[openpgp] WG process for getting to a revised RFC 4880

Daniel Kahn Gillmor <dkg@fifthhorseman.net> Tue, 26 January 2021 03:09 UTC

Return-Path: <dkg@fifthhorseman.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 5EFF93A1B25 for <openpgp@ietfa.amsl.com>; Mon, 25 Jan 2021 19:09:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.199
X-Spam-Status: No, score=-0.199 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=fifthhorseman.net header.b=xDxSVYXE; dkim=pass (2048-bit key) header.d=fifthhorseman.net header.b=2+GZSlIb
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id yvmi0DdIDFTA for <openpgp@ietfa.amsl.com>; Mon, 25 Jan 2021 19:09:21 -0800 (PST)
Received: from che.mayfirst.org (che.mayfirst.org [IPv6:2001:470:1:116::7]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7F6823A1B23 for <openpgp@ietf.org>; Mon, 25 Jan 2021 19:09:21 -0800 (PST)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019; t=1611630560; h=from : to : subject : date : message-id : mime-version : content-type : from; bh=/qgtdjGEvZeCeikMHc7cZ0/qj73YIUaNphATL3oDis4=; b=xDxSVYXE9OjTV+NQDrfwMD7ksLJnl237KqYV4HiYp7CmeAg9lKWVOSw1an0afczQopXQy COBdIte4Il579PMBQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019rsa; t=1611630559; h=from : to : subject : date : message-id : mime-version : content-type : from; bh=/qgtdjGEvZeCeikMHc7cZ0/qj73YIUaNphATL3oDis4=; b=2+GZSlIbnHHvAdtNCS4nNh8PFWopukI4vhGZpetw9ul5bhk/cE3pNDZNIN/EpGgJMogMO QaYq6ljinNGRVOjXBrl+qJhRjZo4KK4/XCVhug23U2Q3U52Ps6idy4xaWbMwDXvMX3wt3Fr Bbf7xEIIPTEfljnOOAKDzXU2sFIiYIuZ57rwAYW0wv80+PVrFd/brfrFdMHq9WBwQFVo7sJ Wttmp0AewTVvO5tiniu3+VYxrv8pCORn1m4TTl7zN8ZC7fWz8zV+GbmoGahSPlMMp6Du1ky +Al1lmND2MqdmVUkWbQ0K6fDXDX5O/TYrI6ntGbhflgozmQV+KysMB+Y0ILg==
Received: from fifthhorseman.net (lair.fifthhorseman.net []) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id C9220F9A5 for <openpgp@ietf.org>; Mon, 25 Jan 2021 22:09:19 -0500 (EST)
Received: by fifthhorseman.net (Postfix, from userid 1000) id AB1E62050F; Mon, 25 Jan 2021 22:09:10 -0500 (EST)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: openpgp@ietf.org
Autocrypt: addr=dkg@fifthhorseman.net; prefer-encrypt=mutual; keydata= mDMEXEK/AhYJKwYBBAHaRw8BAQdAr/gSROcn+6m8ijTN0DV9AahoHGafy52RRkhCZVwxhEe0K0Rh bmllbCBLYWhuIEdpbGxtb3IgPGRrZ0BmaWZ0aGhvcnNlbWFuLm5ldD6ImQQTFggAQQIbAQULCQgH AgYVCgkICwIEFgIDAQIeAQIXgAIZARYhBMS8Lds4zOlkhevpwvIGkReQOOXGBQJd5Hw3BQkFpJWB AAoJEPIGkReQOOXGDYEA/j0ERjPxDleKMZ2LDcWc/3o5cLFwAVzBKQHppu0Be5IWAP0aeTnyEqlp RTE7M8zugwkhYeUYfYu0BjecDUMnYz6iDLgzBF3kewUWCSsGAQQB2kcPAQEHQK1IuW0GZmcrs2mx CYMl8IHse0tMF8cP7eBNXevrlx2ZiPUEGBYIACYCGwIWIQTEvC3bOMzpZIXr6cLyBpEXkDjlxgUC XeR7TwUJAiGl/gCBdiAEGRYIAB0WIQQsv6x2UaqQJzY+dXHEDyVUMvKBDwUCXeR7BQAKCRDEDyVU MvKBD7KmAQCHs+7588C4jto6fMje0Nu97zzoppjJM7lrGF2rVnbHvwD+MgmGUbHzPSUrTWnZBQDi /QM595bxNrBA4N1CiXhs2AMJEPIGkReQOOXGpp0BAM7YeBnt/UNvxJAGm4DidSfHU7RDMWe6Tgux HrH21cDkAQC9leNFXJsQ7F2ZniRPHa8CkictcQEKPL8VCWpfe8LbArg4BF3ke5wSCisGAQQBl1UB BQEBB0Cf+EiAXtntQMf51xpqb6uZ5O0eCLAZtkg0SXHjA1JlEwMBCAeIfgQYFggAJhYhBMS8Lds4 zOlkhevpwvIGkReQOOXGBQJd5HucAhsMBQkCIaVkAAoJEPIGkReQOOXGdYcBANYnW7VyL2CncKH1 iO4Zr0IwfdIv6rai1PUHL98pVi3cAP9tMh85CKGDa0Xi/fptQH41meollLW5tLb/bEWMuUNuBQ==
Date: Mon, 25 Jan 2021 22:09:10 -0500
Message-ID: <87lfcgfl7t.fsf@fifthhorseman.net>
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/CwEZ-Jd_NU2z59zkGrDEYOXVmKc>
Subject: [openpgp] WG process for getting to a revised RFC 4880
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Jan 2021 03:09:23 -0000

Hi OpenPGP folks!

We've talked it over and we've asked Paul Wouters to share the
editorship with Werner Koch for the draft that will hopefully become the
cryptographic refresh for RFC4880.  Many other people also offered to
stand in that role, and we thank them for that!  Hopefully everyone will
keep contributing to the process so we can fulfill our charter.

We want to incorporate as much of draft-ietf-openpgp-rfc4880bis-10 as is
in-charter, has consensus of the newly-reformed WG, and has multiple,
interoperable implementors, plus whatever work remains in our charter.
Here's how we're thinking of doing that:

 - To signal that we're in a "reset", we'll make a new draft,
   draft-ietf-openpgp-crypto-refresh, with Paul and Werner as editors.
   This new draft will be marked as a replacement for

 - crypto-refresh-00 (that is, the first revision of the new draft) will
   incorporate just the text of 4880, inconsequential editorial updates,
   the verified errata of 4880, and incorporation of the relevant text
   from RFCs 5581 (Camellia) and 6637 (ECC), so all substantive changes
   from 4880 are things that have already been through the IETF document
   publication process already.

 - We hope to be able to point the list to that -00 document shortly,
   and we hope everyone will review it and confirm that it offers no
   substantive changes to 4880 beyond those listed above, and that it
   faithfully mirrors the already-published documents it incorporates.
   The aim for this initial review is not "is this the best possible
   text?" but rather "is it a correct integration of already-published

 - If we can accept that crypto-refresh document as a starting point,
   we'll have a series of diffs proposed (every week or two) to the WG.
   Each cycle will aim to incorporate a specific, thematic set of
   changes from 4880bis-10 into crypto-refresh-xx. The editors will
   describe the specific theme, propose a coherent diff to the current
   draft of crypto-refresh, and the WG will have an opportunity to
   comment on that change.  If the comments show rough consensus and we
   can hammer out any wordsmithing details, the editors will incorporate
   the changes.  If there are concerns that show that there is no
   consensus, we can put that set of changes aside.  Hopefully that
   won't happen much.

 - Our initial changesets might be the easier ones, so that the group
   can get comfortable with the cadence and working together again,
   focused on the document.  Please stay engaged even if the proposed
   changes look simple/trivial/obvious to you!  A simple "I support the
   inclusion of this change" message to the WG is also an important
   contribution.  (don't worry, we'll get to the harder stuff too).

It's possible (indeed, quite likely) that some of the text currently in
rfc4880bis-10 won't make it into the eventual version of crypto-refresh
that becomes (hopefully) an RFC, whether that's because of a lack of
consensus, being out-of-charter, or not having enough implementers to
show interoperability.

That's OK!  If some text that you care about doesn't make into the
revised OpenPGP standard, that doesn't mean we've given up on it -- it
just means that we need to work on it separately from this chartered
work.  We encourage WG participants who care about things that might not
make the cut for this version to help get this cryptographic refresh out
the door in an effective way, so that we can recharter the WG in order
to help document the evolving and active OpenPGP ecosystem.

For the chairs,

    --dkg and Stephen Farrell