IETF Logo Mail Archive

Re: [openpgp] First remarks on the last I-D

Werner Koch <wk@gnupg.org> Tue, 07 June 2022 16:02 UTC

Return-Path: <wk@gnupg.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 17646C157B37 for <openpgp@ietfa.amsl.com>; Tue, 7 Jun 2022 09:02:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=gnupg.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3YjAOSRjPSfX for <openpgp@ietfa.amsl.com>; Tue, 7 Jun 2022 09:02:12 -0700 (PDT)
Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3C8D8C157B5C for <openpgp@ietf.org>; Tue, 7 Jun 2022 09:02:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnupg.org; s=20181017; h=Content-Type:MIME-Version:Message-ID:In-Reply-To:Date: References:Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=DTOkgEvjmQnUnZvgfvVbpgNZowII/eeW17wnoIdGShg=; b=Vp+JPpbNtIK46Kz52vA/evnE9/ TNyUP017MhXji9BYm/+QSMe0n3OfIOGOjF9elcAG0duFFJqTdy5ajbSZ0LnjAtEIfpvSjff3NeURq SGrZM/FH13H6PPLl45xO8JCj+dWHVx6OuLGz8ezvI/Yc+cKQlTU+R3bZOd3vvtflyGJo=;
Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.89 #1 (Debian)) id 1nybeh-0003wq-71 for <openpgp@ietf.org>; Tue, 07 Jun 2022 18:02:07 +0200
Received: from wk by wheatstone.g10code.de with local (Exim 4.92 #5 (Debian)) id 1nybZI-0000pE-Sc; Tue, 07 Jun 2022 17:56:32 +0200
From: Werner Koch <wk@gnupg.org>
To: Paul Wouters <paul@nohats.ca>
Cc: openpgp@ietf.org
References: <165453577116.17285.7902041139949315015@ietfa.amsl.com> <87tu8xkjx4.fsf@wheatstone.g10code.de> <1378eec-4255-930-736-ffd27f292d48@nohats.ca>
X-message-flag: Mails containing HTML will not be read! Please send only plain text.
Jabber-ID: wk@jabber.gnupg.org
Mail-Followup-To: Paul Wouters <paul@nohats.ca>, openpgp@ietf.org
Date: Tue, 07 Jun 2022 17:56:26 +0200
In-Reply-To: <1378eec-4255-930-736-ffd27f292d48@nohats.ca> (Paul Wouters's message of "Tue, 7 Jun 2022 08:10:04 -0400 (EDT)")
Message-ID: <87pmjkjwlx.fsf@wheatstone.g10code.de>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=Trojan_Al_Qaeda_in_the_Islamic_Maghreb_Lightening_SADMS_Arnett_PLO=M"; micalg="pgp-sha256"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/-0vJRk--ZUy844j6bNk_rcCYF_w>
Subject: Re: [openpgp] First remarks on the last I-D
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Jun 2022 16:02:17 -0000

Hi Paul,

On Tue,  7 Jun 2022 08:10, Paul Wouters said:

>>   However, OpenPGP has taken its own decisions based on technical
>>   soundness and not based on larger vendor, government or committee
>>   decision.
>
> This sentence is somewhat contradicting. OpenPGP is the work of the
> IETF, so it is in a way a "committee decision". The OpenPGP Design Team
> was meant to speed up to work and have a draft to discuss. That is
> exactly what we are starting to do now.

By "committee" I obviously meant "design by committee" which is commonly
understood as: We turn a spec into something which everyone can agree to
but is not a technically sound one or too complex to ever get right.
(classic example if is OSI with its still prominent descendants LDAP and
X.509)

When we talked about this in December/January 2020/2021 the idea was to
get out of that lock due to some folks having blocked the adoption of the
AEAD chunk size to a point where the WG was dissolved.  However, all
parts of rfc-4880bis had WG rough consensus.  Some disputed this and
those some where interestingly folks who had been silent during the
rfc-4880bis process until they stated their own OpenPGP implementation
an needed some selling points for this.

BTW, the original plan for the DT was to be ready by last summer.

> argument. But right now, GCM is the only FIPS compatible method. So I
> think removing that would be problematic.

I can't see that FIPS compliance is a chartered goal.  Good if we US
folks get this for business purposes but PGP has not only business in
mind.

> That would certainly be a good option if we got confirmation about the
> OCB status.

The Rogaway patent (US8321675B2) expired a year ago.  The Jutla/IBM
patent (US6963976B1), which may be related to OCB, will also expire this
November.  Let's ask Rogaway; actually this has been on the todo list of
the WG for years (to get a general grant like he did for OpenSSL).

> good. But we do have 25519 and x448 now for that. It seems within the
> IETF, Brainpool is not seeing a great adoption. But again, personally I
> am fine with adding these at the MAY level. I am interested in hearing

Actually 6637 allows any curve by means of an OID.  I recall that I
pledged for this as a quick fix to the idea of having just a list of
fixed NIST curves.  However, it is better for implementors to have the
deployed curves listed in the specs.  It is not just GnuPG and the
original OpenPGP card supports Brainpool, but also all Yubikeys.  it is
actually widely deployed in Europe meanwhile.

> on keeping this at the MAY level for backwards compatibility.

MAY is okay as long as NIST curves also MAY.  I am in full support to
demand 25519 as MUST and 448 as SHOULD.


Salam-Shalom,

   Werner

-- 
The pioneers of a warless world are the youth that
refuse military service.             - A. Einstein

v2.23.0 | Report a Bug | By Email