IETF Logo Mail Archive

Re: [openpgp] a new draft overlapping the WG draft

Andrew Gallagher <andrewg@andrewg.com> Tue, 27 September 2022 15:09 UTC

Return-Path: <andrewg@andrewg.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5F6D5C157B4A for <openpgp@ietfa.amsl.com>; Tue, 27 Sep 2022 08:09:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.109
X-Spam-Level:
X-Spam-Status: No, score=-2.109 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=andrewg.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U1-kkZwgM6NY for <openpgp@ietfa.amsl.com>; Tue, 27 Sep 2022 08:09:00 -0700 (PDT)
Received: from fum.andrewg.com (fum.andrewg.com [IPv6:2a01:4f9:c011:23ad::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 107DAC1526E5 for <openpgp@ietf.org>; Tue, 27 Sep 2022 08:08:59 -0700 (PDT)
Received: from smtpclient.apple (unknown [176.61.115.103]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by fum.andrewg.com (Postfix) with ESMTPSA id C6D365F17F; Tue, 27 Sep 2022 15:08:53 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=andrewg.com; s=andrewg-com; t=1664291334; bh=blslBVBmQuyKHAM5+tm6AUY+iKWi+OrpiLUL1roOmQ0=; h=Subject:From:In-Reply-To:Date:Cc:References:To:From; b=Q/Xrs/udpWFztMAniKH0V6bwGoTFXpy8d11gs14WLxFelAZxtC4lmX1EgpUJFpcKU KpFveeZEs9phDtnOl4WKneliEEaHc/3vWLgYxr7sLI8DXdya8licKpsg4uTT7XfItO B2bwgpMm8DbjsHw0wPLsepKj71xm1I6QIS2ojCYXhcn2wDlSZm2JJIxAeWgsU/uapi UzrV2e9WPjHCVEdSLhT1wAh9CqczZRyRzByiwNoHRHI5/+wbGNTM5ysW/HC5Zuz33x 8BlzowYtLRFFCUgYNlWSDcxaDpISzFUzUsKFE7uvE7fJaRWi2drP/gI+jM69W01V35 Jz01yZfSGPE7A==
Content-Type: multipart/signed; boundary="Apple-Mail=_B5357822-AE7E-4071-812F-13C258F6A3CD"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.1\))
From: Andrew Gallagher <andrewg@andrewg.com>
In-Reply-To: <SY4PR01MB6251E251B8E78D409D0EB4B6EE559@SY4PR01MB6251.ausprd01.prod.outlook.com>
Date: Tue, 27 Sep 2022 16:08:47 +0100
Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Peter Gutmann <pgut001@cs.auckland.ac.nz>
Message-Id: <BF829482-A196-4782-8042-6ECBDB3A697B@andrewg.com>
References: <b8ddeb1e-fdbb-edab-3693-722c9e14f3d8@cs.tcd.ie> <SY4PR01MB6251E251B8E78D409D0EB4B6EE559@SY4PR01MB6251.ausprd01.prod.outlook.com>
To: "openpgp@ietf.org" <openpgp@ietf.org>
X-Mailer: Apple Mail (2.3696.120.41.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/Kn6C9JGHpU1Dgp_STuZVjUud64g>
Subject: Re: [openpgp] a new draft overlapping the WG draft
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Sep 2022 15:09:05 -0000

On 27 Sep 2022, at 06:39, Peter Gutmann <pgut001@cs.auckland.ac.nz> wrote:
> 
> Stephen Farrell <stephen.farrell@cs.tcd.ie> writes:
> 
>> It's come to our attention that a new draft [1] has been published that
>> basically aims to be an alternative to the WG draft. [2]
> 
> Is anyone involved in the drafts able to do a tl;dr of the significant
> differences?  Looking through the diffs there's an awful lot of small
> editorial changes that don't seem to make much difference, one has Argon, one
> has a bunch of stuff for notations with no obvious purpose (inventory control
> springs immediately to mind, but why put that in the PGP spec?) and removes
> some PGP 2.x-era bits, and then around about page 70 I hit the ;dr part of
> tl;dr.

Notation Data is in both drafts, and has been in the spec since RFC2440. The alternative drafts just define it in different sections.

I see that none of the clarifications I submitted to crypto-refresh have been ported across to -bis00, and neither have many of the corrections and clarifications submitted by others (I can’t keep track of them all). IMO bringing -bis00 up to a similar state of readiness to that of crypto-refresh will require the WG going back over and re-agreeing to significant amounts of uncontroversial changes, never mind the initial work involved in refactoring the source text.

There are significant sections that differ so greatly that the IETF diff tool has essentially given up, marking both versions as changed (everything between "11.3 OpenPGP Messages” and “12.4/13.4 Key Derivation Function”, anything to do with the elliptic curve formats, and everything from “Jallad, Katz and Schneier” onwards). I haven’t had time to go through them, but even keeping the common denominator (as suggested by Kai) would itself require a significant amount of work disentangling the substantial changes from the presentational.

So I vote for keeping the current crypto-refresh draft, but stay open to porting across substantial changes from -bis00. (I would urge that one such port should be attestation signatures, since they are already implemented in some clients and are not to my knowledge controversial, but that decision can be made later). Starting again from scratch or merging the documents equally would be a huge task.

A

v2.23.0 | Report a Bug | By Email