IETF Logo Mail Archive

[openpgp] Open PGP Specification 3.4 Questions and Clarifications

Paul Repellin <paul.repellin@jnet-secure.com> Tue, 14 January 2025 10:59 UTC

Return-Path: <paul.repellin@jnet-secure.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 74205C180B52 for <openpgp@ietfa.amsl.com>; Tue, 14 Jan 2025 02:59:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.903
X-Spam-Level:
X-Spam-Status: No, score=-1.903 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rlL0pdUmAn3F for <openpgp@ietfa.amsl.com>; Tue, 14 Jan 2025 02:59:40 -0800 (PST)
Received: from PR0P264CU014.outbound.protection.outlook.com (mail-francecentralazon11022104.outbound.protection.outlook.com [40.107.161.104]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3572BC180B44 for <openpgp@ietf.org>; Tue, 14 Jan 2025 02:59:39 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=c/nRhhyw2lbr3lGIiSzQ88n0a7cEHW3x/B4a+xWpaBa1rplb0gUboBau4sb17zdK9njClZeJGtCrYrBaxkqbcQGM6AZY3W9KZi2EPbsNX/P/S4+Z4n+nZRyGscgXDLi25onwpz7ILCrUWhPVmOQiE7AgG98CSOKUmom0tMd4cvDw29oGiJRx/UtqDODop5fr9yl027czbukXp94ftOV5e5MvkDSBn49DCTwIsXNB86shLMIcMdh11ljLE3O6oNW/Uup+darX2xizWa7j/5X/pzbVCvUPj76U7brDf+HcwxMeTq6H1B8iydLJAeU5ESF/zZplnIE7wKruy5mqgh6nSw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=9Q9lanC7fWf3rdLbpvpf/Rz2G7DraV4PF9Skz7aNrhY=; b=LFymdiErkMbQEpD7rvealAj0xbh3CG9jxuyXZ3NOH0LIAAuvBk5AtOIRBsa875QFHaPq3Xddfe3qvyHPeLAsur1q3qk5LdtlkPxZqQ0mrUu7HbCWHF6UL8NIlOdKwBeXQM0rqU7iitzb5SYM1+XEQMTFVX45GTNIhttw+zRF8gk3DBMWNz3KWnmn4aMv41GA4r88uGs9tjOHK2R8o9Efz4nMvxBCIo5UX5q+lo0Y6TRXAYM/g6NVCdRxumKmEY26+wfyD3XI+OQqUc5kP5W6PDak6JlUzuwXHPj27IPbKePL614457qyKIU/MjHNojm/X3wDTbpDM3AwwpOGWB21DQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=jnet-secure.com; dmarc=pass action=none header.from=jnet-secure.com; dkim=pass header.d=jnet-secure.com; arc=none
Received: from MRZP264MB2617.FRAP264.PROD.OUTLOOK.COM (2603:10a6:501:1c::19) by PR0P264MB3291.FRAP264.PROD.OUTLOOK.COM (2603:10a6:102:145::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8356.12; Tue, 14 Jan 2025 10:59:36 +0000
Received: from MRZP264MB2617.FRAP264.PROD.OUTLOOK.COM ([fe80::dd7d:6ec7:fc5d:8b7f]) by MRZP264MB2617.FRAP264.PROD.OUTLOOK.COM ([fe80::dd7d:6ec7:fc5d:8b7f%6]) with mapi id 15.20.8335.017; Tue, 14 Jan 2025 10:59:36 +0000
From: Paul Repellin <paul.repellin@jnet-secure.com>
To: "gnupg-devel@gnupg.org" <gnupg-devel@gnupg.org>, "openpgp@ietf.org" <openpgp@ietf.org>
Thread-Topic: Open PGP Specification 3.4 Questions and Clarifications
Thread-Index: AQHbZnFfsePhGC0OsUSJIZbAZw7y1Q==
Date: Tue, 14 Jan 2025 10:59:36 +0000
Message-ID: <MRZP264MB26175F2464960D8AA753F411B9182@MRZP264MB2617.FRAP264.PROD.OUTLOOK.COM>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
msip_labels:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=jnet-secure.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: MRZP264MB2617:EE_|PR0P264MB3291:EE_
x-ms-office365-filtering-correlation-id: f6002da7-cc88-48f7-2f5c-08dd348a88ef
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|376014|1800799024|366016|8096899003|38070700018;
x-microsoft-antispam-message-info: unbWkbTyoXZag6dyAhrOKNz2o4kXgWysFNdGQPqHd/q9cS2YWo4sy/ITApF0GUlCbbtOHMDWLJbxXbDG2yUmgqPchQBy3NO8J34dm2IyTrCR6NqqiM35nS7FSNu2B8AemSaHH39Ot3y638mI+0FMVsS/JTLVVx2w/aAf4etWosB0PlAyg1mPHdGXZ7wFBXx2c+E4KPYRem9zUxv9VfokXWzb3G3BV7EvQECv4ffuiXtlCdro9G2DNN9DgMH0iFgIWkn8q342SuDioe++vmDEGc6ecjK1Ed0bzsKrkiEACy/njpNjf4yRo0gQhinVrUumWpkOQYtizItjINNtW5lxD1IpW2CARpe7tUr7Mj4FLa/b7e9zz5faMwe1IgcJa6/e7gCx4+lpJtuz8uG0EwpLLQ3ct+SH0newpQhktMeEozD37d0GaMhrIqxZ3ktwcbM0Pw6g57rYcewl8pxv5+H9avfglm5DCmQ9oa66d3wu1NNdvrD/1DZEGulUPPITe0ERDNOi19Qs9T4uyo7ao2sn63KCcF4T0Mx/DLZW0jpxRl1X364Ve/gA+xhAKPRjQUm264CWpyqkN5dPFcRVQAkZqi4VmR2xVFwn3XSct5uiGSSFWgXwXlpnudEaeKoLCCSI0gU2sbbfaOOpmMxYYVdV/gOwNawQJdCeDaB1cssB8ouU/N6R6zBmKrzfF0EiACLApWRccBoYPhF2rM8eZH+I2CwWXVgvL/nnlDRu765JyT1xP88yxOJpip8gmX6fxN1a2ufTluuGaArWX8Nrh3U5VsbXWZS7uTWPsgIha8uzvWB3wtF1y5QaRLMxUmc5BmEXb4ciBJqVwPSNJ/J0KHhkp/sbqAnVh5TmqHN8U1L/BUWrFqzSdiA1b+PvgHNZF97QJcotx7FVtYY9whoKdpscWzrlh2RRt++1cFFTVd3tfBJAZwYhzgTBjaaN/qJJcXcjQshVHvImZOIzLgjG99Cvn/0JTTZ/zw1tk+sXyEp+8jg1KGTIOyGW87s8lZ5owNvnJThgmXrxDlKpONIUQF7Rwpt24OCfU774EOdUwHBch82lXua5UXa2KDyh25ZtSqpnEHi8OWZ7NvE3zjawBlMCj3UHyASqLPoCkVRttg6aEN5uAzFjouXj5Geg4orgQ/VHOYghXWWXPEwIKnz78g33hmZ9Tpr5k8pf0N/mz9cJc5O72Ye9QMD59vb1mOJuZmK1T8XOZR/zUI0g/vXGlznjZXzHXIupMHodCUt7gXdl1oAndwFUvK58hgXfeTWLgJCCZbxuAM9nB55TFYoEzJIq79eYI6G8ob9M3dk3uDaI6Jixgeiniqudh+EGlsZVyeylMXSbVH24KPME0rAqwJu3EoesVDsUVGrSOf7HeXXrOdlraPZS3Ulz8Qhvt0sqkuO2
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MRZP264MB2617.FRAP264.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(376014)(1800799024)(366016)(8096899003)(38070700018);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: MNRmyVd/IvFSTEw6128TLbewNvJjChh+COllPeHq+Bh7jqpv9/t6JqVNk53rB7CaT0JAOFkNyTE7hPQMDccpKrhP6S+uoXTVh5v4J5vyLv//M1bN1WUwVNTjne2HdKSpck4rjN8ftmdor9cVxlgEvZPAh08uOYAHE8Bo0nKxZXzdTEYnAtiCINf3a5LmrLqMOIUCzkpURqY9xP0ElaiuxElFa7TfKssGAPDIjsbR+GOBLzF+kbZCsgPoaXaK4VyNeSSUrrkHXfP+ONZs1ChnJNofKtamFNIqhvfKHfG15/8QZFD2TyJK64fAb5YGRnIwldyUtG221n2woKbft66fUCuNiUgeRe6Lo4JpCQxxL18SsYDDPQrBznoc663BnRY19fsTvTDWXrL2OtgHL9Qre+tZ2MdPhvZ8FCkD4rZViJQXtyggiy7oMQmqqiw7/5SWpUqoNHg2uL1v3Bz0t1MzQZJPWYFHniE7N3kTGXP+ZfJ4j/W4PVxwLLkHwsEhZenLDISWX6xqORXQPNOQJRMxZ2/OCv1gYOji5DgHJzpn/KJ9uYFGGsfNIkCdt74XrH5F8aRfMUAhqYNnjdrtTAFtBlAmI+PfFeqYimHd1HHL3GSgUlMpukB2Zi6SCEV98btVw1ZqW9Z8ohLppGhNpMtjKVHUa2fwshLRutTh97OKgzSKM+8nZc1NfgbvXjbSpCeoh14j5gZ1dz5tY5jtJ88RiC+UIGhBNbXANSzD6XBGbaJ5iEB+/WFcn4Vsv30Mcl5QmEl5tE3oly3tdiDnWGSsP/OWbe0AlGKZq8qB503DIwFmH3uLBJaecXpdvkV+AHbPJtyjkj1kjjW85xJm1+gPGjmtyJt7T9ePvyku7QeD8EGw+Tn9TEHsYIaYJd5XvwhhDAhTGnXDbP630gXLa9fVT4t28JA6240syvuhYwMEe7gxFG01h+zCSrCgfJ74pMSda6GlgDxrXIrKomeywPsVFEOd8HNZqA5ckwbXcNB4Ao7l/GT1ooqp2R2Z5z15+TzTTLUXU7WwW9v5W4pUJjoH1+TTAQ6/lfh0SbKbCqGbA/sUnxesDxui+Li0CcORdy8dUHX0YXO+e/VcoljrcBIonDLS6logqcW8l5HQo9iBK2/9Z5HY6tJO/p86lRh08ybV2AGRYjRDRI2yDO7I61auBDXLYpmclovVMhYFGD4c3CF577XX0iRDovubJktIhlEu5tPm3TixQxH/pxKtdhn5aFRohTGYBcjFIbsa6PbaF3OKKToZq2V00JWlIQdjPmOXrIlnWTHVvGUcB79IVPF2zAPEHqeKQHv/I6AgyYYuIhiSyDa+ukhFcKQqlfY4JDlNFdl3FNzpX4ZIjyGSIv3sk1hg/MFN1Mt5RXHXGs4L9LKJXTxSLQ7HFdMqWtC9SXLf6K+a9TZ8F+woIvbsV36VEm5xtyk4cDoiPe3to1lt7CceqVNcAvE2H1BSbJdMW7+KttYSGUCiM9TwTtyuJ5nvi3jT3denVbZOwY+epODQjg6AHSWAfYfacFMXgEtyW9G+G2YD2pmhCKL3UdSz9OFwhC7MnN9Fvr1oRl9DFUCsvryibVz11VBT5OjVWcnmkBIyvOjcPX+CZZy8lJRzGtcnKg==
Content-Type: multipart/related; boundary="_005_MRZP264MB26175F2464960D8AA753F411B9182MRZP264MB2617FRAP_"; type="multipart/alternative"
MIME-Version: 1.0
X-OriginatorOrg: jnet-secure.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MRZP264MB2617.FRAP264.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: f6002da7-cc88-48f7-2f5c-08dd348a88ef
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Jan 2025 10:59:36.3708 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 06e2d1d8-2621-47bf-aadc-463ea2dd0f9f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: s7oqegryF7hrsfEvaTLD6/lercYzr0fMbz67Plaas/mKyFmDl5AJeyxbDDQPSGWplZ6p+cuEnbpkKvM28vQjmyC+adOkFhVokml/rQpZSnc=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR0P264MB3291
X-MailFrom: paul.repellin@jnet-secure.com
X-Mailman-Rule-Hits: nonmember-moderation
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-openpgp.ietf.org-0
Message-ID-Hash: CQHJITEN6IKGVMTSO4U4IJ2V524SKUBJ
X-Message-ID-Hash: CQHJITEN6IKGVMTSO4U4IJ2V524SKUBJ
X-Mailman-Approved-At: Tue, 14 Jan 2025 03:03:40 -0800
CC: Mikhail Friedland <mikhail.friedland@jnet-secure.com>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [openpgp] Open PGP Specification 3.4 Questions and Clarifications
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/-QmNkHetMqZuE-P98XC4j1mFxIs>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Owner: <mailto:openpgp-owner@ietf.org>
List-Post: <mailto:openpgp@ietf.org>
List-Subscribe: <mailto:openpgp-join@ietf.org>
List-Unsubscribe: <mailto:openpgp-leave@ietf.org>

Hi !

I am getting interested in Open PGP Javacard Applet and I'm analyzing the impact on UIF ( User Interaction Flag) being implemented on top of a mandatory Open PGP Applet.

I do have few questions where the specification do not provide sufficient details on what the behavior is expected for the applet under User Interaction flag. Hopefully I found the good contact information for this kind of questions.

Here is the list of questions :

  *
Is the General Feature Management setup should be hardcoded based on the platform it is on ? I feel this could be set the same way as the UIF for CDS DEC and AUT with some options of enabled or permanently enabled so that a same applet could run on either a hardware with button keypad or so or without and still share the same cap file. In acse the put data command is not an option, could we use C9 parameters to configure this DO ?
  *
Does the UIF need to match the General Feature Management bits ? I mean does do we need to check UIF put data command to see if the UIF being setup matches the one present in the General Management Feature.
Example : Button is not set in General Feature Management but admin is setting up button as part of a put data command  for PSO:CDS. Should this return for example conditions not satified ?
  *
Usage of UIF in Internal Authenticate :  The UIF is defined for PSO:AUT. Does it replace User PIN Code ? Is it always in addition ? Or should a configuration be set in order to should one of the 2 options ?
  *
Usage of UIF in Internal Authenticate : Does the Internal Authenticate with Secure Messaging applies the UIF as well  ?

Thank you very much in advance for your feedback on those questions.


Best Regards,



[cid:7ff658f9-589e-4e9f-945e-4270ca090a4e]

Paul Repellin

Directeur de Site France

jNet Secure



Phone: (+33) 04.78.21.78.48

Mobile: (+33) 06.81.48.97.97



Email: paul.repellin@jnet-secure.com<mailto:paul.repellin@jnet-secure.com>



14 Chemin du Jubin

69570 Dardilly

2ème étage



www.jnet-thingx.com<http://www.jnet-thingx.com/>



[Title: LinkedIn - Description: image of LinkedIn icon]<https://www.linkedin.com/in/paul-repellin-74520a88/>

v2.36.0 | Report a Bug | By Email | System Status