[openpgp] Re: Splitting replacement keys subpacket into related keys and trust equivalence?

Bart Butler <bart+ietf@pm.me> Fri, 13 September 2024 14:07 UTC

Return-Path: <bart+ietf@pm.me>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C49E9C1CAF55 for <openpgp@ietfa.amsl.com>; Fri, 13 Sep 2024 07:07:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.104
X-Spam-Level:
X-Spam-Status: No, score=-7.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=pm.me
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JixLgC535tBc for <openpgp@ietfa.amsl.com>; Fri, 13 Sep 2024 07:07:02 -0700 (PDT)
Received: from mail-4316.protonmail.ch (mail-4316.protonmail.ch [185.70.43.16]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 66D6FC151533 for <openpgp@ietf.org>; Fri, 13 Sep 2024 07:07:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pm.me; s=protonmail3; t=1726236419; x=1726495619; bh=95yLP+LXsMYtx9rjqADF/Tyy0g0jS+P+6tXc1OTP9oI=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=n+CMX9cpGrnQFz4hqgngla6q7m5eN6T5488s6YZkN1FBM46pyyVuoCxZ9iaF+ZMdQ ZszssprP/ockWl7g3Dd60WpvaLZMNZ63yrmMtb0n2g6rdwI4k3jTu0KfSNr/j3kMgV 2s20Hfv/LaxJUz5X9OhaKv4tN+0b+J9AO8hig3c2TCflVn2d/DmiJzCMGZRVwrXytO FiAb/FV72j8ebavpZQSA3dxQrk5xSidEb0Ny4A6o3Y69y8d7hkb2yhKVnknJqYbDbd o9W8s66aMZ6pzWyjzdT4NHnGKQqZnc2usshkZUFL6kqcV4CUj+3dJgwGojGDyQPdlC vDGBjs9ZK2xEA==
Date: Fri, 13 Sep 2024 14:06:55 +0000
To: Andrew Gallagher <andrewg=40andrewg.com@dmarc.ietf.org>
From: Bart Butler <bart+ietf@pm.me>
Message-ID: <QWe_vInjuymtnGi-gB9CBQJ8FhRKDuld5RcJgmiMOp7oniQS-oBwW4L_zZwhlZ-J3t-SW3AQsU2mrAhfvOcHCBPxJ_wvqklitTbESNpFENw=@pm.me>
In-Reply-To: <9D5F628D-513A-4B67-AF3C-FD34A8F74391@andrewg.com>
References: <I1AVKcpZIk0c47n7JbfpMHn0RmQv7YTkXvRC7JbH_MRPfKvd4V6jn50E0pIcaANbAZ4-khxFgIGLk5D1rDsJgPTQgvNoqbPzbj5WEd5rUc0=@protonmail.com> <5ED82E08-5973-4C4D-8726-49B24646DF2D@andrewg.com> <8dasmNRbHHCaM5m_appBMcCDLKuk4fT1CMnWZMmzAK77m_C4lRKIR1dlYqBzL9zW5CdFXUfv5LPuU46w5uMEGMtnN-cCxJaeGRzks0gQYC0=@pm.me> <0aa16b8d-e217-481a-b039-c64f3b92937f@posteo.de> <ePUGJvmji5T0hgZwyaCC6nYVhgPdTgd0wl_vaLWZFlkYUW_T5B13fTUevlWsxYEGeoSFtNvrkUjiENZSUG1BBhcijebhkI9hIWIZ4DX0zk0=@protonmail.com> <9D5F628D-513A-4B67-AF3C-FD34A8F74391@andrewg.com>
Feedback-ID: 5683226:user:proton
X-Pm-Message-ID: 4c887225c32cd500eb7ec1e6624b16374f844b2d
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="pgp-sha256"; boundary="------8a15320154209a555bd1670c5d47a161001a29718b0081c332c7e20eb25ad580"; charset="utf-8"
Message-ID-Hash: SZX26LSYDZ3UJXEVK76C2VMATIENZTTD
X-Message-ID-Hash: SZX26LSYDZ3UJXEVK76C2VMATIENZTTD
X-MailFrom: bart+ietf@pm.me
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-openpgp.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Daniel Huigens <d.huigens=40protonmail.com@dmarc.ietf.org>, Heiko Schäfer <heiko.schaefer@posteo.de>, "openpgp\\@ietf.org" <openpgp@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [openpgp] Re: Splitting replacement keys subpacket into related keys and trust equivalence?
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/yGcd6Efg5wW83bJSpuJwFFKmHuE>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Owner: <mailto:openpgp-owner@ietf.org>
List-Post: <mailto:openpgp@ietf.org>
List-Subscribe: <mailto:openpgp-join@ietf.org>
List-Unsubscribe: <mailto:openpgp-leave@ietf.org>

Not to expand the scope even more, what about an optional HTTP URI field instead to fetch the key? Thus could presumably handle both WKD and HKP backends, as well as simple web hosting of a file. Imprint used to verify content.
On Fri, Sep 13, 2024 at 3:43 PM, Andrew Gallagher &lt;andrewg=40andrewg.com@dmarc.ietf.org&gt; wrote:  Hi, Daniel.
If we split up, then we have two subpackets with similar/complementary semantics, and which might still end up being used in conjunction with each other more often than not, because in some lookup scenarios one of them may be redundant and therefore could be omitted. But we cannot predict what key lookup methods our correspondents will use. We could define a method that delivers all of our equivalent keys in one convenient response, but this does not exist yet (WKD only strictly allows one valid key per query). And even once it does, our correspondents will not be compelled to use it - so we will still need to support other lookup methods, in which case the fingerprint will be necessary again. A split subpacket design also increases the combinatorics and UX complexity, which is already quite heavy.
I worry somewhat that we are quibbling over O(256) extra bits on the wire, when we are fast approaching a PQC future where keys and signatures are several kilobytes in size each.
A
On 13 Sep 2024, at 13:01, Daniel Huigens &lt;d.huigens=40protonmail.com@dmarc.ietf.org&gt; wrote:OK, fair enough.
Then, I want to try to go back to my original point: some people want this part, some people don't want it; ergo, should we split it up? :)
Best,Daniel

    
            
            
            


        On Friday, September 13th, 2024 at 13:56, Heiko Schäfer &lt;heiko.schaefer@posteo.de&gt; wrote:

        
    As Andrew outlined, in some of the existing PKI mechanisms, the
    fingerprint is currently the best/most specific lookup key.

    It would seem unfortunate to me not to include the fingerprint in a
    replacement key mechanism (which is presumably often going to
    involve client software attempting to do PKI lookups).

    
    Heiko

    
    
    On 9/13/24 1:48 PM, Bart Butler wrote:

        
      I’m fairly agnostic on this as long as we don’t
        make it optional and introduce yet another degree of freedom.
        One other advantage of not including the fingerprint would be to
        force implementations to verify using the imprint. But either
        approach is fine.
      
            
            On Fri, Sep 13, 2024 at 11:01 AM, Andrew Gallagher &lt;andrewg=40andrewg.com@dmarc.ietf.org&gt;
      wrote:
       On 13 Sep 2024,
        at 08:42, Daniel Huigens &lt;d.huigens@protonmail.com&gt; wrote:

        &gt;

        &gt; In the email case specifically, you _could_ take it as a
        signal to say,

        &gt; "oh there's a replacement key, but I don't know where/which
        it is,

        &gt; so I need to go fetch this contact's keys again (by email
        address)".

        
        Sure, but I’m thinking specifically of the cases where lookup by
        email address isn’t efficient, e.g. if there is no WKD on the
        domain and there are a number of fake keys on the keyservers. If
        we compare with the design goal of trying to match the behaviour
        of subkeys as much as possible, leaving out fingerprints does
        complicate the lookup process in the general case.

        
        A

        _______________________________________________

        openpgp mailing list -- openpgp@ietf.org

        To unsubscribe send an email to openpgp-leave@ietf.org

            
            _______________________________________________
openpgp mailing list -- openpgp@ietf.org
To unsubscribe send an email to openpgp-leave@ietf.org

        



        
    _______________________________________________
openpgp mailing list -- openpgp@ietf.org
To unsubscribe send an email to openpgp-leave@ietf.org