IETF Logo Mail Archive

Re: [openpgp] To bind or not to bind

Daniel Huigens <d.huigens@protonmail.com> Fri, 22 March 2024 20:17 UTC

Return-Path: <d.huigens@protonmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 78DECC15152E for <openpgp@ietfa.amsl.com>; Fri, 22 Mar 2024 13:17:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.103
X-Spam-Level:
X-Spam-Status: No, score=-2.103 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=protonmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t1RiWmA28enp for <openpgp@ietfa.amsl.com>; Fri, 22 Mar 2024 13:17:52 -0700 (PDT)
Received: from mail-40131.protonmail.ch (mail-40131.protonmail.ch [185.70.40.131]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 18880C15152C for <openpgp@ietf.org>; Fri, 22 Mar 2024 13:17:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1711138669; x=1711397869; bh=iTLJ+Ay9fm1gl8i2vHbx1woyGE+IlcPOV4hubkJFVFU=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=tm/jCEbUed10EvcmlrKol1ZsPIM54RjhQIeA/TFcaI9H5SfMKRVYgAukb4NSRCbEp RgUy49Ekr5r0OKSTihlLR2B7SXBJip4niCOzN9ExRagyUQi5yhPAPV5AJvzKmIsQb4 CnW8pIUY6hcPyspMdI3dkE9tEwBcq4NUPVf4ZrUcVnzy1aGH/7WQ3KSPQ1EG/WQs8E TFWzvouI/iAD5822Ikvk8jIu3KmgyDzsqukffIVdN1ixyFlemqYzbjQy5hoJNOvcFm Oe9jD45ZnpBik+wlhEkbJhZxdlBxG9KxrATxWfvFYBL1125Cr6JMB4iQ+7MkRYfaw0 jzdYwTyF8OLYQ==
Date: Fri, 22 Mar 2024 20:17:43 +0000
To: Andrew Gallagher <andrewg=40andrewg.com@dmarc.ietf.org>, Falko Strenzke <falko.strenzke@mtg.de>, Kai Engert <kaie@kuix.de>
From: Daniel Huigens <d.huigens@protonmail.com>
Cc: Justus Winter <justus@sequoia-pgp.org>, Aron Wussler <aron@wussler.it>, openpgp@ietf.org
Message-ID: <Oc3B14xagqpcToZdfQTIYHn_AolBg0i0_DTI4wPnXkFJntVv6A8hvmCMFUK9gjaK-gtfQLGnuQaTqqJzgz71IvhHutyn8Yd4UAErTOHXmzk=@protonmail.com>
In-Reply-To: <23B46D65-EAF7-43D0-A5F1-04D28B698559@andrewg.com>
References: <87a5mqi0xi.fsf@europ.lan> <23B46D65-EAF7-43D0-A5F1-04D28B698559@andrewg.com>
Feedback-ID: 2934448:user:proton
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/7FgF5yQgaQJMQSW0Mq4WQrHhiio>
Subject: Re: [openpgp] To bind or not to bind
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Mar 2024 20:17:56 -0000

On Friday, March 22nd, 2024 at 19:51, Andrew Gallagher wrote:
> Is it possible to update this test with the optional flag that Falko mentioned, to see if it improves RNP’s score on line 3? If it does, I’d argue that this is no longer fatal - gopenpgp v2 has been superseded already, and pgpy is fairly niche.

Do applications using rnp (e.g. Thunderbird) use this flag, though?
If not, I'd argue the test result is still relevant, but perhaps
applications could be updated to use the flag (and/or rnp could be
updated to change the default, of course).

Btw, GopenPGP v3 is not released yet, but we'll do so soon(tm).

FWIW, there is another potential interop problem, around PKESKs with
unknown algorithms [1]. PGPainless and PGPy fail to parse those.
Hopefully that can be fixed as well, but for the time being, it means
that if you want 100% interoperability, you might have to send two
separate messages anyway.

However, if we allow using PQC with SEIPDv1, you could still encrypt
once and then just split the PKESKs, and reuse the SEIPDv1 packet, so
that's something at least.

Best,
Daniel

[1]: https://tests.sequoia-pgp.org/#Messages_with_unknown_packets

v2.23.0 | Report a Bug | By Email