[openpgp] Re: session key length with SEIPDv2
Justus Winter <justus@sequoia-pgp.org> Thu, 10 October 2024 11:55 UTC
Return-Path: <justus@sequoia-pgp.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E8EEC151553 for <openpgp@ietfa.amsl.com>; Thu, 10 Oct 2024 04:55:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.108
X-Spam-Level:
X-Spam-Status: No, score=-2.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (4096-bit key) header.d=sequoia-pgp.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id el_xHetJJMM9 for <openpgp@ietfa.amsl.com>; Thu, 10 Oct 2024 04:55:55 -0700 (PDT)
Received: from mailgate02.uberspace.is (mailgate02.uberspace.is [IPv6:2a00:d0c0:200:0:1c7b:a6ff:fee0:8ea4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4AA91C1519B8 for <openpgp@ietf.org>; Thu, 10 Oct 2024 04:55:54 -0700 (PDT)
Received: from harrington.uberspace.de (harrington.uberspace.de [185.26.156.85]) by mailgate02.uberspace.is (Postfix) with ESMTPS id BD5A0180601 for <openpgp@ietf.org>; Thu, 10 Oct 2024 13:55:50 +0200 (CEST)
Received: (qmail 24363 invoked by uid 500); 10 Oct 2024 11:55:50 -0000
Authentication-Results: harrington.uberspace.de; auth=pass (plain)
Received: from unknown (HELO unkown) (::1) by harrington.uberspace.de (Haraka/3.0.1) with ESMTPSA; Thu, 10 Oct 2024 13:55:50 +0200
From: Justus Winter <justus@sequoia-pgp.org>
To: Falko Strenzke <falko.strenzke@mtg.de>, Daniel Kahn Gillmor <dkg@fifthhorseman.net>, openpgp@ietf.org
In-Reply-To: <c575947e-f66c-47f4-9e4b-68ca326e5898@mtg.de>
References: <93b25cce-e9f7-40a7-881f-b81e3033e7b7@posteo.de> <HvPoeoRKHGaIbIcV2cwKvnY8uVH6UqJ2PUAlBu1AFmyr6plq6RNUGqQNKZE9RllDHSdDsmuPmTJeP-BX93cALBiNITsIg40HMFPPcy3Z_dQ=@protonmail.com> <87o73z7pwy.fsf@fifthhorseman.net> <WbuzsNz4I_wBvXGTTrh2mD0r5aAKVye2mZynPySokMkx3djh8a8Ad9GPbbFrAcc74REmwNmrH4trBmjJREDtfpVCdKOsI_PPz34hf2idEuM=@protonmail.com> <87ldyy7lwy.fsf@fifthhorseman.net> <cd727941-b547-4ef2-9e3c-609e93e1f3ab@mtg.de> <87ed4p76fe.fsf@fifthhorseman.net> <c575947e-f66c-47f4-9e4b-68ca326e5898@mtg.de>
Date: Thu, 10 Oct 2024 13:55:49 +0200
Message-ID: <875xq06uka.fsf@europ.lan>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
X-Rspamd-Bar: ---
X-Rspamd-Report: BAYES_HAM(-1.523426) SIGNED_PGP(-2) MIME_GOOD(-0.2) R_MISSING_CHARSET(0.5)
X-Rspamd-Score: -3.223426
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=sequoia-pgp.org; s=uberspace; h=from:to:subject:date; bh=+vB7LkO5TESeCR76k9XdS+0ygHCNgeL6+AMznu8O8YI=; b=TwHA++a9WnI4Wk4eVxFSdt3f2dyO6C9HT5BgVgVD0VgJ02PkuugmT6eH3KB+HzAKLFxOaVOrjy xjFU3JFolHH4Csvl0J4u4zTO028OF2lRnLbLViJuP5lQ03TcdglYSTP7n16nO5BZU7hf64gyL8NT iS4/PwZiWlLb7/4n5HdVXi8so5uYOV9OPqUjiOnuP00aGLkBKgD5jUsSVQSZFDn63BC9I9B9AGN3 nO354TjtAoAUWZzwOuiXmbeDR3+Banlz6/8gd1VMLVN4ll10blgBzkj1xq0AVbFfmgv9r7D6fBX4 qJF7KnAt3t/akf9S+f0orYGRFBO1oZuna+YC5QfjYgkMFcSTqiyUsOEmeSFefLvl7us8JeTpXz6t e0FtY5cxLtbGbYuIwLarUksFmmrD02Db/hIq1Z7Xr9HS2ie2RwfA/XCHCJt67JQ0oYpY0fwR8btt gSbpv18UDrRFaILP62jj6+aq4kgKUSr1ydPadF2sZuraZyhJe3OEQRAZ14qkOZKJoUzYeE5Ga53G vkWgODgYwhIhqvraS4PGN+IqUNWOuzPnAb/rQpz2B5f8HgeIgVy5L+TcsmCtHyUkqorTWoAXbiGa bLyRhme17HM+OIWsIsypSCCJ/sciJ8E1uRIVPktmenteJifZloLRRbnL+cdwtVfVRlfm5Uhr7u4A E=
Message-ID-Hash: LIQ76IC33Z5MH37OUEZKEWSZLJQHHJQP
X-Message-ID-Hash: LIQ76IC33Z5MH37OUEZKEWSZLJQHHJQP
X-MailFrom: justus@sequoia-pgp.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-openpgp.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc5
Precedence: list
Subject: [openpgp] Re: session key length with SEIPDv2
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/aVPXrSeCz9RT2Y8WLCZGfegom10>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Owner: <mailto:openpgp-owner@ietf.org>
List-Post: <mailto:openpgp@ietf.org>
List-Subscribe: <mailto:openpgp-join@ietf.org>
List-Unsubscribe: <mailto:openpgp-leave@ietf.org>
Falko Strenzke <falko.strenzke@mtg.de> writes: > Am 09.10.24 um 15:27 schrieb Daniel Kahn Gillmor: >> On Tue 2024-10-08 16:45:02 +0200, Falko Strenzke wrote: >> Can you translate this into explicit guidance that you think should have >> been included in RFC 9580? > > Not sure if that's worth the effort right now, as we are still > discussing. I think we agree already on the MUST for the producer. The > question that remains is whether there should be an equivalent MUST for > the consumer. I think the main question is how well readers of RFC 9580 > will be aware of the errata. I have no experience with that, but my > guess would be that it might not have the same reach as RFC 9580. That > is what my concerns about a strict rule for the consumer are based on. > How do you see this? If we make it a MUST on the consumer side, and most implementations today are starting to enforce that MUST early on, then future implementers will honor this requirement whether they read the errata or not. And, having the MUST in the errata helps implementations with being strict, because they can point to the errata when anyone asks why they reject an object. Best, Justus
- [openpgp] session key length with SEIPDv2 Heiko Schäfer
- [openpgp] Re: session key length with SEIPDv2 Daniel Huigens
- [openpgp] Re: session key length with SEIPDv2 Daniel Kahn Gillmor
- [openpgp] Re: session key length with SEIPDv2 Daniel Huigens
- [openpgp] Re: session key length with SEIPDv2 Daniel Kahn Gillmor
- [openpgp] Re: session key length with SEIPDv2 Falko Strenzke
- [openpgp] Re: session key length with SEIPDv2 Daniel Kahn Gillmor
- [openpgp] Re: session key length with SEIPDv2 Falko Strenzke
- [openpgp] Re: session key length with SEIPDv2 Justus Winter
- [openpgp] Re: session key length with SEIPDv2 Daniel Kahn Gillmor
- [openpgp] Re: session key length with SEIPDv2 Daniel Kahn Gillmor