IETF Logo Mail Archive

Re: [openpgp] Move new Signatures and Keys from v5 to v6?

Daniel Huigens <d.huigens@protonmail.com> Tue, 07 February 2023 16:25 UTC

Return-Path: <d.huigens@protonmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ECC9CC1575B7 for <openpgp@ietfa.amsl.com>; Tue, 7 Feb 2023 08:25:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=protonmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eNKAYSRZA-to for <openpgp@ietfa.amsl.com>; Tue, 7 Feb 2023 08:25:06 -0800 (PST)
Received: from mail-4322.protonmail.ch (mail-4322.protonmail.ch [185.70.43.22]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 916E3C14F740 for <openpgp@ietf.org>; Tue, 7 Feb 2023 08:25:06 -0800 (PST)
Date: Tue, 07 Feb 2023 16:24:55 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1675787104; x=1676046304; bh=HAwO+QsxVsYZg5KEpuLXQqKZ6gG1r1X6Q0jmT0+CJIs=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=o1f4Emkj26dftttAUk58xdk/ewssng8abY/wanpKcHzY/+NgH+FHNYPImbJZ67nUn aoVV2RfJBgZgtUjNKSxOw/05OF3sEHr1Nah+e7wfB5lObtn9AjRXHz2Z1rmCxNtxqM hur4hR469KAa48znL9f7KoRDKUmP/rRz6tVpGdiXGVObJiofyGRYhknlhZ3m3ZSxJI +6uKleBER0gBnDuaYNRzZR889jrx9ECRJ9Q7UPHYp5XP98EeSVmiJtDiTVYk0mBt/l lCXYZoNOp5WXNHneArLor3xsb2BOHMHwMwARETy8ahdf8rffrNzmQifdkZEYUJ7NXN EdcIVbofommGA==
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
From: Daniel Huigens <d.huigens@protonmail.com>
Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Werner Koch <wk@gnupg.org>, openpgp@ietf.org
Message-ID: <fnzz-pVHQ0GlKWSUP3wOBKiEzAAoSze6rHXx4autrzKGVKW0-Q5ChjQxf1D_uIgQIzdKzLmnw8DbE5lrv0yVxDPsdrwxugZX-kd0zadSEkg=@protonmail.com>
In-Reply-To: <877cwwnige.fsf@fifthhorseman.net>
References: <877cwwnige.fsf@fifthhorseman.net>
Feedback-ID: 2934448:user:proton
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/Rj6oESXrVgbACP0YnvThQHXWsMg>
Subject: Re: [openpgp] Move new Signatures and Keys from v5 to v6?
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Feb 2023 16:25:11 -0000

Hi dkg,

On Sunday, February 5th, 2023 at 18:13, Daniel Kahn Gillmor wrote:
> Question to the WG: should the new key and signature formats change
> codepoint designations from v5 to v6? (this avoids collision with the v5
> codepoint which has seen some pre-specification deployment and could
> cause confusion in the wild)

Yeah. Just for the record, as you know ofc we also had a vote on this at
IETF 115, that went in favor of moving to v6; see the minutes at [1]:

> POLL: 13 for moving to v6, 0 against
> Daniel: We should still reach out to Werner to [verify] that he's not
> willing to adapt v5
> Action: sftcd to Reach out to Werner about v5 changes

I assume that nothing has changed here (but adding Stephen and Werner in
CC who can correct me if I'm wrong, I'd be very happy to be corrected).
If nothing has changed, we should move to v6 to ensure easier
interoperability.

> Two interesting subquestions:
> 
> - Should the fingerprint and signing octet for the new form also move
>   from 0x9a to 0x9b? (v4's comparable octet is 0x99)
> 
> - Should we also move the PKESK and SKESK definitions in this spec from
>   v5 to v6? There is no risk of collision with deployed data for these
>   versioned packets.

Yeah, I would say so for both, for consistency. For the PKESK, we
already jumped from v3 to v5 for consistency, we can jump from v3/v4 to
v6 for the same reason, I'd say.

> An MR for moving from v5 to v6 for Keys, Signatures, and OPS (but not
> PKESK or SKESK), and changing the prefix octet from 0x9a to 0x9b:
> [!231](https://gitlab.com/openpgp-wg/rfc4880bis/-/merge_requests/231)

Thanks!

Best,
Daniel

[1] https://datatracker.ietf.org/meeting/115/materials/minutes-115-openpgp-202211081300-00#avoiding-conflicts-with-draft-koch-openpgp-rfc4880bis-00

v2.23.0 | Report a Bug | By Email