From unknown Wed Jun 18 23:06:47 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#57091 <57091@debbugs.gnu.org> To: bug#57091 <57091@debbugs.gnu.org> Subject: Status: Git authentication reports subkey fingerprints Reply-To: bug#57091 <57091@debbugs.gnu.org> Date: Thu, 19 Jun 2025 06:06:47 +0000 retitle 57091 Git authentication reports subkey fingerprints reassign 57091 guix submitter 57091 Ludovic Court=C3=A8s severity 57091 normal thanks From debbugs-submit-bounces@debbugs.gnu.org Tue Aug 09 17:07:24 2022 Received: (at submit) by debbugs.gnu.org; 9 Aug 2022 21:07:24 +0000 Received: from localhost ([127.0.0.1]:45272 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oLWRg-0007ih-2j for submit@debbugs.gnu.org; Tue, 09 Aug 2022 17:07:24 -0400 Received: from lists.gnu.org ([209.51.188.17]:52648) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oLWRe-0007ia-WE for submit@debbugs.gnu.org; Tue, 09 Aug 2022 17:07:23 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:37734) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oLWRe-00069u-Rb for bug-guix@gnu.org; Tue, 09 Aug 2022 17:07:22 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:47300) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oLWRe-0006mf-J4 for bug-guix@gnu.org; Tue, 09 Aug 2022 17:07:22 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:Subject:To:From:in-reply-to: references; bh=RQVjl8fElk3jMH2wX3ieBnAgVBjYkxzsv6uLu/Mv3LA=; b=H9TyMlPEDzK9Aa B9VYRoTWW5GcjcHBXr77TBfIVyXzX3t35onO9nU1GpP7rFpFIY89Man+rb0SKrG97w8YedIhFrzXI BCsb2hyE5n+ptIVdPRbeLkHb7KFIKvDpLca241ZCw7p5yb1Z60+qzQ/YXA9JE3/lEzeCCw6TCdodL v3NVIIsBs4/74YAKnYJUSNMXSRPcpyej37B5JyA4VDNLkj0XsM4b08uD7/2UtwEaM0gaTfIUQzJYL 7ca/Zzszc1hxDxZYB/2U09xPPSXex5TWU85AfVUPoUknXzEtRxefAqEDz961i2uolEQ1vy5C50Rip ZKgRUVP3GGPtZ7xq2+UA==; Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:57956 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oLWRe-0007GP-69 for bug-guix@gnu.org; Tue, 09 Aug 2022 17:07:22 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: bug-guix@gnu.org Subject: Git authentication reports subkey fingerprints X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: Duodi 22 Thermidor an 230 de la =?utf-8?Q?R=C3=A9vol?= =?utf-8?Q?ution=2C?= jour du =?utf-8?Q?C=C3=A2prier?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Tue, 09 Aug 2022 23:07:19 +0200 Message-ID: <87iln12kjc.fsf@inria.fr> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hello, As Tobias explains at and as can be seen from =E2=80=98.guix-authorizations=E2=80=99, the (guix openp= gp) and (guix git-authenticate) machinery reports the fingerprint of subkeys on signatures (when subkeys are used) rather than the fingerprint of primary keys. This should be changed to report primary keys, at least optionally. Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Tue Aug 09 17:20:10 2022 Received: (at 57091) by debbugs.gnu.org; 9 Aug 2022 21:20:11 +0000 Received: from localhost ([127.0.0.1]:45300 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oLWe2-0001zC-JC for submit@debbugs.gnu.org; Tue, 09 Aug 2022 17:20:10 -0400 Received: from michel.telenet-ops.be ([195.130.137.88]:51074) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oLWdz-0001yw-H5 for 57091@debbugs.gnu.org; Tue, 09 Aug 2022 17:20:08 -0400 Received: from [IPV6:2a02:1811:8c09:9d00:5dba:d409:33f7:a16] ([IPv6:2a02:1811:8c09:9d00:5dba:d409:33f7:a16]) by michel.telenet-ops.be with bizsmtp id 5ZL22800A20ykKC06ZL3Bj; Tue, 09 Aug 2022 23:20:06 +0200 Message-ID: <78149f79-5620-fae9-1ba3-4ed25c2154c5@telenet.be> Date: Tue, 9 Aug 2022 23:20:01 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.12.0 Subject: Re: bug#57091: Git authentication reports subkey fingerprints Content-Language: en-US To: =?UTF-8?Q?Ludovic_Court=c3=a8s?= , 57091@debbugs.gnu.org References: <87iln12kjc.fsf@inria.fr> From: Maxime Devos In-Reply-To: <87iln12kjc.fsf@inria.fr> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------260YP0dgb8AWpgmALwGgj6QN" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22; t=1660080006; bh=oeOvD5IXg8LdTHu5p7aBL4CRihMRDM7/hLOTSLTMWcc=; h=Date:Subject:To:References:From:In-Reply-To; b=b5PKIqn0kn049XuYWJEK54okkUk4xDnbIOuwCkYMpV/KvIRf9GfbXwk1BHjb+Y2TE Czov9fQu6etpKNTaKx9/f+XO17Akc6Ki5GniNi5c+CrSYXlpPs3kh7jO1O9ZZgHTwX AVraOrZ/S9L/wcz/LqtgRhsNlW4KduPPLmPeanzi6Hb8qt2T951UGbOxaxwVExErit GQ2MtPD0Sdo6o6EtpDU884sUQgla6ZCVhYXjQzegVP73AvoK7PhiJpMk+fdlRrKetg uGzPfDzME7O0YSSqOEaWWfGsk9Si9kwNqf8oXAuAST8AYaEpwYDbnqHpKERrE29Vb6 EmzekCznQYOkA== X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 57091 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------260YP0dgb8AWpgmALwGgj6QN Content-Type: multipart/mixed; boundary="------------bT0VQbXYMdqJJ2a8EPMuJ4tZ"; protected-headers="v1" From: Maxime Devos To: =?UTF-8?Q?Ludovic_Court=c3=a8s?= , 57091@debbugs.gnu.org Message-ID: <78149f79-5620-fae9-1ba3-4ed25c2154c5@telenet.be> Subject: Re: bug#57091: Git authentication reports subkey fingerprints References: <87iln12kjc.fsf@inria.fr> In-Reply-To: <87iln12kjc.fsf@inria.fr> --------------bT0VQbXYMdqJJ2a8EPMuJ4tZ Content-Type: multipart/mixed; boundary="------------NC4sNZzGE9Nt4fWVL0vIBvft" --------------NC4sNZzGE9Nt4fWVL0vIBvft Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64 DQpPbiAwOS0wOC0yMDIyIDIzOjA3LCBMdWRvdmljIENvdXJ0w6hzIHdyb3RlOg0KPiBIZWxs bywNCj4NCj4gQXMgVG9iaWFzIGV4cGxhaW5zIGF0DQo+IDxodHRwczovL21haWwuZ251Lm9y Zy9hcmNoaXZlL2h0bWwvaGVscC1ndWl4LzIwMjItMDgvbXNnMDAwNzMuaHRtbD4gIGFuZA0K PiBhcyBjYW4gYmUgc2VlbiBmcm9tIOKAmC5ndWl4LWF1dGhvcml6YXRpb25z4oCZLCB0aGUg KGd1aXggb3BlbnBncCkgYW5kIChndWl4DQo+IGdpdC1hdXRoZW50aWNhdGUpIG1hY2hpbmVy eSByZXBvcnRzIHRoZSBmaW5nZXJwcmludCBvZiBzdWJrZXlzIG9uDQo+IHNpZ25hdHVyZXMg KHdoZW4gc3Via2V5cyBhcmUgdXNlZCkgcmF0aGVyIHRoYW4gdGhlIGZpbmdlcnByaW50IG9m DQo+IHByaW1hcnkga2V5cy4NCj4NCj4gVGhpcyBzaG91bGQgYmUgY2hhbmdlZCB0byByZXBv cnQgcHJpbWFyeSBrZXlzLCBhdCBsZWFzdCBvcHRpb25hbGx5Lg0KDQpXaHkgc2hvdWxkIGl0 IGJlIGNoYW5nZWQ/IElJVUMgLmd1aXgtYXV0aG9yaXphdGlvbnMgYW5kIChndWl4IC4uLikg Y2FyZSANCmFib3V0IHRoZSBrZXkgdGhhdCB0aGluZ3Mgd2VyZSBzaWduZWQgd2l0aCwgbm90 IG5lY2Vzc2FyaWx5IHRoZSBwcmltYXJ5IA0Ka2V5LCBzbyBpdCBzZWVtcyB0byBtZSB0aGF0 IGl0IG5lZWRzIHRvIHJlcG9ydCB0aGUgc3Via2V5IGZpbmdlcnByaW50LCANCm5vdCB0aGUg ZmluZ2VycHJpbnQgb2YgdGhlIHByaW1hcnkga2V5IGl0IGJlbG9uZ3MgdG8sIGFzIHRoZSBw cmltYXJ5IGtleSANCmlzIGlycmVsZXZhbnQgdG8gdGhlbSBJSVVDLg0KDQpHcmVldGluZ3Ms DQpNYXhpbWUuDQoNCg== --------------NC4sNZzGE9Nt4fWVL0vIBvft Content-Type: application/pgp-keys; name="OpenPGP_0x49E3EE22191725EE.asc" Content-Disposition: attachment; filename="OpenPGP_0x49E3EE22191725EE.asc" Content-Description: OpenPGP public key Content-Transfer-Encoding: quoted-printable -----BEGIN PGP PUBLIC KEY BLOCK----- xjMEX4ch6BYJKwYBBAHaRw8BAQdANPb/d6MrGnGi5HyvODCkBUJPRjiFQcRU5V+m xvMaAa/NL01heGltZSBEZXZvcyA8bWF4aW1lLmRldm9zQHN0dWRlbnQua3VsZXV2 ZW4uYmU+wpAEExYIADgWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCX4ch6AIbAwUL CQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRBJ4+4iGRcl7japAQC3opZ2KGWzWmRc /gIWSu0AAcfMwyinFEEPa/QhUt2CogD/e2RdF4CYAgaRHJJmZ9WU7piKbLZ7llB4 LzgezVDHggzNJU1heGltZSBEZXZvcyA8bWF4aW1lZGV2b3NAdGVsZW5ldC5iZT7C kAQTFggAOBYhBMHzPuIMUo/bfdcBH0nj7iIZFyXuBQJf56ycAhsDBQsJCAcDBRUK CQgLBRYCAwEAAh4BAheAAAoJEEnj7iIZFyXujpQBAKV1SwDDl4f24rXciDlB9L8W ycZt30CgbewMSRQk4mvbAP9dFMbVVixYBd6C8cfhR+NsOBGiOJnQABlUmgNuqGFJ Dc44BF+HIegSCisGAQQBl1UBBQEBB0BOlzIWiJzgobMF6/cqwLaLk7jIcFSZ++c0 k9cCNT6YXwMBCAfCeAQYFggAIBYhBMHzPuIMUo/bfdcBH0nj7iIZFyXuBQJfhyHo AhsMAAoJEEnj7iIZFyXuMr0BAJc8cl5PGvVmVuSQVKjleNl4DK1/XAaPAYPe34AE fZJPAP9IqLCQhH/FeJanHqBP8gNdGNI2qn8RnnLVfRJgUjZ1BA=3D=3D =3DOVqp -----END PGP PUBLIC KEY BLOCK----- --------------NC4sNZzGE9Nt4fWVL0vIBvft-- --------------bT0VQbXYMdqJJ2a8EPMuJ4tZ-- --------------260YP0dgb8AWpgmALwGgj6QN Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature" -----BEGIN PGP SIGNATURE----- wnsEABYIACMWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYvLPgQUDAAAAAAAKCRBJ4+4iGRcl7vae AP91DkJowi25Bus8ZGM1jUA6jof+LB3KJ1MhsipK4TwGQgD6A9b5T7A84f78pGeil2u7WRbVR0mS s41iMbfMsdPvUg8= =iQQP -----END PGP SIGNATURE----- --------------260YP0dgb8AWpgmALwGgj6QN-- From debbugs-submit-bounces@debbugs.gnu.org Thu Aug 11 06:24:35 2022 Received: (at 57091) by debbugs.gnu.org; 11 Aug 2022 10:24:35 +0000 Received: from localhost ([127.0.0.1]:51737 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oM5Mh-000569-0H for submit@debbugs.gnu.org; Thu, 11 Aug 2022 06:24:35 -0400 Received: from eggs.gnu.org ([209.51.188.92]:55096) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oM5Md-00055t-Rj for 57091@debbugs.gnu.org; Thu, 11 Aug 2022 06:24:32 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:49914) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oM5MX-0006pZ-Kt; Thu, 11 Aug 2022 06:24:25 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=9g0BBnjg5VvOLd61BQ3fDVYqOuslo0u4WdoOUzmVgY8=; b=HYm6w4urQz3rwJXi4Yv5 nmJRwyLJ3/aa+FfvWtcP20YWYthV9d49TEbjOzVmhkLFXF1pXKhEYLsMtphK12M31D4Ak33xB2aSR MCIB36RHV1z2MNCMBe9VFvsaGy0sPSe1zLff/tOPpB6J+o3VaxcGSH7EbX5fd4PI/XbKOLcNzmofR lMqcVViZiNhKf7aONUXqKXgNU1ZvhSE8al4uSSJEsxd6UjA2KlnbBVDiHE9rAqJhb7ofDOt5Q+G5M Ca6rKElT4qH/vIiqM62CJJFG1+fJ29vkISFA6sPwXsEAc0LCWN5k2Yt+g9/CyMkymN0e01/OShKPV hHu2FFkvEBIPAg==; Received: from [2001:660:6102:320:e120:2c8f:8909:cdfe] (port=42770 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oM5MX-0007gj-82; Thu, 11 Aug 2022 06:24:25 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Maxime Devos Subject: Re: bug#57091: Git authentication reports subkey fingerprints References: <87iln12kjc.fsf@inria.fr> <78149f79-5620-fae9-1ba3-4ed25c2154c5@telenet.be> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: Quartidi 24 Thermidor an 230 de la =?utf-8?Q?R=C3=A9?= =?utf-8?Q?volution=2C?= jour de =?utf-8?Q?l'Aun=C3=A9e?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Thu, 11 Aug 2022 12:24:23 +0200 In-Reply-To: <78149f79-5620-fae9-1ba3-4ed25c2154c5@telenet.be> (Maxime Devos's message of "Tue, 9 Aug 2022 23:20:01 +0200") Message-ID: <878rnvxelk.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 57091 Cc: 57091@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi, Maxime Devos skribis: > On 09-08-2022 23:07, Ludovic Court=C3=A8s wrote: >> Hello, >> >> As Tobias explains at >> and >> as can be seen from =E2=80=98.guix-authorizations=E2=80=99, the (guix op= enpgp) and (guix >> git-authenticate) machinery reports the fingerprint of subkeys on >> signatures (when subkeys are used) rather than the fingerprint of >> primary keys. >> >> This should be changed to report primary keys, at least optionally. > > Why should it be changed? IIUC .guix-authorizations and (guix ...) > care about the key that things were signed with, not necessarily the > primary key, so it seems to me that it needs to report the subkey > fingerprint, not the fingerprint of the primary key it belongs to, as > the primary key is irrelevant to them IIUC. Yes, I kinda agree, but=E2=80=A6 the motivation here is that OpenPGP user interfaces don=E2=80=99t normally refer to subkey fingerprints; instead they refer to primary key fingerprints, even if you use a subkey, which is the point of subkeys AIUI. That Guix treats subkeys differently is confusing to seasoned OpenPGP users. Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Thu Aug 11 07:17:48 2022 Received: (at submit) by debbugs.gnu.org; 11 Aug 2022 11:17:49 +0000 Received: from localhost ([127.0.0.1]:51885 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oM6CC-0006m8-HZ for submit@debbugs.gnu.org; Thu, 11 Aug 2022 07:17:48 -0400 Received: from lists.gnu.org ([209.51.188.17]:47450) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oM6C9-0006lz-Px for submit@debbugs.gnu.org; Thu, 11 Aug 2022 07:17:46 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:48654) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oM6C9-0004JS-Kl for bug-guix@gnu.org; Thu, 11 Aug 2022 07:17:45 -0400 Received: from tobias.gr ([2a02:c205:2020:6054::1]:35454) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oM6C7-0007UI-DB; Thu, 11 Aug 2022 07:17:45 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=Mvj7gjUFFZggo w8BmPS403N4VxUTPNIIV1WmEoNbwqI=; h=references:in-reply-to:subject:cc: to:from:date; d=tobias.gr; b=R01YA4V157WHP5do406OkPwIFO3NGjCLK2nqbYmNF ID8OZ/dc+gVV3ONEhNzr0RQM77gKn7g94CLOxS2hF8/WobFHK4nt56aUFLYLaaLQ5NGc2A xCpRJb99CM3iEilmbwEMf0jy0q1U7DPrrcF9gRmJi7HqeThqkFYqRdQB+BmFXGjPffi4Tu JERjIvuqS0vswg4M7JjVi2OowMlb3LC2n7+0qzBj36Guz/zyA1gHjXR9fQ77ZIlsvkvGDQ PMBE/clIQHgPnKsMm10P6DXjkgL3nRDsq/ryyYePtjPMPdV1WC16jQHBGjXbd0ZFHPOkHw kP15YLA0Ki9B68DbEdfuA== Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id 604d73de (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO); Thu, 11 Aug 2022 11:17:38 +0000 (UTC) Date: Thu, 11 Aug 2022 11:17:39 +0000 From: Tobias Geerinckx-Rice To: bug-guix@gnu.org, =?ISO-8859-1?Q?Ludovic_Court=E8s?= , Maxime Devos Subject: Re: bug#57091: Git authentication reports subkey fingerprints In-Reply-To: <878rnvxelk.fsf@gnu.org> References: <87iln12kjc.fsf@inria.fr> <78149f79-5620-fae9-1ba3-4ed25c2154c5@telenet.be> <878rnvxelk.fsf@gnu.org> Message-ID: <5330DDA4-F1AD-4F99-B6A5-5CDA2D975983@tobias.gr> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Autocrypt: addr=me@tobias.gr; keydata= mQINBFVks2ABEACjGBPhWf/qx0L9OhEIrAFTimo5dHa1FLy0AHaHvxmwYSIdJmERYGiNle1rcOvw cFRtu8KJUsrs27Vgoso3qHJpghVitUUf0v3ZuXQT9kfuQLz1Y8pyMzHwVFMLiJVj4Z3y7CJk+xyZ cpSAMbyPINbFVEhsK+z+8ojVGuaiucZkib6b67ySG6Pp1bon8xVvosj71ZRjfXh1t4X8laWO7fQq itT9lmc6DxbE/4vIhR+Vb2MblaA+DyHoNHGGao89h4CO99lfzWzsux41DnEG9d317sJRQTig6Wja EKHXZRA9FbfogD4SDa2uQYCpTJpsVjAyZyu2fuJ+t0zJJ+Ai9qDY87P6hOyd+/n8Eh2Y4TbxJiDo XUT72XY/RfPH1qrMIP3EI/NNL4LQeGG1n+625k3OVWcRVXG2vRrB6qurLmGkLEmjXWCFD9cCRGfH LeajLm9sM+t/nZPZ3btetcmK9tM2EwivyLUNhrTk73UUnI4CSAzdO2cISqo9zSMtFgj2alqd2fOR s7CKfEn+5PquruDbp/Ej7dOOrjgWSCXLDDYXRrtaKrLz/dhqq5ftFYi9tUTTQecFotM08fPtu+Kw JMP2ySHCkUqp0GvrUCeSRPAJZsmJrd535y+LlRhnqb0mbG4dgMa8A6xhkFYugnqldy/q7kX1EmRI 686N7bA6fh1MCQARAQABtCRUb2JpYXMgR2VlcmluY2t4LVJpY2UgPG1lQHRvYmlhcy5ncj6JAlIE EwEKADwCHgECF4ACGQECGwMWIQT1vFU0w28Ah7OdNu8cncT+udt8SwUCXpe0rAYLCQgHCgQFFQoJ CAsFFgMCAQAACgkQHJ3E/rnbfEu5IhAAk+0BW/twLmx1xMmeXn+I7Ne6SG3++0TRBduEaGWV3n59 lX6XPZUQdAPpS4uy0H+c90Owkw+aWUEwfyOWphrxZRtR2cCOP/3Pxj3Vgtz5RkY4u27lMj15jqa/ p7l2l256ZKJOegr9TvOWtkhMp5lxeVHT6f/44Kv/r/8mMCgSnLXYrEWPE462xI+mIJOanHLJb6No f2xLRCvXoLLp7Yejjv1dwOO71R9PMRhtNy46pZM1ylQ++UTkeSocJw4aNtiu0DHOkX9AlNBkutIx x07RpO+MqJKlzzLeQiC/fE5+dR2itRONopwXAqN3MuT7MonQo5XifBn+VK8i9xZWTXZDkWItWtCC 8oIj4zwxwFWiTmMwwSbI3Wdd/11Zw3CLc4Gd0M6NVgvAnuErQXSgr4lrWhZcncvi4L6EJTc9AUSa 8UWPF+S9t+CHTukpJmcYnsccMkOBhT7OZlmWBsylrYK/JTRWqgWSHWdSKmOuLK+MGDneOZEHkEcf jeXRWvmG7MSU5tE/p7NDLIg9vkvhQV9b0q4OtY65uNWbRe2QRJaYMDcYUAeSZzivRa8VaoVen6tb FvH44zpCxubn23ABl9YIzwvJC++r+H2qLdLpy0cfITiZadZ74Ae0aosNw7XARS6OY+A03BfXyPiI 2oW0jf/PdH9sh2mQrQxIQJ5cZz6Z3X0= Received-SPF: pass client-ip=2a02:c205:2020:6054::1; envelope-from=me@tobias.gr; helo=tobias.gr X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.6 (-) X-Debbugs-Envelope-To: submit Cc: 57091@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.6 (--) This is not a mere UI issue=2E Basic verification is currently broke^Wdiff= erent, too, or the latest incident wouldn't have happened=2E Hmm=2E I wonder=2E=2E=2E Ludo', are you worried that, since we already handle revocations like GPG = would, the 'proper' OpenPGPmodel could somehow break? That we are in effec= t unable to safely fix this (yes, I maintain it is a) bug? Apologies if I'm wildly off the mark here=2E But then I'd like to hear so= me plausible threat models=2E Maxime? In their absence, nasty surprises like what happened last week are argumen= t enough to (try to! :-) implement normal OpenPGP behaviour=2E Kind regards, T G-R Sent on the go=2E Excuse above-average rambliness=2E From debbugs-submit-bounces@debbugs.gnu.org Thu Aug 11 07:33:46 2022 Received: (at submit) by debbugs.gnu.org; 11 Aug 2022 11:33:46 +0000 Received: from localhost ([127.0.0.1]:51917 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oM6Re-0000uA-DL for submit@debbugs.gnu.org; Thu, 11 Aug 2022 07:33:46 -0400 Received: from lists.gnu.org ([209.51.188.17]:49748) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oM6Ra-0000u0-MC for submit@debbugs.gnu.org; Thu, 11 Aug 2022 07:33:42 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:51442) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oM6Ra-00071l-H0 for bug-guix@gnu.org; Thu, 11 Aug 2022 07:33:42 -0400 Received: from tobias.gr ([2a02:c205:2020:6054::1]:46010) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oM6RY-0001ps-1V; Thu, 11 Aug 2022 07:33:42 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=h7Pkx5QGSU1QI Liml/l/cCVRnKOuHYV70gsVnMz8fXM=; h=references:in-reply-to:subject:cc: to:from:date; d=tobias.gr; b=eotUDDUb6+MoPpL9Qqmj8gHMySkHQK3ZgDCsARhYR DBVw1qJ4c/+ohQ2sWWdtu2jLjNP4KrtLVjMi2Cjnfq9Aqlb+FchZe8KysnISi0BaqdVh9+ KUBIDN18ANWdKCRljjE1D4aNCKWUhFDGBvCYZdfaeVWKPmULx/0YdrTdC59zfuimhpN9HG WQ2Nc1DUQg1KR5Y5Fh4kmIX88p6aF0+Iq0WJd0yKuQKymt1DyeN4JMy+vGGo0VatBqjRd8 fwe1tuyGdYNBCgjqRtDspE++KeuiPuT7YZx8TT5BNjCpxCvA+mAb3IREJMtyeDTljyGerZ uumSdB7M5RP9Ne1eyZrYA== Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id 13c138ec (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO); Thu, 11 Aug 2022 11:33:34 +0000 (UTC) Date: Thu, 11 Aug 2022 11:33:35 +0000 From: Tobias Geerinckx-Rice To: bug-guix@gnu.org, =?ISO-8859-1?Q?Ludovic_Court=E8s?= , Maxime Devos Subject: Re: bug#57091: Git authentication reports subkey fingerprints In-Reply-To: <5330DDA4-F1AD-4F99-B6A5-5CDA2D975983@tobias.gr> References: <87iln12kjc.fsf@inria.fr> <78149f79-5620-fae9-1ba3-4ed25c2154c5@telenet.be> <878rnvxelk.fsf@gnu.org> <5330DDA4-F1AD-4F99-B6A5-5CDA2D975983@tobias.gr> Message-ID: <9698A0FA-29C8-46F1-977A-202CBE81E90B@tobias.gr> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Autocrypt: addr=me@tobias.gr; keydata= mQINBFVks2ABEACjGBPhWf/qx0L9OhEIrAFTimo5dHa1FLy0AHaHvxmwYSIdJmERYGiNle1rcOvw cFRtu8KJUsrs27Vgoso3qHJpghVitUUf0v3ZuXQT9kfuQLz1Y8pyMzHwVFMLiJVj4Z3y7CJk+xyZ cpSAMbyPINbFVEhsK+z+8ojVGuaiucZkib6b67ySG6Pp1bon8xVvosj71ZRjfXh1t4X8laWO7fQq itT9lmc6DxbE/4vIhR+Vb2MblaA+DyHoNHGGao89h4CO99lfzWzsux41DnEG9d317sJRQTig6Wja EKHXZRA9FbfogD4SDa2uQYCpTJpsVjAyZyu2fuJ+t0zJJ+Ai9qDY87P6hOyd+/n8Eh2Y4TbxJiDo XUT72XY/RfPH1qrMIP3EI/NNL4LQeGG1n+625k3OVWcRVXG2vRrB6qurLmGkLEmjXWCFD9cCRGfH LeajLm9sM+t/nZPZ3btetcmK9tM2EwivyLUNhrTk73UUnI4CSAzdO2cISqo9zSMtFgj2alqd2fOR s7CKfEn+5PquruDbp/Ej7dOOrjgWSCXLDDYXRrtaKrLz/dhqq5ftFYi9tUTTQecFotM08fPtu+Kw JMP2ySHCkUqp0GvrUCeSRPAJZsmJrd535y+LlRhnqb0mbG4dgMa8A6xhkFYugnqldy/q7kX1EmRI 686N7bA6fh1MCQARAQABtCRUb2JpYXMgR2VlcmluY2t4LVJpY2UgPG1lQHRvYmlhcy5ncj6JAlIE EwEKADwCHgECF4ACGQECGwMWIQT1vFU0w28Ah7OdNu8cncT+udt8SwUCXpe0rAYLCQgHCgQFFQoJ CAsFFgMCAQAACgkQHJ3E/rnbfEu5IhAAk+0BW/twLmx1xMmeXn+I7Ne6SG3++0TRBduEaGWV3n59 lX6XPZUQdAPpS4uy0H+c90Owkw+aWUEwfyOWphrxZRtR2cCOP/3Pxj3Vgtz5RkY4u27lMj15jqa/ p7l2l256ZKJOegr9TvOWtkhMp5lxeVHT6f/44Kv/r/8mMCgSnLXYrEWPE462xI+mIJOanHLJb6No f2xLRCvXoLLp7Yejjv1dwOO71R9PMRhtNy46pZM1ylQ++UTkeSocJw4aNtiu0DHOkX9AlNBkutIx x07RpO+MqJKlzzLeQiC/fE5+dR2itRONopwXAqN3MuT7MonQo5XifBn+VK8i9xZWTXZDkWItWtCC 8oIj4zwxwFWiTmMwwSbI3Wdd/11Zw3CLc4Gd0M6NVgvAnuErQXSgr4lrWhZcncvi4L6EJTc9AUSa 8UWPF+S9t+CHTukpJmcYnsccMkOBhT7OZlmWBsylrYK/JTRWqgWSHWdSKmOuLK+MGDneOZEHkEcf jeXRWvmG7MSU5tE/p7NDLIg9vkvhQV9b0q4OtY65uNWbRe2QRJaYMDcYUAeSZzivRa8VaoVen6tb FvH44zpCxubn23ABl9YIzwvJC++r+H2qLdLpy0cfITiZadZ74Ae0aosNw7XARS6OY+A03BfXyPiI 2oW0jf/PdH9sh2mQrQxIQJ5cZz6Z3X0= Received-SPF: pass client-ip=2a02:c205:2020:6054::1; envelope-from=me@tobias.gr; helo=tobias.gr X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.6 (-) X-Debbugs-Envelope-To: submit Cc: 57091@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.6 (--) Of all the stupid typos=2E=2E=2E >Ludo', are you worried that, since we already handle revocations like GPG= would =2E=2E=2EDON'T handle, of course, by design=2E Kind regards, T G-R Sent on the go=2E Excuse or enjoy my brevity=2E From debbugs-submit-bounces@debbugs.gnu.org Thu Aug 11 11:07:21 2022 Received: (at submit) by debbugs.gnu.org; 11 Aug 2022 15:07:21 +0000 Received: from localhost ([127.0.0.1]:54774 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oM9mK-0000mI-UO for submit@debbugs.gnu.org; Thu, 11 Aug 2022 11:07:21 -0400 Received: from lists.gnu.org ([209.51.188.17]:33390) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oM9mJ-0000m4-AP for submit@debbugs.gnu.org; Thu, 11 Aug 2022 11:07:19 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:39144) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oM9mJ-0001UJ-2g for bug-guix@gnu.org; Thu, 11 Aug 2022 11:07:19 -0400 Received: from xavier.telenet-ops.be ([2a02:1800:120:4::f00:14]:57206) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1oM9mH-0004Uy-1u for bug-guix@gnu.org; Thu, 11 Aug 2022 11:07:18 -0400 Received: from [IPV6:2a02:1811:8c09:9d00:5dba:d409:33f7:a16] ([IPv6:2a02:1811:8c09:9d00:5dba:d409:33f7:a16]) by xavier.telenet-ops.be with bizsmtp id 6F7C2800320ykKC01F7CSf; Thu, 11 Aug 2022 17:07:12 +0200 Message-ID: Date: Thu, 11 Aug 2022 17:07:12 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.12.0 Content-Language: en-US To: Tobias Geerinckx-Rice , bug-guix@gnu.org, =?UTF-8?Q?Ludovic_Court=c3=a8s?= References: <87iln12kjc.fsf@inria.fr> <78149f79-5620-fae9-1ba3-4ed25c2154c5@telenet.be> <878rnvxelk.fsf@gnu.org> <5330DDA4-F1AD-4F99-B6A5-5CDA2D975983@tobias.gr> From: Maxime Devos Subject: Re: bug#57091: Git authentication reports subkey fingerprints In-Reply-To: <5330DDA4-F1AD-4F99-B6A5-5CDA2D975983@tobias.gr> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------CpHmFRvZRlyLz7saISDu5u8M" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22; t=1660230432; bh=qysKMSmBKZUJyw/PrnUIigBxGYqLuMGpHPxL/8x2EeQ=; h=Date:To:Cc:References:From:Subject:In-Reply-To; b=hqLf9OQqeRVSTPryrG8+HnsVHijbmbCilesWVfDFra65pBu2x+8MJhzveTeb5ZqLQ 4Bs1XUAzNeu8CJYxhWBiW7dOOjUgyB9WxtAtWDRjCU5DZ6eB7Bv7Swvb0JJMsZnuEz oyrBROQXQwS9ZkNx/LIafq/gkr6iIJsTXTg+Gvbv8yQEd5GjPeGZF2EjeehYbqVEOe CrrtBd/0/79LDdtzvHe0lcWxrrtZdATNTMaqkPqgDmfUAPD7CCO3wksO59Ny6f19eq WhisBqLpJiY11q7YJMJDYJ740vbZHupEApqs+8mjaWDuKQjjDE6+uOCY4AsjhwZYl+ r7sZxMlcSyjRw== Received-SPF: pass client-ip=2a02:1800:120:4::f00:14; envelope-from=maximedevos@telenet.be; helo=xavier.telenet-ops.be X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.3 (-) X-Debbugs-Envelope-To: submit Cc: 57091@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.3 (--) This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------CpHmFRvZRlyLz7saISDu5u8M Content-Type: multipart/mixed; boundary="------------H9QCEdgq1nXLAnhE0hzO04Bi"; protected-headers="v1" From: Maxime Devos To: Tobias Geerinckx-Rice , bug-guix@gnu.org, =?UTF-8?Q?Ludovic_Court=c3=a8s?= Cc: 57091@debbugs.gnu.org Message-ID: Subject: Re: bug#57091: Git authentication reports subkey fingerprints References: <87iln12kjc.fsf@inria.fr> <78149f79-5620-fae9-1ba3-4ed25c2154c5@telenet.be> <878rnvxelk.fsf@gnu.org> <5330DDA4-F1AD-4F99-B6A5-5CDA2D975983@tobias.gr> In-Reply-To: <5330DDA4-F1AD-4F99-B6A5-5CDA2D975983@tobias.gr> --------------H9QCEdgq1nXLAnhE0hzO04Bi Content-Type: multipart/mixed; boundary="------------eusKzlwYXwxK04jdpELXSjBz" --------------eusKzlwYXwxK04jdpELXSjBz Content-Type: multipart/alternative; boundary="------------j6fI4fUJFwR4oNPkFQZUvAvx" --------------j6fI4fUJFwR4oNPkFQZUvAvx Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64 DQpPbiAxMS0wOC0yMDIyIDEzOjE3LCBUb2JpYXMgR2VlcmluY2t4LVJpY2Ugd3JvdGU6DQo+ IEFwb2xvZ2llcyBpZiBJJ20gd2lsZGx5IG9mZiB0aGUgbWFyayBoZXJlLiAgQnV0IHRoZW4g SSdkIGxpa2UgdG8gaGVhciBzb21lIHBsYXVzaWJsZSB0aHJlYXQgbW9kZWxzLiAgTWF4aW1l Pw0KDQpIZXJlJ3MgYSBwcm9ibGVtIHdpdGggYWxsb3dpbmcgc3Via2V5cywgaWYgdGhhdCdz IHdoYXQgeW91IG1lYW46DQoNCiAgKiBFeHBpcmF0aW9uIHRpbWVzIGFuZCBHUEctbGV2ZWwg cmV2b2NhdGlvbiBtdXN0IGJlIGlnbm9yZWQgKGZvcg0KICAgIHRpbWUtdHJhdmVsLCBhbmQg cHVsbGluZyBmcm9tIGFuIG9sZCBHdWl4KSwgc2ltaWxhcmx5IHRvIHdoeSBpdCBtdXN0DQog ICAgYmUgaWdub3JlZCBmb3Igd2hlbiBubyBzdWJrZXlzIGFyZSB1c2VkDQogICogU29tZW9u ZSB1c2VkIHRvIEdQRy1zdHlsZSBzdWJrZXlzIGdlbmVyYXRlcyBhIG5ldyBzdWJrZXkgdG8g cmVwbGFjZQ0KICAgIG9sZCBleHBpcmVkIHN1YmtleSBvciByZXZva2VzIG9sZCBzdWJrZXks IHdpdGhvdXQga2VlcGluZyBpbiBtaW5kDQogICAgdGhhdCBHdWl4IGRvZXNuJ3QgdGFrZSB0 aGF0IGluIGFjY291bnQuDQogICogQW4gYXR0YWNrZXIgdXNlcyBhIGNvbXByb21pc2VkLWJ1 dC1yZXZva2VkLW9yLWV4cGlyZWQgc3Via2V5IHRvDQogICAgY29tcHJvbWlzZSB0aGUgY2hh bm5lbC4NCg0KRXhwaXJhdGlvbiB0aW1lcyBtaWdodCBiZSBzb2x2YWJsZSBieSB0YWtpbmcg dGhlIGNvbW1pdCB0aW1lIG9mIHRoZSANCnByZXZpb3VzIGNvbW1pdCBhcyAnY3VycmVudCB0 aW1lJyAobm90IHRoZSBjb21taXQgdGhhdCB3YXMgc2lnbmVkLCANCm90aGVyd2lzZSBhbiBh dHRhY2tlciBjb3VsZCBqdXN0IGxpZSkuIEkgZG9uJ3Qga25vdyBhIHNvbHV0aW9uIGZvciAN CkdQRy1sZXZlbCByZXZvY2F0aW9uIG9mIG9sZCBzdWJrZXlzIGJ1dCBJIGhhdmVuJ3QgbG9v a2VkIGVpdGhlci4NCg0KQW5vdGhlciBwcm9ibGVtOg0KDQogICogV2hlbiByZXBsYWNpbmcg dGhlIGtleSBpbiB0aGUgJ2tleXJpbmcnIGJyYW5jaCB3aXRoIGFuICd1cGRhdGVkJyBrZXkN CiAgICB0aGF0IGNvbnRhaW5zIHRoZSBuZXcgc3Via2V5LCB3ZSBoYXZlIHRvIGJlIGNhcmVm dWwgdG8gbmV2ZXIgcmVtb3ZlDQogICAgb2xkIHN1YmtleXMsIHRvIGF2b2lkIGJyZWFraW5n IHRpbWUgdHJhdmVsIG9yIHB1bGxpbmcgZnJvbSBvbGQgdmVyc2lvbnMuDQoNCkdyZWV0aW5n cywNCk1heGltZS4NCg0K --------------j6fI4fUJFwR4oNPkFQZUvAvx Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable


On 11-08-2022 13:17, Tobias Geerinckx-Rice wrote:
Apologies if I'm wildly off =
the mark here.  But then I'd like to hear some plausible threat models.  =
Maxime?

Here's a problem with allowing subkeys, if that's what you mean:

  • Expiration times and GPG-level revocation must be ignored (for time-travel, and pulling from an old Guix), similarly to why it must be ignored for when no subkeys are used
  • Someone used to GPG-style subkeys generates a new subkey to replace old expired subkey or revokes old subkey, without keeping in mind that Guix doesn't take that in account.
  • An attacker uses a compromised-but-revoked-or-expired subkey to compromise the channel.

Expiration times might be solvable by taking the commit time of the previous commit as 'current time' (not the commit that was signed, otherwise an attacker could just lie). I don't know a solution for GPG-level revocation of old subkeys but I haven't looked either.

Another problem:

  • When replacing the key in the 'keyring' branch with an 'updated' key that contains the new subkey, we have to be careful to never remove old subkeys, to avoid breaking time travel or pulling from old versions.

Greetings,
Maxime.

--------------j6fI4fUJFwR4oNPkFQZUvAvx-- --------------eusKzlwYXwxK04jdpELXSjBz Content-Type: application/pgp-keys; name="OpenPGP_0x49E3EE22191725EE.asc" Content-Disposition: attachment; filename="OpenPGP_0x49E3EE22191725EE.asc" Content-Description: OpenPGP public key Content-Transfer-Encoding: quoted-printable -----BEGIN PGP PUBLIC KEY BLOCK----- xjMEX4ch6BYJKwYBBAHaRw8BAQdANPb/d6MrGnGi5HyvODCkBUJPRjiFQcRU5V+m xvMaAa/NL01heGltZSBEZXZvcyA8bWF4aW1lLmRldm9zQHN0dWRlbnQua3VsZXV2 ZW4uYmU+wpAEExYIADgWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCX4ch6AIbAwUL CQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRBJ4+4iGRcl7japAQC3opZ2KGWzWmRc /gIWSu0AAcfMwyinFEEPa/QhUt2CogD/e2RdF4CYAgaRHJJmZ9WU7piKbLZ7llB4 LzgezVDHggzNJU1heGltZSBEZXZvcyA8bWF4aW1lZGV2b3NAdGVsZW5ldC5iZT7C kAQTFggAOBYhBMHzPuIMUo/bfdcBH0nj7iIZFyXuBQJf56ycAhsDBQsJCAcDBRUK CQgLBRYCAwEAAh4BAheAAAoJEEnj7iIZFyXujpQBAKV1SwDDl4f24rXciDlB9L8W ycZt30CgbewMSRQk4mvbAP9dFMbVVixYBd6C8cfhR+NsOBGiOJnQABlUmgNuqGFJ Dc44BF+HIegSCisGAQQBl1UBBQEBB0BOlzIWiJzgobMF6/cqwLaLk7jIcFSZ++c0 k9cCNT6YXwMBCAfCeAQYFggAIBYhBMHzPuIMUo/bfdcBH0nj7iIZFyXuBQJfhyHo AhsMAAoJEEnj7iIZFyXuMr0BAJc8cl5PGvVmVuSQVKjleNl4DK1/XAaPAYPe34AE fZJPAP9IqLCQhH/FeJanHqBP8gNdGNI2qn8RnnLVfRJgUjZ1BA=3D=3D =3DOVqp -----END PGP PUBLIC KEY BLOCK----- --------------eusKzlwYXwxK04jdpELXSjBz-- --------------H9QCEdgq1nXLAnhE0hzO04Bi-- --------------CpHmFRvZRlyLz7saISDu5u8M Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature" -----BEGIN PGP SIGNATURE----- wnsEABYIACMWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYvUbIAUDAAAAAAAKCRBJ4+4iGRcl7qcU AQC5ryGj7+QfXkUw/VbpaIUS7JergdNakK+eqQ2CVFCJjQEA5NPTthq8jVrNZdAeHWtIe3esOaIA eQex+FUpyOSStw4= =WpRI -----END PGP SIGNATURE----- --------------CpHmFRvZRlyLz7saISDu5u8M-- From debbugs-submit-bounces@debbugs.gnu.org Thu Aug 11 12:31:55 2022 Received: (at submit) by debbugs.gnu.org; 11 Aug 2022 16:31:55 +0000 Received: from localhost ([127.0.0.1]:54914 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oMB6A-00038x-Tb for submit@debbugs.gnu.org; Thu, 11 Aug 2022 12:31:55 -0400 Received: from lists.gnu.org ([209.51.188.17]:41018) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oMB67-00038g-Q1 for submit@debbugs.gnu.org; Thu, 11 Aug 2022 12:31:52 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34308) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oMB67-0004h6-G2 for bug-guix@gnu.org; Thu, 11 Aug 2022 12:31:51 -0400 Received: from tobias.gr ([2a02:c205:2020:6054::1]:56690) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oMB65-0002Zl-G0; Thu, 11 Aug 2022 12:31:51 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=aPcEf7TC5TPtw MrTg43nm4vDEc/Y8h7R5JI7ePMFOR0=; h=references:in-reply-to:subject:cc: to:from:date; d=tobias.gr; b=eZEjJWLEbdpRQullhU2L/H7UDh2cZtgMcbNvRHc6H PIzUUhuBDHkCtpuTyObFmrfkP4J5elZqy3L8Ajo8kJ1Vm2N8CDdVovGGYPaB7yd57PniM3 R9no78LR2tdWre+YN0zomNbYgWMn2wtRgEncqKIhojg9BxHY2GdmkSAeRPqSBCuLHK7ue2 SgrS0g4GVuyGuNH7Fk9bfD+dW97HVPlAfDQGHGWGt7u2sQ8YLZiQqhnkqU64L91iolXo3l n4w9pMk06lHKC0r9v9eaVAHGYBUEYva4F1Jq8+1fB44oVXQPoHA05csweDtk0VXS7hJq/5 w23XfzgY83eMZLTuUeVpA== Received: by submission.tobias.gr (OpenSMTPD) with ESMTP id 5993a4bb; Thu, 11 Aug 2022 16:31:42 +0000 (UTC) MIME-Version: 1.0 Date: Thu, 11 Aug 2022 18:31:41 +0200 From: Tobias Geerinckx-Rice To: Maxime Devos Subject: Re: bug#57091: Git authentication reports subkey fingerprints In-Reply-To: References: <87iln12kjc.fsf@inria.fr> <78149f79-5620-fae9-1ba3-4ed25c2154c5@telenet.be> <878rnvxelk.fsf@gnu.org> <5330DDA4-F1AD-4F99-B6A5-5CDA2D975983@tobias.gr> Message-ID: Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Received-SPF: pass client-ip=2a02:c205:2020:6054::1; envelope-from=me@tobias.gr; helo=tobias.gr X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.6 (-) X-Debbugs-Envelope-To: submit Cc: =?UTF-8?Q?Ludovic_Court=C3=A8s?= , bug-guix@gnu.org, 57091@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.6 (--) Hi Maxime, Quick reply mainly to say thanks for replying :-) On 2022-08-11 17:07, Maxime Devos wrote: > On 11-08-2022 13:17, Tobias Geerinckx-Rice wrote: > >> Apologies if I'm wildly off the mark here. But then I'd like to >> hear some plausible threat models. Maxime? > > Here's a problem with allowing subkeys, if that's what you mean: (Well, you snipped my previous paragraph where I mention what you seem to describe below, so yes.) > * Expiration times and GPG-level revocation must be ignored (for > time-travel, and pulling from an old Guix), similarly to why it must > be ignored for when no subkeys are used > * Someone used to GPG-style subkeys generates a new subkey to > replace old expired subkey or revokes old subkey, without keeping in > mind that Guix doesn't take that in account. > * An attacker uses a compromised-but-revoked-or-expired subkey to > compromise the channel. Why does none of this apply to primary keys? > Expiration times might be solvable by taking the commit time of the > previous commit as 'current time' (not the commit that was signed, > otherwise an attacker could just lie). I don't know a solution for > GPG-level revocation of old subkeys but I haven't looked either. Git commit dates aren't reliable. Requiring that they be accurate going forward would be imposing yet another 'artificial'/idiosyncratic limitation. I think we should be very hesitant to build a verification system on assumptions stacked just so. > Another problem: > > * When replacing the key in the 'keyring' branch with an 'updated' > key that contains the new subkey, we have to be careful to never > remove old subkeys, to avoid breaking time travel or pulling from old > versions. Sure. We always need to be careful when updating the keyring branch. Kind regards, T G-R Sent from a Web browser. Excuse or enjoy my brevity. From debbugs-submit-bounces@debbugs.gnu.org Thu Aug 11 14:10:55 2022 Received: (at 57091) by debbugs.gnu.org; 11 Aug 2022 18:10:55 +0000 Received: from localhost ([127.0.0.1]:54963 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oMCdz-0005id-03 for submit@debbugs.gnu.org; Thu, 11 Aug 2022 14:10:55 -0400 Received: from albert.telenet-ops.be ([195.130.137.90]:41156) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oMCdw-0005iT-Nd for 57091@debbugs.gnu.org; Thu, 11 Aug 2022 14:10:53 -0400 Received: from [IPV6:2a02:1811:8c09:9d00:5dba:d409:33f7:a16] ([IPv6:2a02:1811:8c09:9d00:5dba:d409:33f7:a16]) by albert.telenet-ops.be with bizsmtp id 6JAp2800620ykKC06JApFg; Thu, 11 Aug 2022 20:10:51 +0200 Message-ID: <95099292-6aeb-1ef2-ce96-0f216ac9b93f@telenet.be> Date: Thu, 11 Aug 2022 20:10:48 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.12.0 Content-Language: en-US To: Tobias Geerinckx-Rice References: <87iln12kjc.fsf@inria.fr> <78149f79-5620-fae9-1ba3-4ed25c2154c5@telenet.be> <878rnvxelk.fsf@gnu.org> <5330DDA4-F1AD-4F99-B6A5-5CDA2D975983@tobias.gr> From: Maxime Devos Subject: Re: bug#57091: Git authentication reports subkey fingerprints In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------SRz3u5mokG55nU3qYAeswkVb" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22; t=1660241451; bh=z0FfxyIphdHf9x7obNvcg0n2I5ZpYfn13kSh0Tb5Gg8=; h=Date:To:Cc:References:From:Subject:In-Reply-To; b=fgvr4DuLLv+illwMYHswqVg4hhyjrpnBqGZnQQE9d5ZJ5DaGzRpCM1UcSGTXl5i8S sE0Np4UQTOh60v6l/b8xxJ8SSiDbHmyL/TgEyM1fkoRmzvmulEGzEsQKw2NND+BkTo ia4Wft933ROfDruabFf8otDayEQ2RJxMGdrq5+qG+a2lcoL6fjS3lfU6EXGlbLB3pj gu/MDnjQ2uGYF5gr6UhvoH1wSB4lS7EMNVxV74AaIqHBVbNtLD9PUWnaeLr1PFoylp RylGeOFGppmssagUq39RpzXpwT9c5MxBkuQQNTJAeT5xafFTd8seythAozKw6xsVKB kfug+ZdCQRaxQ== X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 57091 Cc: =?UTF-8?Q?Ludovic_Court=c3=a8s?= , bug-guix@gnu.org, 57091@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------SRz3u5mokG55nU3qYAeswkVb Content-Type: multipart/mixed; boundary="------------nlXmMSZjxpQx43Aco8zZRsth"; protected-headers="v1" From: Maxime Devos To: Tobias Geerinckx-Rice Cc: bug-guix@gnu.org, =?UTF-8?Q?Ludovic_Court=c3=a8s?= , 57091@debbugs.gnu.org Message-ID: <95099292-6aeb-1ef2-ce96-0f216ac9b93f@telenet.be> Subject: Re: bug#57091: Git authentication reports subkey fingerprints References: <87iln12kjc.fsf@inria.fr> <78149f79-5620-fae9-1ba3-4ed25c2154c5@telenet.be> <878rnvxelk.fsf@gnu.org> <5330DDA4-F1AD-4F99-B6A5-5CDA2D975983@tobias.gr> In-Reply-To: --------------nlXmMSZjxpQx43Aco8zZRsth Content-Type: multipart/mixed; boundary="------------OWJnhYPKO0mshRsPcilPs8DW" --------------OWJnhYPKO0mshRsPcilPs8DW Content-Type: multipart/alternative; boundary="------------F0CGEnD4qaZ0t3sibgCnpsH0" --------------F0CGEnD4qaZ0t3sibgCnpsH0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64 DQpPbiAxMS0wOC0yMDIyIDE4OjMxLCBUb2JpYXMgR2VlcmluY2t4LVJpY2Ugd3JvdGU6DQo+ PiDCoMKgwqDCoCogRXhwaXJhdGlvbiB0aW1lcyBhbmQgR1BHLWxldmVsIHJldm9jYXRpb24g bXVzdCBiZSBpZ25vcmVkIChmb3INCj4+IHRpbWUtdHJhdmVsLCBhbmQgcHVsbGluZyBmcm9t IGFuIG9sZCBHdWl4KSwgc2ltaWxhcmx5IHRvIHdoeSBpdCBtdXN0DQo+PiBiZSBpZ25vcmVk IGZvciB3aGVuIG5vIHN1YmtleXMgYXJlIHVzZWQNCj4+IMKgwqDCoMKgICogU29tZW9uZSB1 c2VkIHRvIEdQRy1zdHlsZSBzdWJrZXlzIGdlbmVyYXRlcyBhIG5ldyBzdWJrZXkgdG8NCj4+ IHJlcGxhY2Ugb2xkIGV4cGlyZWQgc3Via2V5IG9yIHJldm9rZXMgb2xkIHN1YmtleSwgd2l0 aG91dCBrZWVwaW5nIGluDQo+PiBtaW5kIHRoYXQgR3VpeCBkb2Vzbid0IHRha2UgdGhhdCBp biBhY2NvdW50Lg0KPj4gwqDCoMKgwqAgKiBBbiBhdHRhY2tlciB1c2VzIGEgY29tcHJvbWlz ZWQtYnV0LXJldm9rZWQtb3ItZXhwaXJlZCBzdWJrZXkgdG8NCj4+IGNvbXByb21pc2UgdGhl IGNoYW5uZWwuDQo+DQo+IFdoeSBkb2VzIG5vbmUgb2YgdGhpcyBhcHBseSB0byBwcmltYXJ5 IGtleXM/IA0KDQpGb3IgcHJpbWFyeSBrZXlzIGFzIHRoZXkgYXJlIGN1cnJlbnRseSB1c2Vk IGluIEd1aXgsIHRvIHJldm9rZSBhIGtleSANCihmcm9tIEd1aXgnIHBvaW50IG9mIHZpZXcp LCB5b3UgcmVtb3ZlIGl0IGZyb20gLmd1aXgtYXV0aG9yaXphdGlvbnMsIGRvbmUuDQoNCkZv ciByZXZva2luZyBzdWJrZXlzLCB5b3UgdHJ1c3QgR1BHIG9yIHdoYXRldmVyIHRvIHRha2Ug Y2FyZSBvZiB0aGluZ3MsIA0KYnV0IEd1aXgtbW9kaWZpZWQtdG8tYWxsb3ctc3Via2V5cy10 b28gZG9lc24ndCBoYXZlIGEgY2x1ZSB0aGF0IHRoZSANCnN1YmtleSBzaG91bGQgYmUgY29u c2lkZXJlZCByZXZva2VkLCBzZSBidWxsZXQgbGlzdCBhYm92ZS4NCg0KVGhhdCBjb3VsZCBi ZSBzb2x2ZWQgYnkgYWxzbyBhZGRpbmcgYSBsaXN0IG9mIHJldm9rZWQgc3Via2V5cyB0byAN Ci5ndWl4LWF1dGhvcml6YXRpb24sIGJ1dCB0aGF0IHNlZW1zIG9wcG9zaXRlIHRvIHRoZSBw cm9wb3NlZCBjaGFuZ2UuDQoNCj4+IEV4cGlyYXRpb24gdGltZXMgbWlnaHQgYmUgc29sdmFi bGUgYnkgdGFraW5nIHRoZSBjb21taXQgdGltZSBvZiB0aGUNCj4+IHByZXZpb3VzIGNvbW1p dCBhcyAnY3VycmVudCB0aW1lJyAobm90IHRoZSBjb21taXQgdGhhdCB3YXMgc2lnbmVkLA0K Pj4gb3RoZXJ3aXNlIGFuIGF0dGFja2VyIGNvdWxkIGp1c3QgbGllKS4gSSBkb24ndCBrbm93 IGEgc29sdXRpb24gZm9yDQo+PiBHUEctbGV2ZWwgcmV2b2NhdGlvbiBvZiBvbGQgc3Via2V5 cyBidXQgSSBoYXZlbid0IGxvb2tlZCBlaXRoZXIuDQo+DQo+IEdpdCBjb21taXQgZGF0ZXMg YXJlbid0IHJlbGlhYmxlLsKgIFJlcXVpcmluZyB0aGF0IHRoZXkgYmUgYWNjdXJhdGUgDQo+ IGdvaW5nIGZvcndhcmQgd291bGQgYmUgaW1wb3NpbmcgeWV0IGFub3RoZXIgJ2FydGlmaWNp YWwnL2lkaW9zeW5jcmF0aWMgDQo+IGxpbWl0YXRpb24uwqAgSSB0aGluayB3ZSBzaG91bGQg YmUgdmVyeSBoZXNpdGFudCB0byBidWlsZCBhIA0KPiB2ZXJpZmljYXRpb24gc3lzdGVtIG9u IGFzc3VtcHRpb25zIHN0YWNrZWQganVzdCBzby4NClllcywgZm9yYmlkZGluZyBzZXR0aW5n IHRoZSBkYXRldGltZSB0byBzb21ldGhpbmcgd2F5IG9mZiAoZS5nLiANCjE5NzAtMDEtMDEp IGZvciBwcml2YWN5IG9yIHN1Y2ggaXMgcXVpdGUgYSBsaW1pdGF0aW9uLg0KDQpUaGV5IGRv IG5vdCBoYXZlIHRvIGJlIGFjY3VyYXRlIGhvd2V2ZXIsIGFzIGxvbmcgYXMgdGhlIGRpc2Ny ZXBhbmNpZXMgaW4gDQpjb21taXQgZGF0ZXMgLyBhY3R1YWwgdGltZSAoKikgYXJlIHNtYWxs IGNvbXBhcmVkIHRvIHRoZSBleHBpcmF0aW9uIHRpbWVzLg0KDQooKikgb2Ygbm9uLWF0dGFj a2VycyAtLSBhc3N1bWluZyBmcmVxdWVudCBjb21taXRzLCBhbiBhdHRhY2tlciBjYW5ub3Qg DQp0cmljayB0aGUgZXhwaXJhdGlvbiBtZWNoYW5pc20gaW50byBsYXJnZSB0aW1lIGRpZmZl cmVuY2UuIFRoYXQgbWlnaHQgDQpub3QgYmUgZ29vZCBlbm91Z2ggZm9yIGJyYW5jaGVzIGxp a2UgJ3dpcC1mb28nIG9yIGNoYW5uZWxzIHdpdGggDQppbmZyZXF1ZW50IGNvbW1pdHMgdGhv dWdoLg0KDQpHcmVldGluZ3MsDQpNYXhpbWUuDQo= --------------F0CGEnD4qaZ0t3sibgCnpsH0 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable


On 11-08-2022 18:31, Tobias Geerinckx-Rice wrote:
=C2=A0=C2=A0=C2= =A0=C2=A0* Expiration times and GPG-level revocation must be ignored (for
time-travel, and pulling from an old Guix), similarly to why it must
be ignored for when no subkeys are used
=C2=A0=C2=A0=C2=A0=C2=A0 * Someone used to GPG-style subkeys gene= rates a new subkey to
replace old expired subkey or revokes old subkey, without keeping in
mind that Guix doesn't take that in account.
=C2=A0=C2=A0=C2=A0=C2=A0 * An attacker uses a compromised-but-rev= oked-or-expired subkey to
compromise the channel.

Why does none of this apply to primary keys?

For primary keys as they are currently used in Guix, to revoke a key (from Guix' point of view), you remove it from .guix-authorizations, done.

For revoking subkeys, you trust GPG or whatever to take care of things, but Guix-modified-to-allow-subkeys-too doesn't have a clue that the subkey should be considered revoked, se bullet list above.

That could be solved by also adding a list of revoked subkeys to .guix-authorization, but that seems opposite to the proposed change.

Expiration ti= mes might be solvable by taking the commit time of the
previous commit as 'current time' (not the commit that was signed,
otherwise an attacker could just lie). I don't know a solution for
GPG-level revocation of old subkeys but I haven't looked either.

Git commit dates aren't reliable.=C2=A0 Requiring that they be accurate going forward would be imposing yet another 'artificial'/idiosyncratic limitation.=C2=A0 I think we should be= very hesitant to build a verification system on assumptions stacked just so.
Yes, forbidding setting the datetime to something way off (e.g. 1970-01-01) for privacy or such is quite a limitation.

They do not have to be accurate however, as long as the discrepancies in commit dates / actual time (*) are small compared to the expiration times.

(*) of non-attackers -- assuming frequent commits, an attacker cannot trick the expiration mechanism into large time difference.=C2= =A0 That might not be good enough for branches like 'wip-foo' or channels with infrequent commits though.

Greetings,
Maxime.
--------------F0CGEnD4qaZ0t3sibgCnpsH0-- --------------OWJnhYPKO0mshRsPcilPs8DW Content-Type: application/pgp-keys; name="OpenPGP_0x49E3EE22191725EE.asc" Content-Disposition: attachment; filename="OpenPGP_0x49E3EE22191725EE.asc" Content-Description: OpenPGP public key Content-Transfer-Encoding: quoted-printable -----BEGIN PGP PUBLIC KEY BLOCK----- xjMEX4ch6BYJKwYBBAHaRw8BAQdANPb/d6MrGnGi5HyvODCkBUJPRjiFQcRU5V+m xvMaAa/NL01heGltZSBEZXZvcyA8bWF4aW1lLmRldm9zQHN0dWRlbnQua3VsZXV2 ZW4uYmU+wpAEExYIADgWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCX4ch6AIbAwUL CQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRBJ4+4iGRcl7japAQC3opZ2KGWzWmRc /gIWSu0AAcfMwyinFEEPa/QhUt2CogD/e2RdF4CYAgaRHJJmZ9WU7piKbLZ7llB4 LzgezVDHggzNJU1heGltZSBEZXZvcyA8bWF4aW1lZGV2b3NAdGVsZW5ldC5iZT7C kAQTFggAOBYhBMHzPuIMUo/bfdcBH0nj7iIZFyXuBQJf56ycAhsDBQsJCAcDBRUK CQgLBRYCAwEAAh4BAheAAAoJEEnj7iIZFyXujpQBAKV1SwDDl4f24rXciDlB9L8W ycZt30CgbewMSRQk4mvbAP9dFMbVVixYBd6C8cfhR+NsOBGiOJnQABlUmgNuqGFJ Dc44BF+HIegSCisGAQQBl1UBBQEBB0BOlzIWiJzgobMF6/cqwLaLk7jIcFSZ++c0 k9cCNT6YXwMBCAfCeAQYFggAIBYhBMHzPuIMUo/bfdcBH0nj7iIZFyXuBQJfhyHo AhsMAAoJEEnj7iIZFyXuMr0BAJc8cl5PGvVmVuSQVKjleNl4DK1/XAaPAYPe34AE fZJPAP9IqLCQhH/FeJanHqBP8gNdGNI2qn8RnnLVfRJgUjZ1BA=3D=3D =3DOVqp -----END PGP PUBLIC KEY BLOCK----- --------------OWJnhYPKO0mshRsPcilPs8DW-- --------------nlXmMSZjxpQx43Aco8zZRsth-- --------------SRz3u5mokG55nU3qYAeswkVb Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature" -----BEGIN PGP SIGNATURE----- wnsEABYIACMWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYvVGKAUDAAAAAAAKCRBJ4+4iGRcl7rAT AQCFZgIgmybSVg+yB+rwJFwWR+K6e6QbfA4qjZb5c5KTZQEAl94IHKy6x2AgjHnQLpFF2G6+IFhx jsd333nmwH1zewg= =5kwJ -----END PGP SIGNATURE----- --------------SRz3u5mokG55nU3qYAeswkVb--