aitorpazos
#gpg Why #ADSK (Additional Decryption SubKey) has not been more communicated? šŸ¤”
To me it, this seems to close a big gap: https://gnupg.org/blog/20230321-adsk.html
If I understand correctly it would greatly help maintaining a long-living identity while rotating encryption subkeys as needed (eg: as I loose/break HW tokens).
ADSK: The Additional Decryption Subkey

May 15, 2024 at 10:05pmWeb
Show threadWiktor KwapisiewiczMay 16, 2024

Because of several small issues: first, thereā€™s no consensus among OpenPGP implementers if ADSK is a good idea. Some of them (say Sequoia) would rather have clients implement encrypting to *all* valid subkeys (instead of only to the most recent one) obsoleting the need for ADSK. Note that this is left unspecified in the spec.

The other issue is that this feature *may* be patent-encumbered because itā€™s exactly the same feature thatā€™s present in Symantec PGP: https://knowledge.broadcom.com/external/article/153511/additional-decryption-key-adk-guidelines.html

Funnily enough GnuPG consumed these old Symantec packets and emitted ā€œBig Brotherā€™s key (ignored)ā€ (https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=g10/parse-packet.c;h=8bd283b4bc1debf9cdead7da92948fc22b780114;hb=HEAD#l1780). I guess itā€™s not ā€œBig Brotherā€ if youā€™re doing it, right? šŸ˜‰

Oh, did I mention that the OpenPGP WG have other problems right now such as GnuPG actually forking OpenPGP into https://librepgp.org ?

Additional Decryption Key (ADK) Guidelines for the PGP Encryption Server (Symantec Encryption Management Server)

Show threadaitorpazosMay 16, 2024
@wiktor Amazing feedback, thanks!!
Show threadaitorpazosMay 19, 2024
@wiktor Then should I keep it simple and use yearly expiring identities or just expire the subkeys and keep updating the identity? I don't see much WebOfTrust signing going on around me anyway, so not sure about being precious about maintaining a long living identity šŸ¤”
Show threadWiktor KwapisiewiczMay 21, 2024

Well, it depends on what you want to achieve.

If your primary key expires then everything else becomes expired too so I suggest thinking about this first. Iā€™m using yearly expiry since it gives a good balance. Remember that clients need to update expired keys so it shouldnā€™t be too short or youā€™ll make it inconvenient to them, but not too long too so that they check it regularly just in case you revoke or add a new one. Details at https://blogs.gentoo.org/mgorny/2018/08/13/openpgp-key-expiration-is-not-a-security-measure/

Iā€™m using a single User ID out of simplicity. Since algo preferences are stored on User IDs your recipients may have a completely different view of your cert if they fetch it with a subset of your User IDs (just like WKD lookup in GnuPG does). Some details at https://openpgp.dev/book/adv/certificates.html#adding-unbound-local-user-ids-to-a-certificate

Yeah, WoT seems to be dead at this point, and I say that having my key in the Strong Set. It may work in small circles of friends or orgs. https://openpgp-ca.org explores this further.

OpenPGP key expiration is not a security measure

There seems to be some recurring confusion among Gentoo developers regarding the topic of OpenPGP key expiration dates. Some developers seem to believe them to be some kind of security measure ā€” anā€¦

Michał GĆ³rny