Re: [openpgp] To bind or not to bind
Johannes Roth <johannes.roth@mtg.de> Fri, 22 March 2024 10:13 UTC
Return-Path: <johannes.roth@mtg.de>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D5936C19ECB6 for <openpgp@ietfa.amsl.com>; Fri, 22 Mar 2024 03:13:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mtg.de
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zSGF6UvCbAnP for <openpgp@ietfa.amsl.com>; Fri, 22 Mar 2024 03:13:03 -0700 (PDT)
Received: from www.mtg.de (www.mtg.de [IPv6:2a02:b98:8:2::2]) (using TLSv1.3 with cipher TLS_CHACHA20_POLY1305_SHA256 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9924EC1930B6 for <openpgp@ietf.org>; Fri, 22 Mar 2024 03:13:02 -0700 (PDT)
Received: from minka.mtg.de (minka [IPv6:2a02:b98:8:1:0:0:0:9]) by www.mtg.de (8.18.1/8.18.1) with ESMTPS id 42MAD16f004820 (version=TLSv1.3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256 verify=NOT); Fri, 22 Mar 2024 11:13:01 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mtg.de; s=mail201801; t=1711102381; bh=13eBf8SSNlDxyrgaWqQAfDA3UmMr7GwvzHck7LY66d0=; h=Date:Subject:To:References:From:In-Reply-To; b=HVV5RlYM4A1AhnVD3RlBWfC1JrxLT/RrS89AZ7kySgz3D3F9jS0jJ2klpj/+/nU9W BfYSjiR7k7YztKqeNoZ7p6eKn8oKd9LDNn4/c+HgBXtTn6UJ6kZ1ZoG4vZJTi0ct+o r+DfhSDzfy4P/VILw3fTWW9ko5xTzAkEtD4Rn0+E7wZImgxt9TsIFeiwX8Y/+ZoVU6 zC2XQCYw0aRKMF8rtTzAgtSc0K7aJpnsDTRhTQWSHgfTkmjSsDaqi6nAxLXSnVVe5q lPW4UQ913pwsAzw2yDbyYu3lgae2L17CeQkNg5/dJFSS2B5P5REr35x8mT7skj7U1g THuUBZj0LCj9A==
Received: from [199.99.99.52] (abahachi [199.99.99.52]) by minka.mtg.de (8.18.1/8.18.1) with ESMTPS id 42MAD0JJ001414 (version=TLSv1.3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256 verify=NOT); Fri, 22 Mar 2024 11:13:01 +0100
Message-ID: <abe50410-33b2-45ae-b728-87a6bff5751e@mtg.de>
Date: Fri, 22 Mar 2024 11:13:01 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: Aron Wussler <aron@wussler.it>, "openpgp@ietf.org" <openpgp@ietf.org>
References: <EGivTgyfjNm_TAvhds1OPA2c0O6LP9lFnkwWHHKLJY8ReJOgtDh3tnYsCSR8yrrBLbpeehtUgIJEhynae8L3daRimNiGO7BAb3cVvC66q-4=@wussler.it>
From: Johannes Roth <johannes.roth@mtg.de>
Organization: MTG AG
Autocrypt: addr=johannes.roth@mtg.de; keydata= xsFNBGKhqeoBEADUH9qI/dqbVTron0zxwInBU+uoS/SZoJ7m0jTfPdiyLMv1zt+IAy6jG0Qo 56LVd/bo/596pbsSlRECdquzooCHQHPqxXRfgU6k/7QnJPHHLzlGu8hEQ7I2B+7FjdqqY4p3 kDdYz9IzUDiee3ypF3C/JUL7iczy8f9FSRYR5NFiVhu5Bcv8gkhE26GQE+u1mPmsbj0xdsfs 11J3DoHm47QwtpmMWu9eLFjqDrL61Vduay1+1YYolhAJqW2sXS5A3crTaKWPeQuo373V6yuA 5ONz0IvpDzNjlLmsKzUtO08S8vVWlJh/j/kXGFLsBeyfz+Jcl2sbCh87Tx8BMa24cg4VzCDh wD8gt879EfB4FlIWdZqKQUh761poiQJUFZ/xpR4pnPc2yMmfTySjfYwyn796OKBFGXJo3qLM C2riPtwa2Vosc/wvZ2J/7mZhMtZC3VDLMNWeAYM7Q29cSoIeZ60YWeWudkbIN4q5S8qot/NO b0vdSuSToFgaak5x7yEQHx7QWT3OnI108ENSrsN3BymwKSOfRPRvBy7ppyqz7CcmfhEWVwFX W2DAJyoZupSrcPNGUgTMg1KJX/wjR6e8Bcciu+g62m7uMN8SjyFuhUGYprCOixVC4uRR0+E0 HamBRA2aQDOh4dEOmC4etyqjPxj8A8l8uc1SYWP8pzydbXKKzwARAQABzSRKb2hhbm5lcyBS b3RoIDxqb2hhbm5lcy5yb3RoQG10Zy5kZT7CwYcEEwEIADEWIQRRugttm9R0TvKnn3XKTKPO 00uNxQUCYqGp6wIbAwQLCQgHBRUICQoLBRYCAwEAAAoJEMpMo87TS43FKxQP/AyXL6mQAoBP YxJw4stALgnBoExoZORCdPAU8dvEnaQ7yATTf6vpsOZ0TtbJr3s2xQfbSPxr4KQmAYQbUpgs 5bpI1FcPbCl6qgDNWk71Rk+lNjoBvNIkiev3Pda4SI2T9d/VmaF5GzsLxlyVvnhATIEnujSi 1SAzM9lVt69JoBv9Drno1FsQaET2T797HuQqr2TmGmDErTuWaQ6+i6oKNlICPFYyfhNIhM4d kB59rfg2hpp87u7qLgTLvN5qR1bKKegk+zcxDY+Xe35QGpspCnvQygrY4dKpt18/kB7Ddo33 mzgQFhg0ito3IXyffNg6F/SncMuZcamASWeHb8XY5rrXiTaiDgT8SCAebhaXDXdo4TCiysSY i6HzEWUmHTzjhXwmjXg1MliA1HQ3RDFIYJU39logYOWj5FfAE/Gpi7e3FjM9EYBXN7TASrVQ ck1a+UD9hWpb7c/NF2NPsDSPt67wMu70/gRiLBxlum8izjaD6D05vv4LQ1PY7CHnThitWENR d6cYkoNfrKcz9vLaJHlLJVYWkdzlzy33N6kJOreTxOZp6vqTO9csZYyuvCmJMnbREQwbUykZ n8UIEd4vAaYknxiATnisvftPTPmwF3pHxpJQKWEt0JWFONzo68LyHA+frV5eDgAnD9fK6b3/ 8pg94alg8h0lvHJg0gxGeV/FzsFNBGKhqesBEADXlZJFsf3aWaIKHKupztbL2HquHqp6U0AQ QPXGGkWbMAofeVxVZaH+NnQN3TXRxCv5bAjwGjKv5cDXoqVsULT990maDiNKt59sgMHcVwx4 vlc6x69M4QNobpUwTjsk5D4EtEzyHyMu2hDsEJ73SDY+6IEQkaBbkOfcE2y620ZVffVzS1sZ tqVA50d3VT12bdwZWhDydb8hG+S7Orm3+4UbYw1484PsknOYNE5oERGdd/v8B8+jtUYsDQkU mEC1YRaBTt+eRyothAVl4IaxKtQlpjedOx+oJiAhorOehqPH/qR4P4Il1Bw+fOlXzZoGCJVB lRoI6DVBDwie9+HG1VQTiv//zxd6bK0R1UQt0kFavsEcQstwnBf0j4LenP4IwZky4e/ImHzt XVODjgBifLrzQ8kPOVIoqjfRri/mM+FysV47wk/2UdcwjkAo40i7v/KpHarY+Z2D/CFMU2AF IdRl9ZyB+rWCC85/UWYaAOxLAUQbpruosqT1/ay9cN3LZXzYDkEZLABg57QkLxbml9jC8qdY 2t6Sja2FyrF/b2rzsyYLeTmx0MZ88t5LnjsVg38B581UsOo0Zk78mlMA/ByXRVw+9sRT1Dyr UDk1YM+qPmN4FBac5f6ScKqtaxI2nQIxlv264RwBZfDLPdl+LvpBx3hzbuubAH0H2QjAiQ9n IQARAQABwsF2BBgBCAAgFiEEUboLbZvUdE7yp591ykyjztNLjcUFAmKhqewCGwwACgkQykyj ztNLjcUE7w/+PHf0foXRnV80hQaxeiCSlnJ7SQLXF4M0YcBoUeCE/7gx2B2H+G85sOW9FABJ +xyPv7Uznaf2D3ZshRpgPvBh2EvoLxqTtYATJUz9d+AX6L8laYkUFk+xTjsEduKsUQ9VYtjA e5Qu4koqEgzkZtQtn+COeBe6ygpGmMFJhWofxjbWhvR7BwqiGKGSthcIIcRC9fucMjPhEzQ6 6jlUqz/GFG9xTxPkVavUv80klgEyTu/Vbs3icUgtnul4i5yMgmPyWyA71SlI4J7Twkc0fFPP ArqNn1GMVAkKxW7CQEAjr6uXlyCFeRBl2ECKDGUlOWh9PpGmHSQIgBFiczz8ZZoutu90yxqY RY/ABrXsOzE3cAXjaCBymwuGCm4ZdS3G4tD8cmx90JagUf75EasKIzjyY4OJVjwFkqMr6bJP FcEWADoGjuoL+uEd5OERPf+b4u88w8vzfLA3YgrWPEddIkM7BZFvm3y/cLMwAAmyoE0pcQJe tz1uD6+ROY/83xvhWxSH1PRh6J1ddhSr/hkwMEyUCnGZ85costM2JkXQlhbBxYg1Tj+SEkrz hFYEDcQjpynCalVJMdKRSIf7ehyVM8N9zPJlnER1osvCnuTf77gw3Wo7Ty5CB7/ANdARFxjt i6pcllqZ249A3CyjA4jH5vQwRidhKXwSX/KiIkMzYFzBk/c=
In-Reply-To: <EGivTgyfjNm_TAvhds1OPA2c0O6LP9lFnkwWHHKLJY8ReJOgtDh3tnYsCSR8yrrBLbpeehtUgIJEhynae8L3daRimNiGO7BAb3cVvC66q-4=@wussler.it>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: base64
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/FKWmD24ofDJ4-9BHeZAk_KtbraY>
Subject: Re: [openpgp] To bind or not to bind
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Mar 2024 10:13:08 -0000
Hi Aron, On 21.03.2024 21:26, Aron Wussler wrote: > Hello list, > > Here's the follow-up on the dilemma we had at the IETF 119 session, whether PQC encryption should be bound to V6 or allowed with V4. > > Note that this translates into two different issues: > > (1) Whether PQC encryption algorithms can be used only in v6 keys > (2) Whether PQC encryption algorithms can be used only with SEIPDv2 > > Note that (2) implies (1). I think you are mistaken here and (2) does not imply (1) since you can have a SEIPDv2-capable v4 key. Your statement regarding the new failure mode for (2) is a bit unprecise: More preceisely, the problem arises when there is a non-SEIPDv2-capable recipient (most probably a v4 certificate without the features flag) and a "PQC-only" recipient where no traditional key can be used for SEIPDv1 instead. > Please provide feedback on your preferences, use-cases, and motivations! I am against (2) due to introducing the new failure mode. I am in strong support of allowing v4 PQC keys. The compatibility concerns can be added to the migration considerations. I see value in having an independent upgrade path for PQC encryption. - Johannes > > At the session the following arguments were already raised: > - (1) may be justified because some implementations fail parsing keys [1]. Of this plot is particularly relevant the 3rd line (Unknown algo, opaque encoding, small), that would be equivalent to attach an ML-KEM + X25519 subkey to an existing v4 certificate. All V6 implementations are required not to choke on unknown algorithms. > - TLS disallowed PQC in version 1.2 to promote the migration to 1.3 > - (2) implies a new failure mode for OpenPGP, where a message can not be sent to two different recipients having a v4 and a PQC key. > > Cheers, > Aron > > > > [1] https://tests.sequoia-pgp.org/#Mock_PQ_subkey > > > -- > Aron Wussler > Sent with ProtonMail, OpenPGP key 0x7E6761563EFE3930 > > > _______________________________________________ > openpgp mailing list > openpgp@ietf.org > https://www.ietf.org/mailman/listinfo/openpgp -- MTG AG Johannes Roth Software Developer Phone: +49 6151 8000 174 E-Mail: johannes.roth@mtg.de Web: www.mtg.de MTG AG - Dolivostr. 11 - 64293 Darmstadt, Germany Commercial register: HRB 8901 Register Court: Amtsgericht Darmstadt Management Board: Jürgen Ruf (CEO), Tamer Kemeröz Chairman of the Supervisory Board: Dr. Thomas Milde This email may contain confidential and/or privileged information. If you are not the correct recipient or have received this email in error, please inform the sender immediately and delete this email. Unauthorised copying or distribution of this email is not permitted. Data protection information: www.mtg.de/en/privacy-policy
- [openpgp] To bind or not to bind Aron Wussler
- Re: [openpgp] To bind or not to bind Justus Winter
- Re: [openpgp] To bind or not to bind Johannes Roth
- Re: [openpgp] To bind or not to bind Kai Engert
- Re: [openpgp] To bind or not to bind Andrew Gallagher
- Re: [openpgp] To bind or not to bind Kai Engert
- Re: [openpgp] To bind or not to bind Daniel Huigens
- Re: [openpgp] To bind or not to bind Andrew Gallagher
- Re: [openpgp] To bind or not to bind Daniel Kahn Gillmor
- Re: [openpgp] To bind or not to bind Andrew Gallagher
- Re: [openpgp] To bind or not to bind Daniel Kahn Gillmor
- Re: [openpgp] To bind or not to bind Justus Winter
- Re: [openpgp] To bind or not to bind Aron Wussler
- Re: [openpgp] To bind or not to bind Kai Engert
- Re: [openpgp] To bind or not to bind Bart Butler
- Re: [openpgp] To bind or not to bind Justus Winter
- Re: [openpgp] To bind or not to bind Daniel Kahn Gillmor
- Re: [openpgp] To bind or not to bind Daniel Kahn Gillmor
- Re: [openpgp] To bind or not to bind Aron Wussler
- Re: [openpgp] To bind or not to bind Aron Wussler
- Re: [openpgp] To bind or not to bind Andrew Gallagher
- Re: [openpgp] To bind or not to bind Daniel Kahn Gillmor
- Re: [openpgp] To bind or not to bind Aron Wussler
- Re: [openpgp] To bind or not to bind Justus Winter
- Re: [openpgp] To bind or not to bind Kai Engert
- Re: [openpgp] To bind or not to bind Justus Winter
- Re: [openpgp] To bind or not to bind Aron Wussler
- Re: [openpgp] To bind or not to bind Falko Strenzke
- Re: [openpgp] To bind or not to bind Johannes Roth
- Re: [openpgp] To bind or not to bind Andrew Gallagher
- Re: [openpgp] To bind or not to bind Justus Winter
- Re: [openpgp] To bind or not to bind Nickolay Olshevsky
- Re: [openpgp] To bind or not to bind Nickolay Olshevsky
- Re: [openpgp] To bind or not to bind Falko Strenzke
- Re: [openpgp] To bind or not to bind Werner Koch
- Re: [openpgp] To bind or not to bind Justus Winter
- Re: [openpgp] To bind or not to bind Andrew Gallagher
- Re: [openpgp] To bind or not to bind Justus Winter
- Re: [openpgp] To bind or not to bind Andrew Gallagher
- Re: [openpgp] To bind or not to bind Bart Butler
- Re: [openpgp] To bind or not to bind Michael Richardson
- Re: [openpgp] To bind or not to bind Falko Strenzke
- Re: [openpgp] To bind or not to bind Andrew Gallagher
- Re: [openpgp] To bind or not to bind Aron Wussler
- Re: [openpgp] To bind or not to bind Heiko Schäfer
- Re: [openpgp] To bind or not to bind Bart Butler