Re: [openpgp] Weird OIDs in the 4880bis draft

Wiktor Kwapisiewicz <wiktor@metacode.biz> Tue, 14 February 2023 13:24 UTC

Return-Path: <wiktor@metacode.biz>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EA8D2C159823 for <openpgp@ietfa.amsl.com>; Tue, 14 Feb 2023 05:24:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=metacode.biz
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CO4zJcqyx1uT for <openpgp@ietfa.amsl.com>; Tue, 14 Feb 2023 05:23:59 -0800 (PST)
Received: from out-149.mta1.migadu.com (out-149.mta1.migadu.com [95.215.58.149]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D32CCC15270B for <openpgp@ietf.org>; Tue, 14 Feb 2023 05:23:58 -0800 (PST)
Message-ID: <5fa09b99-0e3f-6a1e-49b4-eebe7a08eccd@metacode.biz>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=metacode.biz; s=key1; t=1676381035; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=6wZvQjRnlPEQoC+rPWU5vn5cLzsAD9OP9ZFXb1QV2Xs=; b=XEuBvePGbL5Hsqm0P8IejJyVtbFOfNZVHZ9uJBH2fS9vx8cd5bO0BVc5oTHrnYyiEQWdVE aHzeh7hoZwxc76DP6/jSgxRe9xfprmrRLx0gYdGTZOGFXRhrAASOyd9CrJjF3sbyBFpyFR /JD038DoUWW+0KtkDeZI3Ikm1QIvKH8=
Date: Tue, 14 Feb 2023 14:23:51 +0100
MIME-Version: 1.0
To: openpgp@ietf.org
References: <SY4PR01MB6251EA22CEC03C5DCD203A0DEEA29@SY4PR01MB6251.ausprd01.prod.outlook.com>
Content-Language: en-US, pl-PL
X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers.
From: Wiktor Kwapisiewicz <wiktor@metacode.biz>
Organization: Metacode
In-Reply-To: <SY4PR01MB6251EA22CEC03C5DCD203A0DEEA29@SY4PR01MB6251.ausprd01.prod.outlook.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Migadu-Flow: FLOW_OUT
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/IqfzasHsOoIUXvny4uDEFXV05MQ>
Subject: Re: [openpgp] Weird OIDs in the 4880bis draft
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Feb 2023 13:24:04 -0000

On 14.02.2023 10:39, Peter Gutmann wrote:
> (Open)PGP is already a Ripley's Believe-it-or-Not Odditorium of oddball stuff
> that nothing else uses, the use of nonstandard OIDs is something we can at
> least fix at the current draft stage before it becomes an RFC.

I have to agree with Peter here. Given that the working group is 
migrating to v6 keys it seems like a perfect opportunity to fix this 
issue now. At least to my knowledge there are no v6 artifacts in the wild.

Out of all issues that are in the spec that are personally bugging me on 
a technical level (MPIs being counted in bits not bytes, too much 
cryptographic agility in ECDH etc.) the OID problem seems like a really 
low hanging fruit.

As Daniel says maybe in the future some other mechanism will completely 
replace OIDs but why not fix problems one at a time rather than wait for 
later?

Kind regards,
Wiktor