[openpgp] location of algorithm preferences
"Neal H. Walfield" <neal@walfield.org> Fri, 02 December 2022 14:58 UTC
Return-Path: <neal@walfield.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E102FC14F736 for <openpgp@ietfa.amsl.com>; Fri, 2 Dec 2022 06:58:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.895
X-Spam-Level:
X-Spam-Status: No, score=-6.895 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KLEizD11NAvr for <openpgp@ietfa.amsl.com>; Fri, 2 Dec 2022 06:58:30 -0800 (PST)
Received: from mail.dasr.de (mail.dasr.de [202.61.250.5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E79CEC14F728 for <openpgp@ietf.org>; Fri, 2 Dec 2022 06:58:30 -0800 (PST)
Received: from p5de92f23.dip0.t-ipconnect.de ([93.233.47.35] helo=forster.huenfield.org) by mail.dasr.de with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <neal@walfield.org>) id 1p17Uj-0002QU-2S for openpgp@ietf.org; Fri, 02 Dec 2022 15:58:29 +0100
Received: from grit.huenfield.org ([192.168.20.9] helo=grit.walfield.org) by forster.huenfield.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <neal@walfield.org>) id 1p17Ui-001Umc-6x for openpgp@ietf.org; Fri, 02 Dec 2022 15:58:28 +0100
Date: Fri, 02 Dec 2022 15:58:28 +0100
Message-ID: <87cz914zu3.wl-neal@walfield.org>
From: "Neal H. Walfield" <neal@walfield.org>
To: IETF OpenPGP WG <openpgp@ietf.org>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM-LB/1.14.9 (Gojō) APEL-LB/10.8 EasyPG/1.0.0 Emacs/27.1 (x86_64-pc-linux-gnu) MULE/6.0 (HANACHIRUSATO)
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset="US-ASCII"
X-SA-Exim-Connect-IP: 192.168.20.9
X-SA-Exim-Mail-From: neal@walfield.org
X-SA-Exim-Scanned: No (on forster.huenfield.org); SAEximRunCond expanded to false
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/ZZBkc0r5E-MhIjqt-IkRJ5783dI>
Subject: [openpgp] location of algorithm preferences
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Dec 2022 14:58:35 -0000
Algorithm preferences are confusing, and there are several spots where the advice doesn't match current practice (see below). I'd like the algorithm preference system for v5 keys to be clarified. Ideally, I'd like them to also be simplified. Perhaps, everyone can agree to only respect them on a direct key signature. I understand that years ago an identity was often bound to a device. That justifies having preferences associated with a User ID. But, I don't think that is common any more. If anything, a subkey may be specific to a device. Neal > 5.2.3.11. Preferred Symmetric Ciphers for v1 SEIPD > > This is only found on a self-signature. I believe implementations that respect this only respect this on certification signatures and direct-key signatures, and not on subkey binding signatures. Some details of our experience are here: https://gitlab.com/sequoia-pgp/sequoia/-/merge_requests/752 This probably applies to the other preferred algorithm packets as well, but I have not checked. > 13.2. Symmetric Algorithm Preferences > > Note that it is also possible for preferences to > be in a subkey's binding signature. https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-07#section-13.2 I don't think GnuPG respects this: https://gitlab.com/sequoia-pgp/sequoia/-/issues/522 If that is intended going forward, then the advice in 5.2.3.7 should be updated: https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-07#section-5.2.3.7
- [openpgp] location of algorithm preferences Neal H. Walfield
- Re: [openpgp] location of algorithm preferences Daniel Kahn Gillmor