IETF Logo Mail Archive

Re: [openpgp] To bind or not to bind

Justus Winter <justus@sequoia-pgp.org> Fri, 22 March 2024 18:20 UTC

Return-Path: <justus@sequoia-pgp.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 91A5DC14F70A for <openpgp@ietfa.amsl.com>; Fri, 22 Mar 2024 11:20:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.108
X-Spam-Level:
X-Spam-Status: No, score=-7.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (4096-bit key) header.d=sequoia-pgp.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4VBs7vgvJcPa for <openpgp@ietfa.amsl.com>; Fri, 22 Mar 2024 11:19:57 -0700 (PDT)
Received: from harrington.uberspace.de (harrington.uberspace.de [185.26.156.85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C1FACC14F5FF for <openpgp@ietf.org>; Fri, 22 Mar 2024 11:19:56 -0700 (PDT)
Received: (qmail 2650 invoked by uid 500); 22 Mar 2024 18:19:54 -0000
Authentication-Results: harrington.uberspace.de; auth=pass (plain)
Received: from unknown (HELO unkown) (::1) by harrington.uberspace.de (Haraka/3.0.1) with ESMTPSA; Fri, 22 Mar 2024 19:19:54 +0100
From: Justus Winter <justus@sequoia-pgp.org>
To: Aron Wussler <aron@wussler.it>, "openpgp@ietf.org" <openpgp@ietf.org>
In-Reply-To: <EGivTgyfjNm_TAvhds1OPA2c0O6LP9lFnkwWHHKLJY8ReJOgtDh3tnYsCSR8yrrBLbpeehtUgIJEhynae8L3daRimNiGO7BAb3cVvC66q-4=@wussler.it>
References: <EGivTgyfjNm_TAvhds1OPA2c0O6LP9lFnkwWHHKLJY8ReJOgtDh3tnYsCSR8yrrBLbpeehtUgIJEhynae8L3daRimNiGO7BAb3cVvC66q-4=@wussler.it>
Date: Fri, 22 Mar 2024 19:19:53 +0100
Message-ID: <87a5mqi0xi.fsf@europ.lan>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
X-Rspamd-Bar: -----
X-Rspamd-Report: BAYES_HAM(-2.906003) SIGNED_PGP(-2) MIME_GOOD(-0.2)
X-Rspamd-Score: -5.106003
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=sequoia-pgp.org; s=uberspace; h=from:to:subject:date; bh=B1uDFYOT+GQ8BCExMhOe6VtHY8syVevqXN1KYvTUkAk=; b=PaAxvc/zT3vf0iMALVFv3fOk7zDEP8tFfjOI850GUZc865N8bXS+QqS/5iBja6VGHocgCcXKuC HgWsyYClcLJTHE2u6OQv5JTgca+NLRUVhzeQB8GBOFMmUVjgvGLagqKzjVkTjCMkdzARIFlPtAdN 9qb14fgxBIBPqY/i6yVSkyUUBqzIDY0h0Pk4/OvZkzQKntkZB/vhhay12mpsim94FF68SFKw/svT ocNoSe3bOmxloQutoPzPdKhwImG0LwG3Gnl3QMOD6kcIMhwzMsgHelCtn5x1xPUMij/16wccr+dy h3frKcds/Q45uogT1V7pX1O2qnyq0lBOkkW2KJKy1JWgulwDLBSQjdU/AR50rGPa1xEZ9zJMQh/8 RaLNRW4sYzzCvkF2xwRhzrBLbKDnlhs+rnrJPIoDP8+WyyHZ/KKGoW+pG3/ew/qAyTiL4nxO/f19 EiCch1KtdmWCoSzog/M9eR9RrDg1838f/Qqgnbn20YoKd2nqBsZPeCAh1+t+hyrkImILO+tBvw+6 NfwEwLtVBv2DXEfGPzw1y4B4xlx5257SwfZYCeQ0H/pfZHHi2w6Rm7ZMTN0cqr0NN0GbvN7ofbdR L2NaquHzvKz8WnSr4bOHliGx6LPMazFr0TZlJFw6MqsHc8Qcw/GihqJWjDZaUmDVqfRluKN2dn2l Q=
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/2HHVOgNmGd5GkKRKCE25nyPBtvk>
Subject: Re: [openpgp] To bind or not to bind
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Mar 2024 18:20:01 -0000

Hi,

for completeness, here is my preference:

Aron Wussler <aron@wussler.it> writes:

> Here's the follow-up on the dilemma we had at the IETF 119 session, whether PQC encryption should be bound to V6 or allowed with V4.
>
> Note that this translates into two different issues:
>
>  (1) Whether PQC encryption algorithms can be used only in v6 keys

Yes, do bind PQC to v6 keys:

- Move to PQC is either intrinsically motivated or a regulatory
  requirement.  Moving to v6 OpenPGP doesn't have the same advantage, so
  let's leverage the motivation to move to PQC to get v6 adopted
  quickly.

- v4 OpenPGP implementations are not robust enough to handle unknown
  subkeys.  Adding PQC encryption subkeys to v4 certificates is not a
  viable opportunistic upgrade path, but a way to make your existing
  certificate unusable:

  https://tests.sequoia-pgp.org/#Mock_PQ_subkey

- There is precedent for restricting algorithms to certain packet
  versions:

  https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-13.html#section-9.2-6

>  (2) Whether PQC encryption algorithms can be used only with SEIPDv2

No, don't bind PQC encryption to SEIPDv2.  It should be possible to have
a "PKESKv3(classical) PKESKv6(PQC) SEIPDv1" message:

- In contrast to adding subkeys with unknown algorithms, this kind of
  message is well supported:

  https://tests.sequoia-pgp.org/#Messages_with_unknown_packets

Best,
Justus

v2.23.0 | Report a Bug | By Email