IETF Logo Mail Archive

[openpgp] Re: WGLC for draft-ietf-openpgp-pqc [was: Re: I-D Action: draft-ietf-openpgp-pqc-08.txt]

Daniel Huigens <d.huigens@protonmail.com> Thu, 08 May 2025 13:23 UTC

Return-Path: <d.huigens@protonmail.com>
X-Original-To: openpgp@mail2.ietf.org
Delivered-To: openpgp@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id A46212662947 for <openpgp@mail2.ietf.org>; Thu, 8 May 2025 06:23:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=protonmail.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h08JJUc83hJ5 for <openpgp@mail2.ietf.org>; Thu, 8 May 2025 06:23:18 -0700 (PDT)
Received: from mail-24417.protonmail.ch (mail-24417.protonmail.ch [109.224.244.17]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id D966C266293F for <openpgp@ietf.org>; Thu, 8 May 2025 06:23:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1746710597; x=1746969797; bh=REKhCZaWzTXSdfApjSHwBd241V+ioh/krzt0WREExPo=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector:List-Unsubscribe:List-Unsubscribe-Post; b=pBj1Fx2yhTGePzVk3ssSoat5bKIzBE6kbvbDE+TR0HHCQiZyGVWPOT6qUNS+LZW// fbJrg5xUmNXMeMR27iZFy1Ck4leiM5O1vM1WLHFMUU/3+cliC51Hd8NYvGazv95RdR 9dKSQxzFE9oD40r5neh7SqXVymaqxjpvV6163j1M31iiydgMaXzf1/R9jkWNmt1hTN /amj18RgCU6nzhzXXay9ferRlX/RBhgCVEjTU9YHCNMvtRriXF5SOZ7BBSvJcZrZlB +ill3GbiyEoSwJ0IVOsjs4msTbr/OJuCqEwiEpNkHNlWszD70hV2kiMfvOpL1CuljX vvhbla2+WaX/A==
Date: Thu, 08 May 2025 13:22:00 +0000
To: Aron Wussler <aron@wussler.it>
From: Daniel Huigens <d.huigens@protonmail.com>
Message-ID: <8i7juVt8s33E6MZVPdLn1AzVawtB6xCKnMO-i4ZZrqznqzLdGOmzICbxJF_3VY4EQ7muY5NwzyqBjFqGUdtwmpw5BwY_biJsYUEWWj0vk9M=@protonmail.com>
In-Reply-To: <QaP8eC7kShQ4wP25aIZPw-3iXIZByHmpa9X30EG1t0NuV8iTXKqsgYdTp5AKSLB5jho_NdgTjppUmaBI8kThnvpkp8moB8-Fp2XWLOuA9oA=@wussler.it>
References: <174470653269.1286532.14892820163225351018@dt-datatracker-64c5c9b5f9-hz6qg> <LSicuu3DyGQdz5FlANti-HGJ6GuAucc5BKufbsCa603EsSZ0q1XMXYvt_OubLd0UQkg0gh2F--9y9WpoqWfQu5XU-KEcJ15GG66cSFk9ByU=@wussler.it> <87wmblcr8i.fsf@fifthhorseman.net> <a2fa1a9b-7094-4487-a014-c3e623fec8ad@posteo.de> <tjL4ynTE9NJFn8rNxUVyb2s-NxorQ_1GKD4SHCl6DgFRSsb9A05B4Oq9PZMqTUYc7jTxb3pf-d_CkcrrAIDoFwv1QJIIbGfMjhj7Md6fyQo=@protonmail.com> <QaP8eC7kShQ4wP25aIZPw-3iXIZByHmpa9X30EG1t0NuV8iTXKqsgYdTp5AKSLB5jho_NdgTjppUmaBI8kThnvpkp8moB8-Fp2XWLOuA9oA=@wussler.it>
Feedback-ID: 2934448:user:proton
X-Pm-Message-ID: f3b424f89fa1fc28948cb2c5268334e7f3312e74
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: ZRVFCZDKOOZDXFDFJ7E3PBTCBOYQMHBN
X-Message-ID-Hash: ZRVFCZDKOOZDXFDFJ7E3PBTCBOYQMHBN
X-MailFrom: d.huigens@protonmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-openpgp.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Heiko Schäfer <heiko.schaefer@posteo.de>, openpgp@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [openpgp] Re: WGLC for draft-ietf-openpgp-pqc [was: Re: I-D Action: draft-ietf-openpgp-pqc-08.txt]
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/NobpJ_ty0aIqGdgf95FymZeTScg>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Owner: <mailto:openpgp-owner@ietf.org>
List-Post: <mailto:openpgp@ietf.org>
List-Subscribe: <mailto:openpgp-join@ietf.org>
List-Unsubscribe: <mailto:openpgp-leave@ietf.org>

Hi Aron & all,

Thanks! I think this is a reasonable course of action for the PQC draft
since it doesn't seem like we're very close to a consensus on the
encryption subkey selection discussion, unfortunately.
(Hopefully we can still make some progress on that in parallel,
or soon after this draft becomes an RFC.)

Best,
Daniel


On Thursday, May 8th, 2025 at 10:58, Aron Wussler wrote:

> Hi everyone,
> 
> After gathering all the feedback, we decided to simplify the guidance, and consistently remove the remaining statements regarding sub-key selection.
> This is reflected in the editor copy [1].
> 
> The test vectors have also been accordingly updated as announced last week.
> 
> We thank the people involved in this discussion and ask them to review this change.
> 
> Cheers,
> Aron
> 
> [1] https://openpgp-pqc.github.io/draft-openpgp-pqc/draft-ietf-openpgp-pqc.html
> 
> --
> Aron Wussler
> Sent with ProtonMail, OpenPGP key 0x7E6761563EFE3930
> 
> 
> 
> On Tuesday, 6 May 2025 at 11:12, Daniel Huigens d.huigens=40protonmail.com@dmarc.ietf.org wrote:
> 
> > Hi Heiko,
> 
> > On Friday, May 2nd, 2025 at 16:23, Heiko Schäfer wrote:
> 
> > > I'll note that while this is not ideal for all scenarios, migrating to
> > > post quantum encryption is possible without further clarifying subkey
> > > selection, as follows:
> 
> > > 1. Adding a PQC subkey
> > > 2. Observing that this subkey is being (either exclusively or
> > > additionally) encrypted to by all relevant peers, and then
> > > 3. Decomissioning any pre-PQC encryption subkeys (by expiration or
> > > revocation).
> 
> > Section 8.3, option 2 seems to imply that it should be possible to
> > achieve post-quantum encryption security from new implementations
> > while being backwards-compatible with implementations that don't
> > support PQC:
> 
> > > Implementations understanding PQ(/T) will be able to parse and use the
> > > subkeys, while PQ(/T)-incapable implementations can gracefully ignore
> > > them.
> 
> > Revoking or expiring the old subkeys obviously makes the certificate
> > backwards-incompatible. So, I still think there's a contradiction
> > between what the draft says and what's actually possible when using
> > (2 out of 3 of) the current implementations of the draft.
> 
> > Best,
> > Daniel
> 
> > _______________________________________________
> > openpgp mailing list -- openpgp@ietf.org
> > To unsubscribe send an email to openpgp-leave@ietf.org_______________________________________________
> 
> openpgp mailing list -- openpgp@ietf.org
> To unsubscribe send an email to openpgp-leave@ietf.org

v2.31.3 | Report a Bug | By Email | System Status