Re: [openpgp] Genart last call review of draft-ietf-openpgp-crypto-refresh-12
Linda Dunbar <linda.dunbar@futurewei.com> Wed, 29 November 2023 20:11 UTC
Return-Path: <linda.dunbar@futurewei.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7CF4AC15153C; Wed, 29 Nov 2023 12:11:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.108
X-Spam-Level:
X-Spam-Status: No, score=-2.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=futurewei.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xIWIAt4hMjlC; Wed, 29 Nov 2023 12:11:36 -0800 (PST)
Received: from NAM04-DM6-obe.outbound.protection.outlook.com (mail-dm6nam04on2104.outbound.protection.outlook.com [40.107.102.104]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B5D14C14F5E0; Wed, 29 Nov 2023 12:11:36 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NaLOEYAWnchooDshxUAevHACcoQbzVsmYuJ2yMuqGlVeyUIGsk/+6NKw4nJj+coWoPjoMESk4iu/VHo2IFK8lds0AUV5Bog2IRwQGZk4TlIUZvCZXQN7uKrDq9W0WEV0WDFi2mRBP7KjBTenwILEyF3mvZ2k3Euo8wa3aY1WcrEm8V+OD7+ujVVviwndqcaDXHND11QpA7wakdH+dvz/lbexZ18CzB+wi6UrXRZSWHqrCYodCJs9UZXIkALPlAr8GDxIKH9Dk9ZHpu3kFwssKKGMSUiSMAuiIJz0PLu+P8tRzv/8gOs0sI2h6eaMcDNw5s4mEJAMQp7JonNcgCRJSA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=8kHek04zSJNCPfmlC6mZKiJzXuQZKP74228PYV7YpA4=; b=eQW2Jn7OQlRLUdnnLqoScVL45SPr5uXfHQUZJPkPe3E7ScmSwHXOR1m+wHt7paYNSzGn148369+EtfDGKFSt3pJ6j003Rna5Nz47kAvIxOszNyY3EBBn8PfW8b/8l82cgM1l15BBRlzjzztrVayRBpjBYiooryLETageQby2aGlSRCB2enTVukb+TMkRnR22JBkb3OA+8xbfYc6J4I0ZIbxGWmEe1TrUVi/ToXrY3kzESqKQ0QYSYY2MF22GYxImabcrINWNpCW8MKgqnmGjeUQiMJ2E0ogBJ5x/e5U8q14Mndn5bcJ5Wr4nA2BwY6Mgh3BjHpo4+2d7C+M+9l8xEw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=futurewei.com; dmarc=pass action=none header.from=futurewei.com; dkim=pass header.d=futurewei.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Futurewei.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8kHek04zSJNCPfmlC6mZKiJzXuQZKP74228PYV7YpA4=; b=LQit4AsMlI8F/1rwSnzTA+2HKBFXonLdOTI9Ehr8jhIKr54GDfbysF2s/mrbYc0f1T06pih1dwp0yKh7vpRLagLR0UgRbEZxUyqaZvCfTr/c+M2xMua6Yom2rBG7ZozskakawsgEhUc7QhgoVQrTeLy8tyiT3QXsy5ewWCsssA0=
Received: from CO1PR13MB4920.namprd13.prod.outlook.com (2603:10b6:303:f7::17) by PH7PR13MB6293.namprd13.prod.outlook.com (2603:10b6:510:234::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7025.29; Wed, 29 Nov 2023 20:11:32 +0000
Received: from CO1PR13MB4920.namprd13.prod.outlook.com ([fe80::17a7:6986:bf6:5efb]) by CO1PR13MB4920.namprd13.prod.outlook.com ([fe80::17a7:6986:bf6:5efb%6]) with mapi id 15.20.7046.023; Wed, 29 Nov 2023 20:11:32 +0000
From: Linda Dunbar <linda.dunbar@futurewei.com>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, "gen-art@ietf.org" <gen-art@ietf.org>
CC: "draft-ietf-openpgp-crypto-refresh.all@ietf.org" <draft-ietf-openpgp-crypto-refresh.all@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>, "openpgp@ietf.org" <openpgp@ietf.org>
Thread-Topic: Genart last call review of draft-ietf-openpgp-crypto-refresh-12
Thread-Index: AQHaIvngBbUtYqYOfk2BPBESktTo9bCRuTMQ
Date: Wed, 29 Nov 2023 20:11:31 +0000
Message-ID: <CO1PR13MB492026C069FC0B5A7D3CD12A8583A@CO1PR13MB4920.namprd13.prod.outlook.com>
References: <170128013486.27263.12173786341571585191@ietfa.amsl.com> <874jh4xsxu.fsf@fifthhorseman.net>
In-Reply-To: <874jh4xsxu.fsf@fifthhorseman.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=futurewei.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CO1PR13MB4920:EE_|PH7PR13MB6293:EE_
x-ms-office365-filtering-correlation-id: 3134a721-b0dc-4fb4-de57-08dbf1176135
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: JznJOn6N3PYkC4QGPQnvd8EkecXWjaDI/rJiBiq0v3Qrawo1X71xmbLTW0tl3+zZ+pVk7EkdegXtwr5SDsqO3COCGZGq80PXu1TZbYTZpYUK2t95TfsbvqHt4bJ06cWtoNfaoMk9CqfPbfgRRbzc9cZFcN5/KBehezbA9byFuLgJ9rxy1DirReAVkb0osHyz6rWw0fxGLZoNFGdObteLqaOFJUPEozg40uxMOpo1FCx8SQlsh92KKfFwx1gtPtjy+03Du7RGMBOVS9bfMeia59HYI8N+pR+yqHnQKpvZc3oSna3SXKLwyS/pMvnEvkwFwQmKnNNtoSsI596v/wnYgUIRlhwCCh/FG1hA72DCkaRrj79MLRIhmSXuSqvJYLKFVbpGM3Uc3PWtofLSki1baz6jB9XFMKc19mFqSQKtcM/KVOrTjd9N72HHf6ewpXzY820Tb0Z1K7zkawEjCbKrsv3lG/MB9/T5kYNOb3k7x16HuI9Xlmpg5fuZ4/9X+h5hBh6NJsE3fpckqkYpYHmyVALrVU+xhv299haSGUdyDvk3OhA6PR3UUFJMDtxNhasZqXu2oDIsQb7MNR4Gum78/UUD9TaWRRHNtiRnUT5n9tJfe+AlvUri3807M1G2q3QntDwjj2zZSG6cw3DoFYC+3o+gi2GmPcui5ZnjS+6MdroOvtiGEsafGKcrybf3SQeyS0Q+hfQBxSAibiLsTc3yoF7uwboHvDFVux+omdLu9TE=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CO1PR13MB4920.namprd13.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(366004)(376002)(346002)(136003)(396003)(39850400004)(230922051799003)(230373577357003)(230473577357003)(64100799003)(186009)(1800799012)(451199024)(86362001)(2906002)(5660300002)(55016003)(33656002)(38070700009)(7696005)(52536014)(6506007)(4001150100001)(8676002)(4326008)(9686003)(41300700001)(8936002)(44832011)(83380400001)(202311291699003)(316002)(54906003)(110136005)(38100700002)(122000001)(478600001)(71200400001)(53546011)(966005)(66556008)(66476007)(66946007)(64756008)(26005)(66446008)(76116006); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: N+2zJsOsOh2d0d5MKyChm70+lmCJIRj8smrlpQvwlGey3IrPwrqs7n9TiYD5M3onyEcO9dXAQg484TrcbutUl3tbrbZSpW+fj4bD2bOTsHU6XZ9XYh0mF7DVKMzvY20gJElX7mjL65cvuUmTczlfW481M1Rzo1K3CUfDFBx/wdqbIMCAjGE3JJFwtam+vacyn5USKc3WPwe/PmqssXEGoH7yxp/Nen686m7gZ65qsXuWATh5UFPniaJXREOHpdytk9bJwcWTh9qWcoKNwi7W3FQtzp4sQX/ynx+yXCtTSCTMQMuZRXyfuyGV7rUYtFV1nL8m5bpeiL+eBFQFTGqubLsFIj0uc8IJsHv7UcNJmuxjWrfog726ea8uWiTyCAxI8Ab1Fdch8IdnH3A8uJXQ9I6cqatEOdkGcvZBmpBwCiaxcjXTLFXgDAwZfcNtHwyQINyBJ+Gb9sDXgO8cx0IyPJjvLejv05+bkM4vvc5bq+u7BNE3qf0s+ZYuq+6cDOKdL+HOMoGtdhwRlx/k8o1ct0AdvrzznXSswaTENNulYOKUQlRcSE7zJXId03Q10DNpOqAvFKIbB6nTcROrMypT70OHjqitMBSSGV32lvYUPs7QGO6eWC+zBPTg47kMAiMXfT2MQv1NHhEb0G8uzFKJrcQgGP4iHPbZeKwQF0VDB0I0MX7Sua+LniwaCezrsA2sEs1BrlF7d6N+zkUMlLhDTLb8U5hVuHTZp/0CZNugycul1hJe18LRHb8/45rW4gTQFgOvgz05wKogMXz80ms4MKC75vaT9JZPGhNv3I+kjgyEH5V01BxeYiWnTqTDcC6iFk4HsKzgOJ7ySZuLJO4wwLTRcbQg7Unc8Ide1wubqVH+MohK3NpC3+VeBRDx00sdRzcwOwz3uVY63uLwbzVR+kXn++e399kxO/3kCOCiv/yItfd+qUh0G2p+dNxYhNg/KHtmsXJkU0r5rqPwWkxpfxqXlVDQYpc30ZMXvcwij9AIHqBRGZIlC4aUs5Ho/hfMKqhGdorrzNf21tOhdMrjM53Tc6JJawveWrAs8aYFZeCR3XIY8zTRz3j8+arZ9+Ii8IVUQ4ig7EkyrZHi1qBgdPHmQ43WUcR9ybCNDw8O74VLPnYvsmiWC4FqOZIrNcekJ8IyvcZ+vUgQF2X5Dayho+227oM+nv3gccdbZ+NGNAveqBzTikabn6jHC0sisf3JCk4XuBsS9gjLdaEYCmqO/O7YMS6Vz3EVGCy4p99Cd2Z6Qr5tugwY8MxA/SQDFkZp6NpcghhbQyVI7nFMdcDRSpJ91OjOkPiEFHe9LTkZDalZGTrU4CAnrftbeaKcUNB/dWxF6KyijcgDDHlXDhsFNrrY/Udi84blYZChtq3KTaU7QBvJf46NtZlaNF8ctfNJDjGcHhna/XLMy971aUUn8wSgW0VyJNohuDo48NaCKDgqNRBUqqDtAGGum6Q/iWd4KRK+1MxwTWZJAOt7JzqY4vdmPm9XHos5PV1o2K9dj7mllWKJC4ZcXvnCvVP3BmMKwbgdbPMXut8Lw9m8HE9qPRMagEBwUwjkLUu2kvcDCP7ASQwMvYocz01arN0JRny9
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: Futurewei.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CO1PR13MB4920.namprd13.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 3134a721-b0dc-4fb4-de57-08dbf1176135
X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Nov 2023 20:11:32.0430 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 0fee8ff2-a3b2-4018-9c75-3a1d5591fedc
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: IIpomda51IkEZcNZNymVIG3x6qsk9l9foUYa9VoYhLmOMRDkNsX60bsNPf7fubTg7y/QLfMkWXVtkh9leOfeMg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR13MB6293
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/jXVJQ0qoRx7jQgvOHpQqA2iuuNE>
Subject: Re: [openpgp] Genart last call review of draft-ietf-openpgp-crypto-refresh-12
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Nov 2023 20:11:40 -0000
Daniel, Thank you very much for the explanation. My puzzle is when the Sender using its Public Key to encrypt the Session Key, can anyone who have the access of the sender's Public Key decrypt the Session Key? Is it true that the Session Key is encrypted with a symmetric key between the Sender and the Recipient? Thanks, Linda -----Original Message----- From: Daniel Kahn Gillmor <dkg@fifthhorseman.net> Sent: Wednesday, November 29, 2023 1:26 PM To: Linda Dunbar <linda.dunbar@futurewei.com>; gen-art@ietf.org Cc: draft-ietf-openpgp-crypto-refresh.all@ietf.org; last-call@ietf.org; openpgp@ietf.org Subject: Re: Genart last call review of draft-ietf-openpgp-crypto-refresh-12 Hi Linda-- Thanks for your review! On Wed 2023-11-29 09:48:54 -0800, Linda Dunbar via Datatracker wrote: > Nits/editorial comments: > Some of the steps described for "Confidentiality/authentication via Encryption" > are not clear to me. Hope the authors can answers the following questions: > > Section 2.1: Step 3 says that the Sender using Public Key to encrypt > the Session Key. The Step 5 says that the Receiver decrypts the > Session Key using recipient's Private Key. Shouldn't Sender and > Recipient use DH with both Public Key and Private Key to encrypt and decrypt the Session Key? When DH is used within OpenPGP for decryption, it involves the receiver's private key plus an ephemeral share that is packaged alongside the message itself (in the "public key encrypted session key", or PKESK packet). The section you're referring to (§2.1) is a high-level description, and it doesn't cover all the possible mechanisms available with OpenPGP. For example, some public key encryption in OpenPGP uses RSA, which doesn't involve DH at all. (and as-yet-unspecified quantum-resistant public key encryption, like ML-KEM, also likely won't use DH, see https://datatracker.ietf.org/doc/draft-wussler-openpgp-pqc/) So the contents of the PKESK depends on the specific algorithm used, and the description in §2.1 describes the overall process without getting into any particular cryptographic mechanism. Hopefully this helps understand why that section is written this way. Please don't hesitate to ask more questions! --dkg
- [openpgp] Genart last call review of draft-ietf-o… Linda Dunbar via Datatracker
- Re: [openpgp] [Last-Call] Genart last call review… Paul Wouters
- Re: [openpgp] Genart last call review of draft-ie… Daniel Kahn Gillmor
- Re: [openpgp] Genart last call review of draft-ie… Linda Dunbar
- Re: [openpgp] Genart last call review of draft-ie… Daniel Kahn Gillmor
- Re: [openpgp] Genart last call review of draft-ie… Linda Dunbar