Re: [openpgp] Weird OIDs in the 4880bis draft

Daniel Huigens <d.huigens@protonmail.com> Tue, 14 February 2023 17:15 UTC

Return-Path: <d.huigens@protonmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0F0B9C1CAB41 for <openpgp@ietfa.amsl.com>; Tue, 14 Feb 2023 09:15:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=protonmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id svUoIXxk9aRT for <openpgp@ietfa.amsl.com>; Tue, 14 Feb 2023 09:15:50 -0800 (PST)
Received: from mail-40133.protonmail.ch (mail-40133.protonmail.ch [185.70.40.133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F0119C19E10C for <openpgp@ietf.org>; Tue, 14 Feb 2023 09:15:49 -0800 (PST)
Date: Tue, 14 Feb 2023 17:15:35 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1676394947; x=1676654147; bh=UIeXtvUVlrmms8kq0PMZl//SUs8VL19rSVOlYZyUY9U=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=PrflVdtoCHnN5ocy9itbt6FMfnY7oSPNi7HjhhzZOG08ALC7Gl7+lpgzLDTbW6ept dkjBA3yI4XBIZndyNjGZHaAdxKkaEqfFmAALNCNq5lF6yixHAv5cQb0vcG5tp5RvYp L3rIdmBprYHw4HVU1gJEG2Tp8nw+rVjmneiWVNO9q9Ht8PKQru7AFxlXS7VCbs/EFd AigLluBwG+UqcuHalT+ChN5MDTNp7G7g4t5ufeALt7MMpwPHbNbKZ0h0sFgnpOHpH/ FEf+JXL0XaR6jrrxg+ecmYqMeL16704RM1W5J+Q1da4Uum1IdRHa69JJ4f2H6SE/LP 21MPmg681hgRw==
To: Werner Koch <wk@gnupg.org>
From: Daniel Huigens <d.huigens@protonmail.com>
Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Paul Wouters <paul@nohats.ca>, "openpgp\\@ietf.org" <openpgp@ietf.org>
Message-ID: <ye0H1qyqSZj8RYd7VETRzVRK06oPIGkhs1HXzDRPRToKwe0huVgkfNVSWhjy8cGio0PJsJCnmHGmBLPK3PZQ4UKzBb0ljXmhg_HPm8Dlr5A=@protonmail.com>
In-Reply-To: <87sff8rxos.fsf@wheatstone.g10code.de>
References: <SY4PR01MB6251048223366D25E14FF34FEEDE9@SY4PR01MB6251.ausprd01.prod.outlook.com> <24d23b9f-50b4-0a80-d1a5-63b20c366a54@nohats.ca> <878rh0tzkl.fsf@wheatstone.g10code.de> <072ad857-1591-cc9a-4276-d351bb2a327d@nohats.ca> <13f2e75a-0a11-8803-15a4-1ef986f9a9f9@cs.tcd.ie> <87sff8rxos.fsf@wheatstone.g10code.de>
Feedback-ID: 2934448:user:proton
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/gtJrq-V55aqeurU1SM2aWPdBiz0>
Subject: Re: [openpgp] Weird OIDs in the 4880bis draft
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Feb 2023 17:15:54 -0000

Hi all,

Everyone will probably hate me for saying this, but if we're going to
change the OIDs, I would really prefer to define them more similarly to
Curve448; i.e. use Curve25519 closer to how it's defined by the RFCs.

I think that would simplify the spec and implementations (that don't
care about backwards compatibility) much more than only changing the
OIDs. And if we change the OIDs, we can't really hide behind backwards
compatibility to explain the difference between RFC 7748 and how we use
Curve25519, for example.

And then for backwards compatibility we can mention the old OIDs and say
that they used a different format, or just refer to the old rfc4880bis
for that.

But, at that point we might as well define new algorithm IDs instead of
new OIDs, in my opinion. Then we can also get rid of the complexity of
MPIs for these algorithms, and just use fixed-length octet strings
(of lengths defined by the algorithm IDs) on the wire.

If there's interest in this, I'll volunteer to write up some draft text
for the spec. But I'm aware that this is really late in the process,
so feel free to shoot it down if you think it's too late for this.

But, I think that changing only the OIDs and nothing else might do more
harm than good in the long term, because (if we do decide to clean this
up later) then we might end up with three ways to do Curve25519 rather
than two.

Best,
Daniel