[openpgp] Re: Small correction for draft-ietf-openpgp-pqc
Daniel Kahn Gillmor <dkg@fifthhorseman.net> Mon, 26 January 2026 13:02 UTC
Return-Path: <dkg@fifthhorseman.net>
X-Original-To: openpgp@mail2.ietf.org
Delivered-To: openpgp@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 0E0F3AD0E7B0 for <openpgp@mail2.ietf.org>; Mon, 26 Jan 2026 05:02:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=fifthhorseman.net header.b="XDbljJtP"; dkim=pass (2048-bit key) header.d=fifthhorseman.net header.b="WdybS5vz"
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uS2IDeTiua85 for <openpgp@mail2.ietf.org>; Mon, 26 Jan 2026 05:02:46 -0800 (PST)
Received: from che.mayfirst.org (che.mayfirst.org [IPv6:2001:470:1:116::7]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id AE201AD0E793 for <openpgp@ietf.org>; Mon, 26 Jan 2026 05:02:46 -0800 (PST)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019; t=1769432560; h=from : to : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=/6FZQSRS0fUkOGvJ+TFTtYmtJcAzLVzE95ZsQq4TKiM=; b=XDbljJtPuoDpdJ6LiNN5H45cJ/wGpzqn90zYC9YMQuAZQ7Sw6tFFO3g8BbCCx37DEz65Q tEqfkszmbE6fza+AA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019rsa; t=1769432560; h=from : to : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=/6FZQSRS0fUkOGvJ+TFTtYmtJcAzLVzE95ZsQq4TKiM=; b=WdybS5vzpyUCY2zAF7yaJkAO41YDvZ4yBlEjd+UqqsVUS0kA+vEfRZQXpbLKOAJ5MARA3 NMB/BCbsol0p3bp+SCP4wLDILs71Y9qWBzAiHUC1NR+k/EThfOEdD35RFTD9UpGh1IxELqY yhGc4THr8A17ep3/56mloXOKCzL57jYm/z62Zc7wEImaCHbrFwRa+57Zl0aOs+I58R0zZVE VZn/DdchBaYYt5GBdowTUl5/T/2ivjRnkneOdP14koxkVXosUxPDIHczdKWdpQDeqbQFQO4 3G2wsBTE/fRIJV07DBTp8nmBAPD270bx1JpaljatPy1Ws4ui/1/5nhmXFIcQ==
Received: from fifthhorseman.net (lair.fifthhorseman.net [108.58.6.98]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id 27414F948; Mon, 26 Jan 2026 08:02:40 -0500 (EST)
Received: by fifthhorseman.net (Postfix, from userid 1000) id 1A2D413F6D3; Mon, 26 Jan 2026 08:02:37 -0500 (EST)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Daniel Huigens <d.huigens=40protonmail.com@dmarc.ietf.org>, IETF OpenPGP WG <openpgp@ietf.org>
In-Reply-To: <KkQYkRhj-jf9WzOzUPCANDTYaYYGgWDJY27bnZl2GOe19_mgrFIO9-TmYwX_kYVE3KDP7OagceEdDhVgRBYG55fbsKmFGFKDIhhjm9QNGYg=@protonmail.com>
References: <KkQYkRhj-jf9WzOzUPCANDTYaYYGgWDJY27bnZl2GOe19_mgrFIO9-TmYwX_kYVE3KDP7OagceEdDhVgRBYG55fbsKmFGFKDIhhjm9QNGYg=@protonmail.com>
Autocrypt: addr=dkg@fifthhorseman.net; prefer-encrypt=mutual; keydata= xjMEZXEJyxYJKwYBBAHaRw8BAQdA5BpbW0bpl5qCng/RiqwhQINrplDMSS5JsO/YO+5Zi7HNFzxk a2dAZmlmdGhob3JzZW1hbi5uZXQ+wsARBBMWCgB5AwsJB0cUAAAAAAAeACBzYWx0QG5vdGF0aW9u cy5zZXF1b2lhLXBncC5vcmcS78JIJ7JbALqPiKEmva7/Pp16WwXWm9hbe5+B/UvnfwMVCggCmwEC HgEWIQTUdwQMcMIValwphUm7fpEBSV5r9wUCZadfkAUJBdnwRQAKCRC7fpEBSV5r9yNXAP442N0c zvisBroQSKKpo+OWm2JpnEJWoVheeJvoRtkBGQEA+edHylby8IGcNccq7rmM2rAXdofvrU1o6qow V+mmDwbOMwRnio4OFgkrBgEEAdpHDwEBB0Cw9HzJFl9lZn3UBaUqSMSgxjcdbd0MwNVcGZ8t8wdN EcLAvwQYFgoBMQWCZ4qODgkQu36RAUlea/dHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9p YS1wZ3Aub3JnhcN+tn41cAg01Kk56zcAfpdsh8j98PDe00mqKPfFvaYCmwK+oAQZFgoAbwWCZ4qO DgkQeAuFTtnCtJZHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnxsD8Sk5P Wgx8c/Zseo6OlCjyDC+Ogm17gTaUUIpxjWYWIQRjrBGOWy5dZsiKhad4C4VO2cK0lgAAdcQA/1RG dmrmvVxkBY2qNPjtERNwPga8Pf4IdlenrZ03NXM4AQC+TDHMpD7d5obEvUy8GYI3oThzYItPP8vv ChY+wbaIBRYhBNR3BAxwwhVqXCmFSbt+kQFJXmv3AAAKbgD+K1MZXnRKPdmA8DgNysyGRZY8cSVH HQcC7ZAAtV3i2+wA/0CyOYrbFYbyTRALgoERR07OHFoP+fJopQLMNQARVUELzjgEZ4qN+RIKKwYB BAGXVQEFAQEHQDTGlR+Qmn334e+bPqvojJVdFsiBf0leAAHP+ESqop8NAwEIB8LAAAQYFgoAcgWC Z4qN+QkQu36RAUlea/dHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnA5Lw b3wOOcoodImuVNw4PYq1U65FDC1Q2JMFIcJXqF0CmwwWIQTUdwQMcMIValwphUm7fpEBSV5r9wAA 6egA/j3QANSmogZ5VTF5KlI+BBye9ud/w9j7RLcCHU6u8AA1AQC3FGaNuv+uWOSa+eeEoI/aZrGd X5el8b/m6aXDDxDjDg==
Date: Mon, 26 Jan 2026 08:02:36 -0500
Message-ID: <87wm14msr7.fsf@fifthhorseman.net>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="=-=-="
Message-ID-Hash: 3ER3PJRNYNNYEBRT6Z7PTX4CYWFUWTU7
X-Message-ID-Hash: 3ER3PJRNYNNYEBRT6Z7PTX4CYWFUWTU7
X-MailFrom: dkg@fifthhorseman.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-openpgp.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [openpgp] Re: Small correction for draft-ietf-openpgp-pqc
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/WgmstlovB0LzKlmXmnAcKYA3u70>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Owner: <mailto:openpgp-owner@ietf.org>
List-Post: <mailto:openpgp@ietf.org>
List-Subscribe: <mailto:openpgp-join@ietf.org>
List-Unsubscribe: <mailto:openpgp-leave@ietf.org>
On Mon 2026-01-26 09:54:05 +0000, Daniel Huigens wrote:
> Apologies for the last minute (last second?) comment, but there's a
> small error in Section 4.3.1 of draft-ietf-openpgp-pqc, which states:
>
>> Note that like in the case of the algorithms X25519 and X448 specified
>> in [RFC9580], for the ML-KEM composite schemes, in the case of a v3
>> PKESK packet, the symmetric algorithm identifier is not encrypted.
>> Instead, it is placed in plaintext after the mlkemCipherText and
>> before the length octet preceding the wrapped session key.
>
> However, according to the preceding list and the test vectors, and more
> in line with X25519 and X448, the symmetric algorithm ID is placed
> _after_ the length octet (and included in that length).
>
> The proposed additions to the IANA registry also place the octet
> correctly, which actually is _not_ true for RFC9580, which failed to
> include it in the table (mea culpa for that one, I'll file an erratum).
Thanks for catching this! Please propose concrete text to be
incorporated during the RFC Editor's phase, and file that erratum.
We'll get it sorted.
--dkg
- [openpgp] Small correction for draft-ietf-openpgp… Daniel Huigens
- [openpgp] Re: Small correction for draft-ietf-ope… Daniel Kahn Gillmor
- [openpgp] Re: Small correction for draft-ietf-ope… Johannes Roth
- [openpgp] Re: Small correction for draft-ietf-ope… Paul Wouters
- [openpgp] Re: Small correction for draft-ietf-ope… Aron Wussler