Re: [openpgp] [RFC4880bis PATCH] Deprecate "Revocation Key", replacing with full-key "Designated Revoker"
Daniel Kahn Gillmor <dkg@fifthhorseman.net> Wed, 31 July 2019 22:01 UTC
Return-Path: <dkg@fifthhorseman.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 54476120152 for <openpgp@ietfa.amsl.com>; Wed, 31 Jul 2019 15:01:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=fifthhorseman.net header.b=0Sdwk4zR; dkim=pass (2048-bit key) header.d=fifthhorseman.net header.b=iMdK/aNP
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sEU6OD0VX2o7 for <openpgp@ietfa.amsl.com>; Wed, 31 Jul 2019 15:01:17 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [IPv6:2001:470:1:116::7]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 36BF012006D for <openpgp@ietf.org>; Wed, 31 Jul 2019 15:01:17 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019; t=1564610476; h=from : to : cc : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=iePwTSuz+WuVDOGQqSDGZZ32mC9WZbZdDVd5GxotsPg=; b=0Sdwk4zRn5YTgGp+fZLaVXhz5wMOf8hHiSyn1FAOlAIBhTj36cyU0Yf5 tInmEBv22/LMitD8XuO15v5/cwBcCQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019rsa; t=1564610475; h=from : to : cc : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=iePwTSuz+WuVDOGQqSDGZZ32mC9WZbZdDVd5GxotsPg=; b=iMdK/aNPR1WlDdvo3pmCjW+Qd8oxDzyxRWb61d4Ho0adECoCCgLV6r4l Xl4/LM5xiakdIzCFbI5o3/vnLXOylCZScSRLyWEfjfz/CYBqqntY55ZAYe 5iLmynKBeO1q5CbskQt18RA0z1Z3pA0Xgl4G4CQJRILEC4ZZzkJhiCVerY oGVw/p5wNj6XYRZtoP1bfRLFgQk0DPRoAmn057XMjcgx8EKJBXdR50/e7s fzf8ShXLTcRZpKZXD8FGNYhxuDsVYP6btbD5zin15n0VgDpORn/GC1gu+X mPcVBzTvnmwML9ZcLDTavTW2tGAxqb1GKTYW40sNA6P8r+Eil7ZcUA==
Received: from fifthhorseman.net (unknown [38.109.115.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id C9CA3F99D; Wed, 31 Jul 2019 18:01:15 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000) id 7F49B2025E; Wed, 31 Jul 2019 18:01:12 -0400 (EDT)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: "Neal H. Walfield" <neal@walfield.org>
Cc: IETF OpenPGP WG <openpgp@ietf.org>
In-Reply-To: <87v9vh53gw.wl-neal@walfield.org>
References: <87iocqepta.fsf@littlepip.fritz.box> <20190731203444.4822-1-dkg@fifthhorseman.net> <87v9vh53gw.wl-neal@walfield.org>
Autocrypt: addr=dkg@fifthhorseman.net; prefer-encrypt=mutual; keydata= mDMEXEK/AhYJKwYBBAHaRw8BAQdAr/gSROcn+6m8ijTN0DV9AahoHGafy52RRkhCZVwxhEe0K0Rh bmllbCBLYWhuIEdpbGxtb3IgPGRrZ0BmaWZ0aGhvcnNlbWFuLm5ldD6ImQQTFggAQQIbAQUJA8Jn AAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBMS8Lds4zOlkhevpwvIGkReQOOXGBQJcQsbzAhkB AAoJEPIGkReQOOXG4fkBAO1joRxqAZY57PjdzGieXLpluk9RkWa3ufkt3YUVEpH/AP9c+pgIxtyW +FwMQRjlqljuj8amdN4zuEqaCy4hhz/1DbgzBFxCv4sWCSsGAQQB2kcPAQEHQERSZxSPmgtdw6nN u7uxY7bzb9TnPrGAOp9kClBLRwGfiPUEGBYIACYWIQTEvC3bOMzpZIXr6cLyBpEXkDjlxgUCXEK/ iwIbAgUJAeEzgACBCRDyBpEXkDjlxnYgBBkWCAAdFiEEyQ5tNiAKG5IqFQnndhgZZSmuX/gFAlxC v4sACgkQdhgZZSmuX/iVWgD/fCU4ONzgy8w8UCHGmrmIZfDvdhg512NIBfx+Mz9ls5kA/Rq97vz4 z48MFuBdCuu0W/fVqVjnY7LN5n+CQJwGC0MIA7QA/RyY7Sz2gFIOcrns0RpoHr+3WI+won3xCD8+ sVXSHZvCAP98HCjDnw/b0lGuCR7coTXKLIM44/LFWgXAdZjm1wjODbg4BFxCv50SCisGAQQBl1UB BQEBB0BG4iXnHX/fs35NWKMWQTQoRI7oiAUt0wJHFFJbomxXbAMBCAeIfgQYFggAJhYhBMS8Lds4 zOlkhevpwvIGkReQOOXGBQJcQr+dAhsMBQkB4TOAAAoJEPIGkReQOOXGe/cBAPlek5d9xzcXUn/D kY6jKmxe26CTws3ZkbK6Aa5Ey/qKAP0VuPQSCRxA7RKfcB/XrEphfUFkraL06Xn/xGwJ+D0hCw==
Date: Wed, 31 Jul 2019 18:01:12 -0400
Message-ID: <877e7xsw2f.fsf@fifthhorseman.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/zPQMyhSQPoOZagN9KT2m60T2CeM>
Subject: Re: [openpgp] [RFC4880bis PATCH] Deprecate "Revocation Key", replacing with full-key "Designated Revoker"
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Jul 2019 22:01:20 -0000
On Wed 2019-07-31 22:55:11 +0200, Neal H. Walfield wrote: > Justus proposed an embedded TPK subpacket for cases like this with > this as a motivating example. See: > > Subject: [openpgp] Embedded TPK subpacket > From: Justus Winter <justuswinter@gmail.com> > Date: Mon, 25 Mar 2019 10:20:45 +0100 > Message-ID: <87ef6v71jm.fsf@europa.jade-hamburg.de> > > https://mailarchive.ietf.org/arch/msg/openpgp/F1Wdrldzd3k9tqOos4hmokOV0r0 > > Do you think a point solution is better? sure, i think Embedded TPK is interesting, but it's much more than is needed for having a designated revoker. The additional complexity comes at a cost i'd rather not impose for implementers. For a designated revoker, we don't care about who the revoking key belongs to. we just care that we know it. once you have an embedded TPK, then you have some kind of potentially recursive situation (as Marcus pointed out). it's also strange because a TPK is not a static entity -- it changes over time as the composable certificate mutates. So embedding such a thing in a self-sig is looking at a particular version, and implies things like expiration, etc. we don't want an endpoint that is trying to process a designated revoker to be distracted by the additional non-public-key packets. it's also not clear that an embedded TPK subpacket in a self-sig that also has a "Revoker Key" subpacket is necessarily referring to the revoker key itself -- the semantics are potentially ambiguous, as an embedded TPK subpacket in a different signature packet would have different semantics. I'm not fond of that kind of ambiguity. Additionally, what if there are multiple embedded TPK subpackets, or if the embedded TPK subpacket's primary key fingerprint doesn't match the "revoker key" fingerprint? Finally, if a client processes a direct-key signature with a "revoker key" subpacket that *doesn't* have an embedded TPK, they're just back in the soup. I think the deprecation story is clearer to just burn the old subpacket type entirely (it was originally specified very much in v4-only mode), and have an unambiguous subpacket for this use case. It is at least marginally simpler for an implementation to say "i don't support 'revoker key' but i do support 'designated revoker'" than it is to say "i only support 'revoker key' if it is in a direct key signature that contains exactly one embedded TPK whose primary key fingerprint matches the 'revoker key' fingerprint". In general, i think we should not aim for maximum flexibility in the format specification, because that flexibility is a major cost for implementers. I'd rather identify the specific use cases we want to support and clearly and unambiguously ensure that the spec meets those use cases. --dkg
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Werner Koch
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Derek Atkins
- Re: [openpgp] Fingerprints Werner Koch
- [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Werner Koch
- Re: [openpgp] Fingerprints Tom Ritter
- Re: [openpgp] Fingerprints Werner Koch
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints ianG
- Re: [openpgp] Fingerprints Daniel A. Nagy
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Stephen Paul Weber
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Jon Callas
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints David Shaw
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Jon Callas
- Re: [openpgp] Fingerprints ianG
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints ianG
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Werner Koch
- Re: [openpgp] Fingerprints Derek Atkins
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints ianG
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints ianG
- Re: [openpgp] Fingerprints Daniel Kahn Gillmor
- Re: [openpgp] Fingerprints Derek Atkins
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Derek Atkins
- Re: [openpgp] Designated Revokers Vincent Breitmoser
- Re: [openpgp] Fingerprints Vincent Breitmoser
- Re: [openpgp] Fingerprints Werner Koch
- Re: [openpgp] Fingerprints Jon Callas
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Derek Atkins
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Daniel Ranft
- Re: [openpgp] Fingerprints Werner Koch
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Werner Koch
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints ianG
- Re: [openpgp] Fingerprints Daniel A. Nagy
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Vincent Breitmoser
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Vincent Breitmoser
- Re: [openpgp] Fingerprints Werner Koch
- Re: [openpgp] Fingerprints Vincent Breitmoser
- Re: [openpgp] [eX-bulk] : Re: Fingerprints Christopher LILJENSTOLPE
- Re: [openpgp] [eX-bulk] : Re: Fingerprints Christopher LILJENSTOLPE
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Vincent Breitmoser
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints Christoph Anton Mitterer
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- Re: [openpgp] Fingerprints ianG
- Re: [openpgp] Fingerprints ianG
- Re: [openpgp] Fingerprints Phillip Hallam-Baker
- [openpgp] [RFC4880bis PATCH] Deprecate "Revocatio… Daniel Kahn Gillmor
- Re: [openpgp] [RFC4880bis PATCH] Deprecate "Revoc… Daniel Kahn Gillmor
- Re: [openpgp] [RFC4880bis PATCH] Deprecate "Revoc… Neal H. Walfield
- Re: [openpgp] [RFC4880bis PATCH] Deprecate "Revoc… Daniel Kahn Gillmor
- Re: [openpgp] [RFC4880bis PATCH] Deprecate "Revoc… Daniel Kahn Gillmor
- Re: [openpgp] [RFC4880bis PATCH] Deprecate "Revoc… Werner Koch
- Re: [openpgp] [RFC4880bis PATCH] Deprecate "Revoc… vedaal
- Re: [openpgp] [RFC4880bis PATCH] Deprecate "Revoc… Paul Wouters
- Re: [openpgp] [Suspected Junk Mail] Re: [RFC4880b… vedaal
- Re: [openpgp] [RFC4880bis PATCH] Deprecate "Revoc… Daniel Kahn Gillmor
- Re: [openpgp] [RFC4880bis PATCH] Deprecate "Revoc… Daniel Kahn Gillmor
- Re: [openpgp] [Suspected Junk Mail] Re: [RFC4880b… Daniel Kahn Gillmor