Re: [openpgp] Possible to define a common key format for LibrePGP and OpenPGP-IETF?

Kai Engert <kaie@kuix.de> Fri, 15 December 2023 12:20 UTC

Return-Path: <kaie@kuix.de>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 030B9C151091 for <openpgp@ietfa.amsl.com>; Fri, 15 Dec 2023 04:20:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kuix.de
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U16EACPVclpQ for <openpgp@ietfa.amsl.com>; Fri, 15 Dec 2023 04:20:31 -0800 (PST)
Received: from cloud.kuix.de (cloud.kuix.de [IPv6:2001:8d8:1801:86::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0B68EC15108A for <openpgp@ietf.org>; Fri, 15 Dec 2023 04:20:30 -0800 (PST)
Received: from [IPV6:2003:c8:af03:2300:d806:f5c8:f6e5:f959] (p200300c8af032300d806f5c8f6e5f959.dip0.t-ipconnect.de [IPv6:2003:c8:af03:2300:d806:f5c8:f6e5:f959]) by cloud.kuix.de (Postfix) with ESMTPSA id 6BE141890E3; Fri, 15 Dec 2023 12:20:28 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=kuix.de; s=2018; t=1702642828; bh=JxU6GDdsGfY3ePzyuUR0BHDeGeIsOqdN7gnClVcaQ40=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From; b=U3y1R88n4l1Wx209qzAX8h1ewhjQt2RYkKKc5kIEYZzFTnu2FghkyQvmg5fPaCGuL 1wy0X5hqPP9vS5/dr78OjmCcGb+S4QPyOyVET8nUAV53qyLhsgt9EQgHUfCcj+PZ1c 1Iy39pURDZnlP9xXxYpJjxX8dArmbCR9oGfZ9cZQV+3OH7xWcQSoF7d7VRcwtRGWUR RJtuWRoGN4l/hEcGG0hy05t5iVSEvHZxmCIb3H3D8Z04unpRBHSjrOcv1FddE5ZfkY JehuHDqgV2/e9OWkbJkZLKBwSXNQcHMdXHzL6iX9S6VThqE9t1QYXhgi63sbHB6OIO dJsPBBEpMAP5Q==
Message-ID: <d18ab2ba-44cc-411d-89a8-6c0a97dd0e6b@kuix.de>
Date: Fri, 15 Dec 2023 13:20:28 +0100
MIME-Version: 1.0
User-Agent: Thunderbird Daily
Content-Language: en-US
To: Justus Winter <justus@sequoia-pgp.org>
Cc: "openpgp@ietf.org" <openpgp@ietf.org>, Werner Koch <wk@gnupg.org>, Daniel Huigens <d.huigens@protonmail.com>
References: <fda84dd5-4279-46cd-9b6a-90f211222df3@kuix.de> <87v88zbtub.fsf@europ.lan>
From: Kai Engert <kaie@kuix.de>
Autocrypt: addr=kaie@kuix.de; keydata= xsFNBE8oE/UBEAC/Vx4tHVkfPdGf0BFMGcidXzAXKQ4+gI2F5rPBoV9fEtYngLHzm7+a6DL2 v5Jl5b4by9KtUbfIJysR1iniLWMJVPXZcyC4ovGouZ4MGK5cD9kMy+JdwebCs5/tj51vcvrS 08dP7r9Q0f0H7tsqhtVWuPFt+ZZEj8fIxjMgE3Z5BcyoGT1mXQ544RA0vr0fB9MngvfteD3L /wL2miDnYVtwB+VHC6kEB75Pte/yz1kFc/TDqKT8F45M3invhccY8Zwe7F88+uS+tgR5B3Ga RMc9WChZr5ed5vRxSLrGqBGSWBKomKuWXNFVMrZAOaq+W/+kOdNSXLdJSvXIAgV4Gywf1D0r ZTi8V+UoiTY8eDfT4OlBJrbbkge92/lrqaorAsuo/DVmfv7ARk7q2jvbSZD39zkWpLNsAulz gZOr+ffEHKy0f9fNwzenHpKvNtTUWGChEyDf7a6EtTBZsxAYco0xAtFOoQVwx5UzZk4tMVhv lrATrvmFdK5SLroDuwtSLUBJ5MhICyaB1kN7YSatQs33D+M5oPKVC+mn1WB/nznU475cssBW Asw+/K4VtXN08HxVFEvpV5MtpoYGe/cqsV87aVr/Igg45DVKtMMK8W5AmJDdGru3caxdVkkW fis9F1GBkk7ZPgip4cprh3KicuKsXhVrjk2mC/kCR+mrlY8ncQARAQABzSNLYWkgRW5nZXJ0 IChhdCB3b3JrKSA8a2FpZUBrdWl4LmRlPsLBlwQTAQoAQQIbAwIXgAIZAQULCQgHAwUVCgkI CwUWAgMBAAIeBRYhBCHRbmfhg5jI2p3fLhwnQjclAHckBQJkhlFMBQkXP3DXAAoJEBwnQjcl AHcka90P/Rwh5/f+RMLQss7kad6wz1y/T4Ztgaj0m+vuCyhzf246/8hs7SMp7ESscZkZkNgn iEtMSIl2ZErvXpXXuQeHXvBed5aqrBU5KqyEv8gMFLOcn/MTCPHkjImgyBwp47AP5VmRhoH7 LSYFm5GsJfMfNSA8hHGBL3WMUyVxfLAUdTfEUeBM4GgDCDyizyFmtIvmJxd3hEnl1kmWxUwv yfFjGfABLI4/E2Sw7cQ1nqxz4YjA7l4ATd1rLjt8KpUzi9ZB2SkvUfMttvjoPdLm+ngnNFjZ 59jktAVS60UpxyQQL6gO10Gty2CIQYYOfGzz22C3ajdkn1g8+GZfm7v2E97vC+9f3lNRMt1B Yexx8HhsnZe/hBxP+rWcJf5SM5smrug0mevy+CpGMIbklWYUoY6XPQKJ6/o3hJwMmoBoYB7p dkCK+AC1/w219xZGCF7D1wyLeBeFplRI66ZAU07wDO6En139REDVWOW0jwUYeRHdmjVDCGPg DKM3MJTU1pUnzx5+/r735//UI13wUrM/sQa5EKtCTbglvGBNTEF/QDg6Dh6odRyQGDdysxjS b8TKS/5MqsjZVcIHzkhsvTzE1WvRWU6F4G8iZIM/ekjpcRjcXPo8VbyNV5JmnLA/sxu1YB4n HOchWcWMijR3OFEtvhrhK0cpvYVs/SkVYg0GU1sVHHWyzsFNBE8oE/UBEADnglTT1XME4/Dj ghgg2K5AAR7KKQ7mwtP4jF57wwz5Py1eTRn1FLBRVy27wPAz5/w2NEj52+YZKB7OyI0vVmRW 43fsYzh2DtknyhkIHn9hBAILHXPurh3rxewR9Ox52X5jYZyCBtHoSk3hFtHfw3q6HAoVnDSZ 64/qbU1pEKeKFyImtd2grFdygcDHLdtqUZM8Bu85SZBqojt1jkNUU85PkjbCXVxZuSRNzHjC 7zX3SxIx5b8hvAiDuKcL+epcJIovrff4e//YZxXO8E0rwnE7lhoe4eX4YHA/pweWi0d3aqv8 FLKFgK3cJwwMddH6/BLBrAL7/NSlHlMetUtPoT+GWkBlfkdCxj0EyuWUjQCnswKWP6S9GWS6 Q19zf8IqkAvVGMNXn6yv3V98E1dtmCmynf+4IjpC4mkV1RjyOzlpg3AcIVtfzGTN0Wob3m+3 642ir8Xunt0RCLcETQfZvRziS4lfgb0ysAp3J9ivUqI9fnXcBB4hdkIT1SiA43mO8oXo8FNO 7OiawJkFr0TFuQu/64KbtD4QLhbC++ltRpouma636iqexKth6GDjJ2bk1GGB8nL5GKzWwoCm 3IDsCUNZaw/l8VkTSvF6gOtN1tfolWPFPnT0O1ZrisjSqAZO3rbknqKubqd9sXwzVXlloGZK y1YL88N2CCx+XflptAfGTwARAQABwsF8BBgBCgAmAhsMFiEEIdFuZ+GDmMjand8uHCdCNyUA dyQFAmSGUVMFCRc/cN4ACgkQHCdCNyUAdySj0Q/+PbhxtlN3WRVTFmC5nicO6ZpXoDL8PAiK 9tUD4hqx0OQDbF2AhHRgHCRAAQ4rFWlTd0SSO7SYD/2+HdByw6PfTKkz2hJippSHLljAufcF diY0xiTijPyssoBxOtkBxNAiSHcA39AIdfGAH+e6n/go8RtxjOrOChePGh8ken5o4JUhjPOG t86Lhid1MCppNNQAzzFXPbKBX1uQf/jSacmNxs9d25lG3ddf9UgsruqziDZvhZp6EfWV/Pd+ g+UYAQ+HLgwl60ix0n7N43L8esnCrbEY3BST49snw2VpL+5Klyt1y0c/HCpscjq1FT5s2uav wknqb3vqoFOTWr9UswBjuUZqZ97JXUpd2mMpqRmDvFzhwdSYiS9fvISKKJknATssIQsnAmVk 3DjZz1Q50FTeCMrgh/zoJPN5xwNAg2ueLDMudUcPS2KgOH14E6Ve9au9O6pOKpZyxb5KUcqE fgNxfrM4n8Tw011sr/i7xZzUqbcDCZRdPso8uHg0YxRjwUTILVDq4Ow0IL6fY77HZwiZqNmP 6BTyNNKOBSfYFS4GxMcOmWPzcjDqpgAm4L50j9L2Pr5Sp0ayGDdQkCxbgEILMxPWRYq38ZMS e3ZtRJ5OJpLdYnmyvc7fm0BBmy7+MeP1HN1CieRgaqCUQuPuXpUHuMjr1Ls0grKAXG5i9V/c AlI=
In-Reply-To: <87v88zbtub.fsf@europ.lan>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/h6cfO5OHOais6xqHDjqyJ9oqvzM>
Subject: Re: [openpgp] Possible to define a common key format for LibrePGP and OpenPGP-IETF?
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Dec 2023 12:20:35 -0000

Hi Justus,

thank you for your response.

I acknowledge that the group has worked hard to find compromises, and a 
majority has been able to find a compromise.

However, a group of people has decided to disagree with the compromise, 
which I think is deeply regrettable.

I see that the proponents of the crypto-refresh agree to move on in 
their way. Based on the disagreements from Werner and the actions of the 
GnuPG project and the initiative to fork the specification as LibrePGP, 
it seems clear that they intend to move another way.

That's very unfortunate. And it brings me to a question, which in my 
opinion, hasn't been asked that clearly yet:

Given the disagreements, and accepting the fact that there are 
disagreements and a schism seems likely, could both sides try to find a 
way to reduce the consequences of the disagreements, the consequences 
for application developers and users?

I am wondering if a common key format could be a way to achieve that.

The OpenPGP key format is designed to carry metadata, so I think it 
should be possible to come up with a creative way to support both?

If it isn't possible, we can stop this thread. I understand that nobody 
is motivated, after all those years of discussions and work, to restart 
the whole process.

However, if a common key format is possible, then I would like to 
suggest that both sides take a step back to think about this idea.

If both sides, LibrePGP and crypto-refresh, actively agreed to specify a 
common key format, that allows both sides to implement applications 
according to the divergent PGP specifications, then I think it would be 
a huge win for the ecosystem and users. The common keyformat would avoid 
the complexity of having to handle multiple keys in parallel - for those 
users who wish to have interoperability with all implementations.

Werner, as you stated you diagree with the crypto-refresh specification, 
I think it couldn't be done without your active support. So I'd like to 
ask you directly. Do you think this idea makes sense, and would you be 
willing to work with this group to design a common key format?

Thanks and Regards
Kai