf.org <mailto:openpgp-leave@ietf.org> >> > > _______________________________________________ > openpgp mailing list -- openpgp@ietf.org > To unsubscribe send an email to openpgp-leave@ietf.org
- [openpgp] Splitting replacement keys subpacket in… Daniel Huigens
- [openpgp] Re: Splitting replacement keys subpacke… iang
- [openpgp] Re: Splitting replacement keys subpacke… Justus Winter
- [openpgp] Re: Splitting replacement keys subpacke… Daniel Huigens
- [openpgp] Re: Splitting replacement keys subpacke… Bart Butler
- [openpgp] Re: Splitting replacement keys subpacke… Andrew Gallagher
- [openpgp] Re: Splitting replacement keys subpacke… Daniel Huigens
- [openpgp] Re: Splitting replacement keys subpacke… Andrew Gallagher
- [openpgp] Re: Splitting replacement keys subpacke… Heiko Schäfer
- [openpgp] Re: Splitting replacement keys subpacke… Daniel Huigens
- [openpgp] Re: Splitting replacement keys subpacke… Bart Butler
- [openpgp] Re: Splitting replacement keys subpacke… Andrew Gallagher
- [openpgp] Re: Splitting replacement keys subpacke… Bart Butler
- [openpgp] Re: Splitting replacement keys subpacke… Neal H. Walfield
- [openpgp] Re: Splitting replacement keys subpacke… Justus Winter
- [openpgp] Re: Splitting replacement keys subpacke… Daniel Huigens