IETF Logo Mail Archive

Re: [openpgp] Stateless OpenPGP command line interface proposal

Daniel Kahn Gillmor <dkg@fifthhorseman.net> Tue, 03 December 2019 01:06 UTC

Return-Path: <dkg@fifthhorseman.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 154A41200E5 for <openpgp@ietfa.amsl.com>; Mon, 2 Dec 2019 17:06:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=fifthhorseman.net header.b=0Tso9Wyu; dkim=pass (2048-bit key) header.d=fifthhorseman.net header.b=Rxgvxxal
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lkwcHHmzwjJj for <openpgp@ietfa.amsl.com>; Mon, 2 Dec 2019 17:06:46 -0800 (PST)
Received: from che.mayfirst.org (che.mayfirst.org [IPv6:2001:470:1:116::7]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3F7541200E0 for <openpgp@ietf.org>; Mon, 2 Dec 2019 17:06:46 -0800 (PST)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019; t=1575335201; h=from : to : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=P8HMBAumdcrKJyh53fDYOMdLWxXk6m8gvoqfhdt0hUY=; b=0Tso9WyugyC/xUGWmgRdi3DXJm84Oc6lJUy3I4LCunTqLKLsueXW6aK6 VkTC/hBQeaVVEveQ2ZLZXdhs1WDZBw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019rsa; t=1575335201; h=from : to : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=P8HMBAumdcrKJyh53fDYOMdLWxXk6m8gvoqfhdt0hUY=; b=RxgvxxalJPik4M33B8fHJlq9+ZMcNrl0BP+hEm9q5XzPObtZ9IKG/lAC KH55ZW3E1BSkkjL0zwmYRaLahERq+xVbp3fv9rmGtGvQxR1vloSjUHZzm4 NsQaPY+nKqYt8zcVzH539gGPjvga7STHKY/irJJO7s77dnLeKzQFinzhsK eCz+aVXm2LzHh7i8+SjniXWoNr59oY0o3V33yEARvR+WKQ22iDr/6ZxMsJ WdhP27foYeMIuS/M4IMB2REfNaHT1kCeSM7N5Ls52nNI6SE/4OKkyBM/29 VRmfLFiUOYH66v5mjJYCtdr1wwtvW0L08g9DRgZdmBGmY8CyGlBfiw==
Received: from fifthhorseman.net (unknown [38.109.115.130]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id BF684F9A5; Mon, 2 Dec 2019 20:06:40 -0500 (EST)
Received: by fifthhorseman.net (Postfix, from userid 1000) id 14B5120524; Mon, 2 Dec 2019 20:06:38 -0500 (EST)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Wyllys Ingersoll <wyllys@gmail.com>, "openpgp@ietf.org OpenPGP" <openpgp@ietf.org>
In-Reply-To: <CAHRa8=VBppD+pqTwsoqiAq=_GkUWck+ndWGDi+4S-uLA2dzMBw@mail.gmail.com>
References: <87ftjck4fc.fsf@fifthhorseman.net> <20191028204032.bubbzueti2ebpobm@LykOS.localdomain> <81f3d7c7-f19d-38ca-923d-8a828779d9dc@iang.org> <CAHRa8=VBppD+pqTwsoqiAq=_GkUWck+ndWGDi+4S-uLA2dzMBw@mail.gmail.com>
Autocrypt: addr=dkg@fifthhorseman.net; prefer-encrypt=mutual; keydata= mDMEXEK/AhYJKwYBBAHaRw8BAQdAr/gSROcn+6m8ijTN0DV9AahoHGafy52RRkhCZVwxhEe0K0Rh bmllbCBLYWhuIEdpbGxtb3IgPGRrZ0BmaWZ0aGhvcnNlbWFuLm5ldD6ImQQTFggAQQIbAQUJA8Jn AAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBMS8Lds4zOlkhevpwvIGkReQOOXGBQJcQsbzAhkB AAoJEPIGkReQOOXG4fkBAO1joRxqAZY57PjdzGieXLpluk9RkWa3ufkt3YUVEpH/AP9c+pgIxtyW +FwMQRjlqljuj8amdN4zuEqaCy4hhz/1DbgzBFxCv4sWCSsGAQQB2kcPAQEHQERSZxSPmgtdw6nN u7uxY7bzb9TnPrGAOp9kClBLRwGfiPUEGBYIACYWIQTEvC3bOMzpZIXr6cLyBpEXkDjlxgUCXEK/ iwIbAgUJAeEzgACBCRDyBpEXkDjlxnYgBBkWCAAdFiEEyQ5tNiAKG5IqFQnndhgZZSmuX/gFAlxC v4sACgkQdhgZZSmuX/iVWgD/fCU4ONzgy8w8UCHGmrmIZfDvdhg512NIBfx+Mz9ls5kA/Rq97vz4 z48MFuBdCuu0W/fVqVjnY7LN5n+CQJwGC0MIA7QA/RyY7Sz2gFIOcrns0RpoHr+3WI+won3xCD8+ sVXSHZvCAP98HCjDnw/b0lGuCR7coTXKLIM44/LFWgXAdZjm1wjODbg4BFxCv50SCisGAQQBl1UB BQEBB0BG4iXnHX/fs35NWKMWQTQoRI7oiAUt0wJHFFJbomxXbAMBCAeIfgQYFggAJhYhBMS8Lds4 zOlkhevpwvIGkReQOOXGBQJcQr+dAhsMBQkB4TOAAAoJEPIGkReQOOXGe/cBAPlek5d9xzcXUn/D kY6jKmxe26CTws3ZkbK6Aa5Ey/qKAP0VuPQSCRxA7RKfcB/XrEphfUFkraL06Xn/xGwJ+D0hCw==
Date: Mon, 02 Dec 2019 20:06:37 -0500
Message-ID: <87tv6i6wv6.fsf@fifthhorseman.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/X_yIzqCCfrhMKWz8cMKKvNckUFM>
Subject: Re: [openpgp] Stateless OpenPGP command line interface proposal
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Dec 2019 01:06:48 -0000

Hi Wyllys--

On Mon 2019-12-02 17:27:09 -0500, Wyllys Ingersoll wrote:
> Does anyone have a good estimate of how many command-line oriented OpenPGP
> applications are actually in use beyond GnuPG?

In practice today, GnuPG is certainly the standard.  But rnp (from
Ribose) and sq (from Sequoia) are two other CLI OpenPGP mechanisms; and
hopenpgp-tools 0.22 implements a piece of sop already (as "hop").  And
i've been working on a command-line interface in python based on PGPy as
well.  Maybe there are others?  I don't know whether anyone has built a
CLI tool atop (for example) OpenPGP.js.

But if you look at the design of sop, it's also intended to hint at an
underlying API that doesn't need to be strictly CLI-driven.  As
https://tools.ietf.org/id/draft-dkg-openpgp-stateless-cli-01.html says:

     While this document identifies a command-line interface, the rough
     outlines of this interface should also be amenable to relatively
     straightforward library implementations in different languages.

If an OpenPGP toolkit can orient itself toward making a simple CLI
interface like sop, it will hopefully also be able to provide an
idiomatic library interface that aligns pretty closely with the same
simplifications.

But even if this proposal doesn't end up being explicitly functional in
applications, it still represents a useful frame for an interoperability
test suite, which is useful in terms of ensuring that we can upgrade the
ecosystem.

So, i think your question is a good one, but i hope that people can see
this effort as a useful stepping stone toward a healthier OpenPGP
ecosystem more generally.

     --dkg

PS as far as GnuPG goes, note that more than half of the gpg
   command-line interface surface complexity is devoted to key
   management, none of which is exposed in sop.  I hope people don't see
   sop as a replacement for all of that stuff!

v2.23.0 | Report a Bug | By Email