[Openpgp-dt] 20211018 dt notes

Stephen Farrell <stephen.farrell@cs.tcd.ie> Mon, 18 October 2021 14:42 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: openpgp-dt@ietfa.amsl.com
Delivered-To: openpgp-dt@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9A7673A144E for <openpgp-dt@ietfa.amsl.com>; Mon, 18 Oct 2021 07:42:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, MSGID_FROM_MTA_HEADER=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vI2xZZ39WYDc for <openpgp-dt@ietfa.amsl.com>; Mon, 18 Oct 2021 07:42:00 -0700 (PDT)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2070e.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e1b::70e]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A163A3A1485 for <openpgp-dt@ietf.org>; Mon, 18 Oct 2021 07:41:49 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Xyjz9B/+fXrWFikez/H+cz9wXVGnn0408LfyxdsCW4bltiJzPEAi/P3zyt3zsWSgBUfEZKcbuPGSUGr5mS3nVYdPxGfrI0+scbgeg96ksMCTdAr0zlvJ3ah6G+7h5RHUTF+1GmqG7zq5pwq0adVpM6mJrO+n6qePwmKbtxjhM3pxxQW4fnvzu12dC6srbML/hupkCo1+nUD8dVojWqShTawEsvQsYmFQYeEwaqglHIbOszwvrgho8lKmashlzcOkKTdXSTICw9wZVyD/RCeDGV6cBwDRoB5CmHOekvOvuI+DSqHkh5Hbxi8gFE88Htw1A0D3Q7cdni2lg1NO8HRLtQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ABaMzpoKAcc1SlDK6f2LkUHCztHKlXc1CNOXV54MtCM=; b=gZXe7oMqa871o2tR6mTOyfMq16jJa+fu2LMMrXg/4QxwWFXq5ySFdAf0WaldEsu+WIQJf/3N+gbu59BU5YftaagAH0+9+htBlRdSyUg8E4cOmtSe5CmRpb3SS5rL8P3P0T1YIfnS97tEmzthpnKAxQwvClstS+hGgS5V5Y1edq3puu5xmg5KA5ijKA1WX2waLZmNmsCf2mcQ+KZYtpqKAkyz8qcj80ScnzpmI9qUfC/WYPWFjQ8bPC8gwTpbeXwPw+Alw1DT7lRIXTABCC3eKmnostD6k+I2bPN90LmZ0ZuLRAULH2jDKEaTEsA5uTO7yKyaf7VB76lSJ1oIz4TBXw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cs.tcd.ie; dmarc=pass action=none header.from=cs.tcd.ie; dkim=pass header.d=cs.tcd.ie; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.tcd.ie; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ABaMzpoKAcc1SlDK6f2LkUHCztHKlXc1CNOXV54MtCM=; b=bkWoqHq5RFl4NlAy54+0VU9/RIoeieklNSZqnwtSKKOvebDIx8TvLQsIUxKSPNVr0o+HAbDdZe+zruLZ+KMLObZd0lexF87fh9ZFAO8SeeRU+AdhJhJDwaqg9YwkXK5TW3Y/foEF4ZO5Tqm1DCTloVYNNAK1/MRja+U5H+60ykKC/uAe9PclP1khqHLfbdK+GzAEeUSCPt5lzdsGEeHJCLZjpLBOMTfvzvDdJNnVCvBHimC3JmKyCl/ORaXrUgptIyx0YVhzkxddcB0zWMPu8dokzCMMQfsOsODHuHI6pO3uCA7Gf7t5ohv+ncB3VAUxaFDNmU9+miLll3SEzfNkNA==
Authentication-Results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=cs.tcd.ie;
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15) by DB6PR0202MB2680.eurprd02.prod.outlook.com (2603:10a6:4:1d::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4608.16; Mon, 18 Oct 2021 14:41:42 +0000
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::cc12:31d:4dac:8672]) by DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::cc12:31d:4dac:8672%3]) with mapi id 15.20.4608.018; Mon, 18 Oct 2021 14:41:42 +0000
To: openpgp-dt@ietf.org
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Message-ID: <90f5ddcf-a51e-5557-c534-657928a9716e@cs.tcd.ie>
Date: Mon, 18 Oct 2021 15:41:41 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.13.0
Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="FiHfyw256ypVVyVPJr7eNZsEvNa4UChOF"
X-ClientProxiedBy: DB6P191CA0005.EURP191.PROD.OUTLOOK.COM (2603:10a6:6:28::15) To DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from [IPv6:2001:bb6:5e5e:b458:38d7:3ba7:5ccc:d238] (2001:bb6:5e5e:b458:38d7:3ba7:5ccc:d238) by DB6P191CA0005.EURP191.PROD.OUTLOOK.COM (2603:10a6:6:28::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4587.26 via Frontend Transport; Mon, 18 Oct 2021 14:41:42 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 5f9cc86c-59dc-4010-29cc-08d9924566a4
X-MS-TrafficTypeDiagnostic: DB6PR0202MB2680:
X-MS-Exchange-SharedMailbox-RoutingAgent-Processed: True
X-Microsoft-Antispam-PRVS: <DB6PR0202MB2680FEE3A6F7C91E5CA24E9FA8BC9@DB6PR0202MB2680.eurprd02.prod.outlook.com>
X-TCD-Routed-via-EOP: Routed via EOP
X-TCD-ROUTED: Passed-Transport-Routing-Rules
X-MS-Oob-TLC-OOBClassifiers: OLM:4941;
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 2RlJVLR2wAzFUHFiJ2qUB+nqJ50NgaGyn/fMpCTKg7tD2Xpejv6i5dyv7ztBWhaQ3fhkF/VYN3Os9zufHIDtqMkdEDcHvM1B/ejjI8ETjSPTdVNYvZErjJUyh5+ffQkIA+8MrvSzLFIcd2bHDXixTs/y3pvfWs2ijGVkI2g3myHni0JMgYsXkHXTBgEltJGFEIO6IzHvHmH5dSZV1GLZFcppF4OJ0n2iqT9aS+m9HoZbFM/dDXOufiqBbEPpIRnj3FShZZU5NpJu7AQeCWpPnOx2e/r4u3IRhZFnnop4mCDZb/YauV6A0kPjfcC9h2n7+QPzA7LRUpm0VlW/AKBkYFJdvRfLftAvebpZ23I+bTinE5tXo8TG3Fe7zaTLlHQDxJ0+6+3/MDpFaH6Lqk19+bNTWLxWxlr/Dbjx1oQWgamo2IoHsYC+19gGkCSEX7FpbdMZr/WAXnPcjbqpXxfbaJ+zhqbm1YoE5HHQ/M78/5VpeZ5NQE3BV6VG2P+vvacxO0AetAZJ1lz+D/clArCtLYL8oC5qm1FGDkLvxzuXNsGJtx7NWUHgwhs/fSisBlIitHT4Q4hAeBoG4jFK8GlNj3qHeitfdZUDDhMCX5+7aKAukQXqF+RwrXzJ7MDCQOV14LttIYtoorCSINbdU22Ph2VhGCIp32YZhUV9RkuSeYfnhzkLPr3qCAF3DltqjuxSh/Y9AOjXCqynAJs4rkdwBY5KaVp09+BIJypOcbQZSXEA3JRRzxDwFp7kqr1BOA8cjjF6gW73aYlksFjgmrpcw8sZRwEcU8kDJr2zjbWVLuJpK0UFjdYPV/hzI6EmRvEU
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB7PR02MB5113.eurprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(235185007)(36756003)(966005)(2616005)(31686004)(8676002)(6916009)(21480400003)(33964004)(86362001)(316002)(786003)(6486002)(5660300002)(8936002)(31696002)(7116003)(508600001)(38100700002)(66556008)(83380400001)(186003)(44832011)(2906002)(66476007)(66946007)(4001150100001)(43740500002)(45980500001); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?RVVqa2NmdTdaYTdwenh1ZW42YXNKUEN3TW83SEdNaUp3ZU11VXB5UFNUeHJn?= =?utf-8?B?dittS0FDd1c3eFR6SlZHUGg1OWM4SmdOYzF4bG9WK0lTbG14R0R6YkRDYm5x?= =?utf-8?B?UStPblhVQnNiakZnTXJ4RE5PV2JaZXFjWS9kb2FVNGZYWE9TUWkwZFR3V2hZ?= =?utf-8?B?UEhIUHZFRmdIM3RMYk91V1RYMlJKTExWSG9mL2pGY0w1dlVDVEVEWjlQbG5F?= =?utf-8?B?Z0d0Z0ZOQ0FsKzE4Yng1YkNqR3JoMHQvSFM2ZWl5M081OURwUUcyWDVtdDdQ?= =?utf-8?B?aXp4NitxR3IvOTBmTWdQTlNCdTdrYkhmTTBwMnpadzlNTHMreVpUODREdzha?= =?utf-8?B?SUdjS2h0cnhTeDBrRGhDaXE2dFRkU3BiL29iYTdvYVlkYVZIZkFBVlVEQ2NY?= =?utf-8?B?Y1RYWkhIcU5keThUc1N4bW1DWXQ1eVhxS2MzUmhWNktobDhYSjBPU1B0Mmc0?= =?utf-8?B?a0RYd1pyRDlxU3dXUjNVb0UvTDhGNWNYMWM4RmVCN1YzSmJ0R3YwU1JQZktW?= =?utf-8?B?VDFMYkExTG5uMkVkZ0x0bU5QZEZxbUIrUmdYMU00U3YwTDdBOTBMM0tyU0xK?= =?utf-8?B?QlN5clNndDVtdjVqRHRrZStRams3TVpqRmxkekdCSHREWTZpUjZzMk4vQUtS?= =?utf-8?B?eFBOVmVDUW81L1pSNmQ2NndwalJ4VzR4ekZDVFp4ZVpFcTBnUTliTjlHOEEz?= =?utf-8?B?OWxKZHNrelpQU1VvWmhpVjdNbi9FOERhVDkrMldBWW5RbVpDV3FBcmtMOXhl?= =?utf-8?B?bkRvVkM2dnNCbTdvV0VmdTdvU0hDVEZBZm1OblR4dld5aVdBY3NjY1N2cVky?= =?utf-8?B?RW1ja0RmY0Y0K2xTVkJqUlI5T3M2bi8xWFg1NDVXdVAxSzBLN3BZWFY2clZu?= =?utf-8?B?SUxtLzNTVk90dU9rUEtMTitrcUJ4bW1MZ2htK1M0djBTVG56b0xRNVBLeDJE?= =?utf-8?B?YTFSQzI0WFhNT1B1K2dFR0Z6Y0t1eVRxelVjSWVaRVhycGVmdWI1eXczKzhn?= =?utf-8?B?L3I3Uy9vTE9Jd01LcTlOa1dUai9QVG0xMW5hYkJ1VzEwelkwNTA0Rk5waElB?= =?utf-8?B?RXR4MDFncytwSzRiRjI0T0F3NmI4YW15LzFXd3VBOTRaQkxMNnRJcU1ERlZp?= =?utf-8?B?blJQcUhQb1JBVEZScE1NUGgzWm00NFJ0UEVmZjd0RHFUMWhzUTUzVUV6OWc5?= =?utf-8?B?QmF6VXZENTg0alpoVXF3M3FFYTdMak9jWnh6QlU3b0N0STgxQmJTTWNhQXFP?= =?utf-8?B?QjZ6Sm9mV3NyOEhkSmdTVlA0L29VSGhtcjFmNmM2K3JvZDllTWZDR1gxeXFF?= =?utf-8?B?TWF0L1ZrYnR4ZTNCOTdCQlJiR1JKb0ozUnQ3VjBUeG1XK1I0ODRuRHJ3OEl6?= =?utf-8?B?RmxkeXg2TFMvSm42VHZPT0gwbHhDcWJkVk9VSGVqWVhqdXVrMlJMdGpwUmNG?= =?utf-8?B?ZVRxYmpmemw3U2JCdGlDSVlkMGtRKzJibi90Mno4eElDOHBoYnZxZUd3T0U4?= =?utf-8?B?bWsxcnpER2FQQ1BkOTY3Ry93ZTllcTNnQTNUMHpwM0hvK0MwTXRVVndLNlph?= =?utf-8?B?Ri9RRUQrSStidm1EUGw1VTdhcTNZbTNmZENtRVhBKzZMMExsTU5idXJqNDR3?= =?utf-8?B?T3J4SFkraGRUb3lPZ212U2pVMFNPMk9yQml3ZUxya1NFYUZsam85VUNBOTRk?= =?utf-8?B?cE8vdnAydG40RGxZQ3JDbGN2SEx5cm5OS3dXU2Y2QUlpU01uMmNGekhBZ2Yr?= =?utf-8?B?dXhhcWFyQ0d4clArTmsyYXVlaDZNYWJHQ2RNVkgyV053Q3hJcTJpOGwwSzAr?= =?utf-8?B?TU5JQU55UWhsQ3dzSnJQWEpueVZsbUYyaE5tSmwwSWtmTWZ1bU9qMUlHNWt0?= =?utf-8?B?cC9vTWpENDBkMTN5aktFM0xqRmY3UGJoaFU5NVJPaS9HbWc9PQ==?=
X-OriginatorOrg: cs.tcd.ie
X-MS-Exchange-CrossTenant-Network-Message-Id: 5f9cc86c-59dc-4010-29cc-08d9924566a4
X-MS-Exchange-CrossTenant-AuthSource: DB7PR02MB5113.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Oct 2021 14:41:42.3088 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: d595be8d-b306-45f4-8064-9e5b82fbe52b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 77QmKy5IyTS5Ia9tQMI0mexzG/YUOJ8yr8qPVFz+GrYj6gFdshaOwRBoSDfSVhsU
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR0202MB2680
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp-dt/yTOXV5JgaoGq6CyhE0Y6yhaQL8c>
Subject: [Openpgp-dt] 20211018 dt notes
X-BeenThere: openpgp-dt@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OpenPGP working group design team <openpgp-dt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp-dt>, <mailto:openpgp-dt-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp-dt/>
List-Post: <mailto:openpgp-dt@ietf.org>
List-Help: <mailto:openpgp-dt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp-dt>, <mailto:openpgp-dt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Oct 2021 14:42:08 -0000

OpenPGP Design Team
2021-10-18

Present:

daniel kahn gillmor
niibe yutaka
daniel huigens
paul wouters
stephen farrell
justus winter

# Agenda

## Open MRs

## Next Steps


Justus:
   Daniel asked about our definition of done, and I want to suggest to use
   Gitlab's milestone feature to keep track of issues that we want to see
   addressed before releasing a draft or the final crypto-refresh.

## #66 has 2 approvals

Paul can now emit I-D and will; dkg will send a mail to list with a bit 
of context

## Other MRs already approved that can be merged:

!84 has been merged, 81 waiting for approval during meeting, 78 is 
approved, 76 similarly, 75 similarly (editor choice)

All above is for next I-D, all below for after...

# Back to #48 https://gitlab.com/openpgp-wg/rfc4880bis/-/merge_requests/48

- Justus: suggests ECDH as MUSTs
- if we have a MUST for ECDH we need a MUST curve (or >1)
- "MUST support ECDH" yes
- 1 or more MTI curve?  yes
- p256 and/or x25519 ok? yes
- which or both? everyone ok with 25519
- is 448 anywhere here? not a MUST; a SHOULD (if your crypto library 
does it)
- p256? nobody in DT arguing for SHOULD

- EC signatures
- EdDSA is a MUST
- suggestion is: ed25519 as a MUST

GOT HERE on last week's call, with above agreed by those on call, 
picking up discussion of questions below this time...

dkg suggests a generic criterion:
     {MUST algs} == what's needed to talk to brand new code, ignoring 
legacy data and
   {SHOULD algs} == what's needed to talk legacy algs (and isn't a MUST)
another possible criterion:
     {MUST algs} must be superset of minimal set of algs needs for 
fips-140 compliance
      (huigens mentions 
https://csrc.nist.gov/publications/detail/fips/186/5/draft which 
includes eddsa)

- what about ECDSA?
- FIPS might be the only reason to make ECDSA a MUST
- maybe somewhere between don't-care and SHOULD
- regardless, the curve to map to is p256, others aren't sensible 
choices so we'll stay silent on those

- What about DSA/elgamal?
- is it time to drop/deprecate? if so, how?
- 1024-bit DSA defo ought go away as much as possible (i.e. deprecate to 
death)
- Strict Proposal:
MUST NOT generate encrypted ElGamal PKESK
MAY decrypt ElGamal PKESK
MUST NOT sign with DSA
MAY validate DSA signatures as long as key size ≥ 2048 bits
- Relaxed Proposal:
SHOULD NOT generate encrypted ElGamal PKESK (unless no other way to 
encrypt and eprint 2021/923 variance is accounted for)
MAY decrypt ElGamal PKESK (with guidance to avoid 2021/923 concerns)
SHOULD NOT sign with DSA (unless specific features like threshhold 
crypto are needed, and public keys are ≥ 2048 bits)
MAY validate DSA signatures (as long as key size ≥ 2048 bits)
- wrt elgamal https://eprint.iacr.org/2021/923.pdf
 
https://ibm.github.io/system-security-research-updates/2021/07/20/insecurity-elgamal-pt1
- many elgamal keys will have dsa associations
- some stats used in discussion: https://sequoia-pgp.org/tmp/stats.txt
- dkgpg (Heiko Stamer's implementation) uses DSA for threshold signatures
- openpgp.js v5 turns dsa/elgamal off with a config flag to re-enable, 
so we may be able to gather data on how many enable that for a few months...
    - with 67k downloads from npm since 202108, none are seen to have 
enabled this
- we can also try see how many current certs involve dsa/elgamal
- action on daniel/justus: get "current" data
"current": certificate generated in the last 5 years; not expired or revoked
be nice if those actions done in 2 weeks probably ok if longer

For next week:

- Daniel asked about our definition of done, and I want to suggest to use
- justus suggests adding a milestone to gitlab, justus to try as an 
experiment

- RSA as a SHOULD or MUST
- AEAD mode text is needed (and may be tricky)
- compression: CRIME => maybe better no SHOULD? or... 
(https://gitlab.com/sequoia-pgp/openpgp-interoperability-test-suite/-/issues/64) 

- why the change anyway?