[openpgp] draft-koch-openpgp-2015-rfc4880bis-01
Werner Koch <wk@gnupg.org> Tue, 07 February 2023 10:00 UTC
Return-Path: <wk@gnupg.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B176C1516F3 for <openpgp@ietfa.amsl.com>; Tue, 7 Feb 2023 02:00:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.096
X-Spam-Level:
X-Spam-Status: No, score=-7.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=gnupg.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oE14bgu-r6I6 for <openpgp@ietfa.amsl.com>; Tue, 7 Feb 2023 02:00:10 -0800 (PST)
Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AFDA5C1516E0 for <openpgp@ietf.org>; Tue, 7 Feb 2023 02:00:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnupg.org; s=20181017; h=Content-Type:MIME-Version:Message-ID:Date:Subject:To:From: Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=Y0L3QHvDB23UuMmg2eVyHP+g6j/19gtTuuq4xwj+00w=; b=KXuEKe8/og5TGBkgByph8sNZyf Zxf6UcQc88KwQe7WNOP+6NFILK5oZISGxB1cPF55uWfNgAszJwC/s8l5t1DPLW3IK3AWQqWFtty0W WQrFPz9bdU/Na5PF+A69lTJZibauD0FuTy58/olPmSEp5Ds0yhoNofUylJFD6vD1+7j8=;
Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.89 #1 (Debian)) id 1pPKlm-0000iR-Uk for <openpgp@ietf.org>; Tue, 07 Feb 2023 11:00:11 +0100
Received: from wk by wheatstone.g10code.de with local (Exim 4.92 #5 (Debian)) id 1pPKle-0005HG-M6 for <openpgp@ietf.org>; Tue, 07 Feb 2023 11:00:02 +0100
From: Werner Koch <wk@gnupg.org>
To: openpgp@ietf.org
X-message-flag: Mails containing HTML will not be read! Please send only plain text.
Jabber-ID: wk@jabber.gnupg.org
Mail-Followup-To: openpgp@ietf.org
Date: Tue, 07 Feb 2023 10:59:53 +0100
Message-ID: <87ilgdyew6.fsf@wheatstone.g10code.de>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=World_Trade_Center_Putin_FINCEN_Stego_distributed_denial_of_service="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/9WvO9ETZKpXXWdZSd1q-TXRF-7g>
Subject: [openpgp] draft-koch-openpgp-2015-rfc4880bis-01
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Feb 2023 10:00:15 -0000
Hi, I did some minor updates to draft-koch-openpgp-2015-rfc4880bis. Here is the list of relevant changes: * Remove EAX samples EAX should not anymore be used thus samples are superfluous. * Rename AEAD Encrypted Data Packet to OCB Encrypted Data Packet. The mix of the terms AEAD and OCB is hard to understand; thus we now use nearly always OCB. We also rename "AEAD algorithm" to "encryption mode" because that is the more common term. The "Preferred AEAD Algorithm" subpacket has been renamed and deprecated. EAX mode has been deprecated. * Add OIDs for X448 The OID was missing. * Reserve packet type 26 GnuPG may eventually implement the use of X.509 certificates along with OpenPGP certificates. The idea is to allow sending of just one encrypted file despite that the recipients use different PKIs. * Move ECDH parameters to a separate paragraph Also deleted outdated or obvious security notes and added a missing Brainpool parameter. * Remove the Suite B profile stuff. I see no need to advertise legacy curves. * Make Brainpool also SHOULD curves The reason is that in Europe Brainpool are required curves in many domains and thus it is important to declare that support for Brainpool is useful. Note that for backward compatibility NIST curves are still MUST implement. * Fix composition of public key blocks. In the course of the reformatting actions of the draft a regression against 4880 was not fixed (Zero User ID packets). The reason for introducing zero User ID packets might have been the idea to express that an Attribute packet may be used instead of a User ID. However, that should either be clarified in the comments or left to the implementation. The second fix is to require at least one Signature packet after a User ID and Attribute packet. This was wrong in 2440 and 4880 but is cryptographically required. For the actual commits see: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=people/wk/rfc4880bis.git Formatted diff between -00 and -01: https://author-tools.ietf.org/iddiff?url1=draft-koch-openpgp-2015-rfc4880bis-00&url2=draft-koch-openpgp-2015-rfc4880bis-01&difftype=--html Draft URL: https://www.ietf.org/archive/id/draft-koch-openpgp-2015-rfc4880bis-01.txt Shalom-Salam, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein