Re: [openpgp] Marker packet for OpenPGP-NG (was: Confirming open questions discussed at IETF 114)
Daniel Kahn Gillmor <dkg@fifthhorseman.net> Wed, 12 October 2022 16:30 UTC
Return-Path: <dkg@fifthhorseman.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 08809C15271F for <openpgp@ietfa.amsl.com>; Wed, 12 Oct 2022 09:30:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.107
X-Spam-Level:
X-Spam-Status: No, score=-7.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=fifthhorseman.net header.b=oALrCgey; dkim=pass (2048-bit key) header.d=fifthhorseman.net header.b=lUSzRtCl
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yXWtODGPSPmQ for <openpgp@ietfa.amsl.com>; Wed, 12 Oct 2022 09:30:07 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [IPv6:2001:470:1:116::7]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B386EC15271E for <openpgp@ietf.org>; Wed, 12 Oct 2022 09:30:07 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019; t=1665592206; h=from : to : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=t/APtYnRZs28zeyEKefDX5JE9NLv1g80O5Hts/KkSmA=; b=oALrCgeyGjg4VCu8A5lYAyEK4wwdb6XtHoG13t46Xdf8PKvGlX8I1sAriKpoq/NEV4w49 +PJQKuuHl49FvcuAQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019rsa; t=1665592206; h=from : to : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=t/APtYnRZs28zeyEKefDX5JE9NLv1g80O5Hts/KkSmA=; b=lUSzRtClGr9814+1i3MynFOhFBM8QdDZ/ybNuZsTRBsbmpEnIYG674XEwBaRMxVUabcCb yqVpr86JkI8nnWVd+ocYDmR2sopjtw7BpWIaxWQr/BsK25Z1rk+7ir3Qykx1eeBafZUDI/w sKpvUmJDUTRMs/zdGHPef/jx65ciBt1+UWeB5dGhaIMM8B+zqCCM00DLIbM8v9sazlzabdc +W3POxX5HIaMy8tfPe86SyB9S8rzSUNUVaNgtbbfr4SqCHDrd7vDWM5TX9dIJZzVSfpLrla SxpDev65Le6+WzX0XcHitAol7Us8zJPmwdtj+cHh73mxWT3xrMABVSDZQD0w==
Received: from fifthhorseman.net (unknown [38.109.115.130]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id D7EFAF9AE; Wed, 12 Oct 2022 12:30:05 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000) id 171E9204C8; Wed, 12 Oct 2022 12:11:42 -0400 (EDT)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Werner Koch <wk@gnupg.org>, openpgp@ietf.org
In-Reply-To: <87sfjtdr3b.fsf_-_@wheatstone.g10code.de>
References: <87tu6wneqh.fsf@fifthhorseman.net> <87y1tm635e.fsf@fifthhorseman.net> <bc30b65f-3dc7-fa1a-e3a9-9b7171192d92@cs.tcd.ie> <87sfjtdr3b.fsf_-_@wheatstone.g10code.de>
Autocrypt: addr=dkg@fifthhorseman.net; prefer-encrypt=mutual; keydata= mDMEX+i03xYJKwYBBAHaRw8BAQdACA4xvL/xI5dHedcnkfViyq84doe8zFRid9jW7CC9XBiI0QQf FgoAgwWCX+i03wWJBZ+mAAMLCQcJEOCS6zpcoQ26RxQAAAAAAB4AIHNhbHRAbm90YXRpb25zLnNl cXVvaWEtcGdwLm9yZ/tr8E9NA10HvcAVlSxnox6z62KXCInWjZaiBIlgX6O5AxUKCAKbAQIeARYh BMKfigwB81402BaqXOCS6zpcoQ26AADZHQD/Zx9nc3N2kj13AUsKMr/7zekBtgfSIGB3hRCU74Su G44A/34Yp6IAkndewLxb1WdRSokycnaCVyrk0nb4imeAYyoPtBc8ZGtnQGZpZnRoaG9yc2VtYW4u bmV0PojRBBMWCgCDBYJf6LTfBYkFn6YAAwsJBwkQ4JLrOlyhDbpHFAAAAAAAHgAgc2FsdEBub3Rh dGlvbnMuc2VxdW9pYS1wZ3Aub3JnL0Gwxvypz2tu1IPG+yu1zPjkiZwpscsitwrVvzN3bbADFQoI ApsBAh4BFiEEwp+KDAHzXjTYFqpc4JLrOlyhDboAAPkXAP0Z29z7jW+YzLzPTQML4EQLMbkHOfU4 +s+ki81Czt0WqgD/SJ8RyrqDCtEP8+E4ZSR01ysKqh+MUAsTaJlzZjehiQ24MwRf6LTfFgkrBgEE AdpHDwEBB0DkKHOW2kmqfAK461+acQ49gc2Z6VoXMChRqobGP0ubb4kBiAQYFgoBOgWCX+i03wWJ BZ+mAAkQ4JLrOlyhDbpHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3Jnfvo+ nHoxDwaLaJD8XZuXiaqBNZtIGXIypF1udBBRoc0CmwICHgG+oAQZFgoAbwWCX+i03wkQPp1xc3He VlxHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnaheiqE7Pfi3Atb3GGTw+ jFcBGOaobgzEJrhEuFpXREEWIQQttUkcnfDcj0MoY88+nXFzcd5WXAAAvrsBAIJ5sBg8Udocv25N stN/zWOiYpnjjvOjVMLH4fV3pWE1AP9T6hzHz7hRnAA8d01vqoxOlQ3O6cb/kFYAjqx3oMXSBhYh BMKfigwB81402BaqXOCS6zpcoQ26AADX7gD/b83VObe14xrNP8xcltRrBZF5OE1rQSPkMNy+eWpk eCwA/1hxiS8ZxL5/elNjXiWuHXEvUGnRoVj745Vl48sZPVYMuDgEX+i03xIKKwYBBAGXVQEFAQEH QIGex1WZbH6xhUBve5mblScGYU+Y8QJOomXH+rr5tMsMAwEICYjJBBgWCgB7BYJf6LTfBYkFn6YA CRDgkus6XKENukcUAAAAAAAeACBzYWx0QG5vdGF0aW9ucy5zZXF1b2lhLXBncC5vcmcEAx9vTD3b J0SXkhvcRcCr6uIDJwic3KFKxkH1m4QW0QKbDAIeARYhBMKfigwB81402BaqXOCS6zpcoQ26AAAX mwD8CWmukxwskU82RZLMk5fm1wCgMB5z8dA50KLw3rgsCykBAKg1w/Y7XpBS3SlXEegIg1K1e6dR fRxL7Z37WZXoH8AH
Date: Wed, 12 Oct 2022 12:11:41 -0400
Message-ID: <877d1558ea.fsf@fifthhorseman.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/O1Rz2VLuGj2UKiHiJ4U2djDD5oI>
Subject: Re: [openpgp] Marker packet for OpenPGP-NG (was: Confirming open questions discussed at IETF 114)
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Oct 2022 16:30:12 -0000
Hi Werner--
On Wed 2022-10-12 17:00:40 +0200, Werner Koch wrote:
> Given that the crypto-refresh I-D heavily deviates from OpenPGP as
> specified in RFC-2440 and RFC-4880 and deployed practise I have two
> suggestions to avoid confusion:
I'm surprised to hear that you think that the crypto-refresh deviates
heavily from RFC-4880. Could you be more specific about the sources of
deviation you're concerned about? From what i've seen, the design-team
has been pretty scrupulous about not breaking backward compatibility,
and about carefully staying within the lines of the previous
specification, making use of the extension points already within the
spec.
For example, when new wire formats are indicated, they are clearly
marked with a different version number, so they are identifiable.
> 1. All data including key packets shall make use of a marker packet
>
> 5.8. Marker Packet (Tag 10)
>
> This packet was used by certain PGP versions and flagged as obsolete
> in RFC-4880. With this specification it is repurposed to mark the
> data and keys constructed as specified by this specification and its
> successors.
>
> The body of this packet consists of:
>
> - The three octets 0x60, 0x67, 0x70 (which spell "pgp" in UTF-8).
>
> Implementations SHALL use this packet to indicate packet formats
> described by this specification. It SHALL be the first packet of
> each OpenPGP Message or sets of OpenPGP Keys. Note that the old
> marker packet used three different octets.
given that the new data elements are already identified by version
number, i don't see what is gained by including this packet?
> 2. Clearly identify the new specification as a new version of OpenPGP
> with only limited backward compatibility. For example
> OpenPGP-NG or OpenPGP/2 or ModernPGP or IETFPGP
> or maybe just PGP (if Broadcom allows for such a use)
I'm assuming here that by "the new specification", you mean the
crypto-refresh draft. As chartered, that draft is certainly the new
version of OpenPGP, but it does *not* have limited backward
compatibility. I don't see why giving it a different name is useful.
Can you explain more?
--dkg
- [openpgp] Meeting Minutes for OpenPGP at IETF 114 Daniel Kahn Gillmor
- Re: [openpgp] Meeting Minutes for OpenPGP at IETF… Daniel Huigens
- Re: [openpgp] Meeting Minutes for OpenPGP at IETF… Daniel Kahn Gillmor
- [openpgp] Confirming open questions discussed at … Daniel Kahn Gillmor
- Re: [openpgp] Confirming open questions discussed… Stephen Farrell
- [openpgp] Marker packet for OpenPGP-NG (was: Conf… Werner Koch
- Re: [openpgp] Marker packet for OpenPGP-NG (was: … Neal H. Walfield
- Re: [openpgp] Marker packet for OpenPGP-NG (was: … Paul Wouters
- Re: [openpgp] Marker packet for OpenPGP-NG (was: … Daniel Kahn Gillmor
- Re: [openpgp] Confirming open questions discussed… Daniel Kahn Gillmor