From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Greg A. Woods" Subject: Re: PATCH: Less fragile lookup of gpg key Date: Mon, 03 May 2010 18:19:17 -0400 Organization: Planix, Inc. Message-ID: References: <4BDC45EB.8090305@grant-olson.net> <4BDC561B.4030307@gmail.com> <7vhbmr5ym4.fsf@alter.siamese.dyndns.org> <4BDC63FB.7060202@grant-olson.net> <7v7hnn4cun.fsf@alter.siamese.dyndns.org> Reply-To: The Git Mailing List Mime-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: multipart/signed; boundary="pgp-sign-Multipart_Mon_May__3_18:19:17_2010-1"; micalg=pgp-sha1; protocol="application/pgp-signature" Content-Transfer-Encoding: 7bit To: The Git Mailing List X-From: git-owner@vger.kernel.org Tue May 04 00:19:31 2010 connect(): No such file or directory Return-path: Envelope-to: gcvg-git-2@lo.gmane.org Received: from vger.kernel.org ([209.132.180.67]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1O93z7-0006rf-7c for gcvg-git-2@lo.gmane.org; Tue, 04 May 2010 00:19:29 +0200 Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756237Ab0ECWTX (ORCPT ); Mon, 3 May 2010 18:19:23 -0400 Received: from mail.robohack.planix.com ([204.92.254.2]:54784 "EHLO most.weird.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755885Ab0ECWTW (ORCPT ); Mon, 3 May 2010 18:19:22 -0400 Received: from once.weird.com ([204.92.254.13] port=58161) by most.weird.com([204.92.254.2] port=25) via TCP with esmtp (4751 bytes) (sender: ) (ident using rfc1413) id for ; Mon, 3 May 2010 18:19:21 -0400 (EDT) (Smail-3.2.0.122-Pre 2005-Nov-17 #1 built 2009-Feb-3) In-Reply-To: User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI/1.14.6 (Maruoka) FLIM/1.14.9 (=?ISO-8859-4?Q?Goj=F2?=) APEL/10.7 Emacs/22.3 (i386--netbsdelf) MULE/5.0 (SAKAKI) X-Face: ;j3Eth2XV8h1Yfu*uL{<:dQ$#E[DB0gemGZJ"J#4fH*][ lz;@-iwMv_u\6uIEKR0KY"=MzoQH#CrqBN`nG_5B@rrM8,f~Gr&h5a\= X-Mailing-List: git@vger.kernel.org Archived-At: --pgp-sign-Multipart_Mon_May__3_18:19:17_2010-1 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable At Mon, 3 May 2010 07:16:55 -0400, Theodore Tso wrote: Subject: Re: PATCH: Less fragile lookup of gpg key >=20 > On May 2, 2010, at 8:59 PM, Greg A. Woods wrote: > >=20 > > You can of course have more than one e-mail address per key, but you > > should NEVER have more than one key per e-mail. >=20 > This is pretty common actually. At the very least it will happen if > people are trying to transition between an older and a newer key --- > for example, if they are trying to move from a less secure crypto > algorithm to a more secure crypto algorithm. As I understand things the best way to manage these kinds of things is to use sub-keys. You can change the expire time on a sub-key, and then eventually you can revoke it, all the while preserving your one primary public key for signing. Indeed it's a good idea to regularly change your sub-key and expire the older ones. Any time I've ever encountered anyone with more than one published key associated with any given e-mail address, confusion has inevitably ensued. Normally the only time I've ever seen anyone end up with multiple published keys associated with the same e-mail address it has happened when they have accidentally lost their private key somehow and therefore they were unable to revoke it properly. If you must regenerate your primary public key, and you have control of your old public key then the right thing to do is to set the old one to expire ASAP, and/or to revoke it, upon generating a new one, then publish the updates together. This way there doesn't have to be any window of confusion. So, as Grant Olson has also explained, publishing multiple keys with the same e-mail address in one of their UIDs (even if the entire UID is not identical), is only for advanced users who are willing to deal with the exceptional usage that results. Not all Git users are advanced users who will be willing and/or able to deal with these issues. Meanwhile the original problem here appears to me to be that Git effectively encourages use of multiple valid keys that may have the same e-mail address attached to multiple key-IDs. If I understand correctly from the GnuPG documentation, the desired way to search for a key has a very well defined algorithm based on the syntax identifying the format of the "key". I think Git should use that same algorithm at minimum, but by default if there's no hint based on the expressed syntax of the key given it should follow the example of most/all(?) MUA interfaces to PGP, which if I'm not mistaken is to search by exact match of the e-mail address stripped of any display name and all comments. --=20 Greg A. Woods Planix, Inc. +1 416 218 0099 http://www.planix.com/ --pgp-sign-Multipart_Mon_May__3_18:19:17_2010-1 Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (NetBSD) iD8DBQBL30vlZn1xt3i/9H8RAu7WAJ0c8FxSftMNr7RSFjUZ4LkQBey0eACfT+0/ in5VE04Q6Wp0YrRfkhMeKIg= =4Lhf -----END PGP SIGNATURE----- --pgp-sign-Multipart_Mon_May__3_18:19:17_2010-1--