Re: [openpgp] To bind or not to bind
Falko Strenzke <falko.strenzke@mtg.de> Wed, 27 March 2024 06:41 UTC
Return-Path: <falko.strenzke@mtg.de>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 61047C14F70A for <openpgp@ietfa.amsl.com>; Tue, 26 Mar 2024 23:41:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.106
X-Spam-Level:
X-Spam-Status: No, score=-7.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mtg.de
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DKTnN9AiQ9iu for <openpgp@ietfa.amsl.com>; Tue, 26 Mar 2024 23:41:48 -0700 (PDT)
Received: from www.mtg.de (www.mtg.de [IPv6:2a02:b98:8:2::2]) (using TLSv1.3 with cipher TLS_CHACHA20_POLY1305_SHA256 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4E27AC14F702 for <openpgp@ietf.org>; Tue, 26 Mar 2024 23:41:41 -0700 (PDT)
Received: from minka.mtg.de (minka [IPv6:2a02:b98:8:1:0:0:0:9]) by www.mtg.de (8.18.1/8.18.1) with ESMTPS id 42R6fRkP028990 (version=TLSv1.3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256 verify=NOT); Wed, 27 Mar 2024 07:41:27 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mtg.de; s=mail201801; t=1711521687; bh=nR+hxPvQcO0jX6hfv2rsPVBa4QjWBp9fMizMAzIcow8=; h=Date:Subject:To:Cc:References:From:In-Reply-To; b=CDKgTpdKGohGJ0Xei0UY/i9ZCp7AaZrtoITOs47/L4CLg0ump4b4YFNXWz4Jsc1oa V6dWhFpSLOqY16V8UG5uAob0fvSFhAmmpHPogvQNd/zV7tqXoZ6m0tM2ozvAa6dALw YQvBxtQFHtaN6h82dscmARgqNUVb+7IsNF5x3MLsR1CjawtliTVAC+SYrZqEouV88L 72SVGsSkcQZYtwbvzKH90ECIbsaD/aH11I26p+3JqvPEuBNJVotmysy4pLas8R8fYi l9tOSEulhRv7w+17/DI7OYvBkiUlfzbvAFJaEN2pF6GftgdLvJj0L4cUb0gdm8A4Rg kUCC7e3Z3nRmA==
Received: from [10.8.0.100] (vpn-10-8-0-100 [10.8.0.100]) by minka.mtg.de (8.18.1/8.18.1) with ESMTPS id 42R6fQ4O028779 (version=TLSv1.3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256 verify=NOT); Wed, 27 Mar 2024 07:41:26 +0100
Message-ID: <14a80b96-9860-461d-b9fe-e38e3bf651b1@mtg.de>
Date: Wed, 27 Mar 2024 07:41:26 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: Justus Winter <justus@sequoia-pgp.org>, Daniel Kahn Gillmor <dkg@fifthhorseman.net>, Andrew Gallagher <andrewg=40andrewg.com@dmarc.ietf.org>
Cc: Aron Wussler <aron@wussler.it>, openpgp@ietf.org
References: <87a5mqi0xi.fsf@europ.lan> <23B46D65-EAF7-43D0-A5F1-04D28B698559@andrewg.com> <87sf0h32d3.fsf@fifthhorseman.net> <cd9a18d9-2d13-48d2-98e0-2ae268f68215@mtg.de> <87y1a6has4.fsf@europ.lan>
Content-Language: en-GB
From: Falko Strenzke <falko.strenzke@mtg.de>
In-Reply-To: <87y1a6has4.fsf@europ.lan>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-512"; boundary="------------ms050305090907030009060909"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/HM01lgu7iNeaH6TX0rIwk-Jyl-E>
Subject: Re: [openpgp] To bind or not to bind
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Mar 2024 06:41:53 -0000
Hi Justus, Am 25.03.24 um 11:21 schrieb Justus Winter: >> Based on what you write and what I can see in PGPy's GitHub repository, >> it seems PGPy has to be considered as unmaintained. In that case it >> should not be considered in the interop tests. > We're trying to understand how the existing v4 ecosystem will react to > introducing an as-of-yet unknown algorithms with as-of-yet unseen > artifact encodings to v4 certificates. > > Whether or not an implementation is actively maintained seems to be > irrelevant to that question. > > Or, one could even argue that not inadvertently breaking unmaintained > implementations is more important. Along those lines, Aron has been > arguing that gopenpgp reacting badly to unknown algorithms isn't that > bad because gopenpgp is actively maintained. But here we are weighing the two possibilities 1) introduce PQC encryption already in v4 2) introduce PQC encryption only in v6. PGPy being unmaintained will block either route. So I don't see that the failing interop test is an argument for for 2). - Falko > > Best, > Justus -- *MTG AG* Dr. Falko Strenzke Executive System Architect Phone: +49 6151 8000 24 E-Mail: falko.strenzke@mtg.de Web: mtg.de <https://www.mtg.de> <https://www.linkedin.com/search/results/all/?fetchDeterministicClustersOnly=true&heroEntityKey=urn%3Ali%3Aorganization%3A13983133&keywords=mtg%20ag&origin=RICH_QUERY_SUGGESTION&position=0&searchId=d5bc71c3-97f7-4cae-83e7-e9e16d497dc2&sid=3S5&spellCorrectionEnabled=false> Follow us ------------------------------------------------------------------------ <https://www.mtg.de/de/aktuelles/MTG-AG-erhaelt-Innovationspreis-des-Bundesverbands-IT-Sicherheit-e.V-00001.-TeleTrust/> <https://www.itsa365.de/de-de/companies/m/mtg-ag> MTG AG - Dolivostr. 11 - 64293 Darmstadt, Germany Commercial register: HRB 8901 Register Court: Amtsgericht Darmstadt Management Board: Jürgen Ruf (CEO), Tamer Kemeröz Chairman of the Supervisory Board: Dr. Thomas Milde This email may contain confidential and/or privileged information. If you are not the correct recipient or have received this email in error, please inform the sender immediately and delete this email.Unauthorised copying or distribution of this email is not permitted. Data protection information: Privacy policy <https://www.mtg.de/en/privacy-policy>
- [openpgp] To bind or not to bind Aron Wussler
- Re: [openpgp] To bind or not to bind Justus Winter
- Re: [openpgp] To bind or not to bind Johannes Roth
- Re: [openpgp] To bind or not to bind Kai Engert
- Re: [openpgp] To bind or not to bind Andrew Gallagher
- Re: [openpgp] To bind or not to bind Kai Engert
- Re: [openpgp] To bind or not to bind Daniel Huigens
- Re: [openpgp] To bind or not to bind Andrew Gallagher
- Re: [openpgp] To bind or not to bind Daniel Kahn Gillmor
- Re: [openpgp] To bind or not to bind Andrew Gallagher
- Re: [openpgp] To bind or not to bind Daniel Kahn Gillmor
- Re: [openpgp] To bind or not to bind Justus Winter
- Re: [openpgp] To bind or not to bind Aron Wussler
- Re: [openpgp] To bind or not to bind Kai Engert
- Re: [openpgp] To bind or not to bind Bart Butler
- Re: [openpgp] To bind or not to bind Justus Winter
- Re: [openpgp] To bind or not to bind Daniel Kahn Gillmor
- Re: [openpgp] To bind or not to bind Daniel Kahn Gillmor
- Re: [openpgp] To bind or not to bind Aron Wussler
- Re: [openpgp] To bind or not to bind Aron Wussler
- Re: [openpgp] To bind or not to bind Andrew Gallagher
- Re: [openpgp] To bind or not to bind Daniel Kahn Gillmor
- Re: [openpgp] To bind or not to bind Aron Wussler
- Re: [openpgp] To bind or not to bind Justus Winter
- Re: [openpgp] To bind or not to bind Kai Engert
- Re: [openpgp] To bind or not to bind Justus Winter
- Re: [openpgp] To bind or not to bind Aron Wussler
- Re: [openpgp] To bind or not to bind Falko Strenzke
- Re: [openpgp] To bind or not to bind Johannes Roth
- Re: [openpgp] To bind or not to bind Andrew Gallagher
- Re: [openpgp] To bind or not to bind Justus Winter
- Re: [openpgp] To bind or not to bind Nickolay Olshevsky
- Re: [openpgp] To bind or not to bind Nickolay Olshevsky
- Re: [openpgp] To bind or not to bind Falko Strenzke
- Re: [openpgp] To bind or not to bind Werner Koch
- Re: [openpgp] To bind or not to bind Justus Winter
- Re: [openpgp] To bind or not to bind Andrew Gallagher
- Re: [openpgp] To bind or not to bind Justus Winter
- Re: [openpgp] To bind or not to bind Andrew Gallagher
- Re: [openpgp] To bind or not to bind Bart Butler
- Re: [openpgp] To bind or not to bind Michael Richardson
- Re: [openpgp] To bind or not to bind Falko Strenzke
- Re: [openpgp] To bind or not to bind Andrew Gallagher
- Re: [openpgp] To bind or not to bind Aron Wussler
- Re: [openpgp] To bind or not to bind Heiko Schäfer
- Re: [openpgp] To bind or not to bind Bart Butler