[openpgp] Re: Encryption subkey selection
Falko Strenzke <falko.strenzke@mtg.de> Thu, 10 April 2025 07:57 UTC
Return-Path: <falko.strenzke@mtg.de>
X-Original-To: openpgp@mail2.ietf.org
Delivered-To: openpgp@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id B54A21A09DDA; Thu, 10 Apr 2025 00:57:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=mtg.de
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PYVgYdyNRPrO; Thu, 10 Apr 2025 00:57:17 -0700 (PDT)
Received: from www.mtg.de (www.mtg.de [IPv6:2a02:b98:8:2::2]) (using TLSv1.3 with cipher TLS_CHACHA20_POLY1305_SHA256 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id B04171A09DD0; Thu, 10 Apr 2025 00:57:17 -0700 (PDT)
Received: from minka.mtg.de (minka [IPv6:2a02:b98:8:1:0:0:0:9]) by www.mtg.de (8.18.1/8.18.1) with ESMTPS id 53A7vGJO022948 (version=TLSv1.3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256 verify=NOT); Thu, 10 Apr 2025 09:57:16 +0200
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mtg.de; s=mail201801; t=1744271836; bh=FwF2cR60lII4Mp5Y+CDJSwtHpMfaAN82f6sdlY5sOPY=; h=Date:Subject:To:Cc:References:From:In-Reply-To; b=uJoHBUrBBgwQQav5R0L7/05OZI65GnMFet4ZDZlWEB91tjQmTw9Dr9iFL54uLHox9 MbjMh0BWoDUgHX+/6JlGsT0X8ylyScJNCrbyj8fVoWFusRWAR7XcgobRTO2FbgGL4n /P5xSZN/a15K4s1fVR0uscX2eFNFM/uYg3Qmh/q/x7Zs7SVfN7pADQTmt2HQCSsTMt UoqkRPesze+4tHrYoT7Usj7HweRYvSET9Hx2btB+/SGBmawAlIWMcoDO8Su1W0v282 5gh1VRdChgF//MJK9A75Pi5BnrzRLtg1z6er+qbB0tXfu0J0VNZAVBc8xvWMdcvt+K PvJ2YMo9lZkKg==
Received: from [199.99.99.123] (dhcp123 [199.99.99.123]) by minka.mtg.de (8.18.1/8.18.1) with ESMTPS id 53A7vFll008487 (version=TLSv1.3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256 verify=NOT); Thu, 10 Apr 2025 09:57:16 +0200
Message-ID: <98537b13-46af-4197-b60c-ce6265fcf6b4@mtg.de>
Date: Thu, 10 Apr 2025 09:57:15 +0200
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: Andrew Gallagher <andrewg=40andrewg.com@dmarc.ietf.org>
References: <4460b180-8b55-4a5b-b631-657a1e8d8ed6@mtg.de> <625C7FAF-91F8-4864-8C44-4F4BC738A1FC@andrewg.com>
Content-Language: en-GB
From: Falko Strenzke <falko.strenzke@mtg.de>
Organization: MTG AG
In-Reply-To: <625C7FAF-91F8-4864-8C44-4F4BC738A1FC@andrewg.com>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-512"; boundary="------------ms060403020508020304060105"
Message-ID-Hash: TYPLLD65YAEANQ3NN5MDGGF5HGAVJF3H
X-Message-ID-Hash: TYPLLD65YAEANQ3NN5MDGGF5HGAVJF3H
X-MailFrom: falko.strenzke@mtg.de
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-openpgp.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Daniel Huigens <d.huigens=40protonmail.com@dmarc.ietf.org>, Justus Winter <justus@sequoia-pgp.org>, openpgp@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [openpgp] Re: Encryption subkey selection
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/xHdQ4cYTpAyaOsJYkUlv2tPPP2s>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Owner: <mailto:openpgp-owner@ietf.org>
List-Post: <mailto:openpgp@ietf.org>
List-Subscribe: <mailto:openpgp-join@ietf.org>
List-Unsubscribe: <mailto:openpgp-leave@ietf.org>
Am 10.04.25 um 09:39 schrieb Andrew Gallagher: > On 10 Apr 2025, at 08:28, Falko Strenzke<falko.strenzke@mtg.de> wrote: >> In general I think it will be better to specs for the mechanism for encryption subkey selection per certificate and the replacement key mechanism separate. The reason is that if they are linked to closely, it will be unclear what an implementation does when it supports one but not the other. > Right now, the key replacement draft specifically says that when selecting encryption subkeys, the subkeys of the preferred certificate are considered first, then the first original, and so on. If this conflicts with what we want to do here, it would be best to sync the language before replacementkey goes to wglc… > > A That's exactly what I mean: The replacement-key subpacket and and the encryption-subkey-selection should have a clearly separated scope. I think that is basically given by the wording of the replacement-key draft in Section 6. The only slight modification that I suggest is this: Section 6 currently says: "/If there are no usable subkeys in the replacement certificate, then [...]/" I would write instead "/If the subkeys in the replacement certificate are not useable, then [...]/" The difference is that the proposed version leaves it open as to what is the exact requirement for the encryption subkeys of the certificate to be usable. The current version suggests the assumption that a single usable subkey is sufficient. However, the exact mechanism for per-certificate subkey selection would be left either to the implementation (as of now) or to a new explicitly specified mechanism. Best regards, Falko > _______________________________________________ > openpgp mailing list --openpgp@ietf.org > To unsubscribe send an email toopenpgp-leave@ietf.org -- *MTG AG* Dr. Falko Strenzke Phone: +49 6151 8000 24 E-Mail: falko.strenzke@mtg.de Web: mtg.de <https://www.mtg.de> ------------------------------------------------------------------------ MTG AG - Dolivostr. 11 - 64293 Darmstadt, Germany Commercial register: HRB 8901 Register Court: Amtsgericht Darmstadt Management Board: Jürgen Ruf (CEO), Tamer Kemeröz Chairman of the Supervisory Board: Dr. Thomas Milde This email may contain confidential and/or privileged information. If you are not the correct recipient or have received this email in error, please inform the sender immediately and delete this email.Unauthorised copying or distribution of this email is not permitted. Data protection information: Privacy policy <https://www.mtg.de/en/privacy-policy>
- [openpgp] Encryption subkey selection Justus Winter
- [openpgp] Re: Encryption subkey selection Andrew Gallagher
- [openpgp] Re: Encryption subkey selection Falko Strenzke
- [openpgp] Re: Encryption subkey selection Bart Butler
- [openpgp] Re: Encryption subkey selection Falko Strenzke
- [openpgp] Re: Encryption subkey selection Andrew Gallagher
- [openpgp] Re: Encryption subkey selection Falko Strenzke
- [openpgp] Re: Encryption subkey selection Daniel Huigens
- [openpgp] Re: Encryption subkey selection Falko Strenzke
- [openpgp] Re: Encryption subkey selection Daniel Huigens
- [openpgp] Re: Encryption subkey selection Andrew Gallagher
- [openpgp] Re: Encryption subkey selection Falko Strenzke
- [openpgp] Re: Encryption subkey selection Falko Strenzke
- [openpgp] Re: Encryption subkey selection Andrew Gallagher
- [openpgp] Re: Encryption subkey selection Justus Winter
- [openpgp] Re: Encryption subkey selection Daniel Huigens
- [openpgp] Re: Encryption subkey selection Daniel Kahn Gillmor
- [openpgp] Re: Encryption subkey selection Falko Strenzke
- [openpgp] Re: Encryption subkey selection Daniel Huigens
- [openpgp] Re: Encryption subkey selection Daniel Huigens
- [openpgp] Re: Encryption subkey selection Johannes Roth
- [openpgp] Re: Encryption subkey selection Daniel Huigens