Re: [openpgp] Genart last call review of draft-ietf-openpgp-crypto-refresh-12

Linda Dunbar <linda.dunbar@futurewei.com> Thu, 30 November 2023 01:28 UTC

Return-Path: <linda.dunbar@futurewei.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D7C2C15109D; Wed, 29 Nov 2023 17:28:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.108
X-Spam-Level:
X-Spam-Status: No, score=-2.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=futurewei.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PGZgbFG55YwV; Wed, 29 Nov 2023 17:28:41 -0800 (PST)
Received: from NAM12-MW2-obe.outbound.protection.outlook.com (mail-mw2nam12on2106.outbound.protection.outlook.com [40.107.244.106]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0C25EC151095; Wed, 29 Nov 2023 17:28:40 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dtGpIUwzEs3WNhDKV4qV5nlJvhGX7qjLTJ5q0PgC/DyynPtQnSXOhzd5M8xFBqfyOc5oLZSe+rft9mHipdFuSbJlnHdWsNiH+9KmkZxGg1XlE84yym9IAa1X38PX88axfIGxOddwzGZgmu9uwcZOc8hgC0Wlr+kwc+EQYmWsfm82UdlNWth62XHyq2IBGe3psUg/o1g1IjS+UAhZO5Te7bS7GgBKoX7zJKmhOFIU/1KolyK9EKLYM2ukxoIHMhyI0C3d/CHp4BrvUoJA21VdAA8+pV3uCxNW+zVOkesQO+b0f1YuJlpbFLt2Bd/tdbYi5X7Ifyl4lN/U9DJnu664iA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=BqWzgALl8cqjKPy7jECOsokPy73lHzVL2mWmsgsjaf0=; b=NKTdvQkD4/VaVPfVaDbDy+KfjxIVm1JuhKe7feIb7UTufuRueUfwFKziaSjOJEgZ9p5GYKW0XvweVVcFA/FSY/MNuOhRoKSDvt9G6hj51EmA6D28pF7InlzHvMoTgn69uetE5VHoMWosiwoKLLDO1dmbdhDE2uWlhDW6ClRBEWQ1RUgg23yqdfxAimnzejfYgaxYOZfSemtLyhmFD61h0r3IEi/AL4cl2ROoszngMU7sGsqA+wNj75Moxm37GkE/pgr831SJqtkLA1QKJ2T6hkRjMo750t0AozKLhzmTTH0Y6tUdbkR2ZB3h4iRVb0KQepJSeh4mqJwMZ9/y2ZFm8A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=futurewei.com; dmarc=pass action=none header.from=futurewei.com; dkim=pass header.d=futurewei.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Futurewei.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BqWzgALl8cqjKPy7jECOsokPy73lHzVL2mWmsgsjaf0=; b=Hlb8I19pTX/GqfxoKkFuVlU9IsZ9DlU3YpMGfXCb0pXmDwJgWeLFaH+RwsqUmg1U2Aq/kampJdFfWXjc3pkhLV1FSk+cO2CLw7ABXaJR4K60JFipM+/mqJrxaFaEukg6mNVV/ziBR9G0bf5lOs8W8E8tqXAb9P974MGFdC9ICqE=
Received: from CO1PR13MB4920.namprd13.prod.outlook.com (2603:10b6:303:f7::17) by MN2PR13MB4119.namprd13.prod.outlook.com (2603:10b6:208:26e::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7046.23; Thu, 30 Nov 2023 01:28:37 +0000
Received: from CO1PR13MB4920.namprd13.prod.outlook.com ([fe80::17a7:6986:bf6:5efb]) by CO1PR13MB4920.namprd13.prod.outlook.com ([fe80::17a7:6986:bf6:5efb%6]) with mapi id 15.20.7046.023; Thu, 30 Nov 2023 01:28:37 +0000
From: Linda Dunbar <linda.dunbar@futurewei.com>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, "gen-art@ietf.org" <gen-art@ietf.org>
CC: "draft-ietf-openpgp-crypto-refresh.all@ietf.org" <draft-ietf-openpgp-crypto-refresh.all@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>, "openpgp@ietf.org" <openpgp@ietf.org>
Thread-Topic: Genart last call review of draft-ietf-openpgp-crypto-refresh-12
Thread-Index: AQHaIvngBbUtYqYOfk2BPBESktTo9bCRuTMQgAAbsQCAADuREA==
Date: Thu, 30 Nov 2023 01:28:37 +0000
Message-ID: <CO1PR13MB492082D10912378D820C91028582A@CO1PR13MB4920.namprd13.prod.outlook.com>
References: <170128013486.27263.12173786341571585191@ietfa.amsl.com> <874jh4xsxu.fsf@fifthhorseman.net> <CO1PR13MB492026C069FC0B5A7D3CD12A8583A@CO1PR13MB4920.namprd13.prod.outlook.com> <87v89kw7vz.fsf@fifthhorseman.net>
In-Reply-To: <87v89kw7vz.fsf@fifthhorseman.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=futurewei.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CO1PR13MB4920:EE_|MN2PR13MB4119:EE_
x-ms-office365-filtering-correlation-id: 13cd5721-6ef0-4a59-e3d1-08dbf143ad45
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: VH3m2l8Rd9CpLHxhDBSbVuB0vpfqkBK9SvodMdhuTrDxSpCftMS2WdLedcCwfFhix5hjsEeWZ69SCjkG978VBnanuFf7Qq/qVB7WFVjeWMIFFDw0ivRmLHA/D0XkDmfqzdP8FkO4gqIulUIVJ68Q4fRxUGxCHnJ+JJpkcy2BEon/X0uzaIu6mxJhCYSRxeXi9u6Kfhu/6aInd0Ew//UsNhtKeS+Qgha02XwPFj6SY63lAjEpMMTZn5xNOU6EsGJ+BmgNly1f84zKl1GZbcId+zFJsn5BxzkSDBhRM4oylELHvPxJt/j89OURe6KUYITkYNFxctN2Z+C4i5Ch3HEOAlfE6ujgKJf81sw9mjR2vKxWdP11iYLoBhDgN1MJJZ8cWd+mEN6knsm1eJZUnIEdBqAe0+DmWS1mTKGo3dzFqURbOlS+vM9UiSlOw+wLCvIS6KEtnQFs8O37w5oHFMbldkf2q47HbK5hBOS6yCcc+249UuVI/RJPq/b7AwJNOAQ32HYnwLnVeeRDGzctmzbmfJRQ5QR8d91i+J0ip5siyNitoxVU7snO1VBEXyBxY1d24/Ecve9xK7u8eUe79+H2K1LOCLwwx5twzgf2BzKLU8/9wHv3kBiJcOR4lsg+9oT0CZCfkt18J6LgjI1jneuxSRoejM1/Y7/XdZ8GxirE1asbeeSR5nEmTrYljT0g7OGB
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CO1PR13MB4920.namprd13.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(376002)(366004)(136003)(346002)(39850400004)(396003)(230922051799003)(451199024)(186009)(1800799012)(64100799003)(83380400001)(26005)(38070700009)(66446008)(66476007)(66946007)(54906003)(64756008)(66556008)(76116006)(316002)(4001150100001)(110136005)(2906002)(8676002)(52536014)(4326008)(8936002)(86362001)(5660300002)(44832011)(9686003)(41300700001)(6506007)(7696005)(71200400001)(53546011)(33656002)(478600001)(966005)(202311291699003)(122000001)(55016003)(38100700002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 4itf0wy4rqe+uNxPhEbngJxxSr8EsZAYUvskzT6PXCOSBJVbg8VejRvuHZaSQgZ+w/65t4iSv6Lv75OP0U9jNvNlahJmZaUyS8/V00gMXEuk+L0bY0vogd9EH8EXZWEOz7GaoZVtKcUtAX71xK7ZMoaoFUYyLoz0Yj5tSKdMAVgd1ALES94uUw37FAysTUO9OKUk5st1tlox6rgjEGPwckN8ZHJq/+H/v6GR25zAxRLhiQ0Jn2n8fwZtJuSFdi9lBeFObbsicBlkI4ajbzvKrSVK9aV05u55oKEc4A2ENU4ZDCX8itNsC6sxWvGKN+rpQ9k3p/ypWM+NAMLpPVieVeSzp2RGcnMNwveCTD38/ZoabWJiiaS4yqEjgDlIFie/M6ie6ILBpKawj7znRNaTwHaTT/wy+5M2vXZAxcsB/NsDDDWN9eBVRjtS+0V81A/oE+hY15ApkMadzzbABQxtNh4mpiA06+o0CgTDJGW8SNqTZcOJpp5nYJZ78jvBAq2z6MO5TbgKl2v3V1lySGn3ewG47FUcGDLMQjfEVulSL2WAzt8yECKbmvvSxqo0EYeN48sjzz4N7ik5MGEaGHi/OxSSp9MIy5NsY6PDZsGN44EbeHheVeG1WGxE1k1n+xhbhjWAnpKfIxJ7NhpklpOFxsk9cRpQz9WJH6EtlQt4McztP+s7bd63G7uyGhhJAaLGvZcaB0mIFP0Fm2L0UC5ecG3hM46oHXSKMl87JUFShPIAnA0EzWmLIb2OfJTI/lzjZayAoPX3oJ7Pkl+skEVHgwopz9cJBnvpwmczR1K4YAWhhqwnmdFjE+t3EsLPsr7Af3wM+Ma7CRBZBSQbh6UeRu7TcrhOMA5NtX9FmVxZujutnT+y46qHGxcTeKATLK8KiLru6w5vjDj5y3ak3qnGGVb8hy0Qxj0fBJea89uEtjF+l30oTDgtmzJ/KN9HfpkoQP5RzIafp4oht8hrpALyEVfnD+/i9h5wha/rCmECIkqO5NJ1UnWpMpPfDVkRphRlnnPKz1UZTa2WRR6IxqlqHgtgqAnrWeoMNYIyzX0+URKjuBEvhNv1gF0jkqJM1RC8gAh/wrPjwVbl9KNm282oHOZ7W6Y8wkMa1ERP8xJWIDIY+PZKlCan2A6iY424JItVrQLPe30ymtP6eo9TuQ2E1w+E/a8Jbv75T/4lTZI4fsjwE/CgTxYD+EBKa3z3GZml5d31WREVnmCER4vdm+9eDhAF5yyVQsNW5JR3hjRCR4bCb8toa/vP2XPJLFti/8Z7x3sfB7LI7R1j4s5l2difnKuVg1wykNVD3WmPzJIj0q4w6frxY+ujlmDh2hDOIUzM9ZhcR1rgASBOAdtAijRXwE94MBe5lPLKrYhs+zVaats6zEPheJhETy8PJ5/c/2NWEP8gpmN9xV1HZCc01yQC5357ivbEGTBb6p9KRc0NaPluh6gU3p7rzfWc98LjBgRpDIWGffuuE4banQZGdAEiadDEgO5XZXrYY8D4JUId6nXlWywfKilV3V0FHEObPtHzT/ku7KtPC9/NAoMlV42vZ2px8pdD4Gbp9NTcp4fAzM0ApetdEg9WbEY0sNlqVdCO
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: Futurewei.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CO1PR13MB4920.namprd13.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 13cd5721-6ef0-4a59-e3d1-08dbf143ad45
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Nov 2023 01:28:37.4931 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 0fee8ff2-a3b2-4018-9c75-3a1d5591fedc
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: IG5svKrPfOj9ijB8NQjlYt2XU2xKHXYHjQRTqmk4RPng5ri3LkCo0w3RmBpOqnDzTgA3tFlx3vnEu050eoNFqg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR13MB4119
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/IAJRS175ixEQ2-in0ko4QmyAdqQ>
Subject: Re: [openpgp] Genart last call review of draft-ietf-openpgp-crypto-refresh-12
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Nov 2023 01:28:45 -0000

Daniel, 

"using the *recipient's* public key (not the sender's public key)" makes sense to me. 
 
Thank you very much for the explanation. No further questions. 

Linda

-----Original Message-----
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net> 
Sent: Wednesday, November 29, 2023 3:46 PM
To: Linda Dunbar <linda.dunbar@futurewei.com>; gen-art@ietf.org
Cc: draft-ietf-openpgp-crypto-refresh.all@ietf.org; last-call@ietf.org; openpgp@ietf.org
Subject: RE: Genart last call review of draft-ietf-openpgp-crypto-refresh-12

On Wed 2023-11-29 20:11:31 +0000, Linda Dunbar wrote:
> Thank you very much for the explanation. My puzzle is when the Sender using its Public Key to encrypt the Session Key, can anyone who have the access of the sender's Public Key decrypt the Session Key? 
>
> Is it true that the Session Key is encrypted with a symmetric key between the Sender and the Recipient? 

Hm, the session key *is* a symmetric key.  but when using a PKESK, it is encrypted using the *recipient's* public key (not the sender's public key), and can only be decrypted by the recipient's private key.

The way that encryption is done, for public key algorithms that are based on Diffie-Hellman, is that the sender generates an ephemeral secret, and includes the ephemeral public in the PKESK, and wraps the session key using a keywrap based on a key derived from the DH shared secret, which in turn comes from the ephemeral secret key and the recipient's public key (or, from the recipient's perspective, from the recipient's secret key and the ephemeral public key).

See for example the definition of X25519 PKESK:

   https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-algorithm-specific-fields-for-

But note also that some PKESKs don't use DH at all (e.g. RSA), which is why §2.1 doesn't talk about DH explicitly.

    --dkg