Re: [openpgp] Genart last call review of draft-ietf-openpgp-crypto-refresh-12

Daniel Kahn Gillmor <dkg@fifthhorseman.net> Wed, 29 November 2023 19:25 UTC

Return-Path: <dkg@fifthhorseman.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A218C15C2BB; Wed, 29 Nov 2023 11:25:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.313
X-Spam-Level:
X-Spam-Status: No, score=-1.313 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, RDNS_NONE=0.793, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=fifthhorseman.net header.b="gHs+dG1L"; dkim=pass (2048-bit key) header.d=fifthhorseman.net header.b="DN4QOEtL"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fgyKUZJRsTmd; Wed, 29 Nov 2023 11:25:55 -0800 (PST)
Received: from che.mayfirst.org (unknown [162.247.75.117]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3CCC7C14CF1C; Wed, 29 Nov 2023 11:25:53 -0800 (PST)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019; t=1701285952; h=from : to : cc : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=Jma4NfQNEhOW3GlpMvX06t3jqM0kSafe18GzNvdZ0Ic=; b=gHs+dG1Le/6A1Juuba7nwDTStkIfvWMbzCvajZ/UKv05+ieBT2fYVtnt7JqAJuX7H3sdV pP/8S2V4csIjnRFCg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019rsa; t=1701285952; h=from : to : cc : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=Jma4NfQNEhOW3GlpMvX06t3jqM0kSafe18GzNvdZ0Ic=; b=DN4QOEtLUNAmnX9LoIZQEjOc3XNoWUs6NBLYdoHkaKWl6nuGQ7vVm4H8cuaemJI9UL1OF EEJqj2HxO0ZExzSK8UOfWLw9p/H+gq+sbKejDz4kX1TnsztFP97d/+K3RYhiethDoFCbUAM L5JAw/YRyCxugbBWVb/Z+9GaLrNyiT7pusMJ8dOv3i5mFBUJdULaYeJxmqIdNo4yIwsauy5 FPZ/v4WN8iv8z+N8g1YczIiPPnZaE4de9p1EkDaJXD7RijR2przX5e4XkYB1RRKCOzaVMXq 31ON2cX1Efj5PDwy++phXL9eAAEZ8lVjHrQeSfKz4JvNbjbCewSpJoIDmPCw==
Received: from fifthhorseman.net (AMERICAN-CI.ear2.NewYork6.Level3.net [4.59.214.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id 879C7F9E6; Wed, 29 Nov 2023 14:25:52 -0500 (EST)
Received: by fifthhorseman.net (Postfix, from userid 1000) id 848BF20479; Wed, 29 Nov 2023 14:25:50 -0500 (EST)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Linda Dunbar <linda.dunbar@futurewei.com>, gen-art@ietf.org
Cc: draft-ietf-openpgp-crypto-refresh.all@ietf.org, last-call@ietf.org, openpgp@ietf.org
In-Reply-To: <170128013486.27263.12173786341571585191@ietfa.amsl.com>
References: <170128013486.27263.12173786341571585191@ietfa.amsl.com>
Autocrypt: addr=dkg@fifthhorseman.net; prefer-encrypt=mutual; keydata= mDMEX+i03xYJKwYBBAHaRw8BAQdACA4xvL/xI5dHedcnkfViyq84doe8zFRid9jW7CC9XBiI0QQf FgoAgwWCX+i03wWJBZ+mAAMLCQcJEOCS6zpcoQ26RxQAAAAAAB4AIHNhbHRAbm90YXRpb25zLnNl cXVvaWEtcGdwLm9yZ/tr8E9NA10HvcAVlSxnox6z62KXCInWjZaiBIlgX6O5AxUKCAKbAQIeARYh BMKfigwB81402BaqXOCS6zpcoQ26AADZHQD/Zx9nc3N2kj13AUsKMr/7zekBtgfSIGB3hRCU74Su G44A/34Yp6IAkndewLxb1WdRSokycnaCVyrk0nb4imeAYyoPtBc8ZGtnQGZpZnRoaG9yc2VtYW4u bmV0PojRBBMWCgCDBYJf6LTfBYkFn6YAAwsJBwkQ4JLrOlyhDbpHFAAAAAAAHgAgc2FsdEBub3Rh dGlvbnMuc2VxdW9pYS1wZ3Aub3JnL0Gwxvypz2tu1IPG+yu1zPjkiZwpscsitwrVvzN3bbADFQoI ApsBAh4BFiEEwp+KDAHzXjTYFqpc4JLrOlyhDboAAPkXAP0Z29z7jW+YzLzPTQML4EQLMbkHOfU4 +s+ki81Czt0WqgD/SJ8RyrqDCtEP8+E4ZSR01ysKqh+MUAsTaJlzZjehiQ24MwRf6LTfFgkrBgEE AdpHDwEBB0DkKHOW2kmqfAK461+acQ49gc2Z6VoXMChRqobGP0ubb4kBiAQYFgoBOgWCX+i03wWJ BZ+mAAkQ4JLrOlyhDbpHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3Jnfvo+ nHoxDwaLaJD8XZuXiaqBNZtIGXIypF1udBBRoc0CmwICHgG+oAQZFgoAbwWCX+i03wkQPp1xc3He VlxHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnaheiqE7Pfi3Atb3GGTw+ jFcBGOaobgzEJrhEuFpXREEWIQQttUkcnfDcj0MoY88+nXFzcd5WXAAAvrsBAIJ5sBg8Udocv25N stN/zWOiYpnjjvOjVMLH4fV3pWE1AP9T6hzHz7hRnAA8d01vqoxOlQ3O6cb/kFYAjqx3oMXSBhYh BMKfigwB81402BaqXOCS6zpcoQ26AADX7gD/b83VObe14xrNP8xcltRrBZF5OE1rQSPkMNy+eWpk eCwA/1hxiS8ZxL5/elNjXiWuHXEvUGnRoVj745Vl48sZPVYMuDgEX+i03xIKKwYBBAGXVQEFAQEH QIGex1WZbH6xhUBve5mblScGYU+Y8QJOomXH+rr5tMsMAwEICYjJBBgWCgB7BYJf6LTfBYkFn6YA CRDgkus6XKENukcUAAAAAAAeACBzYWx0QG5vdGF0aW9ucy5zZXF1b2lhLXBncC5vcmcEAx9vTD3b J0SXkhvcRcCr6uIDJwic3KFKxkH1m4QW0QKbDAIeARYhBMKfigwB81402BaqXOCS6zpcoQ26AAAX mwD8CWmukxwskU82RZLMk5fm1wCgMB5z8dA50KLw3rgsCykBAKg1w/Y7XpBS3SlXEegIg1K1e6dR fRxL7Z37WZXoH8AH
Date: Wed, 29 Nov 2023 14:25:49 -0500
Message-ID: <874jh4xsxu.fsf@fifthhorseman.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/7mhG7XYTPtxcJKchVR6jEH0ZUr8>
Subject: Re: [openpgp] Genart last call review of draft-ietf-openpgp-crypto-refresh-12
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Nov 2023 19:25:59 -0000

Hi Linda--

Thanks for your review!

On Wed 2023-11-29 09:48:54 -0800, Linda Dunbar via Datatracker wrote:
> Nits/editorial comments:
> Some of the steps described for "Confidentiality/authentication via Encryption"
> are not clear to me. Hope the authors can answers the following questions:
>
> Section 2.1: Step 3 says that the Sender using Public Key to encrypt the
> Session Key. The  Step 5 says that the Receiver decrypts the Session Key using
> recipient's Private Key. Shouldn't Sender and Recipient use DH with both Public
> Key and Private Key to encrypt and decrypt the Session Key?

When DH is used within OpenPGP for decryption, it involves the
receiver's private key plus an ephemeral share that is packaged
alongside the message itself (in the "public key encrypted session key",
or PKESK packet).

The section you're referring to (§2.1) is a high-level description, and
it doesn't cover all the possible mechanisms available with OpenPGP.
For example, some public key encryption in OpenPGP uses RSA, which
doesn't involve DH at all.  (and as-yet-unspecified quantum-resistant
public key encryption, like ML-KEM, also likely won't use DH, see
https://datatracker.ietf.org/doc/draft-wussler-openpgp-pqc/)

So the contents of the PKESK depends on the specific algorithm used, and
the description in §2.1 describes the overall process without getting
into any particular cryptographic mechanism.

Hopefully this helps understand why that section is written this way.
Please don't hesitate to ask more questions!

          --dkg