IETF Logo Mail Archive

Re: [openpgp] Weird OIDs in the 4880bis draft

Justus Winter <justus@sequoia-pgp.org> Fri, 17 February 2023 21:14 UTC

Return-Path: <justus@sequoia-pgp.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 600BFC1526F7 for <openpgp@ietfa.amsl.com>; Fri, 17 Feb 2023 13:14:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.693
X-Spam-Level:
X-Spam-Status: No, score=-6.693 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (public key: not available)" header.d=sequoia-pgp.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YEHDw9rrr_8f for <openpgp@ietfa.amsl.com>; Fri, 17 Feb 2023 13:14:27 -0800 (PST)
Received: from harrington.uberspace.de (harrington.uberspace.de [185.26.156.85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2AA56C1527A6 for <openpgp@ietf.org>; Fri, 17 Feb 2023 13:14:26 -0800 (PST)
Received: (qmail 6265 invoked by uid 500); 17 Feb 2023 21:14:23 -0000
Authentication-Results: harrington.uberspace.de; auth=pass (plain)
From: Justus Winter <justus@sequoia-pgp.org>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, Peter Gutmann <pgut001@cs.auckland.ac.nz>, "openpgp@ietf.org" <openpgp@ietf.org>
In-Reply-To: <87sff4jfrp.fsf@fifthhorseman.net>
References: <SY4PR01MB6251BD1B19BAD5DE910A1C0EEED99@SY4PR01MB6251.ausprd01.prod.outlook.com> <5bbca9f6-9fc5-3e8b-51eb-103637a6a4b5@cs.tcd.ie> <877cwg9n2y.fsf@europ.lan> <87sff4jfrp.fsf@fifthhorseman.net>
Date: Fri, 17 Feb 2023 22:14:22 +0100
Message-ID: <874jrk9eq9.fsf@europ.lan>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
X-Rspamd-Bar: --
X-Rspamd-Report: MIME_GOOD(-0.2) SIGNED_PGP(-2) BAYES_HAM(-0.171327)
X-Rspamd-Score: -2.371327
Received: from unknown (HELO unkown) (::1) by harrington.uberspace.de (Haraka/3.0.1) with ESMTPSA; Fri, 17 Feb 2023 22:14:23 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=sequoia-pgp.org; s=uberspace; h=from; bh=ynpqvPkFawe5R7AQC5K9g50nrV4819U/i6gOuYMrOgA=; b=s53NZPyNYTBJjsmvufZzEEvnzSGXhkzC0Ij673SNDcgjMuWQ8r5EkFy0Cmn5IUl48Vo06tpVnW mLfKhbsApPZVlVurzKqsjLMfEjIjGrvkG0adwjGf18OvTEt1hC0L3qoKYEFF8KdaCq/gdLR4f9Pg 3Dx5us68T6mAPJomMHNgmQlKiyKRlUDH0/sdxW5w4ch5r8W1NDo61cvwvGpzfyYDB7s8ZBMVN2zQ FXolfA8W13GCFVACEMWJ+aPB3/9ISCTYg5mIAKLrzYGDzmGLHAu9l0AjmlX3ub1P7uMAn9MmLaUG YmLemccFuQG9ZThm6Bd2PxwBLq/0f7x0vgtuyCEEtIlkNffD1SRa5v7ad1+5J3Waiv7jHCdTiBqM H1PlrIq/E3bqT7YNp2sZzprKtSlo6RrQh2ij2VOg5fKSab9ebbXPEUFcdsMjkYGVz8/AMIyoYbn8 qW5op2EnBMjxKO8zmZYEjxnd6g5vsdj+bfQvRqU7im3oBxy1r5JkD9Zvvu/T5ercL4uck5ZvYp7N YSX8QAU4fyKu23q9zg3fIFm+hv/kcrLz9q4npmYcXzy5G+uNtrPQws0Kd/tqfXweurhzQV8H0CCk AJLQUPisOMCA3I0XDvobcyQaZMul8BIRDyJdYg72HDbFMzl9JF8tAofCSZTMwpFtBw5WTdp3JA/e c=
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/bdC0x5Gw_v07tqRVemZrwAjepAE>
Subject: Re: [openpgp] Weird OIDs in the 4880bis draft
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Feb 2023 21:14:32 -0000

Daniel Kahn Gillmor <dkg@fifthhorseman.net> writes:

> On Fri 2023-02-17 19:13:57 +0100, Justus Winter wrote:
>> Stephen Farrell <stephen.farrell@cs.tcd.ie> writes:
>>
>>> That said, if someone were to create a merge-request
>>> in the next day or two with a suggested change, and
>>> if we see a clear WG consensus for that specific change,
>>> then that could just about make it into the next rev.
>>
>> Here you go:
>>
>>   https://gitlab.com/openpgp-wg/rfc4880bis/-/merge_requests/240
>>
>> The gist is:
>>
>>   Use x509's OIDs for Ed25519 and X25519, see RFC8410.
>>
>>   Also, use the opaque signature wire format for Ed25519, and opaque
>>   secrets for X25519.
>>
>>   Keep the currently used OIDs for compatibility with v4 key material.
>>   Forbid its generation in v6 material.
>
> Thanks for writing this up, Justus.
>
> Are you advocating for it, or are you just providing it as a point of
> discussion?  Is anyone on this list advocating for it?

I am advocating for it.  I think it is a reasonably small change which
makes the spec simpler and more consistent, and will reduce confusion
in implementations.

> This proposed change includes two entries for Ed25519 in the
> #ecc-oid-usage table, one of which is marked "v4 only", and the other is
> not marked any way at all.  Does this mean that the newly introduced
> variant is allowed/encouraged when generating v4 keys, or should it only
> be used in v6 keys or later?  I imagine most implementations will
> generate v4 keys by default for a while after this draft comes out.  If
> they're generating a 25519-based key, will they know which forms to
> choose?

That is a good question.  I think in the interest of interoperability,
implementations should generate v4 keys with the legacy OID.

> Would this change be clearer if it introduced a variant name for the
> deprecated form of Ed25519, to make it clear that it is distinct?

That'd be good, I think.  I hesitated to change the curve name, but I
guess it is a symbolic name local to the spec.

> For the adjustments to the tables, does it make sense to have a
> parenthetical "v4 only" and "deprecated", or should there instead be a
> new column marked explicitly for this kind of deprecation?  Having a
> distinct column might make it easier for an implementer to make sense of
> these things.
>
> I imagine that an implementer who doesn't know the history here could be
> pretty confused about what to do, and i'd hope that anyone advocating
> for these changes would try to make them as clar as possible.

Yeah.  I'll add the column and more warnings.

Best,
Justus

v2.23.0 | Report a Bug | By Email