Re: [openpgp] a new draft overlapping the WG draft
Daniel Kahn Gillmor <dkg@fifthhorseman.net> Tue, 11 October 2022 08:07 UTC
Return-Path: <dkg@fifthhorseman.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B61B2C15948C for <openpgp@ietfa.amsl.com>; Tue, 11 Oct 2022 01:07:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.108
X-Spam-Level:
X-Spam-Status: No, score=-7.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=fifthhorseman.net header.b=D+HQFgoZ; dkim=pass (2048-bit key) header.d=fifthhorseman.net header.b=fC6LyXfl
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pjBmCGjc677H for <openpgp@ietfa.amsl.com>; Tue, 11 Oct 2022 01:07:14 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [IPv6:2001:470:1:116::7]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AD704C159488 for <openpgp@ietf.org>; Tue, 11 Oct 2022 01:07:14 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019; t=1665475633; h=from : to : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=nj4K7Mws2WGpTkA7cLagYA+IAYssowmj4DAsgIYview=; b=D+HQFgoZK9zPHpcUnO2d0KU3qAzpn4XtWxeqk8oNH9RoIKo2m5SV5J9k5UWAWQF1WCML1 a3BUUxVQhzMsMklDQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019rsa; t=1665475633; h=from : to : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=nj4K7Mws2WGpTkA7cLagYA+IAYssowmj4DAsgIYview=; b=fC6LyXflGKNwOjB7rov3moK+t3KJoWROF4HBHHOqRQQCoDGUvCBFaRbXIDixyxR9R4uwS 6R2be9DRZzO/nIjzkly1pZjA5kmaruBRiMCZRKidXO4sZIhcSKBqnWVb2sQNP03XAQpOal4 EG56ve1GvBbzNm38eAoHxh1+ADeXoMqWZ943Eby0Iarl5P88wFk+tAmduu1lcTihEasQdU6 RrYtdKDiJNh1cKvCON6b2MD323ebxDtr08blaKZoWd9HbkLWeL7g+zliBlMAEQFI2mCOOHn ObxgSWIgbzgZyYm6o6LHP+w1+Ff7gUmcSMfZIAvMXx+YF78j+ExA1sy+KEvQ==
Received: from fifthhorseman.net (lair.fifthhorseman.net [108.58.6.98]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id B29A9F9AE; Tue, 11 Oct 2022 04:07:12 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000) id C1192204E5; Tue, 11 Oct 2022 04:07:06 -0400 (EDT)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Kai Engert <kaie@kuix.de>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, "openpgp@ietf.org" <openpgp@ietf.org>
In-Reply-To: <a3687394-d910-8112-f895-dec19e9a5f8d@kuix.de>
References: <b8ddeb1e-fdbb-edab-3693-722c9e14f3d8@cs.tcd.ie> <a3687394-d910-8112-f895-dec19e9a5f8d@kuix.de>
Autocrypt: addr=dkg@fifthhorseman.net; prefer-encrypt=mutual; keydata= mDMEX+i03xYJKwYBBAHaRw8BAQdACA4xvL/xI5dHedcnkfViyq84doe8zFRid9jW7CC9XBiI0QQf FgoAgwWCX+i03wWJBZ+mAAMLCQcJEOCS6zpcoQ26RxQAAAAAAB4AIHNhbHRAbm90YXRpb25zLnNl cXVvaWEtcGdwLm9yZ/tr8E9NA10HvcAVlSxnox6z62KXCInWjZaiBIlgX6O5AxUKCAKbAQIeARYh BMKfigwB81402BaqXOCS6zpcoQ26AADZHQD/Zx9nc3N2kj13AUsKMr/7zekBtgfSIGB3hRCU74Su G44A/34Yp6IAkndewLxb1WdRSokycnaCVyrk0nb4imeAYyoPtBc8ZGtnQGZpZnRoaG9yc2VtYW4u bmV0PojRBBMWCgCDBYJf6LTfBYkFn6YAAwsJBwkQ4JLrOlyhDbpHFAAAAAAAHgAgc2FsdEBub3Rh dGlvbnMuc2VxdW9pYS1wZ3Aub3JnL0Gwxvypz2tu1IPG+yu1zPjkiZwpscsitwrVvzN3bbADFQoI ApsBAh4BFiEEwp+KDAHzXjTYFqpc4JLrOlyhDboAAPkXAP0Z29z7jW+YzLzPTQML4EQLMbkHOfU4 +s+ki81Czt0WqgD/SJ8RyrqDCtEP8+E4ZSR01ysKqh+MUAsTaJlzZjehiQ24MwRf6LTfFgkrBgEE AdpHDwEBB0DkKHOW2kmqfAK461+acQ49gc2Z6VoXMChRqobGP0ubb4kBiAQYFgoBOgWCX+i03wWJ BZ+mAAkQ4JLrOlyhDbpHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3Jnfvo+ nHoxDwaLaJD8XZuXiaqBNZtIGXIypF1udBBRoc0CmwICHgG+oAQZFgoAbwWCX+i03wkQPp1xc3He VlxHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnaheiqE7Pfi3Atb3GGTw+ jFcBGOaobgzEJrhEuFpXREEWIQQttUkcnfDcj0MoY88+nXFzcd5WXAAAvrsBAIJ5sBg8Udocv25N stN/zWOiYpnjjvOjVMLH4fV3pWE1AP9T6hzHz7hRnAA8d01vqoxOlQ3O6cb/kFYAjqx3oMXSBhYh BMKfigwB81402BaqXOCS6zpcoQ26AADX7gD/b83VObe14xrNP8xcltRrBZF5OE1rQSPkMNy+eWpk eCwA/1hxiS8ZxL5/elNjXiWuHXEvUGnRoVj745Vl48sZPVYMuDgEX+i03xIKKwYBBAGXVQEFAQEH QIGex1WZbH6xhUBve5mblScGYU+Y8QJOomXH+rr5tMsMAwEICYjJBBgWCgB7BYJf6LTfBYkFn6YA CRDgkus6XKENukcUAAAAAAAeACBzYWx0QG5vdGF0aW9ucy5zZXF1b2lhLXBncC5vcmcEAx9vTD3b J0SXkhvcRcCr6uIDJwic3KFKxkH1m4QW0QKbDAIeARYhBMKfigwB81402BaqXOCS6zpcoQ26AAAX mwD8CWmukxwskU82RZLMk5fm1wCgMB5z8dA50KLw3rgsCykBAKg1w/Y7XpBS3SlXEegIg1K1e6dR fRxL7Z37WZXoH8AH
Date: Tue, 11 Oct 2022 04:07:05 -0400
Message-ID: <874jwa7phy.fsf@fifthhorseman.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/DaGbNXQuT5xBVfpj-CQIHNc41G0>
Subject: Re: [openpgp] a new draft overlapping the WG draft
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Oct 2022 08:07:18 -0000
Hi Kai-- Thanks for proposing some technical paths for consideration. I'd like to try to clarify some details of what you're proposing, and to identify how they are related to the current siutation the WG finds itself in. First, i should note that no matter what we decide here, there will be a multi-year transition process from RFC 4880 to whatever the new standard ends up being. (This WG does need to decide on a singular new standard, not a plural -- if i were a new developer considering whether to add OpenPGP support, i would be very wary of approaching a mess where there are multiple divergent "new" standards) No matter what, messages formed in compliance to RFC 4880 will also continue to persist indefinitely. This is just the reality of having a deployed base in a store-and-forward communications medium. Your message talks a lot about dealing with RFC4880 and whatever new standard comes out. For those who haven't read the draft in detail, draft-ietf-openpgp-crypto-refresh (hereafter "crypto-refresh") already captures a lot of this thinking, as the design-team was very focused on what deployment should actually look like given the deployed base of implementations compliant with RFC 4880. draft-koch-openpgp-2015-rfc4880bis-00 (hereafter "draft-koch") represents a very small revision of the much older draft-ietf-openpgp-rfc4880bis-10 (hereafter "rfc4880bis-10"), which had been abandoned when the previous incarnation of the WG failed to reach consensus and was dissolved. crypto-refresh represents the re-incorporation into rfc4880 of many of the changes from rfc4880bis-10, via review by the design-team of all of the outstanding changes, as augmented by active discussion and additional concerns that were raised as well. On Sat 2022-10-08 01:39:44 +0200, Kai Engert wrote: > * introduce the concepts of openpgp specification versions, and minimum > supported openpgp versions All of the internet-drafts under discussion here have explicit versioning in the wire formats that they contain. OpenPGP (RFC 4880) provides version information in at least these locations (perhaps someone with a more comprehensive understanding of OpenPGP can identify additional version numbers): - public key packets and their close cousin, secret key packets - public key encrypted session key packets (PKESK) - symmetric key encrypted session key packets (SKESK) - signature packets and the related "one-pass signature" (OPS) packet - symmetrically-encrypted integrity-protected data packet (SEIPD) - user attribute packet's image attribute subpacket header is versioned These version numbers are *not* synchronized between each other. For example, a v4 key typically makes a v4 signature, but precedes it with a v3 OPS packet. And someone encrypting (with integrity-protection) to a v4 key will use a v1 SEIPD packet. Also, not every one of these version numbers is under consideration for revision: no one has raised any interest in trying to bump the version number for the user attribute packet's image attribute subpacket header. > * Declare that a public key packet can specify the minimum OpenPGP > version the key owner's software supports (define how public key packets > could signal that). Find a way to encode that in a way that doesn't make > public key packets incompatible with current GnuPG. If it's necessary to > define an evolution of public key packets, try to reach consensus with > GnuPG developers on how to do that. Note that advertisements for "supported versions" are already present in places where *this makes sense to do*. But it does not make sense to require signalling support in all possible contexts. For example, an implementation that does not know how to interpret a v9 key cannot possibly verify a signature from such a key, regardless of what version that signature is. The primary form of version-supported advertisement is noted in the "Features" subpacket, found in a self-sig, where bit 0x01 indicates that the keyholder supports v1 of SEIPD (a.k.a. "Modification Detection Code" or MDC). In crypto-refresh, bit 0x08 indicates support for v2 of SEIPD, which uses AEAD mechanisms instead of MDC for integrity protection. > * Release crypto-refresh as a new OpenPGP version 5, not as a successor > for RFC 4880. Any document released by this working group will be a successor for RFC 4880. This is what the working group is explicitly chartered to do. We will not release a WG document that is not a successor to RFC 4880 without explicitly re-chartering. I don't think we should re-charter until we demonstrate that we are capable of completing our current charter. > * For public keys that lack the new OpenPGP version flag, assume the key > owner is limited to RFC 4880 features, only. This is already not the case. For example, there are thousands of explicitly-marked v4 keys that support curve 25519, which is not in RFC 4880 (my own OpenPGP certificate, which this message is signed with, uses this algorithm). It's not clear what the ecosystem would gain from implementations assuming something that is clearly untrue. Both crypto-refresh and draft-koch agree on how curve25519 is specified for wire format, though crypto-refresh has been through several rounds of revision and clarification that make the specification less ambiguous and easier to understand. > * Declare that for messages that are signed, only, the signature packet > should be limited to RFC 4880, or a future universally accepted > successor (which is currently not in sight). The reason is that for > signed-only messages, it isn't necessary to have public keys for all > recipients, and thus the version signaling information may be absent. > (Optionally the presence of public keys for all message recipients could > be used to conclude that a newer signature package can be used.) Again, if the signer's certificate uses a v5 key, there is no point in requiring that the signature itself is a v4 signature (that is, a signature of the type described in RFC 4880), as implementations that know how to read a v5 signature must know how to interpret a v5 key anyway. The OpenPGP Interoperability Test Suite has several tests that aim to ensure that when a new-version signature is placed alongside an old-version signature, existing implementations are still capable of verifying the old signature, and don't fail on encountering a signature that they don't understand. If a public-facing signing entity wants to support older verifiers that only support RFC 4880, their best bet is to have two keys: a v4 signing key, and a next-gen (v5?) key, based on whatever standard succeeds RFC4880. Then they can sign with both of them, and newer implementations can rely on the advantages of new signatures: at the very least, (a) the crypto-refresh's salting defense against future failures in collision-resistance, (b) the de-aliasing of larger-sized message content due to v5's 64-bit field for message size, and (c) v5's larger allowed total hashed subpacket size. > * Declare that in order to make use of any of the features from > crypto-refresh, it's required to have a recipient public key that > signals support for version 5. Again, for message encryption, this is already specified in crypto-refresh, based on use of the Features subpacket. Even v4 keys can signal their intent by setting the appropriate bit in their Features subpacket. I don't think it's helpful to say "any of the features from crypto-refresh", because there are many different features, and they *do not* need to be gated by key version information. For example, newly-defined subpackets that are not marked critical should already be safely ignored by any implementation. If anyone wants to enumerate specific features that they think *do* need a clear signal from the potential recipient before generation that have not been considered, i'd welcome those pointers. This kind of work is the work that the design team, including members from sequoia, protonmail, gnupg, and rnp, have been doing over the last several months. > * If a message is to be sent to multiple recipients, which signal > different supported OpenPGP versions, the sender is required to produce > the appropriate number of different messages, one for each group of > recipients supporting the same version. This sounds like a mess for implementers, and i hope that we don't end up endorsing something like this. For example, this means that any mail user agent that is handling OpenPGP messages cannot simply ask the OpenPGP implementation to produce the encrypted version of the message and get a response that it can interpret as success or failure. Instead, this creates a much more complex interface between the MUA and any OpenPGP implementation. Kai, as a MUA developer, you might be willing to accept this additional burden; but if your goal is for your users to be able to exchange e-mail with people using other MUAs, you have to realize that this will make it *even harder* for other implementations to adopt this cryptographic stack. that's not a good outcome for the ecosystem. crypto-refresh already describes the expected baseline behavior here without requiring such a dual-message output: ----crypto-refresh----- - When encrypting to one or more public keys: - all recipient keys indicate support for version 2 of the Symmetrically Encrypted Integrity Protected Data packet in their Features subpacket ({{features-subpacket}}), or are v5 keys without a Features subpacket, or the implementation can otherwise infer that all recipients support v2 SEIPD packets, the implementation MUST encrypt using a v2 SEIPD packet. - If one of the recipients does not support v2 SEIPD packets, then the message generator MAY use a v1 SEIPD packet instead. ----crypto-refresh----- This leaves the deprecation of v1 SEIPD as future work, of course, but it permits the spread of keys that support v2 SEIPD without increasing the operational burden on MUA developers. > * For transparency reasons, each message somehow signal the additional > reicpients, which will be handled with a separate openpgp message > (different version). Maybe this could be done by reusing the existing > "Public-Key Encrypted Session Key Packets" with a key identifier, but > dummy data. i don't fully understand this proposal, but i think it is only relevant if implementations do create the earlier-proposed dual-copy of the ciphertext. I hope we don't have to go there. > This means GnuPG would continue to use its existing packets, it would > always use what's defined in version 4. GnuPG has for years implemented RFC 4880 (which is what i think you're calling "version 4"). I would hope that support for RFC 4880 would not be removed from any implementation in the first several years, though it would be nice if any greenfield deployment could select an OpenPGP toolkit that is *capable* of only using "the good bits" of whatever is published as RFC 4880's successor. We do not have a lot of work on any sort of formalized OpenPGP API (beyond "SOP", aka https://datatracker.ietf.org/doc/draft-dkg-openpgp-stateless-cli/, which does not yet cover this sort of version selector) so these choices would likely be idiosyncratic to the specific implementation. > Applications that support crypto-refresh would be required to also > support RFC 4880. crypto-refresh makes clear that it expects the implementer to support and interoperate with RFC 4880 implementations, as RFC 4880 is 15 years old and there are literally millions of messages in the wild that use the RFC 4880 data structures. > When applications that support crypto-refresh need to send data to > owners of public keys that lack the version information, then data > that's compatible with GnuPG and old applications would be sent. Right, as noted above, crypto-refresh explicitly indicates that implementations will want to send RFC 4880's v1 SEIPD to recipients that have not indicated support for v2 SEIPD. --dkg
- Re: [openpgp] a new draft overlapping the WG draft Christoph Anton Mitterer
- [openpgp] a new draft overlapping the WG draft Stephen Farrell
- Re: [openpgp] a new draft overlapping the WG draft Peter Gutmann
- Re: [openpgp] a new draft overlapping the WG draft Stephen Farrell
- Re: [openpgp] a new draft overlapping the WG draft Michael Richardson
- Re: [openpgp] a new draft overlapping the WG draft Kai Engert
- Re: [openpgp] a new draft overlapping the WG draft Andrew Gallagher
- Re: [openpgp] a new draft overlapping the WG draft Daniel Huigens
- Re: [openpgp] a new draft overlapping the WG draft Paul Wouters
- Re: [openpgp] a new draft overlapping the WG draft Christoph Anton Mitterer
- Re: [openpgp] a new draft overlapping the WG draft Paul Schaub
- Re: [openpgp] a new draft overlapping the WG draft Paul Wouters
- Re: [openpgp] a new draft overlapping the WG draft Kai Engert
- Re: [openpgp] a new draft overlapping the WG draft Daniel Huigens
- Re: [openpgp] a new draft overlapping the WG draft Kai Engert
- Re: [openpgp] a new draft overlapping the WG draft Stephen Farrell
- Re: [openpgp] a new draft overlapping the WG draft Justus Winter
- Re: [openpgp] a new draft overlapping the WG draft Tobias Mueller
- Re: [openpgp] a new draft overlapping the WG draft Ángel
- Re: [openpgp] a new draft overlapping the WG draft Daniel Huigens
- Re: [openpgp] a new draft overlapping the WG draft Kai Engert
- Re: [openpgp] a new draft overlapping the WG draft ilf
- Re: [openpgp] a new draft overlapping the WG draft Peter Gutmann
- Re: [openpgp] a new draft overlapping the WG draft Werner Koch
- Re: [openpgp] a new draft overlapping the WG draft Werner Koch
- Re: [openpgp] a new draft overlapping the WG draft Stephen Farrell
- Re: [openpgp] a new draft overlapping the WG draft Stephen Farrell
- Re: [openpgp] a new draft overlapping the WG draft Derek Atkins
- Re: [openpgp] a new draft overlapping the WG draft Stephen Farrell
- Re: [openpgp] a new draft overlapping the WG draft Derek Atkins
- Re: [openpgp] a new draft overlapping the WG draft Stephen Farrell
- Re: [openpgp] a new draft overlapping the WG draft Daniel Huigens
- Re: [openpgp] a new draft overlapping the WG draft Werner Koch
- Re: [openpgp] a new draft overlapping the WG draft Steffen Nurpmeso
- Re: [openpgp] a new draft overlapping the WG draft Paul Wouters
- Re: [openpgp] a new draft overlapping the WG draft Stephen Farrell
- Re: [openpgp] a new draft overlapping the WG draft Peter Gutmann
- Re: [openpgp] a new draft overlapping the WG draft Werner Koch
- Re: [openpgp] a new draft overlapping the WG draft Justus Winter
- Re: [openpgp] a new draft overlapping the WG draft Stephen Farrell
- Re: [openpgp] a new draft overlapping the WG draft Paul Schaub
- Re: [openpgp] a new draft overlapping the WG draft Vincent Breitmoser
- Re: [openpgp] a new draft overlapping the WG draft Paul Schaub
- Re: [openpgp] a new draft overlapping the WG draft Tom
- Re: [openpgp] a new draft overlapping the WG draft Werner Koch
- Re: [openpgp] a new draft overlapping the WG draft ilf
- Re: [openpgp] a new draft overlapping the WG draft Stephen Farrell
- Re: [openpgp] a new draft overlapping the WG draft Werner Koch
- Re: [openpgp] a new draft overlapping the WG draft Steffen Nurpmeso
- Re: [openpgp] a new draft overlapping the WG draft Paul Wouters
- Re: [openpgp] a new draft overlapping the WG draft Tom
- Re: [openpgp] a new draft overlapping the WG draft Aron Wussler
- Re: [openpgp] a new draft overlapping the WG draft Werner Koch
- Re: [openpgp] a new draft overlapping the WG draft Werner Koch
- Re: [openpgp] a new draft overlapping the WG draft Stephen Farrell
- Re: [openpgp] a new draft overlapping the WG draft Tom
- Re: [openpgp] a new draft overlapping the WG draft Werner Koch
- Re: [openpgp] a new draft overlapping the WG draft Aron Wussler
- Re: [openpgp] a new draft overlapping the WG draft Paul Wouters
- Re: [openpgp] a new draft overlapping the WG draft Philip Zimmermann
- Re: [openpgp] a new draft overlapping the WG draft Neal H. Walfield
- Re: [openpgp] a new draft overlapping the WG draft Tom
- Re: [openpgp] a new draft overlapping the WG draft Bart Butler
- Re: [openpgp] a new draft overlapping the WG draft Andrew Gallagher
- Re: [openpgp] a new draft overlapping the WG draft Tom
- Re: [openpgp] a new draft overlapping the WG draft Tom
- Re: [openpgp] a new draft overlapping the WG draft Andrew Gallagher
- Re: [openpgp] a new draft overlapping the WG draft Wyllys Ingersoll
- Re: [openpgp] a new draft overlapping the WG draft Bart Butler
- Re: [openpgp] a new draft overlapping the WG draft Bart Butler
- Re: [openpgp] a new draft overlapping the WG draft Steffen Nurpmeso
- Re: [openpgp] a new draft overlapping the WG draft Daniel Huigens
- Re: [openpgp] a new draft overlapping the WG draft Kai Engert
- Re: [openpgp] a new draft overlapping the WG draft Kai Engert
- Re: [openpgp] a new draft overlapping the WG draft Steffen Nurpmeso
- Re: [openpgp] a new draft overlapping the WG draft Daniel Kahn Gillmor
- Re: [openpgp] a new draft overlapping the WG draft Kai Engert
- Re: [openpgp] a new draft overlapping the WG draft Ronald Tse
- Re: [openpgp] a new draft overlapping the WG draft Justus Winter
- Re: [openpgp] a new draft overlapping the WG draft Werner Koch
- Re: [openpgp] a new draft overlapping the WG draft Werner Koch
- [openpgp] overlapping draft conclusion (Was: a ne… Stephen Farrell
- Re: [openpgp] overlapping draft conclusion (Was: … Vincent Breitmoser
- Re: [openpgp] overlapping draft conclusion (Was: … Stephen Farrell
- Re: [openpgp] overlapping draft conclusion Werner Koch
- Re: [openpgp] a new draft overlapping the WG draft Daniel Kahn Gillmor