Re: [openpgp] Context Parameters for Signing and Encryption
Falko Strenzke <falko.strenzke@mtg.de> Tue, 07 February 2023 12:14 UTC
Return-Path: <falko.strenzke@mtg.de>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 972D4C16B5AE for <openpgp@ietfa.amsl.com>; Tue, 7 Feb 2023 04:14:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mtg.de
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Rtuc3FwYgShC for <openpgp@ietfa.amsl.com>; Tue, 7 Feb 2023 04:13:57 -0800 (PST)
Received: from www.mtg.de (www.mtg.de [IPv6:2a02:b98:8:2::2]) (using TLSv1.3 with cipher TLS_CHACHA20_POLY1305_SHA256 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E1CBAC16B5AC for <openpgp@ietf.org>; Tue, 7 Feb 2023 04:13:56 -0800 (PST)
Received: from minka.mtg.de (minka [IPv6:2a02:b98:8:1:0:0:0:9]) by www.mtg.de (8.17.1/8.17.1) with ESMTPS id 317CDmwU020157 (version=TLSv1.3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256 verify=NOT); Tue, 7 Feb 2023 13:13:48 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mtg.de; s=mail201801; t=1675772028; bh=Jv6GcDGDZPP9rDHn2hht1mO64VtSzKcs2Z6z5GwsVbc=; h=Date:Subject:To:References:From:In-Reply-To; b=Ulgf7F3htKN67cyOqa+/0v54eq+NwSzSw2PX/pAqPP2kBVXuYX8jg7Q807HdhIOEU o3ex9n6VWmlejUogzavq85z5cYNeydUqd+CT8kJZUh04i+bhEE5XFTO79nl9qVhNqk kiI74T9lXZTPVdVFQ1y5Hx+41K5TB8XFsD9Ghcs0LCYD5YbXkxiPUD4jk7ovGB1TRN 59UvnmRFXVRuWbr2PqmIIlgacRBsuOF8Vcql1FyJvfzph4gXuC5FHZ7bzRdxBb3AnZ gaW4N4VybhhykZEB0+W7b+TkPEEeJE/4JO/P7CoczL1WnBZjM7l4p4v0So715ySslN 19JJqeAd5E8/Q==
Received: from [10.8.0.100] (vpn-10-8-0-100 [10.8.0.100]) by minka.mtg.de (8.17.1/8.17.1) with ESMTPS id 317CDlIu023342 (version=TLSv1.3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256 verify=NOT); Tue, 7 Feb 2023 13:13:48 +0100
Message-ID: <e739c67e-b1e5-bcd7-9826-fb3a1665cf90@mtg.de>
Date: Tue, 07 Feb 2023 13:13:47 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.7.1
Content-Language: de-DE, en-GB
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, openpgp@ietf.org
References: <87y1pcm3go.fsf@fifthhorseman.net>
From: Falko Strenzke <falko.strenzke@mtg.de>
In-Reply-To: <87y1pcm3go.fsf@fifthhorseman.net>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-512"; boundary="------------ms040901080703010401070800"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/8IHrf1m7Lp_jMf_4NK-2AV4Inlg>
Subject: Re: [openpgp] Context Parameters for Signing and Encryption
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Feb 2023 12:14:02 -0000
I briefly looked into https://www.nds.ruhr-uni-bochum.de/media/nds/veroeffentlichungen/2020/12/06/schwenk2020.pdf As I understand, the mitigation they propose will lead to false positives under certain circumstances, depending on on involved MTAs. "We evaluated how eleven popular email service providers [...]". Is this really sufficient? I am far from being an expert in mail delivery, but in my understanding any commercial or self-hosted MTA could have a different effect on their countermeasure, potentially leading to false positives. False positives here seems to mean an undecipherable message arriving at the recipient. Has someone looked into how far the context parameters that OpenPGP would support would be affected by this? In my opinion, a false positive rate > 0 would be unacceptable and probably lead to clients not implementing that feature. Maybe someone with a greater understanding of this topic can elaborate on this. - Falko Am 05.02.23 um 18:23 schrieb Daniel Kahn Gillmor: > Hi folks -- > > we need to resolve whether there will be a context parameter added to > the crypto-refresh, for signing, and for encryption. i'd like folks to > be clear aobut whether they're talking about signing or encryption, but > we can use this thread for both. > > The mechanisms and use cases for signing and encryption are likely to be > different. > > Seehttps://gitlab.com/openpgp-wg/rfc4880bis/-/issues/145 and earlier > discussion on this list for background. > > The main questions: > > - Should we provide a context parameter for signing for v5 signatures? > > - Should we provide a context parameter for encryption for v2 SEIPD > packets? > > > Interesting subquestion for either of the above: > > - if so, how do we specify or register the context parameter for > different use domains of use? How do we even define these different > "domains"? > > An MR that says "yes, add a context parameter for both" and "don't specify any > specific context or set up a registry for either" is at: > https://gitlab.com/openpgp-wg/rfc4880bis/-/merge_requests/214 > > Please use this thread for this discussion, but remember to clarify > whether you're thinking/talking about signing and encryption. > > --dkg > > _______________________________________________ > openpgp mailing list > openpgp@ietf.org > https://www.ietf.org/mailman/listinfo/openpgp -- *MTG AG* Dr. Falko Strenzke Executive System Architect Phone: +49 6151 8000 24 E-Mail: falko.strenzke@mtg.de Web: mtg.de <https://www.mtg.de> *MTG Exhibitions – See you in 2023* ------------------------------------------------------------------------ <https://community.e-world-essen.com/institutions/allExhibitors?query=true&keywords=mtg> <https://www.itsa365.de/de-de/companies/m/mtg-ag> MTG AG - Dolivostr. 11 - 64293 Darmstadt, Germany Commercial register: HRB 8901 Register Court: Amtsgericht Darmstadt Management Board: Jürgen Ruf (CEO), Tamer Kemeröz Chairman of the Supervisory Board: Dr. Thomas Milde This email may contain confidential and/or privileged information. If you are not the correct recipient or have received this email in error, please inform the sender immediately and delete this email. Unauthorised copying or distribution of this email is not permitted. Data protection information: Privacy policy <https://www.mtg.de/en/privacy-policy>
- [openpgp] Context Parameters for Signing and Encr… Daniel Kahn Gillmor
- Re: [openpgp] Context Parameters for Signing and … Falko Strenzke
- Re: [openpgp] Context Parameters for Signing and … Marcus Brinkmann
- Re: [openpgp] Context Parameters for Signing and … Daniel Huigens
- Re: [openpgp] Context Parameters for Signing and … Daniel Kahn Gillmor
- Re: [openpgp] Context Parameters for Signing and … Daniel Huigens
- Re: [openpgp] Context Parameters for Signing and … Daniel Kahn Gillmor
- Re: [openpgp] Context Parameters for Signing and … Andrew Gallagher
- Re: [openpgp] Context Parameters for Signing and … Daniel Huigens
- Re: [openpgp] Context Parameters for Signing and … Marcus Brinkmann
- Re: [openpgp] Context Parameters for Signing and … Andrew Gallagher
- Re: [openpgp] Context Parameters for Signing and … Bruce Walzer
- Re: [openpgp] Context Parameters for Signing and … Steffen Nurpmeso