Re: [openpgp] Move new Signatures and Keys from v5 to v6?
Falko Strenzke <falko.strenzke@mtg.de> Mon, 06 February 2023 09:18 UTC
Return-Path: <falko.strenzke@mtg.de>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 56ECAC1522DD for <openpgp@ietfa.amsl.com>; Mon, 6 Feb 2023 01:18:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mtg.de
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SpaECGDOqali for <openpgp@ietfa.amsl.com>; Mon, 6 Feb 2023 01:18:15 -0800 (PST)
Received: from www.mtg.de (www.mtg.de [IPv6:2a02:b98:8:2::2]) (using TLSv1.3 with cipher TLS_CHACHA20_POLY1305_SHA256 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0314CC15155C for <openpgp@ietf.org>; Mon, 6 Feb 2023 01:18:13 -0800 (PST)
Received: from minka.mtg.de (minka [IPv6:2a02:b98:8:1:0:0:0:9]) by www.mtg.de (8.17.1/8.17.1) with ESMTPS id 3169I5B9010766 (version=TLSv1.3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256 verify=NOT); Mon, 6 Feb 2023 10:18:05 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mtg.de; s=mail201801; t=1675675085; bh=QdSoTtF/po/O6h4roFcmMaQnPmMkxo9NLxFn8lknWaM=; h=Date:Subject:To:References:From:In-Reply-To; b=EdqRgPEz9tCQBT+7QGWcqiM3J9wjTrnz7LCRATm5d7ay2UntG2dTmzkJarumtbfoW CxMIh+7di3LVU3OSwLsNgtgF624O2yLALsF18yOQILk3X1fX6wwF/BixcxxGYUyzaP mEH5INwEPxs3TiIlMcnIOhIa+YtfgPeZK1NdHG7XuXU+cMVfXqLIdLzpA9Qch1Umky D5RzBdN3lNHgukZl7OjxliOP7ZFhIsFjyxoHuPqMfHg6rBFtLXTt6SMtmErJZ9Vz+t LsJlYekYhHCkn+wQ+7mWps/y6YKBeVARvJPbtv29bjOaISbafuqQPCHtCp6ujRElsk ft6DJe5L/nHgg==
Received: from [199.99.99.194] (dhcp194 [199.99.99.194]) by minka.mtg.de (8.17.1/8.17.1) with ESMTPS id 3169I4il029886 (version=TLSv1.3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256 verify=NOT); Mon, 6 Feb 2023 10:18:05 +0100
Message-ID: <cc94aced-1f42-3b7e-7359-b6ee25af48fc@mtg.de>
Date: Mon, 06 Feb 2023 10:18:04 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.7.1
Content-Language: de-DE, en-GB
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, openpgp@ietf.org
References: <877cwwnige.fsf@fifthhorseman.net>
From: Falko Strenzke <falko.strenzke@mtg.de>
In-Reply-To: <877cwwnige.fsf@fifthhorseman.net>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-512"; boundary="------------ms030103040006010401040003"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/dJGSrQLIuzjVGNTmuNhYFteax0A>
Subject: Re: [openpgp] Move new Signatures and Keys from v5 to v6?
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Feb 2023 09:18:20 -0000
Yes, it definitely should, in my opinion. This leaves it to any implementation to support v5, v6 or both. The resulting situation will be far from ideal, but better than the one arising when the code point transition to v6 is not made. One subtle additional point in this course: The packet tag 0x20, used by GnuPG for AEAD packets, currently marked as "reserved" in the crypto-refresh, should probably marked as "_permanently_ reserved". - Falko Am 05.02.23 um 18:13 schrieb Daniel Kahn Gillmor: > Question to the WG: should the new key and signature formats change > codepoint designations from v5 to v6? (this avoids collision with the v5 > codepoint which has seen some pre-specification deployment and could > cause confusion in the wild) > > Two interesting subquestions: > > - Should the fingerprint and signing octet for the new form also move > from 0x9a to 0x9b? (v4's comparable octet is 0x99) > > - Should we also move the PKESK and SKESK definitions in this spec from > v5 to v6? There is no risk of collision with deployed data for these > versioned packets. > > An MR for moving from v5 to v6 for Keys, Signatures, and OPS (but not > PKESK or SKESK), and changing the prefix octet from 0x9a to 0x9b: > [!231](https://gitlab.com/openpgp-wg/rfc4880bis/-/merge_requests/231) > > Please weigh in on this thread. > > --dkg > > _______________________________________________ > openpgp mailing list > openpgp@ietf.org > https://www.ietf.org/mailman/listinfo/openpgp -- *MTG AG* Dr. Falko Strenzke Executive System Architect Phone: +49 6151 8000 24 E-Mail: falko.strenzke@mtg.de Web: mtg.de <https://www.mtg.de> *MTG Exhibitions – See you in 2023* ------------------------------------------------------------------------ <https://community.e-world-essen.com/institutions/allExhibitors?query=true&keywords=mtg> <https://www.itsa365.de/de-de/companies/m/mtg-ag> MTG AG - Dolivostr. 11 - 64293 Darmstadt, Germany Commercial register: HRB 8901 Register Court: Amtsgericht Darmstadt Management Board: Jürgen Ruf (CEO), Tamer Kemeröz Chairman of the Supervisory Board: Dr. Thomas Milde This email may contain confidential and/or privileged information. If you are not the correct recipient or have received this email in error, please inform the sender immediately and delete this email. Unauthorised copying or distribution of this email is not permitted. Data protection information: Privacy policy <https://www.mtg.de/en/privacy-policy>
- [openpgp] Move new Signatures and Keys from v5 to… Daniel Kahn Gillmor
- Re: [openpgp] Move new Signatures and Keys from v… Falko Strenzke
- Re: [openpgp] Move new Signatures and Keys from v… Daniel Kahn Gillmor
- Re: [openpgp] Move new Signatures and Keys from v… Falko Strenzke
- Re: [openpgp] Move new Signatures and Keys from v… Andrew Gallagher
- Re: [openpgp] Move new Signatures and Keys from v… Daniel Huigens
- Re: [openpgp] Move new Signatures and Keys from v… Paul Wouters
- Re: [openpgp] Move new Signatures and Keys from v… Daniel Huigens
- Re: [openpgp] Move new Signatures and Keys from v… Daniel Kahn Gillmor
- Re: [openpgp] Move new Signatures and Keys from v… Justus Winter
- Re: [openpgp] Move new Signatures and Keys from v… Aron Wussler
- [openpgp] PKESK and SKESK from v5 to v6 [was: Re:… Daniel Kahn Gillmor
- Re: [openpgp] PKESK and SKESK from v5 to v6 [was:… Stephen Farrell