Re: [openpgp] a new draft overlapping the WG draft

[Ángel <angel@16bits.net>]

Hello all

I have been away of this WG for a long time, and the day I actually
happen to go back to see how it has evolved, it is to this thread.

I am saddened to find out two competing drafts for "rfc4880-next".

Having two diverging specifications, and leaving the users stranded to
get their implementations to figure out how to interoperate seems like
one of the worst outcomes. It's already hard enough to keep
compatibility with old specs, we don't need two modern diverging
specifications.

I am also surprised that this comes from an editor of the current draft
(or current as of last month, at least). And if Werner found the 
-refresh version to be utterly wrong, to the point it needs to be
scratched back, I would have expected to find at least an email here
with objections that could then lead to a diverging draft, not a sudden
new draft with the same goals and no explanation.


I found Justus mail very informative in pointing out here that draft-
koch-openpgp-2015-rfc4880bis-00 is just the continuation to draft-ietf-
openpgp-rfc4880bis-10 (actually mentioned in the header of the former)

Thus, rather than focusing on the changes between draft-koch-openpgp-2015-rfc4880bis-00 and draft-ietf-openpgp-crypto-refresh, I looked at the changes between draft-koch-openpgp-2015-rfc4880bis-00 and draft-ietf-openpgp-rfc4880bis-10, since the later was already considered when drafting -refresh.

While draft-koch-openpgp-2015-rfc4880bis-00 is indeed very similar to d
raft-ietf-openpgp-rfc4880bis-10, I must point out that it is wrong to
describe it as "only adds is an attack on dkg".

In the actual text, other than cosmetic/minor changes to the
descriptions from -10 (including that the quoting of single characters
is now broken in the new version, something we fixed on -refresh in
2019 or so), I find it adds two significant changes:


1) On AEAD Encrypted Data Packet the text "SHOULD NOT create chunks
larger than 128 MiB" was changed to "MUST NOT create chunks larger than
4 MiB". This is aligned with refresh, which contain the same line.
(see also 'AEAD Chunk Size' thread on this mailing list, Feb-Apr 2019)


2) A Literal Data Meta Hash subpacket was added
This is reflected in the appendix C (changelog), section 5.3.2.1
(reserving type 40) and Section 5.2.3.32 (definition of subpacket
"Literal Data Meta Hash")


Without any input from the author, it's anyone's guess why it was done
this way instead of as a patch/MR over -refresh, but I think the new
draft can be considered just as a change to add the Literal Data Meta
Hash subpacket.


My opinion is that the working group should:

- Continue working on draft-ietf-openpgp-crypto-refresh
- Consider "Literal Data Meta Hash" from draft-koch-openpgp-2015-
rfc4880bis as a proposal, as if it was suggested against -refresh.


Obviously, the additions on draft-ietf-openpgp-rfc4880bis-10 over
rfc4880 that might be pending (if any), should be evaluated. I thought
they were all already reviewed and either rejected or accepted
(potentially with amendments), but I suppose the new published draft
could make us notice any missing.


Regards
Ángel



Note: This email deals exclusively with considering all changes and the
goal of reaching a consensus. It is not to be construed as support (or
lack thereof) for any particular feature or text present or missing
in ietf-openpgp-rfc4880bis-10, ietf-openpgp-crypto-refresh or koch-
openpgp-2015-rfc4880bis.