Re: [Standards] OX questions/remarks

Sat, 27 Aug 2022 08:47:07 -0700 

Hey!

Am 27.08.22 um 17:25 schrieb Tim Henkes:

Hi,


I'm implementing OX and have a bunch of questions/remarks that I would
like to hear the authors' (or really anybodies') perspectives on.


In no particular order:


1.

Section 8.1 tells me to be prepared to find multiple public keys in
"[...] the Personal Eventing Protocol node.". The XEP specifies multiple
PEP nodes that could be meant here, but I can't make sense of that
warning for any of them. If the Public-Key Data Node (4.1) is meant,
then multiple keys in that node would be weird, since the node URI is
built with the fingerprint of the contained key. If the Public Key
Metadata Node (4.2) is meant, then well yeah, it contains a list... Am I
missing the point of 8.1, or is it maybe a leftover?
I *think* this is about public key certificates comprised of multiple (sub-)keys (e.g. an ECDSA primary key + ECDSA/ECDH subkeys). Those are the norm for EC keys, so maybe to reduce the potential for confusion we should remove this statement entirely? 


5.

It should be emphasized that the public keys list has to updated not
only when a new public key is added, but also when an existing public
key is updated. It is mentioned in 4.2 but doesn't receive enough
emphasis IMO. This is required since public keys can be updated without
their fingerprints changing, and there needs to be a way to detect that.
This rationale should be given in the specification too.



I agree.



9.

5.4 point 3. As far as I understand from RFC 4880, a "Symmetric-Key
Encrypted Session Key" packet encrypts a symmetric key with a
passphrase. The XEP only talks about a symmetric key. So, do you want me to: 

- use the backup code as the symmetric key and generate a passphrase/let
the user enter a passphrase?

- use the backup code as the passphrase and have GPG think of a
symmetric key/derive one from the passphrase?
The implementation is supposed to use the backup code as the passphrase to derive a symmetric key from via an S2K mechanism. 
See https://www.rfc-editor.org/rfc/rfc4880#section-3.7.2.2
For gpg you would use the backup code as input for `gpg -c`.

Paul

_______________________________________________
Standards mailing list
Info: https://mail.jabber.org/mailman/listinfo/standards
Unsubscribe: [email protected]
_______________________________________________

Reply via email to