Re: [openpgp] First remarks on the last I-D
Werner Koch <wk@gnupg.org> Tue, 07 June 2022 16:02 UTC
Return-Path: <wk@gnupg.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 17646C157B37 for <openpgp@ietfa.amsl.com>; Tue, 7 Jun 2022 09:02:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=gnupg.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3YjAOSRjPSfX for <openpgp@ietfa.amsl.com>; Tue, 7 Jun 2022 09:02:12 -0700 (PDT)
Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3C8D8C157B5C for <openpgp@ietf.org>; Tue, 7 Jun 2022 09:02:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnupg.org; s=20181017; h=Content-Type:MIME-Version:Message-ID:In-Reply-To:Date: References:Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=DTOkgEvjmQnUnZvgfvVbpgNZowII/eeW17wnoIdGShg=; b=Vp+JPpbNtIK46Kz52vA/evnE9/ TNyUP017MhXji9BYm/+QSMe0n3OfIOGOjF9elcAG0duFFJqTdy5ajbSZ0LnjAtEIfpvSjff3NeURq SGrZM/FH13H6PPLl45xO8JCj+dWHVx6OuLGz8ezvI/Yc+cKQlTU+R3bZOd3vvtflyGJo=;
Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.89 #1 (Debian)) id 1nybeh-0003wq-71 for <openpgp@ietf.org>; Tue, 07 Jun 2022 18:02:07 +0200
Received: from wk by wheatstone.g10code.de with local (Exim 4.92 #5 (Debian)) id 1nybZI-0000pE-Sc; Tue, 07 Jun 2022 17:56:32 +0200
From: Werner Koch <wk@gnupg.org>
To: Paul Wouters <paul@nohats.ca>
Cc: openpgp@ietf.org
References: <165453577116.17285.7902041139949315015@ietfa.amsl.com> <87tu8xkjx4.fsf@wheatstone.g10code.de> <1378eec-4255-930-736-ffd27f292d48@nohats.ca>
X-message-flag: Mails containing HTML will not be read! Please send only plain text.
Jabber-ID: wk@jabber.gnupg.org
Mail-Followup-To: Paul Wouters <paul@nohats.ca>, openpgp@ietf.org
Date: Tue, 07 Jun 2022 17:56:26 +0200
In-Reply-To: <1378eec-4255-930-736-ffd27f292d48@nohats.ca> (Paul Wouters's message of "Tue, 7 Jun 2022 08:10:04 -0400 (EDT)")
Message-ID: <87pmjkjwlx.fsf@wheatstone.g10code.de>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=Trojan_Al_Qaeda_in_the_Islamic_Maghreb_Lightening_SADMS_Arnett_PLO=M"; micalg="pgp-sha256"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/-0vJRk--ZUy844j6bNk_rcCYF_w>
Subject: Re: [openpgp] First remarks on the last I-D
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Jun 2022 16:02:17 -0000
Hi Paul, On Tue, 7 Jun 2022 08:10, Paul Wouters said: >> However, OpenPGP has taken its own decisions based on technical >> soundness and not based on larger vendor, government or committee >> decision. > > This sentence is somewhat contradicting. OpenPGP is the work of the > IETF, so it is in a way a "committee decision". The OpenPGP Design Team > was meant to speed up to work and have a draft to discuss. That is > exactly what we are starting to do now. By "committee" I obviously meant "design by committee" which is commonly understood as: We turn a spec into something which everyone can agree to but is not a technically sound one or too complex to ever get right. (classic example if is OSI with its still prominent descendants LDAP and X.509) When we talked about this in December/January 2020/2021 the idea was to get out of that lock due to some folks having blocked the adoption of the AEAD chunk size to a point where the WG was dissolved. However, all parts of rfc-4880bis had WG rough consensus. Some disputed this and those some where interestingly folks who had been silent during the rfc-4880bis process until they stated their own OpenPGP implementation an needed some selling points for this. BTW, the original plan for the DT was to be ready by last summer. > argument. But right now, GCM is the only FIPS compatible method. So I > think removing that would be problematic. I can't see that FIPS compliance is a chartered goal. Good if we US folks get this for business purposes but PGP has not only business in mind. > That would certainly be a good option if we got confirmation about the > OCB status. The Rogaway patent (US8321675B2) expired a year ago. The Jutla/IBM patent (US6963976B1), which may be related to OCB, will also expire this November. Let's ask Rogaway; actually this has been on the todo list of the WG for years (to get a general grant like he did for OpenSSL). > good. But we do have 25519 and x448 now for that. It seems within the > IETF, Brainpool is not seeing a great adoption. But again, personally I > am fine with adding these at the MAY level. I am interested in hearing Actually 6637 allows any curve by means of an OID. I recall that I pledged for this as a quick fix to the idea of having just a list of fixed NIST curves. However, it is better for implementors to have the deployed curves listed in the specs. It is not just GnuPG and the original OpenPGP card supports Brainpool, but also all Yubikeys. it is actually widely deployed in Europe meanwhile. > on keeping this at the MAY level for backwards compatibility. MAY is okay as long as NIST curves also MAY. I am in full support to demand 25519 as MUST and 448 as SHOULD. Salam-Shalom, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein
- [openpgp] I-D Action: draft-ietf-openpgp-crypto-r… internet-drafts
- Re: [openpgp] I-D Action: draft-ietf-openpgp-cryp… Paul Wouters
- [openpgp] First remarks on the last I-D (Was: I-D… Werner Koch
- Re: [openpgp] First remarks on the last I-D (Was:… Paul Wouters
- Re: [openpgp] First remarks on the last I-D (Was:… Justus Winter
- Re: [openpgp] First remarks on the last I-D (Was:… Stephen Farrell
- Re: [openpgp] First remarks on the last I-D (Was:… Daniel Huigens
- Re: [openpgp] First remarks on the last I-D Werner Koch
- Re: [openpgp] First remarks on the last I-D Werner Koch
- Re: [openpgp] First remarks on the last I-D Werner Koch
- Re: [openpgp] First remarks on the last I-D Robert J. Hansen
- Re: [openpgp] First remarks on the last I-D Peter Gutmann
- Re: [openpgp] First remarks on the last I-D Ronald Tse
- Re: [openpgp] First remarks on the last I-D Paul Wouters
- Re: [openpgp] First remarks on the last I-D (Was:… brian m. carlson
- Re: [openpgp] First remarks on the last I-D Werner Koch
- Re: [openpgp] First remarks on the last I-D Werner Koch
- Re: [openpgp] First remarks on the last I-D Stephen Farrell
- Re: [openpgp] First remarks on the last I-D Jon Callas
- Re: [openpgp] First remarks on the last I-D Paul Wouters
- Re: [openpgp] First remarks on the last I-D Jon Callas
- Re: [openpgp] First remarks on the last I-D brian m. carlson
- Re: [openpgp] First remarks on the last I-D Stephen Farrell
- Re: [openpgp] First remarks on the last I-D Peter Gutmann
- Re: [openpgp] First remarks on the last I-D Stephen Farrell
- Re: [openpgp] First remarks on the last I-D Paul Schaub
- Re: [openpgp] First remarks on the last I-D Jon Callas
- Re: [openpgp] First remarks on the last I-D Robert J. Hansen
- Re: [openpgp] First remarks on the last I-D Daniel Huigens
- [openpgp] AEAD and Rome (was: First remarks on th… Werner Koch
- Re: [openpgp] AEAD and Rome (was: First remarks o… Daniel Huigens
- [openpgp] Choices for AEAD modes [was: AEAD and R… Daniel Kahn Gillmor
- Re: [openpgp] Choices for AEAD modes [was: AEAD a… Werner Koch
- Re: [openpgp] Choices for AEAD modes [was: AEAD a… Justus Winter
- Re: [openpgp] Choices for AEAD modes [was: AEAD a… Paul Wouters
- Re: [openpgp] Choices for AEAD modes Werner Koch
- Re: [openpgp] Choices for AEAD modes [was: AEAD a… brian m. carlson
- Re: [openpgp] Choices for AEAD modes Ronald Tse
- Re: [openpgp] Choices for AEAD modes [was: AEAD a… Stephen Farrell
- Re: [openpgp] Choices for AEAD modes [was: AEAD a… Werner Koch
- Re: [openpgp] Choices for AEAD modes [was: AEAD a… Stephen Farrell
- Re: [openpgp] Choices for AEAD modes Werner Koch
- Re: [openpgp] Choices for AEAD modes Stephen Farrell