Re: [openpgp] To bind or not to bind

[Johannes Roth <johannes.roth@mtg.de>]

On 23.03.2024 04:59, Daniel Kahn Gillmor wrote:
> I would not object to a statement like "Binding a PQC encryption-capable
> subkey into a certificate implies setting Feature Flag 0x08 (SEIPDv2
> support)".  We basically already require implementations to impute
> Feature Flag 0x01 (SEIPDv1 support) even if it is not explicitly set,
> because SED encryption needs to go away.  And an implementation that can
> implement PQC but is incapable of implementing SEIPDv2 would be very
> surprising.  Why not couple them explicitly to move users to the more
> robust format?

A non-SEIPDv2-capable PQC implementation does not seem surprising *if* 
we decide to allow PQC encryption for v4 keys since then you can 
implement it independently from the Crypto Refresh.

We need to consider these two cases:

1) A Crypto Refresh + PQC implementation that uses a v4 PQC certificate 
for backwards compatibility.

2) A v4 + PQC implementation that does not understand SEIPDv2/PKESKv6 
and v6 keys/signatures.

Therefore, explicitly setting only the SEIPDv1 flag should be honored to 
allow implementations of type 2) to state "I understand PQC but I don't 
understand SEIPDv2".

- Johannes


-- 
MTG AG
Johannes Roth
Software Developer

Phone: +49 6151 8000 174
E-Mail: johannes.roth@mtg.de
Web: www.mtg.de


MTG AG - Dolivostr. 11 - 64293 Darmstadt, Germany
Commercial register: HRB 8901
Register Court: Amtsgericht Darmstadt
Management Board: Jürgen Ruf (CEO), Tamer Kemeröz
Chairman of the Supervisory Board: Dr. Thomas Milde

This email may contain confidential and/or privileged information. If
you are not the correct recipient or have received this email in error,
please inform the sender immediately and delete this email. Unauthorised
copying or distribution of this email is not permitted.

Data protection information: www.mtg.de/en/privacy-policy