[messaging] key validation rules for today

Daniel Kahn Gillmor dkg at fifthhorseman.net
Mon Sep 8 06:38:25 PDT 2014


On 09/08/2014 06:22 AM, Daniel Thomas wrote:
> I think for key validation it is important to ensure that it says 'keys'
> in all the appropriate places as in general users will likely have one
> key per device (so that they fail independently) and several devices.
> Does that seem sensible? 

With OpenPGP, you'd want to do this with subkeys -- so they're all part
of the same OpenPGP certificate.  However, it's only sensible for
signing keys.  for encryption keys, you really do need to share the key
across all of your devices. this is because when someone encrypts a
message to you, they need to know which key to encrypt to (and they'll
generally only pick one).

> The interaction between that and key transition is subtle. 

A subkey key transition is easy -- you add a new subkey, revoke the old
one, and publish the updated certificate to the keyservers.
Transitioning primary keys is more nuanced.

> Is it useful to distinguish between 'this is a new key,
> signed by my old key which is now deprecated' and 'this is a new key,
> signed by my old key which will keep on being used'?

The current way (in OpenPGP, when considering key transitions between
primary keys) to distinguish between these cases is to revoke the old
key.  There is even space in the key revocation packet to contain an
arbitrary message, in which you could put "superseded by key
0xDEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEF".  I don't think there's a
way (or that there should be a way) to indicate from the new primary key
itself that the old primary key should be deprecated.

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: OpenPGP digital signature
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140908/a5ff6cf1/attachment.sig>


More information about the Messaging mailing list