[OTR-users] PGP integration?
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Nov 6 17:00:27 EST 2013
On 11/06/2013 01:24 PM, Ximin Luo wrote:
> To re-iterate this to OP more strongly, if this "rudimentary" behaviour merely grabs a random key that could be *already used for another purpose* and turn it into an OTR key, then that is a security flaw, and no-one should be using it.
I agree that grabbing arbitrary DSA keys is a bug and a potentially bad
security tradeoff.
> What we said before (and to repeat from the parallel discussion from otr-users) is that the tool should generate a new PGP subkey with usage flags "Authentication" and critical notation "for OTR use only". (If you don't know what a usage flag is, or a critical notation, please look this up in the OpenPGP docs/specs.)
Hm, i'm not sure this is a complete consensus, actually. The behavior
of gnupg (and probably other RFC 4880-compliant PGP implementations)
when encountering a certification with an unknown critical subpacket is
to discard the entire certification.
This means that if you want to rely on GnuPG to do your key management,
you won't be able to use the proposed critical notation without patching
GnuPG.
As a result, while i theoretically see the spec-cleanliness of wanting
to mark the key as "authentication-capable", i am leaning toward the
idea of using a zero-capabilities key usage subpacket and an
non-critical notation.
Some older versions of GnuPG did not handle the empty-usage-flags
subpacket properly, but this has now been fixed (see CVE-2013-4351) with
widely-adopted patches even in old, stable distros like RHEL5 and debian
squeeze.
Getting widely-adopted distros to accept patches that interpret such a
critical notation is unlikely to happen, unless they see evidence that
people want to use the notation. And of course, that won't happen until
we have deployed code that uses it :/
> (I suppose one final thing is precisely what string the notation should be.)
I hereby propose that the name of this "use in specialized
authentication purposes only" notation should be:
context at openpgp.monkeysphere.info
It should be marked as "human-readable" (0x80 of the flags field should
be set).
For use by otr, its value should be:
otr
Reference for OpenPGP notation details:
https://tools.ietf.org/html/rfc4880#section-5.2.3.16
If this gets implemented and people start to use it more widely, then we
can get GnuPG and other implementations to adopt it, and then we can
think about setting the authentication capability flag and adding the
critical marker to the notation subpacket. But in the meantime, i think
you want empty-usage-flags+noncritical-notation, to avoid being caught
in a cannot-deploy-because-not-already-deployed loop.
Regards,h
--dkg
More information about the OTR-users
mailing list