mirror of
https://codeberg.org/openpgp/notes.git
synced 2025-01-05 04:27:59 +01:00
Compare commits
4 commits
6d0deb643b
...
98162b87d6
Author | SHA1 | Date | |
---|---|---|---|
|
98162b87d6 | ||
|
1f8952971e | ||
|
0d87ddefba | ||
|
c831fdeb34 |
1 changed files with 22 additions and 24 deletions
|
@ -130,47 +130,45 @@ One mechanism that addresses a part of this issue is *expiration*: By setting th
|
|||
(minimization)=
|
||||
## Certificate minimization
|
||||
|
||||
Certificate minimization is the practice of presenting a partial view of a certificate by filtering out some of its components.
|
||||
Certificate minimization involves selectively filtering out components of a certificate that are not essential for its intended use-case or to mitigate specific security concerns. This practice aims to enhance performance – particularly for client software – address security vulnerabilities like certificate flooding, and protect user privacy.
|
||||
|
||||
Filtering out some elements of a certificate can serve various purposes:
|
||||
### Rationale and techniques for minimization
|
||||
|
||||
- Omitting unnecessary components for specific use-cases. For example, email clients need encryption, signing and certification component keys, but not authentication subkeys, which are used, e.g., for SSH connections.
|
||||
- Omitting third-party certifications if they are not required for a use-case. ["Certificate flooding,"](https://dkg.fifthhorseman.net/blog/openpgp-certificate-flooding.html) for example, can lead to consumer software rejecting a certificate entirely. Filtering out third-party User ID certifications on import can mitigate this.
|
||||
- Sometimes, a certificate organically grows so big that the user software [has problems handling it](https://www.reddit.com/r/GnuPG/comments/bp23p4/my_key_is_too_large/).
|
||||
The strategy behind certificate minimization focuses on creating a streamlined certificate by removing elements not required for its specific application. This approach not only boosts operational efficiency and client software performance but also safeguards OpenPGP communications against various threats. By filtering which components to retain or omit, the process can serve distinct purposes:
|
||||
|
||||
### Elements that can be omitted as part of a minimization process
|
||||
- **Omitting unnecessary components**: In contexts such as email encryption, only the keys necessary for encryption, signing, and certification are retained, excluding those like authentication subkeys that are irrelevant to the primary use-case.
|
||||
- **Omitting third-party certifications**: Proactively filtering these out upon import can prevent the overload of a certificate with excessive certifications, a common tactic in [certificate flooding](https://dkg.fifthhorseman.net/blog/openpgp-certificate-flooding.html) that is designed to render a certificate unusable. This is particularly relevant when certificates grow organically large, to the point that user software [encounters difficulties handling them](https://www.reddit.com/r/GnuPG/comments/bp23p4/my_key_is_too_large/).
|
||||
|
||||
There are different types of elements that can be omitted during minimization:
|
||||
Additionally, specific elements of a certificate can be selectively omitted during the minimization process to tailor the certificate to its use-case, improve manageability, and ensure software compatibility:
|
||||
|
||||
- Subkeys (along with signatures on those subkeys)
|
||||
- Identity components (along with both their self-signatures and third-party signatures)
|
||||
- Signatures, by themselves:
|
||||
- Self-signatures that have been superseded by newer self-signatures for the same purpose
|
||||
- Third-party certifications
|
||||
- **Subkeys and their signatures**: Subkeys not used for the current application, along with their associated signatures, can be omitted.
|
||||
- **Identity components and outdated signatures**: Both self-signatures that have been superseded by newer versions and third-party signatures on identity components that are not necessary can be excluded. This helps keep the certificate lean and focused on its current application, reducing bloat and enhancing performance.
|
||||
|
||||
### Minimization in applications
|
||||
Through these targeted techniques, certificate minimization serves to enhance the practical usability of certificates in various environments and protect against potential security threats and privacy concerns. It strikes a careful balance, maintaining the OpenPGP trust framework while optimizing certificates for efficiency and specific operational contexts.
|
||||
|
||||
#### Hagrid, which runs keys.openpgp.org
|
||||
### Application-specific approaches: Hagrid and GnuPG
|
||||
|
||||
The [hagrid keyserver software](https://gitlab.com/keys.openpgp.org/hagrid) doesn't publish the identity components in certificates by default. This is a central aspect of the [privacy policy](https://keys.openpgp.org/about/privacy) of the service. Certificates can be uploaded to the service by third parties, which is useful. However, identifying information is only distributed by the service on an explicit opt-in basis.
|
||||
#### Hagrid
|
||||
|
||||
Separately, third-party certifications are currently filtered out by the service, to avoid flooding attacks.
|
||||
[Hagrid keyserver software](https://gitlab.com/keys.openpgp.org/hagrid), operating keys.openpgp.org, adopts a privacy-centric model by not automatically publishing identity components of certificates. According to its [privacy policy](https://keys.openpgp.org/about/privacy), the service allows certificates to be uploaded by anyone, but identifying information is shared only with the certificate owner's explicit opt-in. This measure significantly contributes to user privacy and aids in minimizing certificates by default.
|
||||
|
||||
Additionally, to mitigate the risk of certificate flooding, Hagrid currently filters out third-party certifications, further aligning with certificate minimization principles.
|
||||
|
||||
#### GnuPG
|
||||
|
||||
GnuPG offers two explicit methods for certificate minimization, described [in the GnuPG manual](https://www.gnupg.org/documentation/manuals/gnupg-devel/OpenPGP-Key-Management.html) as:
|
||||
GnuPG introduces two explicit commands for certificate minimization, `clean` and `minimize`, aimed at optimizing certificate size and content.
|
||||
|
||||
*clean*
|
||||
: *Compact (by removing all signatures except the selfsig) any user ID that is no longer usable (e.g. revoked, or expired). Then, remove any signatures that are not usable by the trust calculations. Specifically, this removes any signature that does not validate, any signature that is superseded by a later signature, revoked signatures, and signatures issued by keys that are not present on the keyring.*
|
||||
The `clean` command streamlines certificates by removing all but the most recent self-signature for user IDs that are no longer usable due to revocation or expiration, and also purges signatures not contributing to trust calculations.
|
||||
|
||||
*minimize*
|
||||
: *Make the key as small as possible. This removes all signatures from each user ID except for the most recent self-signature.*
|
||||
The `minimize` command further reduces the certificate size by retaining only the latest self-signature for each user ID.
|
||||
|
||||
`clean` removes third-party signatures by certificates that are not present in current keyring, as well as other stale data. `minimize` removes superseded signatures that are not needed at the point when the command is executed.
|
||||
Detailed in the [GnuPG manual](https://www.gnupg.org/documentation/manuals/gnupg-devel/OpenPGP-Key-Management.html), these functionalities allow users to manage their certificates efficiently, directly supporting the goals of minimization.
|
||||
|
||||
Independently, GnuPG by default [strips some signatures on key import](https://dev.gnupg.org/T4607#127792)[^gpg-default-strip]. However, a number of Linux distributions change this default behavior, and continue to import signatures without minimization by default. e.g. [Debian](https://dev.gnupg.org/T4628#128513) and Arch Linux: stripping third-party certifications on import, by default, is problematic for users who want to leverage authentication based on the [Web of Trust mechanism](wot).
|
||||
Moreover, GnuPG's approach to handling incoming certificates includes stripping some signatures by default[^gpg-default-strip] to prevent bloating, although this behavior varies across different Linux distributions. For instance, distributions like Debian and Arch Linux have altered this default setting, affecting how third-party certifications are managed upon import.
|
||||
|
||||
[^gpg-default-strip]: GnuPG's changes in the default handling of third-party certifications on imports were prompted by the 2019 [keyserver flooding](keyserver-flooding) event.
|
||||
This variance underscores the importance of understanding your specific GnuPG configuration and its effects on certificate minimization, especially for users relying on the [Web of Trust mechanism](wot) for authentication.
|
||||
|
||||
[^gpg-default-strip]: GnuPG's changes in the default handling of third-party certifications on imports were prompted by the 2019 [keyserver flooding event](https://dev.gnupg.org/T4607#127792).
|
||||
|
||||
### Limitations that can result from stripping historical self-signatures
|
||||
|
||||
|
|
Loading…
Reference in a new issue