[openpgp] draft-koch-openpgp-2015-rfc4880bis-01

Werner Koch <wk@gnupg.org> Tue, 07 February 2023 10:00 UTC

Return-Path: <wk@gnupg.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B176C1516F3 for <openpgp@ietfa.amsl.com>; Tue, 7 Feb 2023 02:00:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.096
X-Spam-Level:
X-Spam-Status: No, score=-7.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=gnupg.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oE14bgu-r6I6 for <openpgp@ietfa.amsl.com>; Tue, 7 Feb 2023 02:00:10 -0800 (PST)
Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AFDA5C1516E0 for <openpgp@ietf.org>; Tue, 7 Feb 2023 02:00:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnupg.org; s=20181017; h=Content-Type:MIME-Version:Message-ID:Date:Subject:To:From: Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=Y0L3QHvDB23UuMmg2eVyHP+g6j/19gtTuuq4xwj+00w=; b=KXuEKe8/og5TGBkgByph8sNZyf Zxf6UcQc88KwQe7WNOP+6NFILK5oZISGxB1cPF55uWfNgAszJwC/s8l5t1DPLW3IK3AWQqWFtty0W WQrFPz9bdU/Na5PF+A69lTJZibauD0FuTy58/olPmSEp5Ds0yhoNofUylJFD6vD1+7j8=;
Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.89 #1 (Debian)) id 1pPKlm-0000iR-Uk for <openpgp@ietf.org>; Tue, 07 Feb 2023 11:00:11 +0100
Received: from wk by wheatstone.g10code.de with local (Exim 4.92 #5 (Debian)) id 1pPKle-0005HG-M6 for <openpgp@ietf.org>; Tue, 07 Feb 2023 11:00:02 +0100
From: Werner Koch <wk@gnupg.org>
To: openpgp@ietf.org
X-message-flag: Mails containing HTML will not be read! Please send only plain text.
Jabber-ID: wk@jabber.gnupg.org
Mail-Followup-To: openpgp@ietf.org
Date: Tue, 07 Feb 2023 10:59:53 +0100
Message-ID: <87ilgdyew6.fsf@wheatstone.g10code.de>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=World_Trade_Center_Putin_FINCEN_Stego_distributed_denial_of_service="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/9WvO9ETZKpXXWdZSd1q-TXRF-7g>
Subject: [openpgp] draft-koch-openpgp-2015-rfc4880bis-01
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Feb 2023 10:00:15 -0000

Hi,

I did some minor updates to draft-koch-openpgp-2015-rfc4880bis.  Here
is the list of relevant changes:

* Remove EAX samples

  EAX should not anymore be used thus samples are superfluous.

* Rename AEAD Encrypted Data Packet to OCB Encrypted Data Packet.

  The mix of the terms AEAD and OCB is hard to understand; thus we now
  use nearly always OCB.  We also rename "AEAD algorithm" to "encryption
  mode" because that is the more common term.

  The "Preferred AEAD Algorithm" subpacket has been renamed and
  deprecated.

  EAX mode has been deprecated.

* Add OIDs for X448

  The OID was missing.

* Reserve packet type 26

  GnuPG may eventually implement the use of X.509 certificates along
  with OpenPGP certificates.  The idea is to allow sending of just one
  encrypted file despite that the recipients use different PKIs.

* Move ECDH parameters to a separate paragraph

  Also deleted outdated or obvious security notes and added a missing
  Brainpool parameter.

* Remove the Suite B profile stuff.

  I see no need to advertise legacy curves.

* Make Brainpool also SHOULD curves

  The reason is that in Europe Brainpool are required curves in many
  domains and thus it is important to declare that support for Brainpool
  is useful.  Note that for backward compatibility NIST curves are still
  MUST implement.

* Fix composition of public key blocks.

  In the course of the reformatting actions of the draft a regression
  against 4880 was not fixed (Zero User ID packets).  The reason for
  introducing zero User ID packets might have been the idea to express
  that an Attribute packet may be used instead of a User ID.  However,
  that should either be clarified in the comments or left to the
  implementation.

  The second fix is to require at least one Signature packet after a
  User ID and Attribute packet.  This was wrong in 2440 and 4880 but is
  cryptographically required.


For the actual commits see:
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=people/wk/rfc4880bis.git

Formatted diff between -00 and -01:
https://author-tools.ietf.org/iddiff?url1=draft-koch-openpgp-2015-rfc4880bis-00&url2=draft-koch-openpgp-2015-rfc4880bis-01&difftype=--html

Draft URL:
https://www.ietf.org/archive/id/draft-koch-openpgp-2015-rfc4880bis-01.txt



Shalom-Salam,

   Werner


--
The pioneers of a warless world are the youth that
refuse military service.             - A. Einstein