[openpgp] personal review of draft-06
Stephen Farrell <stephen.farrell@cs.tcd.ie> Thu, 30 June 2022 20:08 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E1F8CC15C122 for <openpgp@ietfa.amsl.com>; Thu, 30 Jun 2022 13:08:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.009
X-Spam-Level:
X-Spam-Status: No, score=-2.009 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qPxPdEM5c0Mk for <openpgp@ietfa.amsl.com>; Thu, 30 Jun 2022 13:08:08 -0700 (PDT)
Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2121.outbound.protection.outlook.com [40.107.21.121]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E9395C15C121 for <openpgp@ietf.org>; Thu, 30 Jun 2022 13:08:07 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bKRtCoauN/dEqDADmYYW7TqZMIOG3krUyYxlGlZUyZpXLVQzshn1lMm+cQm/Bw0NxlV8Sl4tgZQ+xZNvMbzfWiGAiFD5W9eqdYA3oUoxHdtOKfUQKI0SkNfrE2pGopTMhNoL/Y0uv7JurDWqeht77LviN+zb9HDC2FVv6PYH3Nu5P1tSN23eJmskOKYWNwp529dQ9DmJ2vR2QCxrROvUuZ1rpbK79oe/Nmkg/6AMIfYr61B8/vCbjqbVKUDX1R9fBc7xi2TU0kFRTj7wg7TkDndejb/Ym9itYPXHz8zNUDpplJg4iguELG8Hk8u5Jjq7jXDw8CA3YgdPXEqADvkREA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=zW6ngrIoqsta5y4HUKee06jsKuycOdYYDeoVV6qNG90=; b=h4uMChy6jsMRrz8bj+r2JTbYA94e+AFxG1moZ0PXdxHToV8/MgfD1M0pZMDb0KcXpGcNjkkXrvF/wvBbOcTjRDvJsc/J6KBCThemEQZfgcwrgyQBQZylglVCJ0Dz6xWRO3pl73Xp2jDzFxki+eANLwMGSpfGtGwcjMHqkwxkuNt8xV5TXXtJKhHHmCcZ2XvfjqSs6vb8UNNR+98aTF0Ouc9wz3ulx9JJM25LYvw3bp2xcuUuXsNeyYjq/MBK7y2tj6KDkX+xtleTOlyQ+Z0xxIPM6yKRe8CHnYA3A6p4kJ0QIe8zab97NvSDZhJDIU78bxk+zt6O6o1IWgkp/CcPvg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cs.tcd.ie; dmarc=pass action=none header.from=cs.tcd.ie; dkim=pass header.d=cs.tcd.ie; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.tcd.ie; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zW6ngrIoqsta5y4HUKee06jsKuycOdYYDeoVV6qNG90=; b=bYHSYIziB5EwadFVWOt9Z+Mkbr49XEmyhJ2Rq31JQimOAFfN2Vk33IgWlp0ryNTwFmMQGET94haB3XZvzQ1zBd/lONpTW4nKBjbKI4LOnRXAhKs12CHtVWY22gWjs2JQOYo9MhMGxcx3e/w4WVOkPBPSw2K4AZzQE6r5761aby/5jWo2gUiCfzDvahEkjN2OR9hxKWUAW3DfnA+8pHwv8R37gvPkkpb8l1pLifxC2vkyekyvmsQwsvFfj+dc+sXc6GrWiQkvwI9J3pK8xR9k01QXLS5oYYdKTp700QqJJHHZHj0RNemEi5/H28uzLFnQSm67fotkww+fhn1un+mcjw==
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cs.tcd.ie;
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15) by PAXPR02MB7295.eurprd02.prod.outlook.com (2603:10a6:102:1bc::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5395.15; Thu, 30 Jun 2022 20:08:02 +0000
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::8491:63e9:5e84:2d61]) by DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::8491:63e9:5e84:2d61%6]) with mapi id 15.20.5395.014; Thu, 30 Jun 2022 20:08:02 +0000
Message-ID: <d60140bd-0449-f1d6-85bd-d2ccdd2ae8fc@cs.tcd.ie>
Date: Thu, 30 Jun 2022 21:08:00 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.9.1
Content-Language: en-US
To: "openpgp@ietf.org" <openpgp@ietf.org>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------mOBR0oAXRfoHW4d9DIYVNxnr"
X-ClientProxiedBy: DB6PR0202CA0047.eurprd02.prod.outlook.com (2603:10a6:4:a5::33) To DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: b973c3c7-aeec-4824-82ee-08da5ad43c64
X-MS-TrafficTypeDiagnostic: PAXPR02MB7295:EE_
X-MS-Exchange-SharedMailbox-RoutingAgent-Processed: True
X-TCD-Routed-via-EOP: Routed via EOP
X-TCD-ROUTED: Passed-Transport-Routing-Rules
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: iraMD3TCRtZwMCKYswyFIRGeDHO8pkbcbI/KSem3zbp3hatcPdnkBwZbEJB73PRsuu8HASxoVcY/91aIMWLaAuXmJLlAAhpzyLWSLFeAefegx7uUJIm6f5YgDBKR6tXuhQooOv03eK1NDi/lCu+k7mu4+1sjWMvw+ZNXQJDRFPuhWvcUvF6/tYaLSSmKu+y1JHT5v4J1cWQIMbYC2BJTYDOwMeo9cGLohV9HZZvR3909m1FOwmH9O89bhyH0neNT54XXH3tTTjDDn2T5a0IDmhJWBbCPwFA6R6cSso42e8EKvt5ujxDTj+fg5YsKvJxP6ZSyyFgE4HCiVJryLDbTFExXAIwW/+ZhxLQCWt3E0ajONkzWtrY1SkYd+m6alzjrR8MGXKbBh6U8AUUEXt/DXtg/v8qvFfUvsbr3YCu8qQSxqmeaACgjWJgfdkjarByRZ7reKmKQUSMVSi4dkNp1AZFlNCIEzm7ENxuCUPInpqkc5vQxJfPgJJ+ReOJLNFl9NyhvkjqxZyCeWWUkYpjJEwmjuf4mC2FUj7uFRihgLUcLuMEhb8jDAw4tLDZy0Mcr5I/7mkL0mGr+tOrOfjPpvaP18XCVDRMuCngZ6fcIvXFGOR3nwaKx/Gzt5Kr4MwETzg8BPCyUB1EHRW73U9YHaSslOhkrkwYIGKyic9hEhwbF6NJFAo5Hy2phPIK1dCQuFpM7DdDX/ZIQn+De5bsLOVLcmv/F0fPef3asX5k9YrOWEGGibDR/p1lA4q2i6p/TI8ImOlnNvY4u3zfQLEUuIs5KAi1KwiQnBOIV7LRWnEyy03dPkv4X4S2q+Qm6UDTkWj8x9ukcZAKHkp9tAkuX47r7poqenWWXIZQeufFbpWnUe5byQkYvyl8Jn4Tmij7q
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB7PR02MB5113.eurprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230016)(4636009)(346002)(396003)(376002)(366004)(39860400002)(136003)(316002)(786003)(31686004)(83380400001)(21480400003)(38100700002)(26005)(6916009)(2616005)(36756003)(6512007)(33964004)(6486002)(44832011)(8936002)(6506007)(86362001)(31696002)(8676002)(66476007)(66556008)(66946007)(186003)(41300700001)(2906002)(966005)(5660300002)(478600001)(235185007)(43740500002)(45980500001); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: Zd74KUyc/OzA8IffVBwneoewLEDGjuySGRMaoetXQ57PSWfUEAAFgflWuKdGgfL4KITl7FryvLLD6aBOdD+jLkNFMLy4nCJxxi4z8H/ZN8lgv+27ANFwudhwnEdxmj5JIE9yd2s8c+HIM0Y5d+HM8uK65CgqjHtj9YRd8jtBIYbDDvW30oIGiQm6lCJ31KmM7TWaYH6jquaGrl+874j7sbmgHvbId+atFJXM8coSFGSTKP3ImY/HzKvXknGbBYJLJCk4bho9Qh287mYZ/YeEVkEyzc5M7EwIfFHzxz7XYLQYtiOGMd7A6NvfTbUPvV7zBEVbQySAW7fQnY/66JPNt2ccvvRI6NnL4bQDGsN0Fe/DaJfy5bK+7GWqttY2WeWqGfq7ui0Z6XMP+caRhgMKkCLFtXAqfs/PoSKHREJUT1/L1qpG9G/qOQQ406a/JrA9FLtP26/KHiiwsIrXBUX/K9CzFH3yDDuZq9pJbm3yaqju+67PrlC4aEHYS9Dx7HdHfrNxoUkKSpArPxoRCqVqzD3Qn/Wd1STF3y0B8UnTVM/gmITaPAbJ5M2sRMQeZDvPax96TRFxYFXML/r+mXbN/NMgmhA9tRDRFbqNEbgxH1WMvDCpCPrwjZsCqcNPuHOq0O/UKgtxJiHGdisuaWfOi/I+2MF3V40ZkZinlm55RFmOYjomQdiKwuekwCwq1wtnbXcJu5dgrtcXDYJrLivTjBKrB8k924oOMOALDNRz2NQLWeDD3TLGQtYArnpESCDwg/SuwoS86r2MMHHymqFIB/P3IQJnNU9X3ee6FcCLdE8OCPJTSkjC3tXudMCsB0iqPdEcLTFsWp8Ugrrwdp2ib9fm562a9NUdo1SGVgOTbzcCXgpsaRVVV2hk5+7w97Xh/5iEpNlx/CxFNLcGSj+mYzRgsadJNQXpzO21E2j85/ZbKEAtGNyxWVixlKds45hD+ZLqM8PkzfSxxzAMTIXTkpW1Asd/y0DN9BD6/yW3eFMm1aarcUjevrCPkSwRmYTsQDkoix8mDQs4OQDyWbU2ilIC/OBIguFiZU409niTTsYDXrWiZnLag8IY6+mEw+hT7fFjqooBNxlnyQTHQUKU/IfcReGcG9wlnLeJUcO8SXEDnTPiSYNvRoQht7zDlV8+xQ8/w6P0bpHNJ+PeZP6i3GJ+KO+i+xpCs1J6jgA1K18fKpZ2vRPCFevm8bkh7gu6ep1sBRMtS+wtD+yCqg9AoEQs6MFz74Sd42A+4YZzoNtzM1jc3Ksw8SxEkTRHXNhvyy9auxVP7BSG0z30pMWoDIOquKQVSyUrRgvrbErajecSSDgKRpzt5WLEo9PFVCjzTLwCTrXU9lMQZNbMGxj6zebQTNDaEQmmeHBmeiLMMrzuInUlVUS9C/D+zTqCXdVbXULmGz54DzgI0J/P504Zc5IHjEir1MXAAeymNMYstE/DmeEXFCpJvmUBNbaVc0yRrl3J5bMs2I+dsPXFi4aLxJBv7kSmZ10BUMjCib4G0PrhC2CtMnBTSpqydiKaIBN5jHMH2iNZ62Cx3vMiUtoIQ66QgXee/+ZhndFMoPe+ZmBPxOvpZA8BK/B5NWsyS0JH
X-OriginatorOrg: cs.tcd.ie
X-MS-Exchange-CrossTenant-Network-Message-Id: b973c3c7-aeec-4824-82ee-08da5ad43c64
X-MS-Exchange-CrossTenant-AuthSource: DB7PR02MB5113.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Jun 2022 20:08:02.2414 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: d595be8d-b306-45f4-8064-9e5b82fbe52b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: PO4/CJqn0VVGEMZiw1mlw5Klk+OHiNGY+aegBjPOYvDf9wSJf22A+CgOHNn3aHNh
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAXPR02MB7295
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/iUbeGIrwFcZa0SXiBM-eFf9wgXc>
Subject: [openpgp] personal review of draft-06
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Jun 2022 20:08:13 -0000
Hi all, I gave draft-06 a full read through (which took quite a while;-). I didn't find any showstoppers but there are a few things below it'd maybe be worth the WG considering as well as some nits the editors can handle as they see fit. Note that this is just me commenting as a participant, not as co-chair, so these comments deserve just as much or little considerations as anyone else's. Cheers, S. PS: If some of these warrant being tracked as issues, we can do that, and collating the recent list discussion into a set of tracked issues is next on my list for this stuff, so more on that in a day or two. possibly interesting comments/questions: (1) fix intended status == stds track in tracker (that's on the chairs) (2) section 1.1/10: "specification required" implies we'll need designated experts, dunno if we have those already or not? Doesn't need attention now, but IESG will pick some down the road sometime. It looks from a quick glance at iana.org [1] that we don't have any as of now for the one current table that'd need 'em. Can/should we give any generic guidance to the IANA experts that'll be needed when people want to add new registrations? Just as an example, we could consider asking them to be conservative (or accommodating) if asked to add new algorithms where there's no history of relatively widespread successful usage. Or, we could ask experts to only add things where there's evidence that implementations exist and are deployed, etc. Such text would not use "MUST" etc but can be useful guidance when an expert is asked to do stuff - they can push back then and say "the WG didn't want that" which could be useful. [1] https://www.iana.org/assignments/pgp-parameters/pgp-parameters.xhtml (3) 3.7.2 - we don't have any "MUST implement" here - is that intended? Argon2 is RECOMMENDED to use but I didn't see any MUST (or missed it:-). I guess one could argue that a MUST isn't needed there for interop but nonetheless maybe worth considering. (4) 5.2.4: "When a v5 signature is made, the salt is hashed first." That seems ambiguous, does it mean the salt is prepended to hash input, or the H(salt) is prepended to hash input, or H(salt) is prepended to hash output? I think it'd be better to remove the ambiguity in case different people do different things (though that should be clear pretty quickly so isn't that big a deal). (5) 5.12.1: If there's deployment already (I don't know) shouldn't we define e.g. a PNG encoding format now? Also, the [JFIF] reference is from 1996! Is that still correct? (I've no objection to the current text if that's what's really supported but wouldn't be surprised if more was commonly supported and there's an easy opportunity here to improve interop.) (6) 6.2: Is there an IANA registry to point at for values to be used for "Charset" ? If so, be good to have a reference. If not, should there be? (Could be too much trouble I guess, which'd be a good enough reason to not take that on.) (7) 10.2: "RFC REQUIRED" doesn't mean "IETF consensus" so e.g. we're currently setup to allow IRTF experimental RFCs or Independent stream RFCs to define new packet types and packet versions. Do we want that? Or would the old IETF consensus setup be more what we want rather than RFC required? (8) 11.1.1 (and elsewhere): can many marker packets be present? Same question for padding packets in 11.4. The phrasing is a bit ambiguous for me and it could lead to different implementers doing different things in a way that'd harm interop and might not be spotted so easily. nits/minor stuff: - general: the version numbers mentioned are a bit confusing/all-over-the-place, would it be useful to have a table somewhere to help the reader? - toc: 11.3.2.1/13.3.1.1 stand out as the only entries at that level - 1.1: trademark stuff - is that still accurate? given the company was acquired in 2010 maybe not? - 2.1: the description is very key transport oriented - is that still right if we're moving to preferring ECC? - 3.2.1: missing closing ")" after 12.2 - 4.3 - would it help to have the acronyms used for these packet types (PKESK etc.) as a column in the table? - 5.1.3/5.1.4: "MUST make a new PKCS#1 encoding for each key" I guess that's related to some timing attack or something? If so, a reference might be good. (Is there a related security consideration?) - 5.2.3.5 - what does "in a polite manner" mean? Not clear to this reader anyway. - 5.2.3.7 - "may have a" - is that "MAY have a"? (1.1 would imply not, so just checking it's not an error) - 5.2.3.7 - "in fact has" seems to me "MUST have" - is that right? - 5.2.3.7 - "user name" - that's the 1st occurence of that term - "user ID" is used elsewhere - is that deliberate? Or does that need to be defined? (Perhaps as (part of) the value contained in a user ID?) - 5.2.3.7: is "rewriting the signature" clear enough? - 5.2.3.21: I don't understand the 0x00 entries in the 1st column of table 9. - 5.2.3.21: Why is table 10 present but empty? - 5.2.3.23: "finger"? Really? Should that still be there? - 5.2.4: is "packet packet" a typo? - 5.2.4: some of the hex literals use upper case, e.g. 0xB4, while others use lower case, e.g. 0x9a - is it worth being consistent there? - 5.3: "a an" typo - 5.9: This is probably handled by all implementations already but I wondered if there's anything worth saying about the characters that can be used in filenames? Some OSes/filesystems e.g. don't like a colon in a file name. The only reason this could be worth a mention would be if some implementation commonly truncated the name from the packet (at an "illegal" character) when writing to disk which could lead to overwriting some sensitive data. Probably not worth a mention though as I'm not sure there's a stable enough list of dodgy characters to be useful for those creating packets. - 5.9: Is [PAX] still a reaosnable reference to use? - 5.10: RFC2822 has been obsoleted by 5322. I don't recall that should make a difference but might be worth someone checking there're no i18n things in 5322 that'd cause issues. - section 7: Should we say we now prefer PGP/MIME? (rfc3156) I'm not sure if both that and this (cleartext signatures as per this section) are in widespread use, so I'm not recommending we make a change just asking. - 9.5: Can we do better than "any recent signature" for md5 etc? Maybe not, but no harm asking:-) We do say a bit more for what "old signature" means, but is recent == !old? - 9.5: Does "MUST NOT validate" mean that you must not signal that a signature is valid or that you must not run the validation algorithm? I assume the former. Not sure if it's worth being that bit more precise though, is it? - section 10: would a pointer to 13.11 be useful here? (Or to move that text to section 10?) - 10.2.1.1: I guess we could ask that new image formats already have some MIME type assigned as well. Would we want that or is it ok as-is? There are a *lot* of such image format at [2] - probbaly more than we'd ever want but we could say the ones defined for PGP need to be on that list too. [2] https://www.iana.org/assignments/media-types/media-types.xhtml#image - 10.3.1.1: Not sure if referring to the table numbers here is right - we probably want to refer to the IANA registries by name instead. (Can be fixed later though.) - section 11: typo: "handled strict." - 11.3.1: should "must" be "MUST"? - 12.5: Should we add any warnings or requirements about the ephemerality of the ephemeral key pair "{v, vG}"? Are there cases where those are likely to be re-used? (On purpose or by accident.) - 13.9: "Most ciphers have a block size of 8 octets." We can probably delete that now? - section 14: Table 32 is RSA specific, be good to note that just in case. (One could argue to just remove the table too though.) - section 14: comparing cast5 to 3-des nowadays is odd, maybe s/3des/aes-128/? - The I-D nits tool [3] produces some possible things to fix or check. (Plus a number of false positives.) Those can be handled later though. [3] https://www6.ietf.org/tools/idnits?url=https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-06.txt - I also had a glance at the diff vs. RFC4880 [4] (which is unexpectedly usable:-) I didn't see anything glaring there but the URL might help someone else spot something that needs fixing. [4] https://www.ietf.org/rfcdiff?url1=rfc4880&url2=draft-ietf-openpgp-crypto-refresh-06&difftype=--html
- [openpgp] personal review of draft-06 Stephen Farrell
- Re: [openpgp] personal review of draft-06 Daniel Kahn Gillmor