ietf-openpgp
[Top] [All Lists]

Re: [openpgp] Clarify status of subkeys with certification use

2018-05-28 07:13:23
On Sat, 26 May 2018 23:15, neal(_at_)walfield(_dot_)org said:

First, OpenPGP foresees two types of encryption keys:

  0x04 - This key may be used to encrypt communications.
  0x08 - This key may be used to encrypt storage.

Which was done to mimic the X.509 usage.  X.509 required such a flag to
differentiate between a sinnging and an encryption certificate.  Even in
the case that two certificates are issued (additional costs to the user)
there is no fine grained distinction.  Note that I am talking about
certificates for mail processing.

OpenPGP does not need this because subkeys are a more useful thing than
trying to find matching certificates.  Fine grain key usage flags
doesn't gain you anything than complexity and unclear semantics.  See
X.509's keyUsage and extendedKeyUsage extensions to see where it will
lead.

the newest one, AFAIK.  But, there is precedence for encrypting to all
valid encryption capable subkeys: this is what OpenKeychain does.

I doubt that this has any practical security gain over copying all
needed subkeys to all devices.  After all you want to read with all
devices and the sender has no way to tell which device you are currently
using.  Rotating the keys is a much cleaner way to limit damage in case
of a device compromise.

advance.  For instance, we will create keys covering, say, the next 6
months.  By setting the creation time and expiration time
appropriately, only one key per device will be valid at any given
time.  AFAIUI, recent versions of GnuPG respect this.

Actually this was implemented ~20 years ago after consultation with
Caspar Bowden of FIPR and Ben Laurie.  The use case back then was to
limit the damage done by the RIPA.


Salam-Shalom,

   Werner


p.s.
Proper key rotation requires a lot of OPSEC and diligent use of
comminucation tools.  The problem we have are not forward secrecy but
the general non-use of encryption and, worse, the insecurity of the
equipment.

-- 
#  Please read:  Daniel Ellsberg - The Doomsday Machine  #
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

Attachment: pgpoBBCsBBCjL.pgp
Description: PGP signature

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp