IETF Logo Mail Archive

Re: V3 secret keys

hal@finney.org ("Hal Finney") Tue, 07 February 2006 02:15 UTC

Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F6IO4-0006H7-Ok for openpgp-archive@megatron.ietf.org; Mon, 06 Feb 2006 21:15:24 -0500
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA06175 for <openpgp-archive@lists.ietf.org>; Mon, 6 Feb 2006 21:13:34 -0500 (EST)
Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id k1723pGQ046498; Mon, 6 Feb 2006 18:03:51 -0800 (PST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id k1723prG046497; Mon, 6 Feb 2006 18:03:51 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from finney.org (226-132.adsl2.netlojix.net [207.71.226.132]) by above.proper.com (8.12.11/8.12.9) with ESMTP id k1723mbX046491 for <ietf-openpgp@imc.org>; Mon, 6 Feb 2006 18:03:50 -0800 (PST) (envelope-from hal@finney.org)
Received: by finney.org (Postfix, from userid 500) id EF80857FAE; Mon, 6 Feb 2006 18:07:28 -0800 (PST)
To: nagydani@epointsystem.org, vedaal@hush.com
Subject: Re: V3 secret keys
Cc: ietf-openpgp@imc.org
Message-Id: <20060207020728.EF80857FAE@finney.org>
Date: Mon, 06 Feb 2006 18:07:28 -0800
From: hal@finney.org
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

Daniel Nagy writes:
> I sincerely hope that this whole mess will be cleaned up with V5, where
> there seems to be a consensus not to implement encrypted private key packets
> at all, but put unencrypted private key packets into integrity protected
> symmetrically encrypted packets instead.

I haven't participated in the recent discussion, partly because I think
it is a little premature until we get the current spec put to bed.

I am not sure I like this idea.  We'll need to retain the old mechanism
for many years at least, requiring us to support yet another set of
incompatible mechanisms.  And I don't know if the new proposal really
simplifies things much.

Complications have been pointed out regarding sending multiple keys
encrypted with different passphrases, requiring us to explicitly support
multiply-concatenated symmetric-encryption & SKESK packets, which is
not necessary at present.  It might require us to bite the bullet and
clarify exactly what sequences of packets are legal, with possible
backwards-compatibility problems.

It would also seem to require that we store the keys in this new format,
otherwise we have to ask the user for every passphrase when we import a
bunch of keys like this, in order to decrypt the symmetric packets and
convert them to the legacy format.  So it has negative implications for
existing implementations.

These may not be total show-stoppers but I do want to go on record as
not being ready to endorse this proposal yet.

Hal Finney

v2.23.0 | Report a Bug | By Email