Re: [openpgp] draft-koch-openpgp-2015-rfc4880bis-01
Tom <tom@flowcrypt.com> Tue, 07 February 2023 10:22 UTC
Return-Path: <tom@flowcrypt.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 280B6C1522AB for <openpgp@ietfa.amsl.com>; Tue, 7 Feb 2023 02:22:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=flowcrypt.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s_tY83Lnw805 for <openpgp@ietfa.amsl.com>; Tue, 7 Feb 2023 02:22:39 -0800 (PST)
Received: from mail-yb1-xb33.google.com (mail-yb1-xb33.google.com [IPv6:2607:f8b0:4864:20::b33]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E7637C151709 for <openpgp@ietf.org>; Tue, 7 Feb 2023 02:22:39 -0800 (PST)
Received: by mail-yb1-xb33.google.com with SMTP id 23so10927974ybf.10 for <openpgp@ietf.org>; Tue, 07 Feb 2023 02:22:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=flowcrypt.com; s=google; h=to:subject:message-id:date:mime-version:from:references:in-reply-to :openpgp:from:to:cc:subject:date:message-id:reply-to; bh=FNrAlGOT0wisc1tyYPV3aIGPcKKMmQ3eDjQocoXSzZw=; b=IqRGjBz3MQ87QlFlDxB8SP+BiLUEIWWQ21ETDnD8gxQabgFPlXvaNLaEn9214Y3+UL gF97Ir8EKAqY/1aGdMULnMaNVZWwyMQ70jphUDQI1juv5noySZSfj4RQzTwKRrbRVBfn KmDkMXFEH86BbsPZ1fCOiwkjg59N85K0yZDVA=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:subject:message-id:date:mime-version:from:references:in-reply-to :openpgp:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=FNrAlGOT0wisc1tyYPV3aIGPcKKMmQ3eDjQocoXSzZw=; b=kr+AUIJF1qfihPIbxtqQ3Jdg+96Kk4ds3hQ7XzK1TXjVBVPvhHSb1LbVF1g6yhUDmY EonDZDD3lZa1anUnOtP0Jwfo1krwFAc/SgoWa9cdhEYzKTJ8i3b0qiz9TFx/t+kCLxrO GxQ8x/cA1ukBBXAZ6iQ+47Lf8Bbg7gsxNUXU3g7/bUa2Fsz4TaAxgLcxHyY8wK0FKVQs 4pOgo8mRM9bdWwURurkstatEZ9owJGkoUS57bDz/1RQgHhbODxuCzXmUAsmvVzbSxCDb sutYQvtselX4jKUX2zVtScZKTTe7q6Y1sUiMJxN1jMtG854hO8qNIClVGuuFqRLl3B1x UURQ==
X-Gm-Message-State: AO0yUKVD5RwYIu8nR4SK6lnZU5hq54lD/1wjhy3KuFRyv2nlfCjxNidD 0x50HfyI/Ydgb865IJLFxn3/JQ/oKVAa/jtWgi1dBql6W2U7hg==
X-Google-Smtp-Source: AK7set9Rf8HSm9FNdGz+iu7wnZlR6vcQU2m/sVV9HqZgeKVZPZSM/oHw69Q6xd/CZV1a/U2/U54P8HwuW8tDW0tYWvU=
X-Received: by 2002:a5b:b48:0:b0:80b:9c82:4ebd with SMTP id b8-20020a5b0b48000000b0080b9c824ebdmr283195ybr.557.1675765358785; Tue, 07 Feb 2023 02:22:38 -0800 (PST)
Received: from 717284730244 named unknown by gmailapi.google.com with HTTPREST; Tue, 7 Feb 2023 04:22:38 -0600
Openpgp: id=8A030BAB42CAD97FF26AA25E283DDD9A77AD6AF2
In-Reply-To: <87ilgdyew6.fsf@wheatstone.g10code.de>
References: <87ilgdyew6.fsf@wheatstone.g10code.de>
From: Tom <tom@flowcrypt.com>
MIME-Version: 1.0
Date: Tue, 07 Feb 2023 04:22:38 -0600
Message-ID: <CABpKr=3FjzRpuBwi_RzsL4dWP5Fen+69ux4WZXazwHkKj7ceJw@mail.gmail.com>
To: wk@gnupg.org, openpgp@ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/I6WIeOl5CZii1gKWCAJE601lMRw>
Subject: Re: [openpgp] draft-koch-openpgp-2015-rfc4880bis-01
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Feb 2023 10:22:44 -0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Werner, > * Reserve packet type 26 > GnuPG may eventually implement the use of X.509 certificates along > with OpenPGP certificates. The idea is to allow sending of just one > encrypted file despite that the recipients use different PKIs. I see from the document "| 26 | Reserved (CMS Encrypted Session Key Packet) |" Are these plans drafted or detailed anywhere? Possible avenues for compatibility between S/MIME and OpenPGP are of great interest to me, and possibly others as well. Cheers, Tom - -- Tom at FlowCrypt On 2023-02-07 at 09:59, wk@gnupg.org wrote: > Hi, > > I did some minor updates to draft-koch-openpgp-2015-rfc4880bis. Here > is the list of relevant changes: > > * Remove EAX samples > > EAX should not anymore be used thus samples are superfluous. > > * Rename AEAD Encrypted Data Packet to OCB Encrypted Data Packet. > > The mix of the terms AEAD and OCB is hard to understand; thus we now > use nearly always OCB. We also rename "AEAD algorithm" to "encryption > mode" because that is the more common term. > > The "Preferred AEAD Algorithm" subpacket has been renamed and > deprecated. > > EAX mode has been deprecated. > > * Add OIDs for X448 > > The OID was missing. > > * Reserve packet type 26 > > GnuPG may eventually implement the use of X.509 certificates along > with OpenPGP certificates. The idea is to allow sending of just one > encrypted file despite that the recipients use different PKIs. > > * Move ECDH parameters to a separate paragraph > > Also deleted outdated or obvious security notes and added a missing > Brainpool parameter. > > * Remove the Suite B profile stuff. > > I see no need to advertise legacy curves. > > * Make Brainpool also SHOULD curves > > The reason is that in Europe Brainpool are required curves in many > domains and thus it is important to declare that support for Brainpool > is useful. Note that for backward compatibility NIST curves are still > MUST implement. > > * Fix composition of public key blocks. > > In the course of the reformatting actions of the draft a regression > against 4880 was not fixed (Zero User ID packets). The reason for > introducing zero User ID packets might have been the idea to express > that an Attribute packet may be used instead of a User ID. However, > that should either be clarified in the comments or left to the > implementation. > > The second fix is to require at least one Signature packet after a > User ID and Attribute packet. This was wrong in 2440 and 4880 but is > cryptographically required. > > > For the actual commits see: > https://git.gnupg.org/cgi-bin/gitweb.cgi?p=people/wk/rfc4880bis.git > > Formatted diff between -00 and -01: > https://author-tools.ietf.org/iddiff?url1=draft-koch-openpgp-2015-rfc4880bis-00&url2=draft-koch-openpgp-2015-rfc4880bis-01&difftype=--html > > Draft URL: > https://www.ietf.org/archive/id/draft-koch-openpgp-2015-rfc4880bis-01.txt > > > > Shalom-Salam, > > Werner > > > -- > The pioneers of a warless world are the youth that > refuse military service. - A. Einstein -----BEGIN PGP SIGNATURE----- Version: FlowCrypt Email Encryption 8.4.2 Comment: Seamlessly send and receive encrypted email wnUEARYKAAYFAmPiJm0AIQkQTBvcPhXXUUUWIQTTltEyg0+O2pQIcL9MG9w+ FddRRUhOAQD8AsTh7iJ2NZOw9femrBwrctDZWAuF8D6OMYj1HvdJIwEAnsbT /QEnflMqXsLrAaVSqsQ55KohHzS3M7nfmDapmwE= =aNO8 -----END PGP SIGNATURE-----