IETF Logo Mail Archive

Re: [openpgp] v5 interoperability

Andrew Gallagher <andrewg@andrewg.com> Tue, 16 April 2024 07:50 UTC

Return-Path: <andrewg@andrewg.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EB7BBC14F6B6 for <openpgp@ietfa.amsl.com>; Tue, 16 Apr 2024 00:50:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.203
X-Spam-Level:
X-Spam-Status: No, score=-1.203 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.1, MIME_HTML_ONLY_MULTI=0.001, MIME_QP_LONG_LINE=0.001, MPART_ALT_DIFF=0.79, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=andrewg.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6U2qFXTOLGVU for <openpgp@ietfa.amsl.com>; Tue, 16 Apr 2024 00:50:52 -0700 (PDT)
Received: from fum.andrewg.com (fum.andrewg.com [IPv6:2a01:4f9:c011:23ad::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 52AB6C14CE4A for <openpgp@ietf.org>; Tue, 16 Apr 2024 00:50:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=andrewg.com; s=andrewg-com; t=1713253849; bh=cRa0zb5ECCSV5NjWG9FjPNtPozfYPxgHtcZHe6WFoQg=; h=From:Subject:Date:References:Cc:In-Reply-To:To:From; b=hP4LARjNSEDrdB/uUvnQrZ/8vTBaCSzS4io3YiBZrVFZCPLYneAN5swVVfGgEHBwt ukC0MhZ+dNX3L4cC37kTakjDF7qKytJR7fXnfE/p2rqZFj0ErlPxB4zDq8PNcFBhjn YVEHrvhHLg45v11N5ODznsYQKDHlDI5mO0NAiwhC4aAaU5vU/2Fc9kuoS9+k/Ihrpr d4PgqvsDyDnJc2FL7fimy1UJhncBcxV+bb2Vip26b5lKWo8/WFnT2QDT5n55zGMBn1 Zh5jiQ6im8yKxP7yfIp91cohnB4crTPQhWPIdFgtFwAnpsb7bxcEyN4Rn7bVF0JQra a1eKvpErKcQhg==
Received: from smtpclient.apple (unknown [176.61.115.103]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (Client did not present a certificate) by fum.andrewg.com (Postfix) with ESMTPSA id 393535DE70; Tue, 16 Apr 2024 07:50:49 +0000 (UTC)
Content-Type: multipart/alternative; boundary="Apple-Mail-4DDC4DC2-2C80-4E16-8620-CA5F90E0195B"
Content-Transfer-Encoding: 7bit
From: Andrew Gallagher <andrewg@andrewg.com>
Mime-Version: 1.0 (1.0)
Date: Tue, 16 Apr 2024 08:50:36 +0100
Message-Id: <F76D7D7D-6E02-49A7-81FE-90454B827688@andrewg.com>
References: <87frvllpzw.fsf@jacob.g10code.de>
Cc: Kai Engert <kaie@kuix.de>, IETF OpenPGP WG <openpgp@ietf.org>
In-Reply-To: <87frvllpzw.fsf@jacob.g10code.de>
To: Werner Koch <wk@gnupg.org>
X-Mailer: iPhone Mail (21E236)
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/Pgx0oWgsENcqjX5HlYDFvSUWSTA>
Subject: Re: [openpgp] v5 interoperability
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Apr 2024 07:50:57 -0000

On 16 Apr 2024, at 08:35, Werner Koch <wk@gnupg.org> wrote:

On Mon, 15 Apr 2024 11:31, Andrew Gallagher said:

will gnupg reject v4 pqc keys if they turn up?

Given that 32 octet fingerprint is required for the fixed-info and that
fingerprint is onl;y defined for v5 keys it won't be possible to use v4
keys.

In the current draft of openpgp-pqc, it looks like only the algid is required in the fixedinfo:

https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-pqc-02#section-5.2.1" class="section-number selfRef" rel="nofollow">5.2.1. https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-pqc-02#name-fixed-information" class="section-name selfRef" rel="nofollow">Fixed information

For the composite KEM schemes defined in https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-pqc-02#kem-alg-specs" class="auto internal xref" rel="nofollow">Table 1 the following procedure, justified in https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-pqc-02#sec-fixed-info" class="auto internal xref" rel="nofollow">Section 10.4, MUST be used to derive a string to use as binding between the KEK and the communication parties.

//   Input:
//   algID     - the algorithm ID encoded as octet

fixedInfo = algID


Did I misread? Or are you implementing a different scheme?

A

v2.23.0 | Report a Bug | By Email