IETF Logo Mail Archive

[openpgp] WGLC for draft-ietf-openpgp-pqc [was: Re: I-D Action: draft-ietf-openpgp-pqc-08.txt]

Daniel Kahn Gillmor <dkg@fifthhorseman.net> Tue, 15 April 2025 16:41 UTC

Return-Path: <dkg@fifthhorseman.net>
X-Original-To: openpgp@mail2.ietf.org
Delivered-To: openpgp@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id BDAD01C5C5A6 for <openpgp@mail2.ietf.org>; Tue, 15 Apr 2025 09:41:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=fifthhorseman.net header.b="2J0sqUlP"; dkim=pass (2048-bit key) header.d=fifthhorseman.net header.b="RgMunPmY"
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ty2dEuY4RVya for <openpgp@mail2.ietf.org>; Tue, 15 Apr 2025 09:41:06 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [IPv6:2001:470:1:116::7]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 374EC1C5C541 for <openpgp@ietf.org>; Tue, 15 Apr 2025 09:41:05 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019; t=1744735265; h=from : to : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=aJ28Fq2+GgZm33XEPyPNbpejrJY/XmI4WB31v60d9cM=; b=2J0sqUlP5O+Csaw/+t/pH5wIF4IXGWDc1mpA28T/mA5D7kwau7jruy4mG2dM7TTrwYDss /lQpocGjK/i/U3GBw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019rsa; t=1744735265; h=from : to : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=aJ28Fq2+GgZm33XEPyPNbpejrJY/XmI4WB31v60d9cM=; b=RgMunPmYGiDJYnRb8BNT59oj9GfTf7DlSv9KnIZ3GpVhHPIc/nj2IXu+JddCNVxPC6NCo waUUmU2JgdDA5gWtxnBY8E1ZYsPT65fg/PtpzuZx3l92ExeQNddVGyx1m+DEcjmUNkTFRJj e9yk/dOId0p3UJALDYj93QREmxuXHxaj6l5Z4ht7dPTZbvr17f+8p3sl/A+0sZ4PoS5Pjbb Hz+BnwBGaMwNhBJ+qazwbnGtR42LcUe+lQVYRAKtyR6B9eyBe434oyfm3pKtlW4BI1CGIgV oUd3EwxmubHPcOs5ws+Plv3zyldUqFuGgj3DX6uVLZ3TvPtDbbJe7rlZV8Qg==
Received: from fifthhorseman.net (AMERICAN-CI.ear2.NewYork6.Level3.net [4.59.214.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id 42F13F9B1 for <openpgp@ietf.org>; Tue, 15 Apr 2025 12:41:05 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000) id E4E4913F6B3; Tue, 15 Apr 2025 12:41:01 -0400 (EDT)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: openpgp@ietf.org
In-Reply-To: <LSicuu3DyGQdz5FlANti-HGJ6GuAucc5BKufbsCa603EsSZ0q1XMXYvt_OubLd0UQkg0gh2F--9y9WpoqWfQu5XU-KEcJ15GG66cSFk9ByU=@wussler.it>
References: <174470653269.1286532.14892820163225351018@dt-datatracker-64c5c9b5f9-hz6qg> <LSicuu3DyGQdz5FlANti-HGJ6GuAucc5BKufbsCa603EsSZ0q1XMXYvt_OubLd0UQkg0gh2F--9y9WpoqWfQu5XU-KEcJ15GG66cSFk9ByU=@wussler.it>
Autocrypt: addr=dkg@fifthhorseman.net; prefer-encrypt=mutual; keydata= xjMEZXEJyxYJKwYBBAHaRw8BAQdA5BpbW0bpl5qCng/RiqwhQINrplDMSS5JsO/YO+5Zi7HNFzxk a2dAZmlmdGhob3JzZW1hbi5uZXQ+wsARBBMWCgB5AwsJB0cUAAAAAAAeACBzYWx0QG5vdGF0aW9u cy5zZXF1b2lhLXBncC5vcmcS78JIJ7JbALqPiKEmva7/Pp16WwXWm9hbe5+B/UvnfwMVCggCmwEC HgEWIQTUdwQMcMIValwphUm7fpEBSV5r9wUCZadfkAUJBdnwRQAKCRC7fpEBSV5r9yNXAP442N0c zvisBroQSKKpo+OWm2JpnEJWoVheeJvoRtkBGQEA+edHylby8IGcNccq7rmM2rAXdofvrU1o6qow V+mmDwbOMwRnio4OFgkrBgEEAdpHDwEBB0Cw9HzJFl9lZn3UBaUqSMSgxjcdbd0MwNVcGZ8t8wdN EcLAvwQYFgoBMQWCZ4qODgkQu36RAUlea/dHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9p YS1wZ3Aub3JnhcN+tn41cAg01Kk56zcAfpdsh8j98PDe00mqKPfFvaYCmwK+oAQZFgoAbwWCZ4qO DgkQeAuFTtnCtJZHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnxsD8Sk5P Wgx8c/Zseo6OlCjyDC+Ogm17gTaUUIpxjWYWIQRjrBGOWy5dZsiKhad4C4VO2cK0lgAAdcQA/1RG dmrmvVxkBY2qNPjtERNwPga8Pf4IdlenrZ03NXM4AQC+TDHMpD7d5obEvUy8GYI3oThzYItPP8vv ChY+wbaIBRYhBNR3BAxwwhVqXCmFSbt+kQFJXmv3AAAKbgD+K1MZXnRKPdmA8DgNysyGRZY8cSVH HQcC7ZAAtV3i2+wA/0CyOYrbFYbyTRALgoERR07OHFoP+fJopQLMNQARVUELzjgEZ4qN+RIKKwYB BAGXVQEFAQEHQDTGlR+Qmn334e+bPqvojJVdFsiBf0leAAHP+ESqop8NAwEIB8LAAAQYFgoAcgWC Z4qN+QkQu36RAUlea/dHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnA5Lw b3wOOcoodImuVNw4PYq1U65FDC1Q2JMFIcJXqF0CmwwWIQTUdwQMcMIValwphUm7fpEBSV5r9wAA 6egA/j3QANSmogZ5VTF5KlI+BBye9ud/w9j7RLcCHU6u8AA1AQC3FGaNuv+uWOSa+eeEoI/aZrGd X5el8b/m6aXDDxDjDg==
Date: Tue, 15 Apr 2025 12:41:01 -0400
Message-ID: <87wmblcr8i.fsf@fifthhorseman.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Message-ID-Hash: I6HZ2PGKBLRYXT7R446IR563YR2M5UMR
X-Message-ID-Hash: I6HZ2PGKBLRYXT7R446IR563YR2M5UMR
X-MailFrom: dkg@fifthhorseman.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-openpgp.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [openpgp] WGLC for draft-ietf-openpgp-pqc [was: Re: I-D Action: draft-ietf-openpgp-pqc-08.txt]
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/9x8pATcZ6cZVZaJMMyFeyigztD8>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Owner: <mailto:openpgp-owner@ietf.org>
List-Post: <mailto:openpgp@ietf.org>
List-Subscribe: <mailto:openpgp-join@ietf.org>
List-Unsubscribe: <mailto:openpgp-leave@ietf.org>

On Tue 2025-04-15 08:58:05 +0000, Aron Wussler wrote:
> At the OpenPGP Email Summit we discussed the PQC draft, and noticed that many are waiting on us to publish the latest state.
>
> We took action, and here's the latest version with all the changes we discussed at the recent meetings:
> - Assigned code points 35 and 36 for ML-KEM + ECDH algorithms: as discussed at the interim meeting and IETF 122
> - Removed hash binding for ML-DSA + EdDSA and SLH-DSA algorithms: as discussed on the list, we allow signatures to offer a SHA-2 prehash to remove a blocker for CNSA 2.0 compliance
> - Allowed usage of ML-KEM-768 + X25519 with v4 keys: as discussed at the OpenPGP summit, we decided to allow for a pq-upgrade path without rotating the primary key
> - Aligned KEM combiner to X-Wing and switched to suffix-free encoding of the domain separator: as presented at IETF 122 to further align with LAMPS

Thanks for this update, Aron, Falko, and Johannes!

With these changes, Stephen and I are announcing Working Group Last Call
on draft-ietf-openpgp-pqc.

We expect the WGLC to last four weeks, which means we will look for
consensus (or the lack thereof) based on on-list discusson through
Tuesday, 2025-05-13.

If you are implementing this draft, please report back here!

Even if you aren't implementing, if you have concerns or questions about
it, please also speak up.

It would also be great to update the PQC test vectors in the
interoperability test suite.  If anyone has the time or capacity to do
that, i've opened an issue:

    https://gitlab.com/sequoia-pgp/openpgp-interoperability-test-suite/-/issues/161

For the chairs,

    --dkg

v2.30.2 | Report a Bug | By Email | System Status