IETF Logo Mail Archive

[openpgp] Re: Fwd: I-D list for Open Specification for Pretty Good Privacy notification: Changes to draft-gallagher-openpgp-code-point-exhaustion

Justus Winter <justus@sequoia-pgp.org> Thu, 20 March 2025 09:57 UTC

Return-Path: <justus@sequoia-pgp.org>
X-Original-To: openpgp@mail2.ietf.org
Delivered-To: openpgp@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 65366F8A5E0 for <openpgp@mail2.ietf.org>; Thu, 20 Mar 2025 02:57:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (4096-bit key) header.d=sequoia-pgp.org
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Dei6iG4swe54 for <openpgp@mail2.ietf.org>; Thu, 20 Mar 2025 02:57:54 -0700 (PDT)
Received: from mailgate02.uberspace.is (mailgate02.uberspace.is [IPv6:2a00:d0c0:200:0:1c7b:a6ff:fee0:8ea4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 85FB7F8A5D8 for <openpgp@ietf.org>; Thu, 20 Mar 2025 02:57:53 -0700 (PDT)
Received: from harrington.uberspace.de (harrington.uberspace.de [185.26.156.85]) by mailgate02.uberspace.is (Postfix) with ESMTPS id E9F6C181135 for <openpgp@ietf.org>; Thu, 20 Mar 2025 10:57:51 +0100 (CET)
Received: (qmail 28693 invoked by uid 500); 20 Mar 2025 09:57:51 -0000
Authentication-Results: harrington.uberspace.de; auth=pass (plain)
Received: from unknown (HELO unkown) (::1) by harrington.uberspace.de (Haraka/3.0.1) with ESMTPSA; Thu, 20 Mar 2025 10:57:51 +0100
From: Justus Winter <justus@sequoia-pgp.org>
To: Heiko Schäfer <heiko.schaefer@posteo.de>, openpgp@ietf.org
In-Reply-To: <64a412e9-0062-486e-b70f-c7ede14cf4b2@posteo.de>
References: <174231559348.277.2581535826712330509@dt-celery-57d64c6895-fcmg2> <B321DC63-56E0-44C2-96AA-D60205C148B2@andrewg.com> <64a412e9-0062-486e-b70f-c7ede14cf4b2@posteo.de>
Date: Thu, 20 Mar 2025 10:57:48 +0100
Message-ID: <875xk481nn.fsf@europ.lan>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
X-Rspamd-Bar: ----
X-Rspamd-Report: BAYES_HAM(-2.3909) SIGNED_PGP(-2) MIME_GOOD(-0.2)
X-Rspamd-Score: -4.5909
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=sequoia-pgp.org; s=uberspace; h=from:to:subject:date; bh=7CmuXfnfl8TafG0XinMtEd3pGsJJ8yMXMAqlr5up+0w=; b=JzE+1cC2WtYYeVcg1T1THkuOr34kjKoHbyHx4L6PSrj/HblVgMbKOytU/Nd0zEA67OGtxKa2xi SDEPI5Hl6HuBUqLmiw+WbxcsP+iPxEUlB0YeZQGuq1kfXKkKq4XNKVKQdieO9L2b03rvXVz/soOW HV1Hj8F2fLMelocFvGXshHSD3nPCQDl5A6JCxhvN7W4hYbtNcZ7GLpWVKjVh0Qa6pqm3Yo7jktjV 0hPdCGm2yjdM8tbMCy8yp+nEn2FwMq28LrpRWkjiRbkUyEb6EH8GBR5eaS/wfhayw4QEWhv3ug+W kTlR/EutRDR4OzCUmEQNStzYUJzMxoFYXSaAS4gKNfOgkyPEZa50CD+TVlTn0NMCCnXoMX8tT7xw 5FNlu4fsjNhKKX/pfqEE5S+hJ0Z/D0SJiFAR/q9sr28W6YWyzETFhf7aHoPTiQMCsWptjQgHDP7t wvhZ8/Ewf6B2/uI+V+kQGsoH/eR68B3RE941GfIhor6vZUBgdg1xk+bcxXNXfetcuqqL6DIl8+lX YscbpQDOMKcubY3Y4U2KxiNIBO+0dWGi3QzMwn+ymvsmnYe0XThsJs6RczRfPYOnT4M/y9edDSyf 0T/PN0Oa5uqBpa3eurzfqK/FHqKyG33pYSanwNqRSuM4DmLksXXmFgQ63P07BtnddlJTdCDbpxl1 Q=
Message-ID-Hash: VCWKYHUUOFCGH4Q5SREN7XUT2ANTT5WQ
X-Message-ID-Hash: VCWKYHUUOFCGH4Q5SREN7XUT2ANTT5WQ
X-MailFrom: justus@sequoia-pgp.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-openpgp.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [openpgp] Re: Fwd: I-D list for Open Specification for Pretty Good Privacy notification: Changes to draft-gallagher-openpgp-code-point-exhaustion
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/DsXgPe5R_qIfuYMgG1Ukrx8B8KQ>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Owner: <mailto:openpgp-owner@ietf.org>
List-Post: <mailto:openpgp@ietf.org>
List-Subscribe: <mailto:openpgp-join@ietf.org>
List-Unsubscribe: <mailto:openpgp-leave@ietf.org>

Hi Heiko :)

Heiko Schäfer <heiko.schaefer@posteo.de> writes:

> I'm sure much discussion would be needed to positively decide in favor
> of the scheme proposed in
> draft-gallagher-openpgp-code-point-exhaustion.
>
> However, as I understand it, the only immediate question that this
> draft is effectively asking is: "do we want to reserve bit 8, for
> now?"
>
> I have not seen any compelling argument against this proposition, so
> far.

I think this solution is hasting (maybe to the point of creating) the
problem it is trying to solve.

Further, the proposed solution (for which reserving one bit now is the
precondition, so I think it is fair to also consider it), seems to
complicate parsing (and there is precedence on how OpenPGP very cleverly
encodes things like packet body lengths, S2K hash counts, S2K mechanism
type, AEAD block sizes), and I like parsing to become simpler, not more
complicated.

And, I believe section 5 of
draft-gallagher-openpgp-code-point-exhaustion-00 to be overly optimistic
regarding its completeness: attackers seem to be a clever bunch, and the
analysis missed or does not discuss not being able to compute
fingerprints for secret key packets.

Best,
Justus

v2.31.3 | Report a Bug | By Email | System Status