Re: [openpgp] Possible to define a common key format for LibrePGP and OpenPGP-IETF?

Daniel Huigens <d.huigens@protonmail.com> Fri, 15 December 2023 13:31 UTC

Return-Path: <d.huigens@protonmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 605A9C14CF1A for <openpgp@ietfa.amsl.com>; Fri, 15 Dec 2023 05:31:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.105
X-Spam-Level:
X-Spam-Status: No, score=-7.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=protonmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uYscXko7ychb for <openpgp@ietfa.amsl.com>; Fri, 15 Dec 2023 05:31:30 -0800 (PST)
Received: from mail-40134.protonmail.ch (mail-40134.protonmail.ch [185.70.40.134]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4E113C14F5FB for <openpgp@ietf.org>; Fri, 15 Dec 2023 05:31:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1702647087; x=1702906287; bh=dlIMv2pD6GOkftuCRTx+MVSvbcSWh/l4/A2Z2vTSq54=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=TePE1RhBX0OyF01ZFaqJRANW+vXdoc2nH7SCct5bMiPJnBDIELLlRDeQq73HiixLS hbItQbLILT2e6ZvMEoAV5OSabmdDViIyOtlmuccdTlbl1TXzdpHN2GqKOLUzOSBAc5 Yt+yTppQsZc07K5Xbq4qYXSeWLVcQsX1DgpFTYxxS8CUrMsKDPxMMCO1/NdUfrc2Ac IAEn718cfsDEzOifqiy4+pwOXqwfd3Mt6HVBcpET49BaVmhBTVl1unY6G8d+jUhY1C clYJIXRgrcfS/z14jQS+1IcmOvdHR6J05xloj8rUrpeCrUj6gdNd1DjOy2rkpfo6JY LnphRgYbxYIWA==
Date: Fri, 15 Dec 2023 13:31:05 +0000
To: Andrew Gallagher <andrewg=40andrewg.com@dmarc.ietf.org>
From: Daniel Huigens <d.huigens@protonmail.com>
Cc: Kai Engert <kaie@kuix.de>, "openpgp@ietf.org" <openpgp@ietf.org>, Justus Winter <justus@sequoia-pgp.org>, Werner Koch <wk@gnupg.org>
Message-ID: <WGBvaOc9yWlNsFDC4Zpqx_z6qpky5jIbKWOFKIJNW-tWDbQ870-GqhYUFOFdKSk7g39aD4UIvE6ukGRnhPlP-OZuSf-cKxOmRs8BNbqvVK0=@protonmail.com>
In-Reply-To: <C241E190-3EAF-4CB8-9EA7-AA6B13D731E2@andrewg.com>
References: <fda84dd5-4279-46cd-9b6a-90f211222df3@kuix.de> <87v88zbtub.fsf@europ.lan> <d18ab2ba-44cc-411d-89a8-6c0a97dd0e6b@kuix.de> <C241E190-3EAF-4CB8-9EA7-AA6B13D731E2@andrewg.com>
Feedback-ID: 2934448:user:proton
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/YurN7jgZfSz_4fsJPUd510kjUEc>
Subject: Re: [openpgp] Possible to define a common key format for LibrePGP and OpenPGP-IETF?
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Dec 2023 13:31:34 -0000

Hi all,

Personally I'm in favor of continuing to try to find a solution that
works for everyone, even if the crypto refresh is fairly set in stone,
we can of course discuss how to implement it and how to move forward
from there.

On Friday, December 15th, 2023 at 13:41, Andrew Gallagher wrote:
> The two main points of difference between the signature formats are the random seed and the metadata hash.

For completeness, note that the metadata hash is only relevant for
message signatures, not key signatures. So, the differences between v5
keys and v6 keys are even smaller. The only other point of difference
is regarding the key structure: v6 keys require a direct-key signature,
intended (but not required) to hold key properties such as expiration
time and algorithm preferences; whereas v5 keys require a User ID, and
typically put the key properties on the User ID binding signature.
If this turns out to be a point of contention, we could propose to
always have both (a direct-key signature and a User ID with binding
signature), in cases where full interoperability is desired.

Even for the metadata hash in message signatures, I believe a viable
compromise is still on the table, namely putting it in a signature
subpacket, e.g. the "Literal Data Meta Hash" subpacket as specified in
LibrePGP. Nobody made a PR to include it in the crypto refresh, so it
didn't end up there, but I also don't think there was any opposition.
Certainly I wouldn't be opposed to implementing it.

Then, indeed if everybody implements v6 keys (in a manner that's
acceptable to them), that would certainly help to ensure continued
interoperability. (As you know I've personally been advocating for
everyone to implement everything, but this could be a good step
towards that, of course.)

Best,
Daniel