[openpgp] OpenPGP Suite-B Profile vs. RFC 8423

Masanori Ogino <masanori.ogino@gmail.com> Mon, 01 March 2021 23:02 UTC

Return-Path: <masanoriogino@gmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 558673A248B for <openpgp@ietfa.amsl.com>; Mon, 1 Mar 2021 15:02:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qsXVGgS4zS8c for <openpgp@ietfa.amsl.com>; Mon, 1 Mar 2021 15:02:41 -0800 (PST)
Received: from mail-ed1-x535.google.com (mail-ed1-x535.google.com [IPv6:2a00:1450:4864:20::535]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A19EB3A247A for <openpgp@ietf.org>; Mon, 1 Mar 2021 15:02:41 -0800 (PST)
Received: by mail-ed1-x535.google.com with SMTP id bd6so9694748edb.10 for <openpgp@ietf.org>; Mon, 01 Mar 2021 15:02:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=P/1UwocX4NSLp40WUFWjQA4IxxvZ8nHcNC9SS4ZGJ9M=; b=jDmJEMpJRGEk7XDZFfSeYSdNP94gzffP4X5mIYaa+0F9SshYdrPMAhXJlMKnUsXEeh u/YOMJbweAZtwSIciWwHtow8pl6jHdhJPm7cm7qwZnN2gZgm3weRmzXgU4tSi7nFN7KI /ey6ylF8S942p1bg3m3bPUv4nAwvqzIaaCYhzQ9ZY7Y3xnByjPc366Zm9SJO/nN3dt2L HqOmkVVCXpx3DZ2pnMrU85M+2YRfw0HYVHwou0rs3fr/XRtLqvn1PkqGDuzVNN/QOtaQ EB1w5TiKPuM6QrEZcAH6K0Y3XmkF7f0ArfS1FQGsXVbG4kr7ScUZXY0izYEgHfmmB/qH i0tw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=P/1UwocX4NSLp40WUFWjQA4IxxvZ8nHcNC9SS4ZGJ9M=; b=M/4Tf3wUPBC0uKfl/TIEnNz1MACOr0xpl2N99i5XKRg/MwyIFP/tsLQjYepNybeeSP DHPIAcaWh/BRX3ifmfLtU4QP46ojURpHxF71ZTLvz/1asHIsKuuDjOAfdpdJ9jkWaRao 8oXK3ov068zZeidkr2wj1earSzzg1Cn6obgX/jN40V8Wv5v4+bDvtG49S+HGOJUjcy/v CgemrW6M9rKOUVQDNGDIewtylHYZeMYcR0IElcEwgt+Sunl6ee7f+tNM+NpDEccE2slF uZ3u5iImgW3lJv3AZ6p1UMXKsghJsyUYabJGlvqMN8M5Yqd/spW7tbCIBJ1JxeqndxKL yV7A==
X-Gm-Message-State: AOAM533vqEItPgE9+JSkS7bYe2yy1H3Vd9UXGemGWhvPCe+XGLqE/ABH Wcl9TokWlcA2XqoVztvzGWjdNB4hVd0Y0jiXGZr8xfHGxgo=
X-Google-Smtp-Source: ABdhPJwcPNyCajIXz1ZbtSvGBik4+bqxAe5+GqVb5k4cVpXo3E2Tiev/C8veFqeREXjryjNH+ngWYp8b3m8jXHSgm4w=
X-Received: by 2002:a05:6402:10c8:: with SMTP id p8mr17904724edu.144.1614639757968; Mon, 01 Mar 2021 15:02:37 -0800 (PST)
MIME-Version: 1.0
From: Masanori Ogino <masanori.ogino@gmail.com>
Date: Tue, 2 Mar 2021 08:02:24 +0900
Message-ID: <CAA-4+jd_AR6Yt8WvvEE_M+pj8hyJEhRVM8AsXLNHpHqA8jJQyQ@mail.gmail.com>
To: openpgp@ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/B5MC1Mfwd9lAJ55bewhY5f6rK1I>
X-Mailman-Approved-At: Mon, 01 Mar 2021 15:05:09 -0800
Subject: [openpgp] OpenPGP Suite-B Profile vs. RFC 8423
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Mar 2021 23:02:44 -0000

Hello folks,

First of all, thank you all for your effort on revising OpenPGP RFC!
I am really glad to hear that the OpenPGP WG was officially rebooted recently.

I have a comment on draft-ietf-openpgp-crypto-refresh-02, section 16.2.
The section specifies a compatibility profile conforming the Suite B.
However, IETF published RFC 8423 that moved several RFCs referring the
Suite B for other protocols to Historic.

>From RFC 8423:
> In July 2015, NSA published the Committee for National Security
> Systems Advisory Memorandum 02-15 as the first step in replacing
> Suite B with NSA's Commercial National Security Algorithm (CNSA)
> Suite.
> (...)
> As indicated in [CNSA], NSA is transitioning from Suite B to the CNSA
> Suite.  As a result, the profiles of the security protocols for the
> Suite B algorithms are now only of historic interest.

It would be great if the ongoing revision specifies a CNSA profile
and/or obsoletes the Suite B profile IMHO.
What do you think?

Best,
Masanori