Re: [openpgp] Move new Signatures and Keys from v5 to v6?
Falko Strenzke <falko.strenzke@mtg.de> Tue, 07 February 2023 07:05 UTC
Return-Path: <falko.strenzke@mtg.de>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BF44FC169536 for <openpgp@ietfa.amsl.com>; Mon, 6 Feb 2023 23:05:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.097
X-Spam-Level:
X-Spam-Status: No, score=-7.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mtg.de
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WrhQ71OuYvKm for <openpgp@ietfa.amsl.com>; Mon, 6 Feb 2023 23:05:47 -0800 (PST)
Received: from www.mtg.de (www.mtg.de [IPv6:2a02:b98:8:2::2]) (using TLSv1.3 with cipher TLS_CHACHA20_POLY1305_SHA256 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 63600C169531 for <openpgp@ietf.org>; Mon, 6 Feb 2023 23:05:45 -0800 (PST)
Received: from minka.mtg.de (minka [IPv6:2a02:b98:8:1:0:0:0:9]) by www.mtg.de (8.17.1/8.17.1) with ESMTPS id 31775cmc012281 (version=TLSv1.3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256 verify=NOT); Tue, 7 Feb 2023 08:05:38 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mtg.de; s=mail201801; t=1675753538; bh=swMr+J1+qxCBXVCjgClX8nDg1jkVu9zxxvCEsmPFKoM=; h=Date:Subject:To:References:From:In-Reply-To; b=sxK5DizQNpS+PKHVlaQvGs8amTNDAwWs6jrWfwig3c/SNdf2ysb9VpjsWy0pHhBxG kjgK1cPKGVwTe3f0QzDUFsAAj7PZ2dniLh2AZWnVix9HZ2Byv1unlFVy45Tmgjx/KV FCkCExOIdLeWiO3J11hAQpDwRjzgl7mb7UJN4ubNJix8Z/+E65EJoPN6bPpAOSkzea 2dfzFgRaTqrRoVKYBB1Uth1VaZCZ9pynG/REkcgyZm/T0k2HDJnU0dLi6s0VRPrqJt fNFpHPFwBz9zYYGPHQydd35vGKMG8NgGb/9B+Bg6AmlFqyZFDYfI19dlUzzSjdLQpC lGjDbWj7yPA4w==
Received: from [10.8.0.100] (vpn-10-8-0-100 [10.8.0.100]) by minka.mtg.de (8.17.1/8.17.1) with ESMTPS id 31775bcs010983 (version=TLSv1.3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256 verify=NOT); Tue, 7 Feb 2023 08:05:37 +0100
Message-ID: <a9e2d134-fee5-ac4d-7cfb-b83a29552d1c@mtg.de>
Date: Tue, 07 Feb 2023 08:05:37 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.7.1
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, openpgp@ietf.org
References: <877cwwnige.fsf@fifthhorseman.net> <cc94aced-1f42-3b7e-7359-b6ee25af48fc@mtg.de> <87sffimthq.fsf@fifthhorseman.net>
Content-Language: de-DE, en-GB
From: Falko Strenzke <falko.strenzke@mtg.de>
In-Reply-To: <87sffimthq.fsf@fifthhorseman.net>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-512"; boundary="------------ms090901040407000106080102"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/NwRKxEz-vCMqQ8ouimzD2PmBXwI>
Subject: Re: [openpgp] Move new Signatures and Keys from v5 to v6?
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Feb 2023 07:05:52 -0000
Am 06.02.23 um 21:25 schrieb Daniel Kahn Gillmor: > One subtle additional point in this course: The packet tag 0x20, used by >> GnuPG for AEAD packets, currently marked as "reserved" in the >> crypto-refresh, should probably marked as "_permanently_ reserved". > I'm not sure what the difference is between "reserved" and > "_permanently_ reserved". can you elaborate further on what conditions > should be put on this codepoint reservation? > > --dkg I meant this similar to what you propose in the MR for avoiding the signature ambiguity for the signature type 0xFF: https://gitlab.com/openpgp-wg/rfc4880bis/-/merge_requests/220/diffs#note_1265794713 The wording there is different though from what I proposed. For the reserved signature type, there is a section it refers the reader to explaining the reasons. Currently we don't have a section that explains anything about the version conflict, and probably it should remain that way. So we could simply write "20 | yes | reserved. An implementation MUST NOT create any packet with this tag." To say "MUST not interpret a packet with this tag" would probably not be a good idea, though, as it could be interpreted to forbid being (also) compatible to applications that use the AEAD packet. The table entry currently says "(formerly AEAD Encrypted Data Packet)". I am not sure if this is formally correct. There should be no prior official OpenPGP version that defines AEAD packets, or am I mistaken? - Falko -- *MTG AG* Dr. Falko Strenzke Executive System Architect Phone: +49 6151 8000 24 E-Mail: falko.strenzke@mtg.de Web: mtg.de <https://www.mtg.de> *MTG Exhibitions – See you in 2023* ------------------------------------------------------------------------ <https://community.e-world-essen.com/institutions/allExhibitors?query=true&keywords=mtg> <https://www.itsa365.de/de-de/companies/m/mtg-ag> MTG AG - Dolivostr. 11 - 64293 Darmstadt, Germany Commercial register: HRB 8901 Register Court: Amtsgericht Darmstadt Management Board: Jürgen Ruf (CEO), Tamer Kemeröz Chairman of the Supervisory Board: Dr. Thomas Milde This email may contain confidential and/or privileged information. If you are not the correct recipient or have received this email in error, please inform the sender immediately and delete this email. Unauthorised copying or distribution of this email is not permitted. Data protection information: Privacy policy <https://www.mtg.de/en/privacy-policy>
- [openpgp] Move new Signatures and Keys from v5 to… Daniel Kahn Gillmor
- Re: [openpgp] Move new Signatures and Keys from v… Falko Strenzke
- Re: [openpgp] Move new Signatures and Keys from v… Daniel Kahn Gillmor
- Re: [openpgp] Move new Signatures and Keys from v… Falko Strenzke
- Re: [openpgp] Move new Signatures and Keys from v… Andrew Gallagher
- Re: [openpgp] Move new Signatures and Keys from v… Daniel Huigens
- Re: [openpgp] Move new Signatures and Keys from v… Paul Wouters
- Re: [openpgp] Move new Signatures and Keys from v… Daniel Huigens
- Re: [openpgp] Move new Signatures and Keys from v… Daniel Kahn Gillmor
- Re: [openpgp] Move new Signatures and Keys from v… Justus Winter
- Re: [openpgp] Move new Signatures and Keys from v… Aron Wussler
- [openpgp] PKESK and SKESK from v5 to v6 [was: Re:… Daniel Kahn Gillmor
- Re: [openpgp] PKESK and SKESK from v5 to v6 [was:… Stephen Farrell