IETF Logo Mail Archive

Re: [openpgp] Proposed WG charter

Simon Josefsson <simon@josefsson.org> Mon, 01 June 2015 14:25 UTC

Return-Path: <simon@josefsson.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 186241ACE7B for <openpgp@ietfa.amsl.com>; Mon, 1 Jun 2015 07:25:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.551
X-Spam-Level:
X-Spam-Status: No, score=-1.551 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_SE=0.35, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mIGI7UIwfzEZ for <openpgp@ietfa.amsl.com>; Mon, 1 Jun 2015 07:25:12 -0700 (PDT)
Received: from duva.sjd.se (duva.sjd.se [IPv6:2001:9b0:1:1702::100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A181D1ACE7D for <openpgp@ietf.org>; Mon, 1 Jun 2015 07:25:11 -0700 (PDT)
Received: from latte.josefsson.org ([155.4.17.3]) (authenticated bits=0) by duva.sjd.se (8.14.4/8.14.4/Debian-4) with ESMTP id t51EP22j030129 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT); Mon, 1 Jun 2015 16:25:03 +0200
Date: Mon, 01 Jun 2015 16:25:01 +0200
From: Simon Josefsson <simon@josefsson.org>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Message-ID: <20150601162501.73ec29d8@latte.josefsson.org>
In-Reply-To: <878uc3fsdp.fsf@alice.fifthhorseman.net>
References: <20150601141823.797394a1@latte.josefsson.org> <878uc3fsdp.fsf@alice.fifthhorseman.net>
X-Mailer: Claws Mail 3.11.1 (GTK+ 2.24.25; x86_64-pc-linux-gnu)
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha256"; boundary="Sig_/uFn1t5X5V/H9UxPKRgkWp25"; protocol="application/pgp-signature"
X-Virus-Scanned: clamav-milter 0.98.7 at duva.sjd.se
X-Virus-Status: Clean
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/KBHKetGSxysUCrSZuTrdHpipi60>
Cc: IETF OpenPGP <openpgp@ietf.org>, sec-ads@tools.ietf.org, Christopher LILJENSTOLPE <ietf@cdl.asgaard.org>
Subject: Re: [openpgp] Proposed WG charter
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Jun 2015 14:25:13 -0000

Den Mon, 01 Jun 2015 09:52:18 -0400
skrev Re: Proposed WG charter:

> On Mon 2015-06-01 08:18:23 -0400, Simon Josefsson wrote:
> > Good starting point.  It looks rather open ended when it comes to
> > the actual issues with RFC 4880 though.  Can you mention at least
> > five top-priority issues in RFC 4880 that needs to be adressed?
> > This would tighten the scope a bit, without limiting ability to
> > adress other issues.
> 
> I think it would only tighten the scope if we *did* prohibit
> addressing any un-mentioned issues, and i'd rather not commit to
> something with that kind of wording.

I agree.  I suppose this is up to the ADs though.

> OTOH, having some explicit targets listed here (without limiting the
> work to those targets) would help the group to make sure that 4880bis
> did cover the relevant ground.

Yes.

> Simon, if you had to list items that you thought were "must-haves",
> which would they be?

I don't know.  That is the primary reason for asking the charter to
include a list, to give me and others a sense of direction.  The
charter proposal is written in a broad way now, which can be
counter-productive (it leads to meta-discussions).

> Some highlights I'd go for (needs wordsmithing, just brainstorming
> here, and not in any particular order):
> 
>  * inclusion of the CFRG elliptic curves

Yes.  I would mention Curve25519 and Ed25519 directly, or keep it
general and say "new elliptic curve key agreement and digital
signatures" instead.

There appears to be interest in Curve25519/EdDSA algorithms from people
on this list, and I haven't seen interest in any other algorithms.

Referring to CFRG explicitly is problematic because of timeline and
authority reasons.  The CFRG hasn't published anything or made
any decisions, so referring to CFRG seems unnecessarily
limiting in when we can publish.  Regarding authority: the CFRG can
make general recommendations, and I'm sure reasonable arguments will be
listened to, but I believe the decision on which algorithms are useful
for OpenPGP is one that belongs here and not in the CFRG.

>  * proper AEAD symmetric crypto

Sure.  Is there any proposals on the table?

>  * updated mandatory-to-implement algorithms

Makes sense.

>  * updated fingerprints

No idea.

> I'm not sure they need to be in the charter, but if there's a general
> sense from the group that they should be, and a prompt proposal for
> the language change, i have no objection to including them.

I suggest to mention everything you can think of that there is no
controversy over.

I recall improvements to PGP/MIME was discussed?

There is also my old OpenPGP mail/news header proposal [1], but I'm not
sure there is energy for it.  I have also started to think that it ended
up being too complex for its own good.

/Simon

[1] https://tools.ietf.org/html/draft-josefsson-openpgp-mailnews-header-07

v2.23.0 | Report a Bug | By Email