Re: [openpgp] Sec. Considerations MUST about S2K [was: Re: I-D Action: draft-ietf-openpgp-crypto-refresh-02.txt]

Ángel <angel@16bits.net> Thu, 25 March 2021 00:31 UTC

Return-Path: <angel@16bits.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 49C7C3A13B0 for <openpgp@ietfa.amsl.com>; Wed, 24 Mar 2021 17:31:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ld6N1XB7AAHg for <openpgp@ietfa.amsl.com>; Wed, 24 Mar 2021 17:31:01 -0700 (PDT)
Received: from mail.direccionemail.com (mail.direccionemail.com [199.195.249.9]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D63973A13AE for <openpgp@ietf.org>; Wed, 24 Mar 2021 17:31:00 -0700 (PDT)
Message-ID: <fe514371632287e762d6f320edaf106a93dca047.camel@16bits.net>
From: =?ISO-8859-1?Q?=C1ngel?= <angel@16bits.net>
To: openpgp@ietf.org
Date: Thu, 25 Mar 2021 01:31:00 +0100
In-Reply-To: <4a4f4ca9aa11c850bfcd5ebde7e3d57f51fdf38a.camel@16bits.net>
References: <7d8bdda1-4e5c-6c10-f3cd-1d191fad595c@nohats.ca> <87h7lzavvc.wl-neal@walfield.org>,<87mtvqcdtk.fsf@fifthhorseman.net> <1614483966879.85613@cs.auckland.ac.nz> <4a4f4ca9aa11c850bfcd5ebde7e3d57f51fdf38a.camel@16bits.net>
Content-Type: text/plain; charset="ISO-8859-15"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/3n9FbH67uhP0aOBL3HX_bnJw8Ow>
Subject: Re: [openpgp] Sec. Considerations MUST about S2K [was: Re: I-D Action: draft-ietf-openpgp-crypto-refresh-02.txt]
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Mar 2021 00:31:05 -0000

On 2021-02-28 at 23:09 +0100, Ángel wrote:
> I would suggest a didactic approach, something like
> > Simple S2K and Salted S2K specifiers are not particularly secure 
> > when used with a low-entropy secret, such as those typically
> > provided
> > by users, and implementations SHOULD avoid using these methods on
> > encryption of both keys and messages.
> 
> Best regards

As there were no further opinions, I have proposed this on

https://gitlab.com/openpgp-wg/rfc4880bis/-/merge_requests/42


Note: I'm purposefully not adding anything at the Security section.
That section is currently a chaotic mixture. I think it would be best
to keep local issues at their corresponding section (maybe even
creating security subsections) and leave §15 for general one. By its
own nature, this spec will have many security-related points, and we
can't expect to repeat everything there.
In any case, imho we should organize it first, stripping it as much as
possible. It can be discussed later if some points really need to come
back.

Best regards