From nobody Tue Oct 23 03:50:16 2018 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B482130E27 for ; Tue, 23 Oct 2018 03:50:14 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -7.001 X-Spam-Level: X-Spam-Status: No, score=-7.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=gnupg.org Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NZZ_Gl3mUTRE for ; Tue, 23 Oct 2018 03:50:11 -0700 (PDT) Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5E0D3127598 for ; Tue, 23 Oct 2018 03:50:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnupg.org; s=20181017; h=Content-Type:MIME-Version:Message-ID:Date:Subject:To:From: Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=oiSCPkULl6oPm8o0tHA42c0fTswQlcBcc+c8XT4sfi8=; b=isdI/JtpVWTSOhl48gyvxnazo1 bMBYvpL7bO/fWExL2XzVR8NIyrKE9zlUaViTXghn8meRU5bxTuVM+ikxWzmEDtdnnWWc13Z+MlQHh AVJq0pe+phd3mHxOZU09qp4VbLyqybKWz7sUdsbq5fNnKYn8iUrDpq/KTCzgPQbPArb0=; Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.89 #1 (Debian)) id 1gEuGH-0006eL-Ha for ; Tue, 23 Oct 2018 12:50:09 +0200 Received: from wk by wheatstone.g10code.de with local (Exim 4.84 #3 (Debian)) id 1gEuCf-0007uh-E6 for ; Tue, 23 Oct 2018 12:46:25 +0200 From: Werner Koch To: openpgp@ietf.org Organisation: GnuPG e.V. X-message-flag: Mails containing HTML will not be read! Please send only plain text. Mail-Followup-To: openpgp@ietf.org Date: Tue, 23 Oct 2018 12:46:19 +0200 Message-ID: <877ei9szyc.fsf@wheatstone.g10code.de> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=bce_JSOFC3IP_strategic_TWA_Project_Monarch_number_key_ammunition=sat"; micalg=pgp-sha256; protocol="application/pgp-signature" Archived-At: Subject: [openpgp] Clarifiction on v5 signatures X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Oct 2018 10:50:14 -0000 --=bce_JSOFC3IP_strategic_TWA_Project_Monarch_number_key_ammunition=sat Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hi! The current draft mentions v5 signatures but did not specify them. Below and in the repo is a fix for that. The Literal Data packet never included the filename etc into the signature which is a bit surprising to the user and implementor. Given that we specified a new v5 key format we have an easy way to solve this by requirung that a v5 key must use a v5 signature. That v5 signature now includes the meta data from the Literal Data packet. This patchalso deprecates the creation of v3 signatures. Any comments? Can we start to change the existing rfc4880bis code accordingly? Shalom-Salam, Werner =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D diff --git a/middle.mkd b/middle.mkd index 9e5bb58..8bbdf3a 100644 =2D-- a/middle.mkd +++ b/middle.mkd @@ -671,17 +671,16 @@ ## {5.2} Signature Packet (Tag 2) some data. The most common signatures are a signature of a file or a block of text, and a signature that is a certification of a User ID. =20 =2DTwo versions of Signature packets are defined. Version 3 provides =2Dbasic signature information, while version 4 provides an expandable +Three versions of Signature packets are defined. Version 3 provides +basic signature information, while versions 4 and 5 provide an expandable format with subpackets that can specify more information about the signature. PGP 2.6.x only accepts version 3 signatures. =20 =2DImplementations SHOULD accept V3 signatures. Implementations SHOULD =2Dgenerate V4 signatures. +Implementations MUST generate version 5 signatures when using a +version 5 key. Implementations SHOULD generate V4 signatures with +version 4 keys. Implementations MUST not create version 3 signatures; +they MAY accept version 3 signatures. =20 =2DNote that if an implementation is creating an encrypted and signed =2Dmessage that is encrypted to a V3 key, it is reasonable to create a V3 =2Dsignature. =20 ### {5.2.1} Signature Types =20 @@ -924,11 +923,12 @@ ### {5.2.2} Version 3 Signature Packet Format truncated) hash function result is treated as a number and used directly in the DSA signature algorithm. =20 =2D### {5.2.3} Version 4 Signature Packet Format +### {5.2.3} Version 4 and 5 Signature Packet Formats =20 =2DThe body of a version 4 Signature packet contains: +The body of a V4 or V5 Signature packet contains: =20 =2D * One-octet version number (4). + * One-octet version number. This is 4 for V4 signatures and + 5 for V5 signatures. =20 * One-octet signature type. =20 @@ -973,8 +973,8 @@ ### {5.2.3} Version 4 Signature Packet Format * MPI of EdDSA compressed value s. =20 The compressed version of R and S for use with EdDSA is described in =2D[](#I-D.irtf-cfrg-eddsa). The version 3 signature format MUST NOT be =2Dused with EdDSA. +[](#I-D.irtf-cfrg-eddsa). A version 3 signature MUST NOT be created +and MUST NOT be used with EdDSA. =20 The concatenation of the data being signed and the signature data from the version number through the hashed subpacket data (inclusive) is @@ -988,6 +988,9 @@ ### {5.2.3} Version 4 Signature Packet Format protected by the signature and should include only advisory information. =20 +The difference between a V4 and V5 signature is that the latter +creates signatures which include additional meta data. + The algorithms for converting the hash function result to a signature are described in a section below. =20 @@ -1102,7 +1105,7 @@ #### {5.2.3.3} Notes on Self-Signatures (type 0x1F), and the subkey binding signature (type 0x18). For certification self-signatures, each User ID may have a self- signature, and thus different subpackets in those self-signatures. For =2Dsubkey binding signatures, each subkey in fact has a self- signature. +subkey binding signatures, each subkey in fact has a self-signature. Subpackets that appear in a certification self-signature apply to the user name, and subpackets that appear in the subkey self-signature apply to the subkey. Lastly, subpackets on the direct-key signature @@ -1714,7 +1717,8 @@ ### {5.2.4} Computing Signatures of the Signature packet, i.e., 0x04; 0xFF; and a four-octet, big-endian number that is the length of the hashed data from the Signature packet (note that this number does not include these final =2Dsix octets). {FIXME: truncated or wrap that number on overflow} +six octets). The four-octet big-endian number is considered to be an +unsigned integer modulo 2^32. =20 V5 signatures instead hash in a ten-octet trailer: the version of the Signature packet, i.e., 0x05; 0xFF; and an eight-octet, big-endian @@ -2351,9 +2355,10 @@ ## {5.9} Literal Data Packet (Tag 11) network-normal line endings). These should be converted to native line endings by the receiving software. =20 =2DNote that the formatting octet, the file name, and the date field of =2Dthe literal packet are not included in a signature hash and thus are =2Dnot protected against tampering in a signed document. +Note that V3 and V4 signatures do not include the formatting octet, +the file name, and the date field of the literal packet in a signature +hash and thus are not protected against tampering in a signed +document. In contrast V5 signatures include them. =20 =20 ## {5.10} Trust Packet (Tag 12) =2D-=20 2.11.0 =2D-=20 Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. --=bce_JSOFC3IP_strategic_TWA_Project_Monarch_number_key_ammunition=sat Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQTX/8BjtAoilLlm20f/gK6dHew1jQUCW877/AAKCRD/gK6dHew1 jS6GAP9wUMXiFuxugXGgX1Do8YNkos3AqQ7Cv9/UYBSoPMYFWgEA5XxjV+bC4BLD KJIEA39HhQAkiJA1tIFPOD7CQIJfJAY= =BLqK -----END PGP SIGNATURE----- --=bce_JSOFC3IP_strategic_TWA_Project_Monarch_number_key_ammunition=sat-- From nobody Tue Oct 23 09:35:15 2018 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D2E84130EE1 for ; Tue, 23 Oct 2018 09:35:13 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -7.001 X-Spam-Level: X-Spam-Status: No, score=-7.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=gnupg.org Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8cY5mqFsu2kE for ; Tue, 23 Oct 2018 09:35:10 -0700 (PDT) Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A124F130E1A for ; Tue, 23 Oct 2018 09:35:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnupg.org; s=20181017; h=Content-Type:MIME-Version:Message-ID:Date:cc:Subject:To:From: Sender:Reply-To:Content-Transfer-Encoding:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=XBV4XqM4a37Xxeedy+vQsu0HWK+pVxvZjSfYvYp9ovU=; b=V06IHfhx5iHBV67MtRBVWmVVrH 8e7rMHZTyUCnH3AHreNB3WRyE+AK4Vxl/sMYyY989x6RISubMlktW9WUc7WkRTOfrnxo6Xro1y10a gZwoqRFIoZ1Dlft1ekxg7wyMAGAyxqr6vFM0lkQP9W9GY8t26XMBLbrAJTvBQvtmw6aE=; Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.89 #1 (Debian)) id 1gEze9-0002BE-5f for ; Tue, 23 Oct 2018 18:35:09 +0200 Received: from wk by wheatstone.g10code.de with local (Exim 4.84 #3 (Debian)) id 1gEzdb-0002bd-1x; Tue, 23 Oct 2018 18:34:35 +0200 From: Werner Koch To: openpgp@ietf.org cc: ronald.tse@ribose.com Organisation: GnuPG e.V. X-message-flag: Mails containing HTML will not be read! Please send only plain text. Mail-Followup-To: openpgp@ietf.org, ronald.tse@ribose.com Date: Tue, 23 Oct 2018 18:34:29 +0200 Message-ID: <87y3aosju2.fsf@wheatstone.g10code.de> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=bullion_ARPA_Sundevil_AIMSX_AIEWS_Attorney_General_computer_terroris"; micalg=pgp-sha256; protocol="application/pgp-signature" Archived-At: Subject: [openpgp] rfc4880bis and draft-openpgp-iana-registry-updates-01 X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Oct 2018 16:35:14 -0000 --=bullion_ARPA_Sundevil_AIMSX_AIEWS_Attorney_General_computer_terroris Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hi! The recently expired draft-openpgp-iana-registry-updates-01 specifies one of the goals of the WG to make the assignment of new identifier etc easier. I am not sure whether this drafts can be integrated into RFC-4880bis but the IANA Considerations section in RFC-4880bis needs anyway a rework because the demanded registries are existent and only need to list new items.=20 I am not sure how to do this. For example RFC-4880 reads =2D-8<---------------cut here---------------start------------->8--- 10.1. New String-to-Key Specifier Types OpenPGP S2K specifiers contain a mechanism for new algorithms to turn a string into a key. This specification creates a registry of S2K specifier types. The registry includes the S2K type, the name of the S2K, and a reference to the defining specification. The initial values for this registry can be found in Section 3.7.1. Adding a new S2K specifier MUST be done through the IETF CONSENSUS method, as described in [RFC2434]. =2D-8<---------------cut here---------------end--------------->8--- What I did until now was to replace RFC REVIEW (aka IETF CONSENSUS) by SPECIFICATION REQUIRED and to reference RFC-8126. See the gitlab repo. The draft-openpgp-iana-registry-updates-01 has this text =2D-8<---------------cut here---------------start------------->8--- 5.1. PGP String-to-Key (S2K) Registry Proposed changes to the registry: o Rename the registry to "OpenPGP String-to-Key (S2K) Algorithms" o Change registry policy to *Specification Required*. o Update its "Reference" to also refer to this document. o A Standards Track document is required to register an S2K algorithm with the value "Yes" in any recommendation. Add the following note: Note: Experts are to verify that the proposed registration provides a publicly-available standard that can be implemented in an interoperable way, with notable benefits for the wider OpenPGP community. Update the following registrations: +---------+--------------------+-------+-------+--------------------+ | ID | S2K Type | REC-S | REC-I | Reference | +---------+--------------------+-------+-------+--------------------+ | 0 | Simple S2K | No | Yes | Section 3.7.1.1 of | | | | | | [RFC4880] | | 1 | Salted S2K | No | Yes | Section 3.7.1.2 of | | | | | | [RFC4880] | | 2 | Reserved | | | Section 3.7.1 of | | | | | | [RFC4880] | | 3 | Iterated and | Yes | Yes | Section 3.7.1.3 of | | | Salted S2K | | | [RFC4880] | | 4-99 | Unassigned | | | | | 100-110 | Private or | | | Section 3.7.1 of | | | Experimental Use | | | [RFC4880] | | 111-255 | Unassigned | | | | +---------+--------------------+-------+-------+---------------- =2D-8<---------------cut here---------------end--------------->8--- I doubt that it is advisable to merge this into RFC-4880bis because this is a request for one time action of the IANA. However a request to change from IETF REVIEW to SPECIFICATION REQUIRED is an actual action we like to see and that should go into a new RFCs. Any hints on how to proceed? Shalom-Salam, Werner =2D-=20 Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. --=bullion_ARPA_Sundevil_AIMSX_AIEWS_Attorney_General_computer_terroris Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQTX/8BjtAoilLlm20f/gK6dHew1jQUCW89NlQAKCRD/gK6dHew1 jTisAQCMmawLxNCXn0QLFqtWiCY24uaWh2oo1BDw8xVeYX2q4wD9GfyJeUNTTNq5 iDTBBb1yzesSo46ogZgZTAd8YHy4Ogo= =QTRc -----END PGP SIGNATURE----- --=bullion_ARPA_Sundevil_AIMSX_AIEWS_Attorney_General_computer_terroris-- From nobody Wed Oct 24 08:20:15 2018 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 647C7130DFC for ; Wed, 24 Oct 2018 08:20:14 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -7.001 X-Spam-Level: X-Spam-Status: No, score=-7.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=gnupg.org Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T32kz12rrMwc for ; Wed, 24 Oct 2018 08:20:11 -0700 (PDT) Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9E90C123FFD for ; Wed, 24 Oct 2018 08:20:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnupg.org; s=20181017; h=Content-Type:MIME-Version:Message-ID:In-Reply-To:Date: References:Subject:To:From:Sender:Reply-To:Cc:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=eRR/dpk9pA6jyIyxQGsBUIcJjboJmNL66gmw7V+uLQQ=; b=NIDBV9sUB3QsRurzXrZIqlimq7 XNhxS5qTGOZWVcjsxwaITO88wGQiOdyMDBD1bMSIaFF1jOiFYfl/xZkoVtouH9t+GhYhyyM+1mScz PDW30dMBwEP9qvX+AJXCPBsjak3HLUtHWs4Qa8tSmCXY7EG+nBOMMEN1zbwYrx1HCW1c=; Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.89 #1 (Debian)) id 1gFKx7-00045Z-6f for ; Wed, 24 Oct 2018 17:20:09 +0200 Received: from wk by wheatstone.g10code.de with local (Exim 4.84 #3 (Debian)) id 1gFKt9-0006ul-VV for ; Wed, 24 Oct 2018 17:16:04 +0200 From: Werner Koch To: openpgp@ietf.org References: <877ei9szyc.fsf@wheatstone.g10code.de> Organisation: GnuPG e.V. X-message-flag: Mails containing HTML will not be read! Please send only plain text. Mail-Followup-To: openpgp@ietf.org Date: Wed, 24 Oct 2018 17:15:58 +0200 In-Reply-To: <877ei9szyc.fsf@wheatstone.g10code.de> (Werner Koch's message of "Tue, 23 Oct 2018 12:46:19 +0200") Message-ID: <878t2npe8h.fsf@wheatstone.g10code.de> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=AMEMB_e-cash_spy_BLU-97_A/B_Delta_Force_IRA_nitrate_Etacs_FTS2000_MD"; micalg=pgp-sha256; protocol="application/pgp-signature" Archived-At: Subject: Re: [openpgp] Clarifiction on v5 signatures X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Oct 2018 15:20:15 -0000 --=AMEMB_e-cash_spy_BLU-97_A/B_Delta_Force_IRA_nitrate_Etacs_FTS2000_MD Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Tue, 23 Oct 2018 12:46, wk@gnupg.org said: > by requirung that a v5 key must use a v5 signature. That v5 signature > now includes the meta data from the Literal Data packet. I revisted the new scheme and changed it to make it easier to adapt by existing implementations. I also reworked the section on how to create the the final trailer. The new text reads: =2D-8<---------------cut here---------------start------------->8--- 5.2.4. Computing Signatures [...] Once the data body is hashed, then a trailer is hashed. This trailer depends on the version of the signature. o A V3 signature hashes five octets of the packet body, starting from the signature type field. This data is the signature type, followed by the four-octet signature time. o A V4 signature hashes the packet body starting from its first field, the version number, through the end of the hashed subpacket data and a final extra trailer. Thus, the hashed fields are: * the signature version (0x04), * the signature type, * the public-key algorithm, * the hash algorithm, * the hashed subpacket length, * the hashed subpacket body, * the two octets 0x04 and 0xFF, * a four-octet big-endian number that is the length of the hashed data from the Signature packet stopping right before the 0x04, 0xff octets. The four-octet big-endian number is considered to be an unsigned integer modulo 2^32. o A V5 signature hashes the packet body starting from its first field, the version number, through the end of the hashed subpacket data and a final extra trailer. Thus, the hashed fields are: * the signature version (0x05), * the signature type, * the public-key algorithm, * the hash algorithm, * the hashed subpacket length, * the hashed subpacket body, * Only for document signatures (type 0x00 or 0x01) the following three data items are hashed here: + the one-octet content format, + the file name as a string (one octet length, followed by the file name), + a four-octet number that indicates a date, * the two octets 0x05 and 0xFF, * a eight-octet big-endian number that is the length of the hashed data from the Signature packet stopping right before the 0x05, 0xff octets. The three data items hashed for document signatures need to mirror the values of the Literal Data packet. For detached signatures 6 zero bytes are hashed instead. After all this has been hashed in a single hash context, the resulting hash field is used in the signature algorithm and placed at the end of the Signature packet. =2D-8<---------------cut here---------------end--------------->8--- A possible drawback of these new V5 signatures is that they make it impossible to convert a detached signatures into a standard signature. I am not aware of any actual attack due the possibility of converting From=20detached to standard signature but it seems to be more safe to inhibit this. And well, to protect the file name etc also by the signature. Shalom-Salam, Werner =2D-=20 Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. --=AMEMB_e-cash_spy_BLU-97_A/B_Delta_Force_IRA_nitrate_Etacs_FTS2000_MD Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQTX/8BjtAoilLlm20f/gK6dHew1jQUCW9CMrgAKCRD/gK6dHew1 jVIQAP0bobmmus786w+jT8WrRjk+ROy4rZvS+6AzlsaL7wUSfwD/T/TzqShlxQXX zIatubUkLfGBv7XJZO5J+LoqVRkQZAM= =/lcx -----END PGP SIGNATURE----- --=AMEMB_e-cash_spy_BLU-97_A/B_Delta_Force_IRA_nitrate_Etacs_FTS2000_MD-- From nobody Wed Oct 24 11:12:39 2018 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 430CF12777C for ; Wed, 24 Oct 2018 11:12:38 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.6 X-Spam-Level: X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jiz53_gZV2O1 for ; Wed, 24 Oct 2018 11:12:36 -0700 (PDT) Received: from mout.gmx.net (mout.gmx.net [212.227.17.22]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3BB38124C04 for ; Wed, 24 Oct 2018 11:12:36 -0700 (PDT) Received: from [192.168.178.30] ([80.132.227.54]) by mail.gmx.com (mrgmx101 [212.227.17.168]) with ESMTPSA (Nemesis) id 0MHbpA-1gIgV23chY-003QKs for ; Wed, 24 Oct 2018 20:12:33 +0200 Received: from [192.168.178.30] ([80.132.227.54]) by mail.gmx.com (mrgmx101 [212.227.17.168]) with ESMTPSA (Nemesis) id 0MHbpA-1gIgV23chY-003QKs for ; Wed, 24 Oct 2018 20:12:33 +0200 To: openpgp@ietf.org References: <877ei9szyc.fsf@wheatstone.g10code.de> From: Heiko Stamer Openpgp: preference=signencrypt Autocrypt: addr=HeikoStamer@gmx.net; prefer-encrypt=mutual; keydata= xsDiBDdYKNkRBACRdsFzaQn0HChOX38WHXlIYcNZAAxBQxa7gdmPXTUK+tgwQuwAr/XViQxn ExKwyOteRhwHZNSYdoKPlCOJ3c3FWCKAdflINr53NvN/qnnaF+3M1HaluiwVdfHD9a0+k7fd NFZMq2bTpzSCQBsPGipSK0K8ET8UPrXm54pXhqYL2wCgsuMBOv64bmg2zjg6vHSTKADGykcD /Agjoa7y7Cpifk4WEKDKu8nlrE9OFOJppjZ9bdJedrmZq5A/jHr35UOgbZItTmgBiz7bfMLq 7HD05ZQ3BplBmmiE0412f55GadCjN4vvnCdTqZ/ewzWdz/rzQGaJm9IvW6rupuFgrTx0GJhf we7cr6GQQo0nqA0LMCyhGHQASC56A/9NOroBzLM6wl9QlE9lybxd3cxI2UnrfHIu63tklFKF vL1XnjyJ4YR0sDs6/f56JbtEGUKTCI7ZAw+241Va4MrbDVmmsGJjQBcKxNbHDfkkjoJ9NBwr pUo2nMT3BWyKHCfnMqoyT+nN04b0Em1ffbhptKiLJSeY1mcPxvA1h7PrKc0lSGVpa28gU3Rh bWVyIDxoZWlrby5zdGFtZXJAcG9zdGVvLmRlPsJiBBMRAgAiAhsDAh4BAheABQJTnH9pBgsJ CAcDAgYVCAIJCgsEFgIDAQAKCRBPWE64+yvhT4n9AJwNsUcN5bx9/gtUs4LMmqBcePkQKwCf Y4FmM1D4rmTWsHQ1NRgsiqQhc27Owk0EN1gq2RAMAK4ZTZJZeaOmjIYhf9QfN7rQ6iXEF20r OG8NkeHLVLPw02t2QjejO5g4zGQplktPD+JCKBU1B/DL7l8BTDopofw4+fAierJ6C4jo/AbS pArZxaVJNkOVNbwHYPdCmO3yxieeMYQgYoZvtkBSA4OZZh2xLfmi3IRBPRSf+REiqPJBy9aA 0f7634vKldTG7R4PR2UP+THjpM/2SpNiyv/y9ZaEPYn3zHRkWsUw3xAMIiE73Hen6o/J9KIB 2e4jiI3VFiwq0LaKRv5whzltjKydGi2zVqcDLc93lDxsW2OXPE89GH3S/9irlEz/ciBuxtLT MMjSV3OeV34Mid7Muz8RE6whOaZteuEgAcLxONxe3FZHeG2cUuciCZDdFqDRtB6w0XhjltdI ZzD8zHBZyboRfBxubtRzriTxjFcxjI3L5df9uLWjuvkl0fSYpQV5dMX1Yus2kXiMHKUeTVE0 NtHqSnozzu88l6D+dCHX0i1BDFgkZi70oGEEaEW0NQgDItOdNwADBQv/a0d7nasV4JW9mjtF nlJDL9pyXHuGc+y9vfJNdy+DlzuHB44vtl+yH9ecTdpxE7RgB8ZvQvEwUmV+keBw+5NkR3ms +AnPrwZxwAIE/DxnwyBAQETkf9SIBH8cz0BCYQ37B+N4OW/pkYSWadjn2Bgi4IZRWyrDmnAI KwsGzfGUxPIKI3AMcRFFqjdhMaFo3L2GwJ2o0dBxd1LN0Xo6298ydcjrtAbKI1xuNXBfBAeU YCzGjg7cUw6XXfyjU5rTQkxKTu13xsKUwCnse7jOvDnfdNnYC+n7o4WNQBDhTiF0QMZ482ba FtCKcqdQJ3fQ9uioh1kOZirhJJ40xtYrDLcS3H9rQZff0X+CeOa94EdJYYYH7BIpysrfJ9c1 cxrg5brzeb9ofWaxLQvRIXBubbDtd0AunQMJXTfXHUmgYCdzSZVyy1tUzso1QacI4D0PhRIo euP8ihlWhqnHRv5tY8Ue18uFybaVIOWrsXXjQOVBUvXFmYCc9ykvJcyYSadLYkJlwkYEGBEC AAYFAjdYKtkACgkQT1hOuPsr4U9xEwCeKB7jHvmUrWnuxsqx2Flvq2/gIk8AoKkOpGf2jud+ 8uWi5c1ohHWeuLtz Message-ID: Date: Wed, 24 Oct 2018 20:12:35 +0200 MIME-Version: 1.0 In-Reply-To: <877ei9szyc.fsf@wheatstone.g10code.de> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Provags-ID: V03:K1:2C3o61YD74nep8QaBKzPkvrGz8WPz4S5UgREcMqJDuq4p0jKGgt WG3K5Ai/sbMZwLYMXvKNL3N684CZ16e/Y0Zs6mPRm+idfLnNv4BnoWUw9N1g5n0anQjj526 9Q9kqQoxdGFQ55LoD6+Xe0/R5OUxrW3ZuMO+nymoedrn/U0iUzoDYhCA4RHL1MSkzhYJWPu aiMBTQ54hb69kF6batGqg== X-UI-Out-Filterresults: notjunk:1;V01:K0:qgfrdg+1j+c=:iXwo99sV3DH15V9PsGflXM AZLeNXmQVQRHU7aKNFp277Srl8aAFmMyTU5Ebv6rhxpFKHeGD+N0KyMsjEanphxif1XeyljEA 1c2q+jRNd8zR0rMf6XHaEuxZBSh2tQAHPjCrnt7P8XkgPVMSch0LePCPG5KScy3fIBww/3mEw 9It8kKJYBIoL7GBsQdLYyK/wHTMr9fPsNXjuEaK2jJ5u38SQ0NyQrYquzy7UlqIgpK1P9PtIP fx42cR7/MjTIq9Es4/VHpW+yYDCMijFrD1jFX/wk8UiBNhTvd8hvpg3YMO19eC9P1fPq2dwaE 1Y+dvuw8ZzDwHaMwqSX9fNr4GdfoHJruin/NHmDohaiLbFHojKlc53icUcJe96y/76isWkdiu C5ezGdFGjucz+nVbkWOYjqDze1egzlSeaIKHerbS0Xs+OdH1j5rZHAGYeDOykxalOyoUsNokN BMk3khjVO73o7jV8TvEeiH/vRcTOLXagDb/2DFFU1xYxPd9gk7Voyc3X6xa8El++zt7jUbaTX AfT8WA8qyDzcWpqdu6wbi+UwDcu9aAekQsFikQ5jLTIsEbiN3pmkNH73wWRru1Sv5WK0dOdLZ WT+sGZD+Yn2eWddW+jq80H+H0qdAYNv5WQmE2nyIymhbneOIPW1FmlwBPuPDNWD2tClqajf9D Jc6HLs5QFfrnxfa7T8kJ2xdAdsiIXQ8IUi+hetwO+c2ohEG8WkH1owSMMqLig5M/u0n/IAl9U xA1C1okkvO3sJmScfxH//3JiC0OnXc1q5tRqfle/igseS4Yn6R/uMuacceYh96tge9oiei56X tEzbcKtoX8A5bHc6+vzFrUD9qj3sB2jcPwzpO/YCMn6jyWVr0c= Archived-At: Subject: Re: [openpgp] Clarifiction on v5 signatures X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Oct 2018 18:12:38 -0000 Hi Werner, > Any comments? https://gitlab.com/openpgp-wg/rfc4880bis/merge_requests/12 Best regards, Heiko. From nobody Thu Oct 25 02:50:14 2018 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 858CB130DD3 for ; Thu, 25 Oct 2018 02:50:13 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -7 X-Spam-Level: X-Spam-Status: No, score=-7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=gnupg.org Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5r77-_tWXThr for ; Thu, 25 Oct 2018 02:50:11 -0700 (PDT) Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 17DAD12870E for ; Thu, 25 Oct 2018 02:50:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnupg.org; s=20181017; h=Content-Type:MIME-Version:Message-ID:In-Reply-To:Date: References:Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=iKm5FLD3YcS7G04C6+aT11vP31jjtEJcD4O5AGxPUVg=; b=hlv5S3TbLBfj/RF4je2WYGijnf eoaY2hfurMsCBm9hzEmyEhlVjHsUS+UmSq39IuJIlFkSBJ5XdS9Opk6YUDhIe0H8JxDNtMQ0PuuoO pHawxFKnnEVhDLaRAlhDmLT34/g+RE1pK41/jM/mnnFA9Wx/1o+AXkHfJ1A1IyBjwHLk=; Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.89 #1 (Debian)) id 1gFcHJ-0008Qa-4G for ; Thu, 25 Oct 2018 11:50:09 +0200 Received: from wk by wheatstone.g10code.de with local (Exim 4.84 #3 (Debian)) id 1gFcE6-0007Dm-U2; Thu, 25 Oct 2018 11:46:50 +0200 From: Werner Koch To: Heiko Stamer Cc: openpgp@ietf.org References: <877ei9szyc.fsf@wheatstone.g10code.de> Organisation: GnuPG e.V. X-message-flag: Mails containing HTML will not be read! Please send only plain text. Mail-Followup-To: Heiko Stamer , openpgp@ietf.org Date: Thu, 25 Oct 2018 11:46:45 +0200 In-Reply-To: (Heiko Stamer's message of "Wed, 24 Oct 2018 20:12:35 +0200") Message-ID: <87mur2nyt6.fsf@wheatstone.g10code.de> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=pipeline_Ft._Bragg_data_haven_JFK_Tony_Blair_bce_Panama_interception"; micalg=pgp-sha256; protocol="application/pgp-signature" Archived-At: Subject: Re: [openpgp] Clarifiction on v5 signatures X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Oct 2018 09:50:14 -0000 --=pipeline_Ft._Bragg_data_haven_JFK_Tony_Blair_bce_Panama_interception Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Wed, 24 Oct 2018 20:12, HeikoStamer@gmx.net said: > https://gitlab.com/openpgp-wg/rfc4880bis/merge_requests/12 Thanks. For reference, here is the patch: =2D-8<---------------cut here---------------start------------->8--- =2D-- a/middle.mkd +++ b/middle.mkd @@ -1504,8 +1504,6 @@ assume a fixed size. This is so it can grow over tim= e. If a list is shorter than an implementation expects, the unstated flags are considered to be zero. The defined flags are as follows: =20 =2DDefined features are as follows: =2D First octet: =20 0x01 - This key may be used to certify other keys. @@ -1527,6 +1525,8 @@ First octet: Second octet: =20 0x04 - This key may be used as an additional decryption subkey (ADSK). +=20=20=20=20 + 0x08 - This key may be used for timestamping. =20 =20 Usage notes: @@ -1822,7 +1822,7 @@ A version 4 Symmetric-Key Encrypted Session Key packe= t consists of: If the encrypted session key is not present (which can be detected on the basis of packet length and S2K specifier size), then the S2K algorithm applied to the passphrase produces the session key for =2Ddecrypting the file, using the symmetric cipher algorithm from the +decrypting the message, using the symmetric cipher algorithm from the Symmetric-Key Encrypted Session Key packet. =20 If the encrypted session key is present, the result of applying the @@ -3676,8 +3676,8 @@ maintained on the proper User Attribute or User ID pa= cket. =20 After the User ID packet or Attribute packet, there may be zero or more Subkey packets. In general, subkeys are provided in cases where =2Dthe top-level public key is a signature-only key. However, any V4 key =2Dmay have subkeys, and the subkeys may be encryption-only keys, +the top-level public key is a signature-only key. However, any V4 or +V5 key may have subkeys, and the subkeys may be encryption-only keys, signature-only keys, or general-purpose keys. V3 keys MUST NOT have subkeys. =2D-8<---------------cut here---------------end--------------->8--- Salam-Shalom, Werner =2D-=20 Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. --=pipeline_Ft._Bragg_data_haven_JFK_Tony_Blair_bce_Panama_interception Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQTX/8BjtAoilLlm20f/gK6dHew1jQUCW9GRBQAKCRD/gK6dHew1 jQ/2AQDs7urjiUKubBxhvqu5vXiW1IpMeJx+JifsSlxSwxO/5wD9EjsrVXORxaR8 J4sRrTYr36qGUQgVoUxc2NmNMLjHKAM= =5s+Z -----END PGP SIGNATURE----- --=pipeline_Ft._Bragg_data_haven_JFK_Tony_Blair_bce_Panama_interception-- From nobody Thu Oct 25 05:57:47 2018 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A59A12896A for ; Thu, 25 Oct 2018 05:57:46 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=metacode.biz Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 91SxAsJH_P-H for ; Thu, 25 Oct 2018 05:57:44 -0700 (PDT) Received: from mail-lj1-x235.google.com (mail-lj1-x235.google.com [IPv6:2a00:1450:4864:20::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A77881271FF for ; Thu, 25 Oct 2018 05:57:43 -0700 (PDT) Received: by mail-lj1-x235.google.com with SMTP id u21-v6so8104396lja.8 for ; Thu, 25 Oct 2018 05:57:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=metacode.biz; s=2017; h=subject:to:references:cc:from:openpgp:autocrypt:organization :message-id:date:user-agent:mime-version:in-reply-to :content-language:content-transfer-encoding; bh=p2LwOuHxJi2DSJxDk5Se80uY0lhnEzXs72hVI95zDco=; b=kNSWKUBZPNIxh2GzVctRU/axSmUzU3L8EHL+G6KGljy8jhlgspyEfTJ1ngEtQQJZjT H5qGCasYFrs6KDQeq9CZ2qnPKpvHYgbS6fYZW7Gd4QfaUBdTFamauV/cAFJk8cI86Ayk 6A+SRqjY6S3gspuarlUECRAZLgWqi98PMP4ZQlzcvF9BRjnNCEhiGAP1OCMo2wtmDSEc M28D/E7Tfg5w+7+uwEltJzXzL3v7Y3Qgj54JLQ3J1u1bfQwzzBAM6HteDPsfanYXJgfP 4Fhn1JjqPaHrbmxnE9zzQpkeNaOpRgpxr56m1qRe4a7w6RJm05hSPmELm1C+ZcvSliWM 1C/g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:cc:from:openpgp:autocrypt :organization:message-id:date:user-agent:mime-version:in-reply-to :content-language:content-transfer-encoding; bh=p2LwOuHxJi2DSJxDk5Se80uY0lhnEzXs72hVI95zDco=; b=lQe5ll4OaBAOX59vYSi7LKnrsAAO4B1Yg56/0M8B1FVUX1AFhw0JXFbTX6sY9dPl0C zv6T60qeCHSR9l8AZWowriUol+EW1/UKgRdPvyfsODyuffokLl9qYNraVohlg0CqvmcO ijLzfNiusIxB7gtupxb941P00qEGZF5lAlHmO6fPejohy4w8NQxp4Mm9ZhHNNt4zEvgb s4O889TOr8Ml4TO7C9mJ/LlxXKFgC1RhhZxtCnc3W7d8vjDRReKvh69jtItkrCp9oL0e 1slbwT1KxwsaZf/T1BdXcIjddbjii71IOKgl175Q/E5Zo8G3YrPoOQP+hTUgpUfmukBb 5q0g== X-Gm-Message-State: AGRZ1gL0cn7PlTbfjj+OJU+knn7AJ1hPnx506ncz8ubEWS97NODo7S8H MSTdxMuO8RDsoOibeNbmG9Hz4clyFAI= X-Google-Smtp-Source: AJdET5f5Me9gVGAQSyy7AaQ/RkhQqyaLNysVqPwQ0R1Uq2OOkHT2vz3ipaUgmeOTiELnqGJBJiftCg== X-Received: by 2002:a2e:5159:: with SMTP id b25-v6mr1313220lje.156.1540472260965; Thu, 25 Oct 2018 05:57:40 -0700 (PDT) Received: from ?IPv6:2a02:a317:4e3d:4680:f6ed:4b3c:7510:34c3? ([2a02:a317:4e3d:4680:f6ed:4b3c:7510:34c3]) by smtp.googlemail.com with ESMTPSA id p63-v6sm1244497lfg.46.2018.10.25.05.57.39 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 25 Oct 2018 05:57:39 -0700 (PDT) To: Heiko Stamer , Werner Koch References: <877ei9szyc.fsf@wheatstone.g10code.de> <87mur2nyt6.fsf@wheatstone.g10code.de> Cc: openpgp@ietf.org From: Wiktor Kwapisiewicz Openpgp: url=https://metacode.biz/@wiktor/openpgp/key Autocrypt: addr=wiktor@metacode.biz; keydata= xsFNBFhoYHoBEADzmg9UuwDrtvyejU01gDY1J1iJiCi4XGJ4lCfYeLC2jSagIxU/5Lu0lRft 0Loi2tsjpo0c8docP7HFxafEEvnnt/iabd6I536llMuw0uno4PgnD3ljcCMZLT+vn+amIDta lzVoMnSqzoNUotMNMtjIFuAaQ/wr4/Mp9CIgJdviGUc3PscqUiiUVVtk6uF0x657NULZgSIT /Mrqlr2i4RuyPwXe2Qt0uEA3KWWjF0l2NpAMVrqz+nHsLoNOaAsfdx94bzKQrrSeSQqEO2f+ /eO/hbUAFAmEhrotmUO8wJNygo8TgkdlzFI+UE4p8/KW0aCgGGgR8YkCvHq2OQhAAYFNJoNz Hqw0FGxdsY8qWFkYpoSB8zKspNy8KliofCamMYXoPF7eVIxIiKvxrAykGP4jNnzSoV0cn+bY fXnox1IhnqbnoJIT7kTmXv4JmWoYm8ThHqpEgcQOUUQzSRXb9OiNwiXT71ijeO1qswMRpsgk 6AGKSZGWxa3c4ive/p8z1Ax27BFZSh2FceIcMCcGLrDjnQYgeFsAJ1jSxZQXkGuJFHfb4nff Big7aq/vyKrQFQXG0NQQL7rZAdk/s665vifos0yPmRDu7yDT1ggdyBp4Pa4re+ZJcNRNzNHo zU9al+CoImCQjnTtKMXmOe/BzGrpHI4QR3NNzVa423WCIWkHfwARAQABzSlXaWt0b3IgS3dh cGlzaWV3aWN6IDx3aWt0b3JAbWV0YWNvZGUuYml6PsLB7gQTAQoAmAIbAQgLCQgHDQwLCgUV CgkICwIeAQIXgHMUgAAAAAAqAEB0aW1lc3RhbXArYml0Y29pbi10cmFuc2FjdGlvbkBtZXRh Y29kZS5iaXphZmNiMDkyYzVjYTY0MDk1MjZkMThhZTljZjIyZDNiNTVkMzdlNzIzZWIxYjc0 ZTNmODRmN2U2YjA1MmExNjJhBQJaLoPdBQkDwPuGAAoJEGyIV+DY6PB0CNkQAKGTFHzG4YO6 yne5jfMlGcF8JUYq0EGHE9DRK6oAyGo+1TGFbf1bS4wULvA6LFBOLd+aI7uuN062kDdtHVUf 0S0AZ9ByjIBdQJsqx47W6uXsRX/pB0a70QqS6NbS3AL/fdwZOj/TBk8bdsfg7Z+hH+ykMcOs EYLmdMLmrqYgl9EyP4FmsnU9H8x4yKp0/Kv4BQYfjn68CFvyM2NQU3MR/H3sqvM/uY5AJwTp A8X1ZbN8pjZO5YRTiQtMrXekNzhP3p0ep1+cu2UxQO6jXV6Sjdm8D8RJzGaxCuhN/VhLNSvh cb2T5sejBAhU8JmKNle4+z5wZWB4bl5Dfkg1NpSEEdv7so+KXCnszo89UJJijlfgBFtm5WjK u7gCR8CVOeGQwQolEzi18zihCwRy1rg/xKokk7q6ZBEvxM1sBYNd81mi1PgrNwgH4jPULfQk UJtU7HLRVNLbnrIyEQbLOJegBLaWHgR4T69blBGg1oqiq/1PHnZuJauZhhNEAViX42VKJP1z w6PIfvbjg27wf4OjEDtVVXCrxqqljHRilagFQHGlU+iF6Ii2C3pNod11+lqJC0riFylxK/wu zHpoZdFg10gqMWIE2Exm7nJ6ToKv5kZqKC97mWrmh6FFEr6HmjDDuo+N4RER3VGj0dSey5nc eFQ2vry17IGN1ljV9TiARDgizsBNBFs/lS0BCAC5oX3r3luF7czMF8UFxJz55XuvNRs4tEjo Hzqcqoe4+RJyfNDtspgevYIq1WTKw/H3ZYsd2wZpkM3I+BJn9eeHZKs77qXQZGN5PBB65rZo LjMx+qHa6wH4lIYMYW7eB9HHMsT/5E3ILBSRzZIwJimd/QdIMKSrJ5mPMkAd+9+xob5zKHO5 L5pbQtJSGS0m17/hA0kCTLI885hLtT3JsI/KWwuAYDrTwsayzh/hG/NgdA3I8xlrQCLC0EFJ oxHkN9tCyXeKPlrIPYyMB1jHTo1iNV0CQGpk+zf6DA/ySGfJxd30ksJZ8y5qxD43zS0YffYM C01CeuqPoGZ2Fy9VxhODABEBAAHCwXwEGAEKACYWIQRlOQmi8ON8EG9fr1RsiFfg2OjwdAUC Wz+VLQIbDAUJAeEzgAAKCRBsiFfg2OjwdKQ4D/wIb8s2Tw8MhbbwASutzTwg3g3KReDRHgSz z7RJtePIM8HC6qm9++9sxoqww7qm35vb604HtMRORYmfXgVSocsYg/eAk8LoBVfCZidDVBia /i/dYx/8LHeX/0PqPluSusQh64BFUoVetUCP+kISbK8vgDt4HfDSgtenC5lpTAdk257A84p2 zDnUtVr8XNv09m7ASft6Wh5Wrn+aWlJrf6T6eysk9OIw8VpSuq0oG3vcEoTbHKJN8TDliPUc QVz5Qti0tgB40PLrqOpTdENdxbiaUNFpHm3Tkk+n7CEFcOayFvy5vU6Nih0hu+LFC2XHzQRw sLnuQ2EilWtXRulcwvFo6A3Vp+gidxc6UwC+LBFJjvDMv5hmsdhSm08r2hd2k61oL6NCGVB3 fxuJT85UHsEC04N72Fa26+Spkh3DtJMrKqJlBBas7oJYh6644DB4rccd6VT3n7Zv1pd2uIWv gjORztfBzRJEysOeHoNpr4hEocg62beu9cnGHpYB9j3mhv+E2IYPnJKqit18G7xb7QnyQU7L YfctLO0GLNdTBavWJggHPzUp09vb3uGS3dMdAYbWTBtnXttkdYuLx/oCe1LVUQYotsX7s83V kVc2n6xzrcaebmgoFtGUfUmOV0U0xbqv6Mxg27qctYh1QidvRyt0xqGA0Qhz/vvoQdfQeMlO Tg== Organization: Metacode Message-ID: Date: Thu, 25 Oct 2018 14:57:36 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.2.1 MIME-Version: 1.0 In-Reply-To: <87mur2nyt6.fsf@wheatstone.g10code.de> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Archived-At: Subject: Re: [openpgp] Clarifiction on v5 signatures X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Oct 2018 12:57:46 -0000 On 25.10.2018 11:46, Werner Koch wrote: > + > + 0x08 - This key may be used for timestamping. Is the timestamping flag intentional? It doesn't seem to be related to v5 signatures. (Not that I do have anything against it, actually the topic of timestamping seems to re-surface from time to time on various sites e.g. https://www.reddit.com/r/GnuPG/comments/9qhbs0/ ). Kind regards, Wiktor -- https://metacode.biz/@wiktor From nobody Thu Oct 25 09:35:16 2018 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3448D130EBD for ; Thu, 25 Oct 2018 09:35:15 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -7 X-Spam-Level: X-Spam-Status: No, score=-7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=gnupg.org Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A6J329nmbjd4 for ; Thu, 25 Oct 2018 09:35:13 -0700 (PDT) Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 00862130EBF for ; Thu, 25 Oct 2018 09:35:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnupg.org; s=20181017; h=Content-Type:MIME-Version:Message-ID:In-Reply-To:Date: References:Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=wUQbM2833zHRCUghPYoyUZE5L3tMdqjaUXX6efSaDws=; b=RvGW4KO0uVjWngH/oYh+Yekg6r hVvsjYmEcqLbta2hUm1c6ibcQ02sVootahQt3IvS4JwDLXClRjGXRMqm1skHypf1wZi8lMXUf6Qtq NYHwyEDGSi6e7HDZ9ymotcu7n7Y2F/cSZAPIgyJO0blaJQun51KJ+VAPiMqvtIW55hoE=; Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.89 #1 (Debian)) id 1gFibG-00032z-77 for ; Thu, 25 Oct 2018 18:35:10 +0200 Received: from wk by wheatstone.g10code.de with local (Exim 4.84 #3 (Debian)) id 1gFiXP-0001nT-GF; Thu, 25 Oct 2018 18:31:11 +0200 From: Werner Koch To: Wiktor Kwapisiewicz Cc: Heiko Stamer , openpgp@ietf.org References: <877ei9szyc.fsf@wheatstone.g10code.de> <87mur2nyt6.fsf@wheatstone.g10code.de> Organisation: GnuPG e.V. X-message-flag: Mails containing HTML will not be read! Please send only plain text. Mail-Followup-To: Wiktor Kwapisiewicz , Heiko Stamer , openpgp@ietf.org Date: Thu, 25 Oct 2018 18:31:00 +0200 In-Reply-To: (Wiktor Kwapisiewicz's message of "Thu, 25 Oct 2018 14:57:36 +0200") Message-ID: <87tvlam1iz.fsf@wheatstone.g10code.de> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=Manfurov_Exon_Shell_subversive_Clinton_kibo_INSCOM_world_domination="; micalg=pgp-sha256; protocol="application/pgp-signature" Archived-At: Subject: Re: [openpgp] Clarifiction on v5 signatures X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Oct 2018 16:35:15 -0000 --=Manfurov_Exon_Shell_subversive_Clinton_kibo_INSCOM_world_domination= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Thu, 25 Oct 2018 14:57, wiktor=3D40metacode.biz@dmarc.ietf.org said: > Is the timestamping flag intentional? I guess so. > It doesn't seem to be related to v5 signatures. I posted combined diff of Heiko's pacthes. Here is his timestamp patch. IIRC, we have talked in the past about it. =2D-8<---------------cut here---------------start------------->8--- commit 5ba02a3d8fcb59ceadf4940b51dc3701d0c60ab5 Author: Heiko Stamer Date: Wed Oct 24 17:57:36 2018 +0000 Added a flag for keys used for timestamping Modified middle.mkd diff --git a/middle.mkd b/middle.mkd index 2d64c0f..c7657d4 100644 =2D-- a/middle.mkd +++ b/middle.mkd @@ -1504,8 +1504,6 @@ #### Key Flags shorter than an implementation expects, the unstated flags are considered to be zero. The defined flags are as follows: =20 =2DDefined features are as follows: =2D First octet: =20 0x01 - This key may be used to certify other keys. @@ -1527,6 +1525,8 @@ #### Key Flags Second octet: =20 0x04 - This key may be used as an additional decryption subkey (ADSK). +=20=20=20=20 + 0x08 - This key may be used for timestamping. =2D-8<---------------cut here---------------end--------------->8--- Salam-Shalom, Werner =2D-=20 Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. --=Manfurov_Exon_Shell_subversive_Clinton_kibo_INSCOM_world_domination= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQTX/8BjtAoilLlm20f/gK6dHew1jQUCW9HvxAAKCRD/gK6dHew1 jSJwAQCvhPThzsc/XxSP9U33SUfThz7K5Cvs88ioL0UHqq7segD8Da8iwxZp9h81 UaVJEAC52znOtQb/m56JP0g74f+JWQg= =Q8hp -----END PGP SIGNATURE----- --=Manfurov_Exon_Shell_subversive_Clinton_kibo_INSCOM_world_domination=-- From nobody Thu Oct 25 10:01:57 2018 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C6024130EC5 for ; Thu, 25 Oct 2018 10:01:56 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=metacode.biz Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PNttkfFpDcr5 for ; Thu, 25 Oct 2018 10:01:53 -0700 (PDT) Received: from mail-lj1-x22c.google.com (mail-lj1-x22c.google.com [IPv6:2a00:1450:4864:20::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9526E130EC0 for ; Thu, 25 Oct 2018 10:01:53 -0700 (PDT) Received: by mail-lj1-x22c.google.com with SMTP id y22-v6so2290968lji.10 for ; Thu, 25 Oct 2018 10:01:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=metacode.biz; s=2017; h=to:references:cc:from:openpgp:autocrypt:organization:subject :message-id:date:user-agent:mime-version:in-reply-to :content-language:content-transfer-encoding; bh=F49nco/PTkjruJj/I3urvg8h1sWLbvcjEAGzHG4FO8k=; b=UIknfjQXkuj9aH3eUmw44J/IOw3nP/N3R6LLn1UTLO2K1CdKK0dLwyyG9tM53dLBn4 VTLXwSJbV18cOX8d4RDaJ2ki9tP51YXr77+w0ZeGTcvD3w3fukgdT+Q8jOHEAmpD2ZhH KgePwU4RgvlRqjkROC2ug1nPY1YawX7g0fNX78v+QA5YhPeyVW3SPbSHF5qPIPIiRvKH ZebHoFdOp7yz4H/+DloUi75KheKuiKGKXOyqZZPD83/PvlVGw2nDzXaCOR4VVCvwkju1 CXeSf0/u8Nap9hz87dcQufLHmsvLlbm++JRPILGWA13Q6MCIx8wrUhUfLxsRYvB6BwB/ Co8A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:to:references:cc:from:openpgp:autocrypt :organization:subject:message-id:date:user-agent:mime-version :in-reply-to:content-language:content-transfer-encoding; bh=F49nco/PTkjruJj/I3urvg8h1sWLbvcjEAGzHG4FO8k=; b=cTf/XGO8H4hd+D2LKuQQFEVKJMU2P24D2QxF0+c3Uy1pk5dX+atXxf4GzbJMRo7D6g IsDiPlXP65AO5JamWY7gF/eOADIYn8EtK/bSxfGKKCadJOq1xPobOTWIb635riqcVjeb CInoAzIbH3G/2TIIac3aUyApcI+kdMWbQlDZHi2yhgrEooc3ia13ERHuGr6EW6rWYmhr Bem3S/H1owZpulvqplewibPAceBZTV2p1Sl3Mt5oTyisktnECB82m/cLdHVvcf+byoOG 9O0+9s9Fr1xSAnkHVrXbdG283AcEkWLeVaQiR85dT26qxKgtahCu86n7JP4dpaf5FAZE oODQ== X-Gm-Message-State: AGRZ1gIVUoJXFenEJTt2vPPHm0G/LK3+XnlYnV199kAJokqOKcjo2d4T uz54tVRfBVRUKwsK/DWdkera0hemu3k= X-Google-Smtp-Source: AJdET5cYppZzP+Jpi0F0q0+w0gBKaeeIB04FvfoeU1bjdamS3PEKuKex4UcQOsA4Q+ypWEqp0H4XMg== X-Received: by 2002:a2e:7217:: with SMTP id n23-v6mr15520ljc.71.1540486911060; Thu, 25 Oct 2018 10:01:51 -0700 (PDT) Received: from ?IPv6:2a02:a317:4e3d:4680:f6ed:4b3c:7510:34c3? ([2a02:a317:4e3d:4680:f6ed:4b3c:7510:34c3]) by smtp.googlemail.com with ESMTPSA id 1-v6sm1215883ljc.46.2018.10.25.10.01.49 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 25 Oct 2018 10:01:50 -0700 (PDT) To: Werner Koch References: <877ei9szyc.fsf@wheatstone.g10code.de> <87mur2nyt6.fsf@wheatstone.g10code.de> <87tvlam1iz.fsf@wheatstone.g10code.de> Cc: Heiko Stamer , openpgp@ietf.org From: Wiktor Kwapisiewicz Openpgp: url=https://metacode.biz/@wiktor/openpgp/key Autocrypt: addr=wiktor@metacode.biz; keydata= xsFNBFhoYHoBEADzmg9UuwDrtvyejU01gDY1J1iJiCi4XGJ4lCfYeLC2jSagIxU/5Lu0lRft 0Loi2tsjpo0c8docP7HFxafEEvnnt/iabd6I536llMuw0uno4PgnD3ljcCMZLT+vn+amIDta lzVoMnSqzoNUotMNMtjIFuAaQ/wr4/Mp9CIgJdviGUc3PscqUiiUVVtk6uF0x657NULZgSIT /Mrqlr2i4RuyPwXe2Qt0uEA3KWWjF0l2NpAMVrqz+nHsLoNOaAsfdx94bzKQrrSeSQqEO2f+ /eO/hbUAFAmEhrotmUO8wJNygo8TgkdlzFI+UE4p8/KW0aCgGGgR8YkCvHq2OQhAAYFNJoNz Hqw0FGxdsY8qWFkYpoSB8zKspNy8KliofCamMYXoPF7eVIxIiKvxrAykGP4jNnzSoV0cn+bY fXnox1IhnqbnoJIT7kTmXv4JmWoYm8ThHqpEgcQOUUQzSRXb9OiNwiXT71ijeO1qswMRpsgk 6AGKSZGWxa3c4ive/p8z1Ax27BFZSh2FceIcMCcGLrDjnQYgeFsAJ1jSxZQXkGuJFHfb4nff Big7aq/vyKrQFQXG0NQQL7rZAdk/s665vifos0yPmRDu7yDT1ggdyBp4Pa4re+ZJcNRNzNHo zU9al+CoImCQjnTtKMXmOe/BzGrpHI4QR3NNzVa423WCIWkHfwARAQABzSlXaWt0b3IgS3dh cGlzaWV3aWN6IDx3aWt0b3JAbWV0YWNvZGUuYml6PsLB7gQTAQoAmAIbAQgLCQgHDQwLCgUV CgkICwIeAQIXgHMUgAAAAAAqAEB0aW1lc3RhbXArYml0Y29pbi10cmFuc2FjdGlvbkBtZXRh Y29kZS5iaXphZmNiMDkyYzVjYTY0MDk1MjZkMThhZTljZjIyZDNiNTVkMzdlNzIzZWIxYjc0 ZTNmODRmN2U2YjA1MmExNjJhBQJaLoPdBQkDwPuGAAoJEGyIV+DY6PB0CNkQAKGTFHzG4YO6 yne5jfMlGcF8JUYq0EGHE9DRK6oAyGo+1TGFbf1bS4wULvA6LFBOLd+aI7uuN062kDdtHVUf 0S0AZ9ByjIBdQJsqx47W6uXsRX/pB0a70QqS6NbS3AL/fdwZOj/TBk8bdsfg7Z+hH+ykMcOs EYLmdMLmrqYgl9EyP4FmsnU9H8x4yKp0/Kv4BQYfjn68CFvyM2NQU3MR/H3sqvM/uY5AJwTp A8X1ZbN8pjZO5YRTiQtMrXekNzhP3p0ep1+cu2UxQO6jXV6Sjdm8D8RJzGaxCuhN/VhLNSvh cb2T5sejBAhU8JmKNle4+z5wZWB4bl5Dfkg1NpSEEdv7so+KXCnszo89UJJijlfgBFtm5WjK u7gCR8CVOeGQwQolEzi18zihCwRy1rg/xKokk7q6ZBEvxM1sBYNd81mi1PgrNwgH4jPULfQk UJtU7HLRVNLbnrIyEQbLOJegBLaWHgR4T69blBGg1oqiq/1PHnZuJauZhhNEAViX42VKJP1z w6PIfvbjg27wf4OjEDtVVXCrxqqljHRilagFQHGlU+iF6Ii2C3pNod11+lqJC0riFylxK/wu zHpoZdFg10gqMWIE2Exm7nJ6ToKv5kZqKC97mWrmh6FFEr6HmjDDuo+N4RER3VGj0dSey5nc eFQ2vry17IGN1ljV9TiARDgizsBNBFs/lS0BCAC5oX3r3luF7czMF8UFxJz55XuvNRs4tEjo Hzqcqoe4+RJyfNDtspgevYIq1WTKw/H3ZYsd2wZpkM3I+BJn9eeHZKs77qXQZGN5PBB65rZo LjMx+qHa6wH4lIYMYW7eB9HHMsT/5E3ILBSRzZIwJimd/QdIMKSrJ5mPMkAd+9+xob5zKHO5 L5pbQtJSGS0m17/hA0kCTLI885hLtT3JsI/KWwuAYDrTwsayzh/hG/NgdA3I8xlrQCLC0EFJ oxHkN9tCyXeKPlrIPYyMB1jHTo1iNV0CQGpk+zf6DA/ySGfJxd30ksJZ8y5qxD43zS0YffYM C01CeuqPoGZ2Fy9VxhODABEBAAHCwXwEGAEKACYWIQRlOQmi8ON8EG9fr1RsiFfg2OjwdAUC Wz+VLQIbDAUJAeEzgAAKCRBsiFfg2OjwdKQ4D/wIb8s2Tw8MhbbwASutzTwg3g3KReDRHgSz z7RJtePIM8HC6qm9++9sxoqww7qm35vb604HtMRORYmfXgVSocsYg/eAk8LoBVfCZidDVBia /i/dYx/8LHeX/0PqPluSusQh64BFUoVetUCP+kISbK8vgDt4HfDSgtenC5lpTAdk257A84p2 zDnUtVr8XNv09m7ASft6Wh5Wrn+aWlJrf6T6eysk9OIw8VpSuq0oG3vcEoTbHKJN8TDliPUc QVz5Qti0tgB40PLrqOpTdENdxbiaUNFpHm3Tkk+n7CEFcOayFvy5vU6Nih0hu+LFC2XHzQRw sLnuQ2EilWtXRulcwvFo6A3Vp+gidxc6UwC+LBFJjvDMv5hmsdhSm08r2hd2k61oL6NCGVB3 fxuJT85UHsEC04N72Fa26+Spkh3DtJMrKqJlBBas7oJYh6644DB4rccd6VT3n7Zv1pd2uIWv gjORztfBzRJEysOeHoNpr4hEocg62beu9cnGHpYB9j3mhv+E2IYPnJKqit18G7xb7QnyQU7L YfctLO0GLNdTBavWJggHPzUp09vb3uGS3dMdAYbWTBtnXttkdYuLx/oCe1LVUQYotsX7s83V kVc2n6xzrcaebmgoFtGUfUmOV0U0xbqv6Mxg27qctYh1QidvRyt0xqGA0Qhz/vvoQdfQeMlO Tg== Organization: Metacode Message-ID: Date: Thu, 25 Oct 2018 19:01:45 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.2.1 MIME-Version: 1.0 In-Reply-To: <87tvlam1iz.fsf@wheatstone.g10code.de> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit Archived-At: Subject: Re: [openpgp] Clarifiction on v5 signatures X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Oct 2018 17:01:57 -0000 On 25.10.2018 18:31, Werner Koch wrote: > I posted combined diff of Heiko's pacthes. Here is his timestamp patch. > IIRC, we have talked in the past about it. Oh, got it, I'll try to find the previous discussion. The second octet key flags (ADSK and timestamping) look really interesting but the details are scarce as far as I can see. I've been thinking previously about the possibility of having separate signing subkeys for different usages (e.g. code-signing subkey on one hardware token, e-mail signing in a more accessible place). Thanks for the info! Kind regards, Wiktor -- https://metacode.biz/@wiktor From nobody Thu Oct 25 13:19:36 2018 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A2591274D0 for ; Thu, 25 Oct 2018 13:19:35 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S40tRjgbFLHW for ; Thu, 25 Oct 2018 13:19:33 -0700 (PDT) Received: from mout.gmx.net (mout.gmx.net [212.227.15.15]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0E917127148 for ; Thu, 25 Oct 2018 13:19:32 -0700 (PDT) Received: from [192.168.178.30] ([80.132.227.54]) by mail.gmx.com (mrgmx002 [212.227.17.190]) with ESMTPSA (Nemesis) id 0LtrKX-1fZJrw0I6f-011Awn; Thu, 25 Oct 2018 22:19:29 +0200 Received: from [192.168.178.30] ([80.132.227.54]) by mail.gmx.com (mrgmx002 [212.227.17.190]) with ESMTPSA (Nemesis) id 0LtrKX-1fZJrw0I6f-011Awn; Thu, 25 Oct 2018 22:19:29 +0200 To: Wiktor Kwapisiewicz Cc: Werner Koch , openpgp@ietf.org References: <877ei9szyc.fsf@wheatstone.g10code.de> <87mur2nyt6.fsf@wheatstone.g10code.de> <87tvlam1iz.fsf@wheatstone.g10code.de> From: Heiko Stamer Openpgp: preference=signencrypt Autocrypt: addr=HeikoStamer@gmx.net; prefer-encrypt=mutual; keydata= xsDiBDdYKNkRBACRdsFzaQn0HChOX38WHXlIYcNZAAxBQxa7gdmPXTUK+tgwQuwAr/XViQxn ExKwyOteRhwHZNSYdoKPlCOJ3c3FWCKAdflINr53NvN/qnnaF+3M1HaluiwVdfHD9a0+k7fd NFZMq2bTpzSCQBsPGipSK0K8ET8UPrXm54pXhqYL2wCgsuMBOv64bmg2zjg6vHSTKADGykcD /Agjoa7y7Cpifk4WEKDKu8nlrE9OFOJppjZ9bdJedrmZq5A/jHr35UOgbZItTmgBiz7bfMLq 7HD05ZQ3BplBmmiE0412f55GadCjN4vvnCdTqZ/ewzWdz/rzQGaJm9IvW6rupuFgrTx0GJhf we7cr6GQQo0nqA0LMCyhGHQASC56A/9NOroBzLM6wl9QlE9lybxd3cxI2UnrfHIu63tklFKF vL1XnjyJ4YR0sDs6/f56JbtEGUKTCI7ZAw+241Va4MrbDVmmsGJjQBcKxNbHDfkkjoJ9NBwr pUo2nMT3BWyKHCfnMqoyT+nN04b0Em1ffbhptKiLJSeY1mcPxvA1h7PrKc0lSGVpa28gU3Rh bWVyIDxoZWlrby5zdGFtZXJAcG9zdGVvLmRlPsJiBBMRAgAiAhsDAh4BAheABQJTnH9pBgsJ CAcDAgYVCAIJCgsEFgIDAQAKCRBPWE64+yvhT4n9AJwNsUcN5bx9/gtUs4LMmqBcePkQKwCf Y4FmM1D4rmTWsHQ1NRgsiqQhc27Owk0EN1gq2RAMAK4ZTZJZeaOmjIYhf9QfN7rQ6iXEF20r OG8NkeHLVLPw02t2QjejO5g4zGQplktPD+JCKBU1B/DL7l8BTDopofw4+fAierJ6C4jo/AbS pArZxaVJNkOVNbwHYPdCmO3yxieeMYQgYoZvtkBSA4OZZh2xLfmi3IRBPRSf+REiqPJBy9aA 0f7634vKldTG7R4PR2UP+THjpM/2SpNiyv/y9ZaEPYn3zHRkWsUw3xAMIiE73Hen6o/J9KIB 2e4jiI3VFiwq0LaKRv5whzltjKydGi2zVqcDLc93lDxsW2OXPE89GH3S/9irlEz/ciBuxtLT MMjSV3OeV34Mid7Muz8RE6whOaZteuEgAcLxONxe3FZHeG2cUuciCZDdFqDRtB6w0XhjltdI ZzD8zHBZyboRfBxubtRzriTxjFcxjI3L5df9uLWjuvkl0fSYpQV5dMX1Yus2kXiMHKUeTVE0 NtHqSnozzu88l6D+dCHX0i1BDFgkZi70oGEEaEW0NQgDItOdNwADBQv/a0d7nasV4JW9mjtF nlJDL9pyXHuGc+y9vfJNdy+DlzuHB44vtl+yH9ecTdpxE7RgB8ZvQvEwUmV+keBw+5NkR3ms +AnPrwZxwAIE/DxnwyBAQETkf9SIBH8cz0BCYQ37B+N4OW/pkYSWadjn2Bgi4IZRWyrDmnAI KwsGzfGUxPIKI3AMcRFFqjdhMaFo3L2GwJ2o0dBxd1LN0Xo6298ydcjrtAbKI1xuNXBfBAeU YCzGjg7cUw6XXfyjU5rTQkxKTu13xsKUwCnse7jOvDnfdNnYC+n7o4WNQBDhTiF0QMZ482ba FtCKcqdQJ3fQ9uioh1kOZirhJJ40xtYrDLcS3H9rQZff0X+CeOa94EdJYYYH7BIpysrfJ9c1 cxrg5brzeb9ofWaxLQvRIXBubbDtd0AunQMJXTfXHUmgYCdzSZVyy1tUzso1QacI4D0PhRIo euP8ihlWhqnHRv5tY8Ue18uFybaVIOWrsXXjQOVBUvXFmYCc9ykvJcyYSadLYkJlwkYEGBEC AAYFAjdYKtkACgkQT1hOuPsr4U9xEwCeKB7jHvmUrWnuxsqx2Flvq2/gIk8AoKkOpGf2jud+ 8uWi5c1ohHWeuLtz Message-ID: <402c0064-ad23-a022-d0a1-9fc0b6f1b4ba@gmx.net> Date: Thu, 25 Oct 2018 22:19:31 +0200 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Provags-ID: V03:K1:cKNWvHIZYSx8eiz8aS3OZImhvdKiBJjvYQwFzHiQWgR4yNf9I+C kWNDcMc+M251Oh2g6ZcXBr/NNHDzWg36ixjT44C9FvMR0oDNXPgApMQ/sGeEEXQYyi49gyb 68p0dS0Iz+MoOU+B81KX5A8RaC9uyEm8SZkWwJJKYwJdiOEOIrkkUrXceMFqgICKntNk2BN CFCDn1UGB25FzR8HCBYWg== X-UI-Out-Filterresults: notjunk:1;V01:K0:EB9MHRdahU4=:DsNNlEWuIKfV3fVsRwO6i4 /2SwDpnDfbrauRZGmA5UG5SA8mQASosptJCeNXxrYKuNdMGO2ZC0bA5oaVfVTinIR0He92S2R hnuzGsugctskj9//BSURUu/XOZnxkXvXExaX7QD+dOyBAc5uMn57AcOgc+IXTLVnWpl+ABQhF gOp8WWg+h4mtG0CiuqbdMgQhTNPAR6yOkcQdbd7GRQhUsRN8jooFD3iIXxwKOx5kONUQbnDw5 1Qb/xd/V1tf2YWwQAWlyDNacSfRtk2ASf5C4IWqRbNXw+VgkeqZdvuLDKNPX6DQ+RKyBXF/yT byUP4Jo46J7dtk2O0J/YP0O7WbWXiixxOB5ksdTe7sJPjCglf+hUGaQEdiUUlpknlvXZjRuPk Sk7l43hqTOVfAmkJnkjoY4z/DmlnSqQbyZ9VumWz/c1gUt1eqj/VUXL0tHAOehJ6QvUsfBCEY i63UA0ZiB1fU5IhtrrVNaoWpZZZHYQOoBV2m4kQRq2bPoUhKMiy8XytadWxxXwaVKBxuxEavg jLc8tWtYaqPep8OlWxVQgkxhNkOWk0CeOeosD1nzwLp60eU7dWqKsiO3PKqbFjvXrm9DgjRxz dmaJpGKmsjVlU13WI7c0/80DBDuAi/Gqx+4VO+ht2N0YnJlQ+9Op7Q1wLCufWAr4h9HTWpKaA Wr7sHcW9yHVgMMcRsMM7b2KkUevNUXzE4ydFv6tVO7C/HOAg/F29mkhFxhHGxk0tMViy1xEmv FFgR+dW7bHLFKllKu3wmK7cuI39nQ5sTCpWJZH8PaOyJiP2tEbEOEiEOkFlQ0Hjw10TQNdp07 NYan3MxmaTwC5Qw1s0jBvnbc5czNqW2cQVF+6a7hZUayRrfIOj9HWbx62NmP/0ohCCQHqsLEP jgY5CqLMacSczurvmolnTBYtiySk3EZWIoi7ogol7pOMVcQBkHFCK4R4bqE3gi Archived-At: Subject: Re: [openpgp] Clarifiction on v5 signatures X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Oct 2018 20:19:35 -0000 Hi Wiktor, On 25.10.18 19:01, Wiktor Kwapisiewicz wrote: >> I posted combined diff of Heiko's pacthes. Here is his timestamp patch. >> IIRC, we have talked in the past about it. > > Oh, got it, I'll try to find the previous discussion. Recently there was a short discussion here: https://dev.gnupg.org/T4108 However, this is an old unsolved topic, e.g. see https://www.ietf.org/mail-archive/web/openpgp/current/msg07136.html Best regards, Heiko. From nobody Thu Oct 25 13:32:19 2018 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 15514130E41 for ; Thu, 25 Oct 2018 13:32:17 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=metacode.biz Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0gKyzBZPXWrL for ; Thu, 25 Oct 2018 13:32:14 -0700 (PDT) Received: from mail-lf1-x136.google.com (mail-lf1-x136.google.com [IPv6:2a00:1450:4864:20::136]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3881E130DC3 for ; Thu, 25 Oct 2018 13:32:14 -0700 (PDT) Received: by mail-lf1-x136.google.com with SMTP id x24-v6so7836052lfe.5 for ; Thu, 25 Oct 2018 13:32:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=metacode.biz; s=2017; h=to:cc:references:from:openpgp:autocrypt:organization:subject :message-id:date:user-agent:mime-version:in-reply-to :content-language:content-transfer-encoding; bh=3f3jEWRdxJYiVEjnTtv/Je4gw0WCJhD/94Cg4ozxV9M=; b=XB44eFf9Lt7WD3j4UZrVds107LunSVndUyVSJ57HT9J80ExuWnEeHcWIgV1IIXktBW nXzf337pnosBTo7KdqRrZjLvOnV/H5hBYiurvS9sBxrj79ZheRsb1mgp7aU39TELI6uh Bm4ItjYo+i28axF4R2uFCtvvmdcxiBZjuvEA+1LKXjSFLyxNgXYZMVUoMGObgCxoaECm FkjD152544JxZX70KyMnNANrpKKmcS6aj1d2yiG0b7+7euwpMzdbt+NT3/o2+9xjcXdM Q/pIgCoSfnnMM3wX2zpp4UTBxwJi8cCSJXq56dnuf90si6O90r8DFFxrbN8HmimiBdV5 ia0A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:to:cc:references:from:openpgp:autocrypt :organization:subject:message-id:date:user-agent:mime-version :in-reply-to:content-language:content-transfer-encoding; bh=3f3jEWRdxJYiVEjnTtv/Je4gw0WCJhD/94Cg4ozxV9M=; b=LNtOaXgk5dIqW3eLOFzK12LSxD1EqZ3imaWeP9GsRRkg6fur/swu+r1ktWiWrnHXfC l0bQJ0aygpoNOzqmJcxzW7vWUjJBoGrJr1aXaxvuldk5oQNtRpxbdq1m4AEn07c2RnX0 lIk1pGh3i9/75UjT8YQq/TJNVn+tbUhSbZn4w/QG+tUa/Sqb2Nb7euL3eemld2VcyJjC DFkNwwyC2FrncLvSOiiQW0AMcXOgBRdutdGY7+4KpKZP+ZcSWXe0zlmZ2bb5tBhIjP+K 5PrRaPaXl+xIxqO+rc7s/oi1L0zqFPxlK2/u9S18OSu8CDSZFic0R/jj82Rhf631ApCz +DbA== X-Gm-Message-State: AGRZ1gKNrBw/03+wOm3wB2SAxXCcv8wYC8WvyoXGdldR52FRpwvPaAQB PRTY0Q37AWQMzJnsXmfPJhLuaSTvcPc= X-Google-Smtp-Source: AJdET5cOSPFbAV0a2PaMVIvT5R9gSW3OOQbG/4sOwC9cOYhFuyc16mGg5p5xm0V2DAFKoQFJ7JCLEw== X-Received: by 2002:a19:690d:: with SMTP id e13mr437768lfc.84.1540499531739; Thu, 25 Oct 2018 13:32:11 -0700 (PDT) Received: from ?IPv6:2a02:a317:4e3d:4680:f6ed:4b3c:7510:34c3? ([2a02:a317:4e3d:4680:f6ed:4b3c:7510:34c3]) by smtp.googlemail.com with ESMTPSA id g72-v6sm1412153lfl.21.2018.10.25.13.32.10 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 25 Oct 2018 13:32:10 -0700 (PDT) To: Heiko Stamer Cc: openpgp@ietf.org References: <877ei9szyc.fsf@wheatstone.g10code.de> <87mur2nyt6.fsf@wheatstone.g10code.de> <87tvlam1iz.fsf@wheatstone.g10code.de> <402c0064-ad23-a022-d0a1-9fc0b6f1b4ba@gmx.net> From: Wiktor Kwapisiewicz Openpgp: url=https://metacode.biz/@wiktor/openpgp/key Autocrypt: addr=wiktor@metacode.biz; keydata= xsFNBFhoYHoBEADzmg9UuwDrtvyejU01gDY1J1iJiCi4XGJ4lCfYeLC2jSagIxU/5Lu0lRft 0Loi2tsjpo0c8docP7HFxafEEvnnt/iabd6I536llMuw0uno4PgnD3ljcCMZLT+vn+amIDta lzVoMnSqzoNUotMNMtjIFuAaQ/wr4/Mp9CIgJdviGUc3PscqUiiUVVtk6uF0x657NULZgSIT /Mrqlr2i4RuyPwXe2Qt0uEA3KWWjF0l2NpAMVrqz+nHsLoNOaAsfdx94bzKQrrSeSQqEO2f+ /eO/hbUAFAmEhrotmUO8wJNygo8TgkdlzFI+UE4p8/KW0aCgGGgR8YkCvHq2OQhAAYFNJoNz Hqw0FGxdsY8qWFkYpoSB8zKspNy8KliofCamMYXoPF7eVIxIiKvxrAykGP4jNnzSoV0cn+bY fXnox1IhnqbnoJIT7kTmXv4JmWoYm8ThHqpEgcQOUUQzSRXb9OiNwiXT71ijeO1qswMRpsgk 6AGKSZGWxa3c4ive/p8z1Ax27BFZSh2FceIcMCcGLrDjnQYgeFsAJ1jSxZQXkGuJFHfb4nff Big7aq/vyKrQFQXG0NQQL7rZAdk/s665vifos0yPmRDu7yDT1ggdyBp4Pa4re+ZJcNRNzNHo zU9al+CoImCQjnTtKMXmOe/BzGrpHI4QR3NNzVa423WCIWkHfwARAQABzSlXaWt0b3IgS3dh cGlzaWV3aWN6IDx3aWt0b3JAbWV0YWNvZGUuYml6PsLB7gQTAQoAmAIbAQgLCQgHDQwLCgUV CgkICwIeAQIXgHMUgAAAAAAqAEB0aW1lc3RhbXArYml0Y29pbi10cmFuc2FjdGlvbkBtZXRh Y29kZS5iaXphZmNiMDkyYzVjYTY0MDk1MjZkMThhZTljZjIyZDNiNTVkMzdlNzIzZWIxYjc0 ZTNmODRmN2U2YjA1MmExNjJhBQJaLoPdBQkDwPuGAAoJEGyIV+DY6PB0CNkQAKGTFHzG4YO6 yne5jfMlGcF8JUYq0EGHE9DRK6oAyGo+1TGFbf1bS4wULvA6LFBOLd+aI7uuN062kDdtHVUf 0S0AZ9ByjIBdQJsqx47W6uXsRX/pB0a70QqS6NbS3AL/fdwZOj/TBk8bdsfg7Z+hH+ykMcOs EYLmdMLmrqYgl9EyP4FmsnU9H8x4yKp0/Kv4BQYfjn68CFvyM2NQU3MR/H3sqvM/uY5AJwTp A8X1ZbN8pjZO5YRTiQtMrXekNzhP3p0ep1+cu2UxQO6jXV6Sjdm8D8RJzGaxCuhN/VhLNSvh cb2T5sejBAhU8JmKNle4+z5wZWB4bl5Dfkg1NpSEEdv7so+KXCnszo89UJJijlfgBFtm5WjK u7gCR8CVOeGQwQolEzi18zihCwRy1rg/xKokk7q6ZBEvxM1sBYNd81mi1PgrNwgH4jPULfQk UJtU7HLRVNLbnrIyEQbLOJegBLaWHgR4T69blBGg1oqiq/1PHnZuJauZhhNEAViX42VKJP1z w6PIfvbjg27wf4OjEDtVVXCrxqqljHRilagFQHGlU+iF6Ii2C3pNod11+lqJC0riFylxK/wu zHpoZdFg10gqMWIE2Exm7nJ6ToKv5kZqKC97mWrmh6FFEr6HmjDDuo+N4RER3VGj0dSey5nc eFQ2vry17IGN1ljV9TiARDgizsBNBFs/lS0BCAC5oX3r3luF7czMF8UFxJz55XuvNRs4tEjo Hzqcqoe4+RJyfNDtspgevYIq1WTKw/H3ZYsd2wZpkM3I+BJn9eeHZKs77qXQZGN5PBB65rZo LjMx+qHa6wH4lIYMYW7eB9HHMsT/5E3ILBSRzZIwJimd/QdIMKSrJ5mPMkAd+9+xob5zKHO5 L5pbQtJSGS0m17/hA0kCTLI885hLtT3JsI/KWwuAYDrTwsayzh/hG/NgdA3I8xlrQCLC0EFJ oxHkN9tCyXeKPlrIPYyMB1jHTo1iNV0CQGpk+zf6DA/ySGfJxd30ksJZ8y5qxD43zS0YffYM C01CeuqPoGZ2Fy9VxhODABEBAAHCwXwEGAEKACYWIQRlOQmi8ON8EG9fr1RsiFfg2OjwdAUC Wz+VLQIbDAUJAeEzgAAKCRBsiFfg2OjwdKQ4D/wIb8s2Tw8MhbbwASutzTwg3g3KReDRHgSz z7RJtePIM8HC6qm9++9sxoqww7qm35vb604HtMRORYmfXgVSocsYg/eAk8LoBVfCZidDVBia /i/dYx/8LHeX/0PqPluSusQh64BFUoVetUCP+kISbK8vgDt4HfDSgtenC5lpTAdk257A84p2 zDnUtVr8XNv09m7ASft6Wh5Wrn+aWlJrf6T6eysk9OIw8VpSuq0oG3vcEoTbHKJN8TDliPUc QVz5Qti0tgB40PLrqOpTdENdxbiaUNFpHm3Tkk+n7CEFcOayFvy5vU6Nih0hu+LFC2XHzQRw sLnuQ2EilWtXRulcwvFo6A3Vp+gidxc6UwC+LBFJjvDMv5hmsdhSm08r2hd2k61oL6NCGVB3 fxuJT85UHsEC04N72Fa26+Spkh3DtJMrKqJlBBas7oJYh6644DB4rccd6VT3n7Zv1pd2uIWv gjORztfBzRJEysOeHoNpr4hEocg62beu9cnGHpYB9j3mhv+E2IYPnJKqit18G7xb7QnyQU7L YfctLO0GLNdTBavWJggHPzUp09vb3uGS3dMdAYbWTBtnXttkdYuLx/oCe1LVUQYotsX7s83V kVc2n6xzrcaebmgoFtGUfUmOV0U0xbqv6Mxg27qctYh1QidvRyt0xqGA0Qhz/vvoQdfQeMlO Tg== Organization: Metacode Message-ID: <4c26df7c-5ca5-78db-2cef-b96cc439d5fa@metacode.biz> Date: Thu, 25 Oct 2018 22:32:09 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.2.1 MIME-Version: 1.0 In-Reply-To: <402c0064-ad23-a022-d0a1-9fc0b6f1b4ba@gmx.net> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit Archived-At: Subject: Re: [openpgp] Clarifiction on v5 signatures X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Oct 2018 20:32:17 -0000 Hi Heiko, >> Oh, got it, I'll try to find the previous discussion. > > Recently there was a short discussion here: https://dev.gnupg.org/T4108 > However, this is an old unsolved topic, e.g. see > https://www.ietf.org/mail-archive/web/openpgp/current/msg07136.html Very interesting. Actually I'm familiar with OpenTimestamps and RFC 3161 timestamping. I've also used raw Bitcoin transactions to timestamp my key's fingerprint [0] and recently did a small PoC of using Google's Roughtime protocol to timestamp arbitrary data. It's definitely nice to see timestamping being considered in scope of OpenPGP. I'll keep an eye on T4108. Thanks for the pointers! Kind regards, Wiktor [0]: https://keyserver.ubuntu.com/pks/lookup?op=vindex&search=0x6C8857E0D8E8F074 [1]: https://roughtime.googlesource.com/roughtime/ -- https://metacode.biz/@wiktor From nobody Fri Oct 26 03:15:18 2018 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 31491130DD0 for ; Fri, 26 Oct 2018 03:15:16 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -7.001 X-Spam-Level: X-Spam-Status: No, score=-7.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=gnupg.org Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Tpaj6vMJlbbC for ; Fri, 26 Oct 2018 03:15:15 -0700 (PDT) Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E7828130DCD for ; Fri, 26 Oct 2018 03:15:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnupg.org; s=20181017; h=Content-Type:MIME-Version:Message-ID:In-Reply-To:Date: References:Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=gr9bQxVll5DvSGeIJPRkk8kXvp5hSNIbIDI3MAewa/8=; b=gs7Sg8tNyPCvbOUlUF6PotWcEA 6QqSNNbWxLhdrLoJCtSdz7DGzhQ7uLRWswyzDZAuKKcWZHV6+B86B3039FmNEJl38+EHIlowFxCpb gKLSmDHgRVQi0vTd08OThMnqKpt0lVx+Lgf2oNNQgUFQWszpIwpWoCOBGbYzFVfqwl+4=; Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.89 #1 (Debian)) id 1gFz93-0004nZ-BF for ; Fri, 26 Oct 2018 12:15:09 +0200 Received: from wk by wheatstone.g10code.de with local (Exim 4.84 #3 (Debian)) id 1gFz7g-00086w-97; Fri, 26 Oct 2018 12:13:44 +0200 From: Werner Koch To: Wiktor Kwapisiewicz Cc: Heiko Stamer , openpgp@ietf.org References: <877ei9szyc.fsf@wheatstone.g10code.de> <87mur2nyt6.fsf@wheatstone.g10code.de> <87tvlam1iz.fsf@wheatstone.g10code.de> Organisation: GnuPG e.V. X-message-flag: Mails containing HTML will not be read! Please send only plain text. Mail-Followup-To: Wiktor Kwapisiewicz , Heiko Stamer , openpgp@ietf.org Date: Fri, 26 Oct 2018 12:13:43 +0200 In-Reply-To: (Wiktor Kwapisiewicz's message of "Thu, 25 Oct 2018 19:01:45 +0200") Message-ID: <87lg6lm2w8.fsf@wheatstone.g10code.de> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=illuminati_FBI_MD5_interception_Soviet_smuggle_terrorism_assassinate"; micalg=pgp-sha256; protocol="application/pgp-signature" Archived-At: Subject: Re: [openpgp] Clarifiction on v5 signatures X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Oct 2018 10:15:16 -0000 --=illuminati_FBI_MD5_interception_Soviet_smuggle_terrorism_assassinate Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Thu, 25 Oct 2018 19:01, wiktor=3D40metacode.biz@dmarc.ietf.org said: > Oh, got it, I'll try to find the previous discussion. The second octet > key flags (ADSK and timestamping) look really interesting but the The ADSK (Additional Decryption Subkey) is an idea of mine on how to ease ease encryption to several devices. You would install the separate private subkeys on each device and if the sender supports the ADSK it would encrypt to these subkeys. This is similar to what OpenKeychain does but a more selective approach. OTOH, I am not sure whether one can find a threat model where such a scheme would be useful. We also have 2 other flags (group key and split key) which are also not well defined, so the ADSK does not hurt too much. I have no problems to drop that flag, though. Salam-Shalom, Werner =2D-=20 Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. --=illuminati_FBI_MD5_interception_Soviet_smuggle_terrorism_assassinate Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQTX/8BjtAoilLlm20f/gK6dHew1jQUCW9Lo2AAKCRD/gK6dHew1 jecWAQDVgoyNnPqSOH4n0pGSqWHNQvSWK++5U4vk2Q9ODE2tYwEAkyU+tCZOnMQt Wpcio26ep8ju4Pkrj+GAUlEbHCnRlAM= =+Pen -----END PGP SIGNATURE----- --=illuminati_FBI_MD5_interception_Soviet_smuggle_terrorism_assassinate-- From nobody Fri Oct 26 04:19:43 2018 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 15A37130DDA for ; Fri, 26 Oct 2018 04:19:42 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=metacode.biz Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dCVpioWbn2nG for ; Fri, 26 Oct 2018 04:19:40 -0700 (PDT) Received: from mail-lf1-x12b.google.com (mail-lf1-x12b.google.com [IPv6:2a00:1450:4864:20::12b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A9A6B130DD7 for ; Fri, 26 Oct 2018 04:19:39 -0700 (PDT) Received: by mail-lf1-x12b.google.com with SMTP id u18so620443lff.10 for ; Fri, 26 Oct 2018 04:19:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=metacode.biz; s=2017; h=to:references:from:openpgp:autocrypt:organization:cc:subject :message-id:date:user-agent:mime-version:in-reply-to :content-language:content-transfer-encoding; bh=6JVpeQirp31pCMIJn+ZVNJgbpXZdXp/JiLGF3xe4wG8=; b=p4HG09dVSZMecrlVEmayWWbcP4zJ5zQ1Jup9pWFIK1iCGvqMrFST1ow6wFptIS6BVO jNWAgy4vrhOmOM2/qFSW5opQtXNIbYeGHMxYXK7Gm+B4LSWu33PPGLBBkCpDYbjdBeyi H25m2NaKZaK5vOcgzNt3dvsqtT7lwWlF0rNPOCEqy5KVw/E26gCJZDvCsX7KMhjkqvEI yqITJTm7YWRny0r73yENU7EQ7NP+Q40o7aT5bCL/DN7TvrCkuD8UmPaFMdI14AHPvddF 9uQGhI/+cXP3fg/OID3QPeVpSr9Xiyph1bqZtntWmHNS6HkwamYz07KNHcJiiXuWP5vY 1Z7Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:to:references:from:openpgp:autocrypt :organization:cc:subject:message-id:date:user-agent:mime-version :in-reply-to:content-language:content-transfer-encoding; bh=6JVpeQirp31pCMIJn+ZVNJgbpXZdXp/JiLGF3xe4wG8=; b=fBsOBU8PwiFP1zkP93RoJ0yHMLEhsAO0GT2KyV4kwU5h9YK74pC5pISiau8+c7tu3Z NpmXmXAqfKNcr4kKYnBmjIwAEJteG2iVnh5AGfm2C4LWz6lQ9MXrU4aRg+R1+5lqbjvU ur8ppf6BWxEhNHQOafFhTbDdp6I59TBDsSAKDi7hxvo49m55FGK+89w5aRDZXRrj+KeT HCC/0MWlBFIeR/coCqDj54aTieYyjJk2fhf+0Iv2AacJyGdqN0GCBX8W0yCEOJiTd7Nf +sYBSwYADER5mIaD1m8A0H422GpZmlMiLcNBBYS9f2zi4v4tHFhnk2wlGvqAV9Y6pR+V Nf7w== X-Gm-Message-State: AGRZ1gLWH5xaM0SI5kWhklTh7W2EyvgBheXlg9C432licirXidbJhexi Z/Okxh6ZD7QWslIhdhJtxuQf8ALaMqI= X-Google-Smtp-Source: AJdET5foKcztxl+kCYp9XrrLj6ZZr/Yvw5FSFX0rgF5gyEPdnKsq5E+huIF2aRseSd/DZ+1znS2VTw== X-Received: by 2002:a19:4948:: with SMTP id l8-v6mr1876551lfj.16.1540552776960; Fri, 26 Oct 2018 04:19:36 -0700 (PDT) Received: from ?IPv6:2a02:a317:4e3d:4680:f6ed:4b3c:7510:34c3? ([2a02:a317:4e3d:4680:f6ed:4b3c:7510:34c3]) by smtp.googlemail.com with ESMTPSA id k18-v6sm1524052ljk.58.2018.10.26.04.19.35 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 26 Oct 2018 04:19:36 -0700 (PDT) To: Werner Koch References: <877ei9szyc.fsf@wheatstone.g10code.de> <87mur2nyt6.fsf@wheatstone.g10code.de> <87tvlam1iz.fsf@wheatstone.g10code.de> <87lg6lm2w8.fsf@wheatstone.g10code.de> From: Wiktor Kwapisiewicz Openpgp: url=https://metacode.biz/@wiktor/openpgp/key Autocrypt: addr=wiktor@metacode.biz; keydata= xsFNBFhoYHoBEADzmg9UuwDrtvyejU01gDY1J1iJiCi4XGJ4lCfYeLC2jSagIxU/5Lu0lRft 0Loi2tsjpo0c8docP7HFxafEEvnnt/iabd6I536llMuw0uno4PgnD3ljcCMZLT+vn+amIDta lzVoMnSqzoNUotMNMtjIFuAaQ/wr4/Mp9CIgJdviGUc3PscqUiiUVVtk6uF0x657NULZgSIT /Mrqlr2i4RuyPwXe2Qt0uEA3KWWjF0l2NpAMVrqz+nHsLoNOaAsfdx94bzKQrrSeSQqEO2f+ /eO/hbUAFAmEhrotmUO8wJNygo8TgkdlzFI+UE4p8/KW0aCgGGgR8YkCvHq2OQhAAYFNJoNz Hqw0FGxdsY8qWFkYpoSB8zKspNy8KliofCamMYXoPF7eVIxIiKvxrAykGP4jNnzSoV0cn+bY fXnox1IhnqbnoJIT7kTmXv4JmWoYm8ThHqpEgcQOUUQzSRXb9OiNwiXT71ijeO1qswMRpsgk 6AGKSZGWxa3c4ive/p8z1Ax27BFZSh2FceIcMCcGLrDjnQYgeFsAJ1jSxZQXkGuJFHfb4nff Big7aq/vyKrQFQXG0NQQL7rZAdk/s665vifos0yPmRDu7yDT1ggdyBp4Pa4re+ZJcNRNzNHo zU9al+CoImCQjnTtKMXmOe/BzGrpHI4QR3NNzVa423WCIWkHfwARAQABzSlXaWt0b3IgS3dh cGlzaWV3aWN6IDx3aWt0b3JAbWV0YWNvZGUuYml6PsLB7gQTAQoAmAIbAQgLCQgHDQwLCgUV CgkICwIeAQIXgHMUgAAAAAAqAEB0aW1lc3RhbXArYml0Y29pbi10cmFuc2FjdGlvbkBtZXRh Y29kZS5iaXphZmNiMDkyYzVjYTY0MDk1MjZkMThhZTljZjIyZDNiNTVkMzdlNzIzZWIxYjc0 ZTNmODRmN2U2YjA1MmExNjJhBQJaLoPdBQkDwPuGAAoJEGyIV+DY6PB0CNkQAKGTFHzG4YO6 yne5jfMlGcF8JUYq0EGHE9DRK6oAyGo+1TGFbf1bS4wULvA6LFBOLd+aI7uuN062kDdtHVUf 0S0AZ9ByjIBdQJsqx47W6uXsRX/pB0a70QqS6NbS3AL/fdwZOj/TBk8bdsfg7Z+hH+ykMcOs EYLmdMLmrqYgl9EyP4FmsnU9H8x4yKp0/Kv4BQYfjn68CFvyM2NQU3MR/H3sqvM/uY5AJwTp A8X1ZbN8pjZO5YRTiQtMrXekNzhP3p0ep1+cu2UxQO6jXV6Sjdm8D8RJzGaxCuhN/VhLNSvh cb2T5sejBAhU8JmKNle4+z5wZWB4bl5Dfkg1NpSEEdv7so+KXCnszo89UJJijlfgBFtm5WjK u7gCR8CVOeGQwQolEzi18zihCwRy1rg/xKokk7q6ZBEvxM1sBYNd81mi1PgrNwgH4jPULfQk UJtU7HLRVNLbnrIyEQbLOJegBLaWHgR4T69blBGg1oqiq/1PHnZuJauZhhNEAViX42VKJP1z w6PIfvbjg27wf4OjEDtVVXCrxqqljHRilagFQHGlU+iF6Ii2C3pNod11+lqJC0riFylxK/wu zHpoZdFg10gqMWIE2Exm7nJ6ToKv5kZqKC97mWrmh6FFEr6HmjDDuo+N4RER3VGj0dSey5nc eFQ2vry17IGN1ljV9TiARDgizsBNBFs/lS0BCAC5oX3r3luF7czMF8UFxJz55XuvNRs4tEjo Hzqcqoe4+RJyfNDtspgevYIq1WTKw/H3ZYsd2wZpkM3I+BJn9eeHZKs77qXQZGN5PBB65rZo LjMx+qHa6wH4lIYMYW7eB9HHMsT/5E3ILBSRzZIwJimd/QdIMKSrJ5mPMkAd+9+xob5zKHO5 L5pbQtJSGS0m17/hA0kCTLI885hLtT3JsI/KWwuAYDrTwsayzh/hG/NgdA3I8xlrQCLC0EFJ oxHkN9tCyXeKPlrIPYyMB1jHTo1iNV0CQGpk+zf6DA/ySGfJxd30ksJZ8y5qxD43zS0YffYM C01CeuqPoGZ2Fy9VxhODABEBAAHCwXwEGAEKACYWIQRlOQmi8ON8EG9fr1RsiFfg2OjwdAUC Wz+VLQIbDAUJAeEzgAAKCRBsiFfg2OjwdKQ4D/wIb8s2Tw8MhbbwASutzTwg3g3KReDRHgSz z7RJtePIM8HC6qm9++9sxoqww7qm35vb604HtMRORYmfXgVSocsYg/eAk8LoBVfCZidDVBia /i/dYx/8LHeX/0PqPluSusQh64BFUoVetUCP+kISbK8vgDt4HfDSgtenC5lpTAdk257A84p2 zDnUtVr8XNv09m7ASft6Wh5Wrn+aWlJrf6T6eysk9OIw8VpSuq0oG3vcEoTbHKJN8TDliPUc QVz5Qti0tgB40PLrqOpTdENdxbiaUNFpHm3Tkk+n7CEFcOayFvy5vU6Nih0hu+LFC2XHzQRw sLnuQ2EilWtXRulcwvFo6A3Vp+gidxc6UwC+LBFJjvDMv5hmsdhSm08r2hd2k61oL6NCGVB3 fxuJT85UHsEC04N72Fa26+Spkh3DtJMrKqJlBBas7oJYh6644DB4rccd6VT3n7Zv1pd2uIWv gjORztfBzRJEysOeHoNpr4hEocg62beu9cnGHpYB9j3mhv+E2IYPnJKqit18G7xb7QnyQU7L YfctLO0GLNdTBavWJggHPzUp09vb3uGS3dMdAYbWTBtnXttkdYuLx/oCe1LVUQYotsX7s83V kVc2n6xzrcaebmgoFtGUfUmOV0U0xbqv6Mxg27qctYh1QidvRyt0xqGA0Qhz/vvoQdfQeMlO Tg== Organization: Metacode Cc: openpgp@ietf.org Message-ID: <486d2345-69c1-c329-d887-f164b5dc90d4@metacode.biz> Date: Fri, 26 Oct 2018 13:19:34 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.2.1 MIME-Version: 1.0 In-Reply-To: <87lg6lm2w8.fsf@wheatstone.g10code.de> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit Archived-At: Subject: Re: [openpgp] Clarifiction on v5 signatures X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Oct 2018 11:19:42 -0000 On 26.10.2018 12:13, Werner Koch wrote: > On Thu, 25 Oct 2018 19:01, wiktor=40metacode.biz@dmarc.ietf.org said: > >> Oh, got it, I'll try to find the previous discussion. The second octet >> key flags (ADSK and timestamping) look really interesting but the > > The ADSK (Additional Decryption Subkey) is an idea of mine on how to > ease ease encryption to several devices. You would install the separate > private subkeys on each device and if the sender supports the ADSK it > would encrypt to these subkeys. This is similar to what OpenKeychain > does but a more selective approach. OTOH, I am not sure whether one can > find a threat model where such a scheme would be useful. I think that would be useful to allow creating encryption subkeys directly on the hardware token (of course with having a backup encryption subkey on an offline computer too!). That way when one hardware token is lost one would revoke only the encryption subkey that was on that token. This scheme is currently possible only with signing subkeys, ADSK would extend the idea to encryption subkeys too. (I assume changing GnuPG behavior to align with OpenKeychain is not possible due to backwards-compatibility issues?). > We also have 2 other flags (group key and split key) which are also not > well defined, so the ADSK does not hurt too much. I have no problems to > drop that flag, though. Split key (0x10) looks like a good way to implement separation of duties (where multiple people are needed to use the key). I don't think this is possible in OpenPGP now. Thanks for the flag details! Kind regards, Wiktor -- https://metacode.biz/@wiktor From nobody Fri Oct 26 06:15:14 2018 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 27EC412872C for ; Fri, 26 Oct 2018 06:15:13 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -7.001 X-Spam-Level: X-Spam-Status: No, score=-7.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=gnupg.org Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tNiTcl2aiENG for ; Fri, 26 Oct 2018 06:15:11 -0700 (PDT) Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9C7101286E3 for ; Fri, 26 Oct 2018 06:15:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnupg.org; s=20181017; h=Content-Type:MIME-Version:Message-ID:In-Reply-To:Date: References:Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=qyzXnQfNh0qKmCuLd+GTiT+dIBcXSfh+9XnXCETbyms=; b=g+B/09lNnBDSATo0EL2RXK3Bek QXpa9gQ6zOlKsewXrslG9rpBcj7gtc+cGhB+vfTTmuFzF2fxl3nzAnfjRLTDLtCojsBXRat5V74RQ c7QyqZOHv5so/XXrIk9U5VMaOXbHMcRUsTTCiC1v0A9qe8jHaN0CTQiDSj3DMjjaBCJM=; Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.89 #1 (Debian)) id 1gG1xF-0005G3-9H for ; Fri, 26 Oct 2018 15:15:09 +0200 Received: from wk by wheatstone.g10code.de with local (Exim 4.84 #3 (Debian)) id 1gG1w4-0005az-0Y; Fri, 26 Oct 2018 15:13:56 +0200 From: Werner Koch To: Wiktor Kwapisiewicz Cc: openpgp@ietf.org References: <877ei9szyc.fsf@wheatstone.g10code.de> <87mur2nyt6.fsf@wheatstone.g10code.de> <87tvlam1iz.fsf@wheatstone.g10code.de> <87lg6lm2w8.fsf@wheatstone.g10code.de> <486d2345-69c1-c329-d887-f164b5dc90d4@metacode.biz> Organisation: GnuPG e.V. X-message-flag: Mails containing HTML will not be read! Please send only plain text. Mail-Followup-To: Wiktor Kwapisiewicz , openpgp@ietf.org Date: Fri, 26 Oct 2018 15:13:55 +0200 In-Reply-To: <486d2345-69c1-c329-d887-f164b5dc90d4@metacode.biz> (Wiktor Kwapisiewicz's message of "Fri, 26 Oct 2018 13:19:34 +0200") Message-ID: <8736ssn94c.fsf@wheatstone.g10code.de> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=Albania_nitrate_Soviet_Albright_brigand_South_Africa_ASIO_broadside="; micalg=pgp-sha256; protocol="application/pgp-signature" Archived-At: Subject: Re: [openpgp] Clarifiction on v5 signatures X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Oct 2018 13:15:13 -0000 --=Albania_nitrate_Soviet_Albright_brigand_South_Africa_ASIO_broadside= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Fri, 26 Oct 2018 13:19, wiktor=3D40metacode.biz@dmarc.ietf.org said: > (I assume changing GnuPG behavior to align with OpenKeychain is not > possible due to backwards-compatibility issues?). AFAIK, OpenKeychain encrypts to all non-expired subkeys. I think this a bit to course of an action. For example if a subkey has been created with future timestamp to help with key rollover. Thus the idea to explicitly mark suitable subkeys. Shalom-Salam, Werner =2D-=20 Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. --=Albania_nitrate_Soviet_Albright_brigand_South_Africa_ASIO_broadside= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQTX/8BjtAoilLlm20f/gK6dHew1jQUCW9MTEwAKCRD/gK6dHew1 jZvfAQCIeOPW/acpBDyIw/cR2XUCr/rv/Gm2ZmRNOkZ98QqzFAD+PRX6xNxUgKIP 9MtUpm1FGl5lkeDV65x6EXa6Vg/Fmg0= =p3et -----END PGP SIGNATURE----- --=Albania_nitrate_Soviet_Albright_brigand_South_Africa_ASIO_broadside=-- From nobody Fri Oct 26 06:42:53 2018 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 72AD21277C8 for ; Fri, 26 Oct 2018 06:42:51 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.122 X-Spam-Level: X-Spam-Status: No, score=-1.122 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_NEUTRAL=0.779] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fluidkeys-com.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CDWLLZ8cK_Zd for ; Fri, 26 Oct 2018 06:42:50 -0700 (PDT) Received: from mail-wr1-x433.google.com (mail-wr1-x433.google.com [IPv6:2a00:1450:4864:20::433]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 84D7E1271FF for ; Fri, 26 Oct 2018 06:42:49 -0700 (PDT) Received: by mail-wr1-x433.google.com with SMTP id n5-v6so1387165wrw.12 for ; Fri, 26 Oct 2018 06:42:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fluidkeys-com.20150623.gappssmtp.com; s=20150623; h=subject:to:references:from:openpgp:autocrypt:message-id:date :user-agent:mime-version:in-reply-to; bh=91ZIg9GQLEeqa5ahvTHjLvpxSdPiR3hcwfYKLICArEg=; b=htRqiwAWWhnIlq0On0FJYY4XKaetwQz/olqq9HSD3zqjC3X91ViBZP1YYCxtHtEFcU lfIpp84kYyjhinD9HY99nwObszg1zNLWUFCH5FPBfRk7K42BWP5C/CES35CNJyqnVKPG E2x5ic9ZtwZ/A+IRfl9IuthrNK6uqcW4fgrcYdUqHe9sWl/uQn0pj08ze+xVfe2TEq/N ELiVtFbMV7LWaHicwDtt8VPNWP8ngdsLSxoDA8Am3LPHR2y/NkRqteqh/skyls30myi8 Jj7gusPkeBNw8KpUHpqv05Z3kqwCghY6yv17tViOPPDUO9pMyuGR2VJrJspg5X4r1OWM LIqA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:openpgp:autocrypt :message-id:date:user-agent:mime-version:in-reply-to; bh=91ZIg9GQLEeqa5ahvTHjLvpxSdPiR3hcwfYKLICArEg=; b=sENswoBw9pCaCU1NWnsqAt96PrYl1wCXGKvj4lxVg4vB18DWDDFcAwmee5ovTElVoF zTJIVcndgg0dLG3Y1+5KULMlYrHOjSPJ344dtIseR+PtNwKOAa14jbUIXY9J3lcVK+A8 CYBL46TU4VYIQxM4tfxt3WFHPrG1bflorzynQyOdxQJRHovCD/LPJ3svYdA4dSSZpGaV NUQUdMrSKj+w6rxSOLq5D8pH0Xxsm3ABTCNBW3970x7z0byV5Eo6F+scgjdjHlxvv0FK ScDCPuixGJi/rh/WJeW68s3ZuJcd3FHTvEMOpiKSA8nnP3PL6DKF6uAaZ5GqA1VuBZdG yy9A== X-Gm-Message-State: AGRZ1gKTLSvbkhqJLPgMiNWaeNcPzVWtEqdz6MiMhZA5Fq8VorrTHBXG J4c0/mQeWj8yNe4wdCMaO6Tc5XUgMMjQ X-Google-Smtp-Source: AJdET5cL2gitYsDOe2n9Zulo0HkmnfRx8jhJsN0e1hk8RoRLXrA0p+GNZ+uE0S8TPQ3wyRlUuLCF5A== X-Received: by 2002:adf:c90e:: with SMTP id m14-v6mr5918965wrh.6.1540561367615; Fri, 26 Oct 2018 06:42:47 -0700 (PDT) Received: from [10.0.31.25] (cust-doesliv.fab.liv.balticbroadband.com. [185.135.106.6]) by smtp.gmail.com with ESMTPSA id c2-v6sm9025600wrt.77.2018.10.26.06.42.46 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 26 Oct 2018 06:42:47 -0700 (PDT) To: openpgp@ietf.org References: <877ei9szyc.fsf@wheatstone.g10code.de> <87mur2nyt6.fsf@wheatstone.g10code.de> <87tvlam1iz.fsf@wheatstone.g10code.de> <87lg6lm2w8.fsf@wheatstone.g10code.de> <486d2345-69c1-c329-d887-f164b5dc90d4@metacode.biz> <8736ssn94c.fsf@wheatstone.g10code.de> From: Paul Fawkesley Openpgp: preference=signencrypt Autocrypt: addr=paul@fluidkeys.com; keydata= xsFNBFuOr7IBEADj5wnhRc07sX1rNNqEvMEZIXYZgElhxNRpN4qc4ES4Xp9rlckLIgqARyiY Nc87arYP3CIgfbTFJTy7g7q3jjbm7jmYSvpxe1J40kgbKMOjAtula2vdKzddXcgNkmDiWHsc bvoG2cxNSqx5lUU9SsPO2lVU1C44g3k0A1NgueEwus9blb2/qwHB6Zn7L/jOSM+AV6zpWeSH gRWigN+1m21GE2i09Um0W/W8WhFJDV5M4+IfYVvysReLcfFvzGJjZMlkVWOfE/nWPhBQpQOC u4Wtu5490hmtTt4/hXBrqYBDOgXFYDZAsyUgTctXUiH0/bBNWZ2hHrMWeMOvGI0p6DhGfuAk M793lttcjsWX1ff6Nz+vBSucqZnXD/tOAhFjTaWggFEMPwb8Shvy79a+0F+LP8Qk0e88y9Jn 5wSlstMee7EYx8CH1KaJuvSchyK3Dvf2QQLVJ1axPTsDrqvbtmETUN5Wo/G/sKwlXcdn8rd9 Z9iCuvremUddN75LcRSOEg2drncK95b08JP0mn4oDrmVLVskEtF24IXxkmyPVE8yH51sMpRf B7VUDS3SftCINOmH0Xh3qtRQapmMp6HJ/Bs2P3DPDLS1NK+8gPA/2vd6zlLwTqWJVJvlKoIZ GShxBb8XI7zriY6Bgmn4OaMJUB9vj3dNjjj7Cvic5gwGzEJWdQARAQABzRQ8cGF1bEBmbHVp ZGtleXMuY29tPsLBeQQTAQoALQUCW8DK0AkQcyekTCFXp1gCGwMFCQBzH04CGQEFCwkIBwMF FQoJCAsEFgIBAAAArSYQAJA3oxxceY+spH+TgTMe35R+oVquZOzdqCCyM5DLVMt7mx0LV7pX VYJwY7TweqnL5rMnz+65W6VRkluE/XQYH7Kdy7EI2KWICmAs7z1IaMZXB7KYzWB3l2YUttmf RBtgdq4xanEFKhRbFX9XyRmh1kXD/MFLHqH4F1Nkn5ZT6TtGsMc1tpTBkWOWmMbnQetSQfrQ UYCTM7o0c3S11lhqNA47uk8rAcj+DS8HRZHz5S2b4/BUVpOHqxuKGVXGqTsMY4woTPzm++jB +UYDuCVAw1HPpMIPUmmnAETyikIfyaK58v0owwn97Wdi4mFTWftEVjYbDsvfLLa0d3THTxO3 GmaVRbLCbSWisCrUP678jUfJUqalN8ZrdBBXjUMtabaVxF/gK020czCxiZIm88PzG8sxO4ln WUqqw9p1zUCV6mzFR+VmB0S4GYLsWHm9jCcdrzF397zMSNlySBE21tcNcFi1sbRKnC8hcdcT qtNx/KpNvxVAC0nvDKS6XYG3VWK6N+Aa4XAamrITu5ZG6U1AkWp7PcyXorTK9IONAEroxX99 0ANE0Bd+IKWt6baO0D5LKXXdKtpjwKSe2PZoCXd5orK/hVgamSp7GEcNUBULha9k4O8OMj8N cFXO2rJ9NgK1KFhF/1WDEcv4rskIclRhqLZ9Cz/XLzbIs9BAtOz4kRIrzsBNBFu12cIBCADN I/U4wOQzsbrXSgCj5ARkqvHYnOwtybXVi5ufP7xvnUMzghjo5QbiChVk4owYNL2sOTCl+UGw qcr0cAONFvKY04340kXHrvqbJOgY27HEs1SiopmDQ2sANydz6HB4tKrh1KXjZz9xPtEllGeq LgByGES78ZuLS8KcDWLXZ5BL2TUkT9SiULsgejqNF7DXM+8bBihTO7YolVPk9iI7dVi3NHTQ D0EVil5Ta2Ni65TfRNRvcvhH1E4bGfF84hbmmZddyq7muc0qR3xiFXIeWifxSq0iINaMjGkQ eTyWBSQA9oLJCfzBPXSt+whr8Iiu8O8fP7UcK7+lRPu5m+HJe3ghABEBAAHCwWUEGAEIABkF Alu12cIJEHMnpEwhV6dYAhsMBQkAS/U9AAAGeQ//XhOKIg04EfrMjnZ4OhLfmXZNHpzGnel1 6UWLWcXWkplO1nFi1dHnyKSedCIvMTIs3G26CCpVGF89/46ChHfKTLkwkgyhk0Lfk+5xEd4b I47KVfPGAyrfzp2NVwk6iOZ1nxM8Wo2OvmmXpSYlI2bxGj0VWDOzB0KZwyJhAUKnLf3xF3kG lZWG5hJrJidbOrAzfXDrb633oxksAl1ScSbzZ82MkJ5xEVfPSvVP+U/0vWPplIZO3f/MPI4D Yy0RmsuYqmtYxoDf3YrIC1S+mvjCRnCPzD5TfHID4iuLA3/rfvJ18aFAQGprG6IyTvm0xAnx lDu3sh6hfN1/Ugt/nrAuirXh+Ub2RFX/ZgUva4quNtiLY0kMTXgEFh1lZWaN0cdvU9s8Es33 iRUSIq3BWm6ZEd4NeqI/el3FZ7+1eLQagARUgnLKa21jyBkTyuv+LA/qKAcAJI7AelzoL2SY iBKrPzcohmfnduNM7uBmMh4TLNKCVeMd6DITqTz4xD+DMdgC32i5r/9Cgc1HT5oP+637rrcX /GS54l2EGsEvK27KhD0EiYDSbzLCHQmtS83Q1HogSHRk2GeNLC97b+eDVaa4tAaxWVU5SU5x i+pL5T+m8gsZR7wC0WZY52pCIcgmUOq4HTbu4K5zFxHCQF1taHSkwpiU1ZPm0GiG+mp3FOHz uEw= Message-ID: Date: Fri, 26 Oct 2018 14:42:45 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.2.1 MIME-Version: 1.0 In-Reply-To: <8736ssn94c.fsf@wheatstone.g10code.de> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="uUq0BdoJzA07KimCAFh4VljxRMbDQKjyS" Archived-At: Subject: Re: [openpgp] Clarifiction on v5 signatures X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Oct 2018 13:42:52 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --uUq0BdoJzA07KimCAFh4VljxRMbDQKjyS Content-Type: multipart/mixed; boundary="KjpuryRQKGrXkqVPRw8mdHC2R0hxlPdKl"; protected-headers="v1" From: Paul Fawkesley To: openpgp@ietf.org Message-ID: Subject: Re: [openpgp] Clarifiction on v5 signatures References: <877ei9szyc.fsf@wheatstone.g10code.de> <87mur2nyt6.fsf@wheatstone.g10code.de> <87tvlam1iz.fsf@wheatstone.g10code.de> <87lg6lm2w8.fsf@wheatstone.g10code.de> <486d2345-69c1-c329-d887-f164b5dc90d4@metacode.biz> <8736ssn94c.fsf@wheatstone.g10code.de> In-Reply-To: <8736ssn94c.fsf@wheatstone.g10code.de> --KjpuryRQKGrXkqVPRw8mdHC2R0hxlPdKl Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable Hi folks, >=20 > AFAIK, OpenKeychain encrypts to all non-expired subkeys. I think this = a > bit to course of an action. For example if a subkey has been created > with future timestamp to help with key rollover. Thus the idea to > explicitly mark suitable subkeys. I feel OpenKeychain's approach here is sensible. Less complexity is better: it's a huge burden on implementors to support yet-another-flag. If a key has multiple valid encryption subkeys, it's advertising that it's OK to pick *any* of those subkeys. That's pretty arbitrary. I don't see why picking *all* would be any worse than picking an arbitrary one. > The ADSK (Additional Decryption Subkey) is an idea of mine on how to > ease ease encryption to several devices. You would install the separat= e > private subkeys on each device and if the sender supports the ADSK it > would encrypt to these subkeys. This is similar to what OpenKeychain > does but a more selective approach. OTOH, I am not sure whether one ca= n > find a threat model where such a scheme would be useful. Not sure I understand what you mean about threat model here? A team I previously worked in abandoned email encryption altogether because they couldn't access emails on their phones. Now they use unencrypted email - is that the sort of threat model you were thinking of? Paul --KjpuryRQKGrXkqVPRw8mdHC2R0hxlPdKl-- --uUq0BdoJzA07KimCAFh4VljxRMbDQKjyS Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEt58IQN7xLrunL/ctcyekTCFXp1gFAlvTGdUACgkQcyekTCFX p1hyFhAAqL7yu8AAPcl/0aZgTA5LjQOgvpg0NRCVWFV7S1ctHkPJKwD0HEZd18sK OKKyP38dou/O+36FyIUblFHAYjAyLwZlKR2QxIXhYYAuB1QL67oUl1uvjj15J3WJ CrYvTNFW/tgL9x130iDZfBcskpAFyVeCCg6adUz6z7TLJKTN9HUup8VSXQiyiYR+ DNgySU8A2W6mkUXdIOT2vXvPH7QLrosfOBX4d9vk8wWht1lMV9n9L4hpd6dw7Os2 ohXmbK5UuPzWD1+IiOZKE0zWDw4fKZJUoUPeKU11NgLkzTDb5jRSY9LK6KukHkPt qLtYRB34AYrmeHjYKjXo183hLvPtLqZRRtRcDyJl0O7GpPjBvuZ91XuUggASUhaR 6NcLraK07lvVHc0bim3l/rVpIWvRTmIDVBa8+ph22IjCYt1eRSz3KhNVIlIlTCVU Jy8g4wPO5fjk13UiE8xMuspOFN5Vbc9VCrae2/DWvDyedrDeG3mmnNdTIvxkfnme ofgA8HVXljyxY1RL/sFxesaGlu7gVlewOuDKCgQMyezSCzv3hta58VbXR814m+Q+ ZttAiKb7cWwfSXD27PjJX6zDW4v2xCmzhThzNXb0w+QFvOiKqq2ZWJ3rb1W+j9XG ueekUAaxSr/cbk9YIBm8IPtcypZVLc+rw2zPZFCFNovJP7vvEK0= =Aqh1 -----END PGP SIGNATURE----- --uUq0BdoJzA07KimCAFh4VljxRMbDQKjyS-- From nobody Fri Oct 26 11:30:59 2018 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9E3A6130DE9 for ; Fri, 26 Oct 2018 11:30:57 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=my.amazin.horse Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jEppH7_Xd5E4 for ; Fri, 26 Oct 2018 11:30:56 -0700 (PDT) Received: from mail.mugenguild.com (mugenguild.com [5.135.189.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 02FFB130DF5 for ; Fri, 26 Oct 2018 11:30:55 -0700 (PDT) Received: from localhost (i59F77C08.versanet.de [89.247.124.8]) by mail.mugenguild.com (Postfix) with ESMTPSA id D83BE5FAB1; Fri, 26 Oct 2018 20:30:53 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=my.amazin.horse; s=mail; t=1540578654; bh=1fjUN198pmXonU7Fl14JMKTpwB1dofhmRWnUrEheqB8=; h=Date:From:To:Subject:Autocrypt:From; b=VARb2SjBu8/R4mDx/NKRAypiUbiYp/9Z2Cxtg7p+DmWbmgdtJ5PlFBY7rcGQstUwo /l49zzQcPu5sPvFaAlvJiIPlymBzLQYM0NTRYtiKArUU6cF3hiBe+XBT+aq0APFDDR TT0CqKfKPLZofhIAyJKr2f5ed/XnFvzsTn2Te4x0= Message-Id: In-Reply-To: <8736ssn94c.fsf@wheatstone.g10code.de> References: <8736ssn94c.fsf@wheatstone.g10code.de> <877ei9szyc.fsf@wheatstone.g10code.de> <87mur2nyt6.fsf@wheatstone.g10code.de> <87tvlam1iz.fsf@wheatstone.g10code.de> <87lg6lm2w8.fsf@wheatstone.g10code.de> <486d2345-69c1-c329-d887-f164b5dc90d4@metacode.biz> Date: Fri, 26 Oct 2018 20:30:50 +0200 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Vincent Breitmoser To: Werner Koch Cc: openpgp@ietf.org Autocrypt: addr=look@my.amazin.horse; keydata=mQINBFAB3UABEADCyB/vbIBA3m1Bwc yjTieEMLySwYgt54EQ2hglOocdtIhqC+b05t6sLSkwx2ukxrU2cegnCBkdyF/FZ/+Et638CUEBbf 4bjplwpt2IPLazQgjkwjMuhz0OcYDpMhwimTvh3mIl+0wzpOts6mEmMw0QZdl3RXvIW+NSynOn7q mz/fAv4Htt6lv2Ka0s6R2voyi+5U7CcIqizPad5qZVn2uxmovcFreTzFt6nk37ZbbTfvA3e5F0bR RQeH3viT5XxpJF4Y76v/Ua+5N3Kd18K0sX85rD1G7cmxR2CZ5gW1X24sDqdYZdDbf10N39UIwjJH PTeuVMQqry792Ap0Etyj135YFCE0loDnZYKvy2Y1i0RuEdTUIonIHrLhe2J0bXQGbQImHIyMgB9/ lva8D+yvy2gyf2vjRhmJEEco7w9FdzP7p3PhKrUiTjRsjHw8iV8LOCFx9njZOq9mism9ZZ16tZpx 9mXOf11HcH1RtVuyyQRS/4ytQPzwshXdSDDW6Btkmo9AbZQKC54/hSyzpp3Br2T2xDH7ecnonDB/ jv8rWuKXSTbX3xWAIrNBNDcTYaNe4jkms4HF7jJE19eRlqsXMMx6Fxvrh4TtKICwJYJ3AUmXrK3X Ti/mjqYfJ1fpBn54rWs8nhSR1fuZPD+aMlcP8BDUPlNKPKtj0DGSh3/VlnnwARAQABtClWaW5jZW 50IEJyZWl0bW9zZXIgPGxvb2tAbXkuYW1hemluLmhvcnNlPokCOAQTAQIAIgUCVTNZmgIbAwYLCQ gHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQe9GDIN6t+hHcVg//aeiijNqsQ3pjbFQn3VvND7hNfJ vrVcLZ+U4kOzXPF818aVdOnDyNXyE17vBDDcvaZ730sCsZIRZJ3KhUJ+nPvdttKjUIGLARmx+pA3 Jl3IIv2uLtOb3I0TMuyfIGJVGF+q10/CeDMKVjKlmyOVrR0opkel+KEoN7VLq3Hf3zPKENO1HBgp LHeP31tlb9cgs+u4o2wLrVe9myHbuFBW7EjWbSvdz2zliwbsFeFVLMNcWrKAU0GkkiH69SgnwmXU RkhGma4L27GLtkHHufsxfbcPqPtmtCttsGZU4EmrghGUqVyDOxnn8ZqybzLrRfpin+OCIX+aHJz5 r2L8qtrP0LorNMX3Gopd26vfhNvq/wq8xk++bW1R5FmkaUhx9h+DhO2ybcg7p/E8JHc8zrWv+bb3 0o9lkrOaU8GxXrgtb1cjtbb+MxFvjm0Elw7MSZDG7sF/APFU6cwuIA9Nai/OGAUCSt/W2ecS8Zox cWWbGSEiDvjtEctkpmHjfVuGoL34966Olm41VdH+NjgoSYUJKx4Mty8DRcZxdyoXll84LvDkEEYK ZqOIACsJf8CDFvUkmhXc+moCj15Yxtj3/RslRVEiOUyrpDwB72zWcZG8YnzoyGxhcRIc/gFejO/y SI8bzCpYngeuTb5NjFG+ChGiInHbQcFeHBlaHtKi2o/B5axIO5Ag0EVDvOgQEQALJby/ztliToGE u1lslvWQUQ6teKZVUQ7hy9bM4N83G0AGLatUBHtY6PkJBe4XkIw3sK7LoFCV2W4GSt4zWp9l+kG3 /J8Ow7EFjN0F7DrCg0M0lMg9dQz9jYSoBR8skaH3BRzCq9AKIVKV94poL/G65289L7zKDHoZnnyF qbBtedYZir0SZx+kiouZ1qnmxRPaYmH2fkuiuvYEAyzLDLYM8F5gQhdZM4YVtuvSICYPet0z4CDi JX/vZmDi3AzzoEVaKeAM/0H9f9Ni547J2+8dZSllgTrA+fq0aMJVScAObIxTAQtEq0DoNBzPpVrm W10b4bmgePrAvNkifqSr5StymSBgwvoeW6GrJiyN4XhoLOadZzwgjqioR1nXw5tXtrr5sYdkZ06b 1WWHkxtu1hFTdLC7RYNxY07ytLNM+C2lplCwCwlWB7RwI9BL1Dhre4kv8uaaX2Gksaq9mDf9MSDW qQ0TJ/RAiwMGmFrzBEYI1J2Oyeshi/dqW4/OiZAukOIlxOnt6u8zU2KL6Qjxqqna0oTbS4Zv3fRd YkuUCL6CDEJdkuRAiW+Gw+lKcMjXqApEqixhaDkoB/kwtu+2gIFTzAxMfwFN1YtNc0kJZWnFkGIW MrrwTcOwAFzlFz7wn/EyMFtg+ERcqMX0+olXDwM8MODI2+BzulPuEDEteCw09hABEBAAGJAh8EGA ECAAkFAlQ7zoECGwwACgkQe9GDIN6t+hFjuQ//UQyg49f8TytUYQaBb8R0UfI+KhQFs1Nsz2z8a3 0CD1MeiHHYWdAcomVvTkg4g5LbnYHVDrj/XagY3FN/AIE97usFbsTG+rsWAOLi7N2dN2ehWZ634k MvrgyC9uTiOdkw31+B8K5MpyySgD8e6SAzRfiu06/bcQOUyJifw8Hudpj9by4uyGhSH+kHu4afrp OduUighbsGFtcuRwwQ/w/oSk68XvPUgiOQWMZh/pVoXdFyFvrt/hgArCi8dfy5UPK58nl7jPnu/I uQXrJ50nNAFIIxPVeo2/B83KAnEZPU+qWZsdba0V+FIIQQVizLtQFMuJJk4/UTAOfJ2tBpQ9PADX 6/scqDE7unXNWdxcHTjK7KmWjXC8CyhGOx8V/rb7Ial4mZo4cTED6SNlO7dV1XYwnSctL2HCYNM3 RUe4eJ7JWuu7/Nbf6yip2eq7BQKZ9hAH/se/OSZNYsEkZ4pxUc8W5U3uAZImUwC6L74SM0jBZIuD mQhOYX6sZZ6urIn/MYlj4/hqSBFS4vTK7nXRLmtr7+5T5U5srVseUiYc+l9pu9/XD8zGIu+M2xEd 41NwP44GDQTQm0bFljRv5fSblwmi56YHPFQUIh2RZNX3kOJgeyQ3enw5uY+7ocKRVP38hpnffliL lJcO6TtHWnElS3pACbTQM0RHJox3zqU3q6K3c= Archived-At: Subject: Re: [openpgp] Clarifiction on v5 signatures X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Oct 2018 18:30:58 -0000 > For example if a subkey has been created with future timestamp to help with > key rollover. Thus the idea to explicitly mark suitable subkeys. We encrypt to all non-expired, non-revoked, already-signed subkeys. Thus a model to pregenerate keys with future timestamps is already well supported. We discussed this with Justus some time earlier this year, see https://github.com/open-keychain/open-keychain/issues/2374 - V