IETF Logo Mail Archive

Re: [openpgp] To bind or not to bind

Justus Winter <justus@sequoia-pgp.org> Mon, 25 March 2024 10:21 UTC

Return-Path: <justus@sequoia-pgp.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 363C5C14F6B8 for <openpgp@ietfa.amsl.com>; Mon, 25 Mar 2024 03:21:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (4096-bit key) header.d=sequoia-pgp.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dp1VX9kfcTPj for <openpgp@ietfa.amsl.com>; Mon, 25 Mar 2024 03:21:37 -0700 (PDT)
Received: from harrington.uberspace.de (harrington.uberspace.de [185.26.156.85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D1D48C14F739 for <openpgp@ietf.org>; Mon, 25 Mar 2024 03:21:35 -0700 (PDT)
Received: (qmail 13041 invoked by uid 500); 25 Mar 2024 10:21:33 -0000
Authentication-Results: harrington.uberspace.de; auth=pass (plain)
Received: from unknown (HELO unkown) (::1) by harrington.uberspace.de (Haraka/3.0.1) with ESMTPSA; Mon, 25 Mar 2024 11:21:32 +0100
From: Justus Winter <justus@sequoia-pgp.org>
To: Falko Strenzke <falko.strenzke@mtg.de>, Daniel Kahn Gillmor <dkg@fifthhorseman.net>, Andrew Gallagher <andrewg=40andrewg.com@dmarc.ietf.org>
Cc: Aron Wussler <aron@wussler.it>, openpgp@ietf.org
In-Reply-To: <cd9a18d9-2d13-48d2-98e0-2ae268f68215@mtg.de>
References: <87a5mqi0xi.fsf@europ.lan> <23B46D65-EAF7-43D0-A5F1-04D28B698559@andrewg.com> <87sf0h32d3.fsf@fifthhorseman.net> <cd9a18d9-2d13-48d2-98e0-2ae268f68215@mtg.de>
Date: Mon, 25 Mar 2024 11:21:31 +0100
Message-ID: <87y1a6has4.fsf@europ.lan>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
X-Rspamd-Bar: ----
X-Rspamd-Report: BAYES_HAM(-2.894008) SIGNED_PGP(-2) MIME_GOOD(-0.2) R_MISSING_CHARSET(0.5)
X-Rspamd-Score: -4.594008
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=sequoia-pgp.org; s=uberspace; h=from:to:cc:subject:date; bh=BH5xFZy0cFCysNJOr2oZSHxSVdJVUHcWZDGaciz3X7s=; b=bHrpW6jua8wkmTUbDOJ4tunyWHBUJs1nPrUpEXm6IZUmZIJx0g+6TDmJYCQPlDgEwlvp1TTxLz XgTdOfIbNkBscx5MCIM6IHtl/jH39TIgU443yvVXIiQMkNzQWI8rCsPtgeXj+va71KAYlntVTJzz v0V3HSZzekZFEP5c0lMRoBJYRAqKG0GMesyUqTgaY5cinO6889rUcpaZr1k/YOlZT9t/9yrWPP3D CN07XlnBHkak2KBXo7c1jmy1xR1glmfr2qTA6ZXiOFkiqEi1joYhc4tVcod3PByNisvQfrHGuNDw 4pn+wSVHIdzPqH4PuS1ZuvbazC3k/lHn6NU0XWR4JGi5t8m0jZ7PgkE9Ts0gvIsbsKziPAEmQPO5 8nBPNYtVJKMSWb8EUJCI0oFAFRvPRtgrPGGokCLfj0nqytq3tTspo01b/lzGm7YSxXimlGWGZ9XB /h4AsaWUcuAC/lnNIWQZHdmeuGvARYRB9E2Cf+5G3dPP8RuUDCnELxuH7ey2QkuFHBWIj63pzHFp ckr6ghYPS0AGfM7YLduslzKvf55RR1z8XI7tWjXUhVQl5a1G/1i3lFP5DVqlqYMcjkOqyw5IfHpT Kdu3VQ3D35hqRQGBhg5Y9hYSCawvGkBhmD1EygiO2T8nOJx2+R3SMILd0HJx0R1k1gp1BuKfNF8E M=
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/k9aCU11jPP1gjzVKp79-kqNtTSg>
Subject: Re: [openpgp] To bind or not to bind
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Mar 2024 10:21:41 -0000

Hi Falko :)

Falko Strenzke <falko.strenzke@mtg.de> writes:

> Am 23.03.24 um 07:10 schrieb Daniel Kahn Gillmor:
>>> pgpy is fairly niche.
>> pgpy upstream has also been unresponsive for nearly a year, sadly.  the
>> branch i worked on for the crypto-refresh probably has the most active
>> maintenance, and i haven't even tried to release it :( I should probably
>> consider releasing it myself (maybe under another python module name) at
>> some point if upstream remains unresponsive.  I don't really want to
>> shoulder the full maintainer burden though.
>
> Based on what you write and what I can see in PGPy's GitHub repository, 
> it seems PGPy has to be considered as unmaintained. In that case it 
> should not be considered in the interop tests.

We're trying to understand how the existing v4 ecosystem will react to
introducing an as-of-yet unknown algorithms with as-of-yet unseen
artifact encodings to v4 certificates.

Whether or not an implementation is actively maintained seems to be
irrelevant to that question.

Or, one could even argue that not inadvertently breaking unmaintained
implementations is more important.  Along those lines, Aron has been
arguing that gopenpgp reacting badly to unknown algorithms isn't that
bad because gopenpgp is actively maintained.

Best,
Justus

v2.23.0 | Report a Bug | By Email