[openpgp] List of "semantic" changes between 4880 and bis

Wiktor Kwapisiewicz <wiktor@metacode.biz> Fri, 02 October 2020 13:38 UTC

Return-Path: <wiktor@metacode.biz>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2E8D03A162E for <openpgp@ietfa.amsl.com>; Fri, 2 Oct 2020 06:38:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=metacode.biz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LryweeYGgwhm for <openpgp@ietfa.amsl.com>; Fri, 2 Oct 2020 06:38:02 -0700 (PDT)
Received: from mail-ed1-x52c.google.com (mail-ed1-x52c.google.com [IPv6:2a00:1450:4864:20::52c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 65C543A162C for <openpgp@ietf.org>; Fri, 2 Oct 2020 06:38:01 -0700 (PDT)
Received: by mail-ed1-x52c.google.com with SMTP id w1so1688019edr.3 for <openpgp@ietf.org>; Fri, 02 Oct 2020 06:38:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=metacode.biz; s=2017; h=from:autocrypt:organization:to:subject:message-id:date:mime-version; bh=+pWyVwOEpiehztzSSKFnT7ZhZ1W3edmlN/L6AupdeyA=; b=PrPwPdWTKKNZ0uOtlYMSZevtoalkbu4iGk4l2ftqXNEXryCusyvWgSv5RV7uaSAwkV EAm66DtYMSHqaxn3TOrFhMhg9nL3+oH1Z8S62T3gD5Y2aPPQM2Sn5+jXuIXWs3NZOh7l 3N4pwQZmdZV62dYVPtmnfyp5evN1ae77atr+BKOijXcBwqigLvkm1jfc2Z7KbNDvoIQT Fi9+CLOqHdB3xkr87Sah6TLoIHB31w5VMtJ/LOXfVYTUfAEfYyG2Y+PJ+S3EJ9PFB1EM Wvkg5ppVCJjnY+E25GrEBZNiBo5PEFCOxaDlr/hfgTxii51MfLIzK3GcDFllqf3lacN/ D1Mg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:autocrypt:organization:to:subject :message-id:date:mime-version; bh=+pWyVwOEpiehztzSSKFnT7ZhZ1W3edmlN/L6AupdeyA=; b=gZbsJjsEUCvSDaaxBN1crHuuu6C5Kt3Rd3cSqhjgcbIATiSb59n55dwOtQ8KyXKS+u p4GBP+bPXYHYQhJfj6xaOEcpoqnLNUDpFx2PceyH3bj97+xHLO/p5FCm9cDPajjXCqgZ mAPwwNoeI/fYrDADrv3Tg4RhLOdTuDWzG4CiTTVbxszFSx200ZA7mVnimivoWEl69zY5 baJFxmTda+AOt9a+SqdUqbloYQrz+T1d4FHwN4sV1kz/oamwXQd670hXRRio/EeHwUEZ qdRFNDdPB9oD9YsJ6Ky/D3UlvUWVPMbXM3na/5Zty0o7oCa2G6exxfYVBOjcrBRQOpGc toDA==
X-Gm-Message-State: AOAM531Lj2E7K1ZVZ17mGeAGyymE9/uAN8I/iDL5STj6KJHz5FJFe4ca UCTHC90g1O1b9Qd4fvIbnszx6HuBKmj/GA==
X-Google-Smtp-Source: ABdhPJwWW5+vFT65NIkVvpKPL9Px50SiJNMByVfPZZAEk+L+OCxhZGi88CdKM3IGTqao+EaTyPZM9w==
X-Received: by 2002:aa7:da89:: with SMTP id q9mr2308938eds.111.1601645879561; Fri, 02 Oct 2020 06:37:59 -0700 (PDT)
Received: from [192.168.2.69] (aehd220.neoplus.adsl.tpnet.pl. [79.186.185.220]) by smtp.googlemail.com with ESMTPSA id p17sm1255116edw.10.2020.10.02.06.37.57 for <openpgp@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 02 Oct 2020 06:37:58 -0700 (PDT)
From: Wiktor Kwapisiewicz <wiktor@metacode.biz>
Autocrypt: addr=wiktor@metacode.biz; prefer-encrypt=mutual; keydata= mQINBFhoYHoBEADzmg9UuwDrtvyejU01gDY1J1iJiCi4XGJ4lCfYeLC2jSagIxU/5Lu0lRft 0Loi2tsjpo0c8docP7HFxafEEvnnt/iabd6I536llMuw0uno4PgnD3ljcCMZLT+vn+amIDta lzVoMnSqzoNUotMNMtjIFuAaQ/wr4/Mp9CIgJdviGUc3PscqUiiUVVtk6uF0x657NULZgSIT /Mrqlr2i4RuyPwXe2Qt0uEA3KWWjF0l2NpAMVrqz+nHsLoNOaAsfdx94bzKQrrSeSQqEO2f+ /eO/hbUAFAmEhrotmUO8wJNygo8TgkdlzFI+UE4p8/KW0aCgGGgR8YkCvHq2OQhAAYFNJoNz Hqw0FGxdsY8qWFkYpoSB8zKspNy8KliofCamMYXoPF7eVIxIiKvxrAykGP4jNnzSoV0cn+bY fXnox1IhnqbnoJIT7kTmXv4JmWoYm8ThHqpEgcQOUUQzSRXb9OiNwiXT71ijeO1qswMRpsgk 6AGKSZGWxa3c4ive/p8z1Ax27BFZSh2FceIcMCcGLrDjnQYgeFsAJ1jSxZQXkGuJFHfb4nff Big7aq/vyKrQFQXG0NQQL7rZAdk/s665vifos0yPmRDu7yDT1ggdyBp4Pa4re+ZJcNRNzNHo zU9al+CoImCQjnTtKMXmOe/BzGrpHI4QR3NNzVa423WCIWkHfwARAQABtClXaWt0b3IgS3dh cGlzaWV3aWN6IDx3aWt0b3JAbWV0YWNvZGUuYml6PokELgQTAQoCGAIbAQgLCQgHDQwLCgUV CgkICwIeAQIXgDQUgAAAAAASABlwcm9vZkBtZXRhY29kZS5iaXpkbnM6bWV0YWNvZGUuYml6 P3R5cGU9VFhUXBSAAAAAABIAQXByb29mQG1ldGFjb2RlLmJpemh0dHBzOi8vZ2lzdC5naXRo dWIuY29tL3dpa3Rvci1rLzM4OWQ1ODlkZDE5MjUwZTFmOWE0MmJjM2Q1ZDQwYzE2VRSAAAAA ABIAOnByb29mQG1ldGFjb2RlLmJpemh0dHBzOi8vd3d3LnJlZGRpdC5jb20vdXNlci93aWt0 b3Itay9jb21tZW50cy9ibzVvaWgvdGVzdC9zFIAAAAAAKgBAdGltZXN0YW1wK2JpdGNvaW4t dHJhbnNhY3Rpb25AbWV0YWNvZGUuYml6YWZjYjA5MmM1Y2E2NDA5NTI2ZDE4YWU5Y2YyMmQz YjU1ZDM3ZTcyM2ViMWI3NGUzZjg0ZjdlNmIwNTJhMTYyYUgUgAAAAAASAC1wcm9vZkBtZXRh Y29kZS5iaXpodHRwczovL25ld3MueWNvbWJpbmF0b3IuY29tL3VzZXI/aWQ9d2lrdG9yLWs3 FIAAAAAAEgAccHJvb2ZAbWV0YWNvZGUuYml6aHR0cHM6Ly9tZXRhY29kZS5iaXovQHdpa3Rv chYhBGU5CaLw43wQb1+vVGyIV+DY6PB0BQJdK4YGBQkHhq5HAAoJEGyIV+DY6PB0qPsQAIKT MUYx8RPHfLMM3F11XtLUobKO6CpU83TM894/uF06woM3OaHiajVqC8d6jBXcw2OLH9cCQ9oP Qsfxns3YcKLpWLnSv6F46U9M1e1rZM7H/ooEsNWZNiTyZPaO0bBDsLtpEEOzo609IftKaP3+ BFyEr4YGerHeXcmBzoGlxR84GVsoTzs+VLZn4zAxPMPSe+s9mTTU85uGAXDdhSjTvb5sKARV DQNAlrEo5tZ17/K0BcSztYBT+rnRVAROaxxsqvVQG8lGuohBQuv3BDaqSBwJp/qcDHz3eOLN LfvanZvGtoXtRybimd8mDjzG18wd/V1DJOIzixdsBA2PHzPvFAoYzohjZrEjC7KPFXiUN1NN 9B5PsTKXEWzZiqffjEQHCD8o3JO5tJwI04tN+g55HXxM750639OFuZRGpBTysY7NSqkzDcDN uzkcPU7mXFfNZNG1+t54NlSaU9cwfZNdOd4y6ClE3qZReKwZMiqgQPNF7h4FPpFzkR79z6CL Wt5iHhMVJ1au00xuf1c+NDGXp6oKUbtlTRpmGnLjLn1z+7s9wUDdfvUf+aRRDXRLPcseI0wv k82mkBhSbX5ZDRgFqEB+giNS7ydZw4ur5scXgMA2i6JUe3eAoDflygpB0+EWiJWv/Eyzwsoj 1V/z9TXDeTME1sQckXPpmspnuO0uogrEuQENBFs/lS0BCAC5oX3r3luF7czMF8UFxJz55Xuv NRs4tEjoHzqcqoe4+RJyfNDtspgevYIq1WTKw/H3ZYsd2wZpkM3I+BJn9eeHZKs77qXQZGN5 PBB65rZoLjMx+qHa6wH4lIYMYW7eB9HHMsT/5E3ILBSRzZIwJimd/QdIMKSrJ5mPMkAd+9+x ob5zKHO5L5pbQtJSGS0m17/hA0kCTLI885hLtT3JsI/KWwuAYDrTwsayzh/hG/NgdA3I8xlr QCLC0EFJoxHkN9tCyXeKPlrIPYyMB1jHTo1iNV0CQGpk+zf6DA/ySGfJxd30ksJZ8y5qxD43 zS0YffYMC01CeuqPoGZ2Fy9VxhODABEBAAGJAjwEGAEKACYCGwwWIQRlOQmi8ON8EG9fr1Rs iFfg2OjwdAUCXSuGiQUJBK95lQAKCRBsiFfg2OjwdHBFD/97ijOr6M+IcKbDHBTz1+5YP1VK XTwcea5YlwK8gByd/urvUr/+d/OdOu5Z6+N8r1TKI60JhawaZD2l8TcViuwFz1wi+hywBSDR KRRnDhz7g5gESsYiX0+1Vp3IOBRHgvQT2RdgirRccRNcDyo3Rna9XOhcKZoF4ykd7P8ja0ae ekeGU81xAHrZxJO930CYS3Eo+hlf6+F5qfcDv20Z4HdY9/9QrDCRwz64lgQlbAPoANHdTLPa m46ZBS/u5nrlqsTWBiFHXwnMmI+e54mC0UK+SrafLlCsEC3Qn5o1VaEx6WicAfNsl8vmYTyB Wf8lkLMXGSeH8QjF5lAmyCrGaHwcfkM5AaJJRd9OrtG2PgGRoHuYNri6Rs+Zwg3wc1Y5w3ir WGMJGJAGh33nsxpr63/onyaIea3lBpXe0ql6wlKN59PVARYIpNhOHs+m3K4mAqJ2GxBZn0Gn /uai+qFSNsFS3Zb00bGqfAIDaPx91VZp7gMoT2+OXlopyj9gtsJgRviQUEvn+DhieBTO9gQT 2N7aRqP3J2sB8nxIRp3SG1Nibt5mG2+m3JCJldgpFMrkP4JEmJNemaRURZU7lQLb8Xd8NlOZ mTtGgA/gUZqleWGdaRbQxJaV+AFCusMZMbR57KqLSKsN3gU5pV7l8DyWKTbzuG33DtD20Zie 2ben8GJucbkBDQRbP5VqAQgAt/NogC7amuAQT6aYul3lnaj7DmiZvLG99QBoTNRaQjJpbKd3 Mvu0pfah+GnQQicxOO3GOuPVWecTVMLBKDFX8L8WWTq2NFhwoZV55MBcVgVsO7a9SHWLUwzr sfKHh9G+77UNqxUldkKTRIjs0GSCivpVXJ222F4nYP0UlYsUQcNo9YS5m8vXwwbGygPRzpWr 5c5Bh6/9VmCH3WZ5O16BRqNietOBbqVKIrjdw5uL9SZFLYW4OksLOX70PvMzn9c0BWIUVSAw MJYGwlkN+xFiRKZkfh1+aLc4CmEZGstt9poqHCZAUUVnhTgjzheXswYgUpHYxtq/XeX2E5vk LK+JDQARAQABiQNyBBgBCgAmAhsCFiEEZTkJovDjfBBvX69UbIhX4Njo8HQFAl0rhokFCQSv eVgBQMB0IAQZAQoAHRYhBO8e4PqUIPgE/e/AJpf97zTauPgrBQJbP5VqAAoJEJf97zTauPgr udoIAIRxBiSbZeou42kj1cLNp0Tbwo9P0GcQm3OjrMt6NhwkSmOZtYznn6+TJoxHVqfGsFwO XgftJK25zKwsUpGV7p4GdwrYRn+rHFKkrsh2XKjiVWtVUD5SD/cGBgM6dMghqQrazLbmB8AV qzemayYX9u9w5NMxMVe4Zuze12dOgAf0wv+RPXVxxn0mVYlxOWjiod6VLn3g24aTv+bN6hmc sjGJRlQpBA0DVsSp9wYxlMCdtaThzCfOSToQOXmYMJmXmd3eSoAJNQRlSARlrP5ysiMbgS08 EukbL/hvs6mayfKA22RO5rjCQqGzN4BUqSw4RMxQQQOz/BO/sKY7RdICRtYJEGyIV+DY6PB0 n9wQAMF4H5qen/oDr3J37Y2N0OKctZxxii7fFqWSNc7GMS2tlZuakWQ7GbBC3vHBAC5j66d2 WXi3Yaf0uM4ydyu7LZ1fKpJ+9aWXjKMTdg+l7d9WV5UWY8fcXDl+nUEjO2biAJHhFfa3dKXL 3/1GwG5Q5vqjDiNhlhVVCqI4DoreuimLzHfs8QVulEm0WInrcPXKPevgYg7slwAax+Y4rXSx JeIeJo2GtgKD8nqaEX2TIEdajg5hS5MV2Wj6tvB9ZiWYy7ybPkNw/j4V5v0mUo5Hh5W+T3h2 FOMNFTJFQ7oC4AYNUwFoajh9tdgWNuKzU/Hdqoftjx387Kn4RtQIv8Clgfqt1zPjeWg1lYdp +RbjRRwV57Jq/LuKTBWAFp8zJ/tv4kVlZDxiBeeJWGoQ9LYQr6+LX7HMFmfXk1yYExwAGAwH w0h1C2Ldf5c2HoZQ7euHpbv5K1Y2MEMOiYkzwYX4XrGqsQFVGrgct0nKc5qD6BzY188sb9g4 RUa8L7MTsJyqOtkrWB1mYtNeclP9a3Eta1K6zHX90HqGjPDWjRXQ4KAhYaE8HPNkEuiI6OTR jGtSyM9iiv7LEo4D9Y8YW38XrRlCXjIhFvblDSZI/5qc+3YPT0nQ/Zb4Hwzi6OPFWwrAN3YY UyLsB+reNqoC57hhy/Q9hByH59vd03om+lfBvdPC
Organization: Metacode
To: "openpgp@ietf.org" <openpgp@ietf.org>
Message-ID: <f96533af-a205-05dd-2f03-f8321dde427a@metacode.biz>
Date: Fri, 02 Oct 2020 15:37:44 +0200
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="CZpPPJ2eUHeGFvFPBAm3DPACSaDS2xRzY"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/QAMl9Eea1NO6UNrBHQU7zvzZgtc>
Subject: [openpgp] List of "semantic" changes between 4880 and bis
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Oct 2020 13:38:05 -0000

Hello OpenPGP ML,

As the diff tool on IETF Tools includes whitespace and editorial changes
I compiled a list of "semantic" changes between 4880 and bis. You may
find this interesting especially for parties that look to implement bis.

If something is mentioned then it's new (in bis). If there is a
difference I listed old (4880) and new (bis) values.

Here it goes:

5.1.  Public-Key Encrypted Session Key Packets (Tag 1)

>     Algorithm-Specific Fields for ECDH encryption:
>     -  MPI of an EC point representing an ephemeral public key.
>     -  a one-octet size, followed by a symmetric key encoded using the
>        method described in Section 13.5.

5.2.  Signature Packet (Tag 2)

>  Implementations MUST generate version 5 signatures when using a
>  version 5 key.  Implementations SHOULD generate V4 signatures with
>  version 4 keys.  Implementations MUST NOT create version 3
>  signatures; they MAY accept version 3 signatures.

5.2.1.  Signature Types

>  0x16  Attested Key Signature.

5.2.3.  Version 4 and 5 Signature Packet Formats

Version 5 Signature Packet Format:
>  The difference between a V4 and V5 signature is that the latter
>  includes additional meta data.

5.2.3.1.  Signature Subpacket Specification
          |       Type | Description                            |
          -------------------------------------------------------
          |         33 | Issuer Fingerprint                     |
          |         34 | Preferred AEAD Algorithms              |
          |         35 | Intended Recipient Fingerprint         |
          |         37 | Attested Certifications                |

4880:
> Implementations SHOULD implement the three preferred algorithm
>   subpackets (11, 21, and 22),

bis:
> Implementations SHOULD implement the four preferred algorithm
>   subpackets (11, 21, 22, and 34),

5.2.3.17.  Notation Data

New notations: charset, manu, make, model, prodid, pvers, lot, qty, loc,
dest, hash.

5.2.3.22.  Key Flags

> Second octet:
> 0x04 - This key may be used as an additional decryption subkey (ADSK).
> 0x08 - This key may be used for timestamping.

5.2.3.25.  Features

>   0x02 - AEAD Encrypted Data Packet (packet 20) and version 5
>         Symmetric-Key Encrypted Session Key Packets (packet 3)
>   0x04 - Version 5 Public-Key Packet format and corresponding new
>         fingerprint format

5.2.3.28.  Issuer Fingerprint

>  Note that the length N of the fingerprint for a version 4 key is 20
>  octets; for a version 5 key N is 32.

5.2.3.29.  Intended Recipient Fingerprint

5.3.  Symmetric-Key Encrypted Session Key Packets (Tag 3)

New: version 5 Symmetric-Key Encrypted Session Key

5.5.2.  Public-Key Packet Formats

>  A version 5 packet contains:
>  *  A one-octet version number (5).
>  *  A four-octet number denoting the time that the key was created.
>  *  A one-octet number denoting the public-key algorithm of this key.
>  *  A four-octet scalar octet count for the following public key
>     material.
>  *  A series of values comprising the public key material.  This is
>     algorithm-specific and described in Section 5.6.

5.5.3.  Secret-Key Packet Formats

New: value "253" (a one-octet AEAD algorithm).

Version 4 Signature Packet Format becomes "Version 4 and 5 Signature
Packet Formats".

>   The packet contains:
>   (...)
>  *  Only for a version 5 packet, a one-octet scalar octet count of the
>     next 4 optional fields.
>   (...)
>  *  Only for a version 5 packet, a four-octet scalar octet count for
>     the following secret key material.  This includes the encrypted
>     SHA-1 hash or AEAD tag if the string-to-key usage octet is 254 or
>     253.

>  Note that the version 5 packet format adds two count values to help
>  parsing packets with unknown S2K or public key algorithms.

5.6.  Algorithm-specific Parts of Keys

Improved and added ECDSA, EdDSA, ECDH.

5.13.  User Attribute Packet (Tag 17)

                 |    Type | Attribute Subpacket         |
                 -----------------------------------------
                 |  [TBD1] | User ID Attribute Subpacket |

5.8.  Symmetrically Encrypted Data Packet (Tag 9)

bis: Deprecates it.

5.10.  Literal Data Packet (Tag 11)

>   *  A one-octet field that describes how the data is formatted.
> ...
> If it is a 'm' (0x6d), then it contains a MIME message body part

>  Note that V3 and V4 signatures do not include the formatting octet,
>  the file name, and the date field of the literal packet in a
>  signature hash and thus are not protected against tampering in a
>  signed document.  In contrast V5 signatures include them.

5.16.  AEAD Encrypted Data Packet (Tag 20)

>  Implementations SHOULD NOT create data with a chunk size
>  octet value larger than 21 (128 MiB chunks) to facilitate buffering
>  of not yet authenticated plaintext.

5.16.1.  EAX Mode

5.16.2.  OCB Mode

8.  Regular Expressions

4880:

> A piece is an atom possibly followed by '*', '+', or '?'.

bis:

> A piece is an atom possibly followed by '_', '+', or '?'.

9.  Constants

9.1.  Public-Key Algorithms

      |      ID | Algorithm                                         |
      ---------------------------------------------------------------
      |      22 | EdDSA [RFC8032]                                   |
      |      23 | Reserved for AEDH                                 |
      |      24 | Reserved for AEDSA                                |

9.2.  ECC Curve OID

9.3.  Symmetric-Key Algorithms

            |      ID | Algorithm                            |
            --------------------------------------------------
            |      11 | Camellia with 128-bit key [RFC3713]  |
            |      12 | Camellia with 192-bit key            |
            |      13 | Camellia with 256-bit key            |

4880:
> Implementations MUST implement TripleDES.  Implementations SHOULD
> implement AES-128 and CAST5.

bis:
> Implementations MUST implement AES-128.  Implementations SHOULD
> implement AES-256.  Implementations that interoperate with RFC-4880
> implementations need to support TripleDES and CAST5.

9.5.  Hash Algorithms

        |      ID | Algorithm                      | Text Name   |
        ----------------------------------------------------------
        |      12 | SHA3-256 [FIPS202]             | "SHA3-256"  |
        |      13 | Reserved                       |             |
        |      14 | SHA3-512 [FIPS202]             | "SHA3-512"  |

Note:
> The ID 13 has been reserved so that the SHA3 algorithm IDs align
> nicely with their SHA2 counterparts

4880:
> Implementations MUST implement SHA-1.  Implementations MAY implement
> other algorithms.  MD5 is deprecated.

bis:
>Implementations MUST implement SHA2-256.  Implementations MAY
>implement other algorithms.  Implementations SHOULD NOT create messages
>which require the use of SHA-1 with the exception of computing version4
>key fingerprints and for purposes of the MDC packet.  Implementations
>SHOULD NOT use MD5 or RIPE-MD/160.

10.2.  New Packets

4880:
> Adding a new packet type MUST be done through the IETF CONSENSUS method

bis:
> Adding a new packet type MUST be done through the RFC REQUIRED method

10.2.1.  User Attribute Types

IETF CONSENSUS -> SPECIFICATION REQUIRED

10.2.2.  Image Format Subpacket Types

IETF CONSENSUS -> SPECIFICATION REQUIRED

10.2.3.  New Signature Subpackets

IETF CONSENSUS -> SPECIFICATION REQUIRED

11.1.  Transferable Public Keys

4880:
>     - One or more User ID packets

bis:
>   *  Zero or more User ID packets

12.2.  Key IDs and Fingerprints

> V5 fingerprint is the 256-bit SHA2-256 hash (...)

13.  Elliptic Curve Cryptography

16.1.  OpenPGP ECC Profile

>  A compliant application MUST implement NIST curve P-256, SHOULD
>  implement NIST curve P-521, SHOULD implemend Ed25519, SHOULD
>  implement Curve25519, MAY implement NIST curve P-384, MAY implement
>  brainpoolP256r1, and MAY implement brainpoolP512r1, as defined in
>  Section 9.2.  A compliant application MUST implement SHA2-256 and
>  SHOULD implement SHA2-384 and SHA2-512.  A compliant application MUST
>  implement AES-128 and SHOULD implement AES-256.

---------
I've compiled the list from the Appendix [0], grepping for "version 5"
and notes from Justus Winter (whom I greatly thank for help).

[0]: https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-10#appendix-C

If anyone sees some omissions I've made but which are significant please
bring it up.

Kind regards,
Wiktor

-- 
https://metacode.biz/@wiktor