[openpgp] details of 4880bis work
Stephen Farrell <stephen.farrell@cs.tcd.ie> Fri, 10 April 2015 11:38 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 17ED31A016B for <openpgp@ietfa.amsl.com>; Fri, 10 Apr 2015 04:38:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.21
X-Spam-Level:
X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ta6CsF7obA1f for <openpgp@ietfa.amsl.com>; Fri, 10 Apr 2015 04:38:11 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A66111B2C93 for <openpgp@ietf.org>; Fri, 10 Apr 2015 04:38:11 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 76B68BE87 for <openpgp@ietf.org>; Fri, 10 Apr 2015 12:38:10 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8T5BIT5Z6Kzu for <openpgp@ietf.org>; Fri, 10 Apr 2015 12:38:09 +0100 (IST)
Received: from [10.87.48.73] (unknown [86.46.18.59]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 392A6BEEE for <openpgp@ietf.org>; Fri, 10 Apr 2015 12:38:09 +0100 (IST)
Message-ID: <5527B621.3040104@cs.tcd.ie>
Date: Fri, 10 Apr 2015 12:38:09 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.6.0
MIME-Version: 1.0
To: "openpgp@ietf.org" <openpgp@ietf.org>
OpenPGP: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/ll36RGS81vXSXkVey0cR0zZ7WkI>
Subject: [openpgp] details of 4880bis work
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Apr 2015 11:38:13 -0000
Hiya, here's the 2nd thread, starting from DKG's list. Please discuss... (We don't need +1's for this, just tweaks, corrections, additions etc.) If someone wanted to put this on github or somewhere else the group can edit it, that'd also be fine. Ta, S. a) update the fingerprint format (avoid inclusion of creation date, use stronger digest algorithm; i'm dubious about embedding algorithm agility in the fingerprint itself, but explicit version info in the fingerprint might be reasonable so we don't have to keep guessing by fpr structure for future versions) b) get rid of keyids entirely -- when referring to a key, use the fingerprint where a compact hint is needed (e.g. in a replacement of the issuer subpacket) or the full primary key where it is more sensitive (e.g. in designated revoker). With EC keys, we could consider using the full key (not the full cert) even in the issuer subpacket case, which could make things cleaner. c) deprecate MD5, SHA1, and RIPEMD160 d) clarify that cleartext signatures should all use charset/encoding UTF-8. e) update S2K with something more modern (PBKDF2, HKDF, scrypt?), deprecate all the other mechnanisms explicitly f) standardize the two new curves coming out of the CFRG: 25519 and curve448 ("goldilocks") for both signatures and encryption (Werner has already started this process for 25519 signatures) g) remove compression entirely h) clean up the language: clearly distinguish between "public key" and "certificate", and ensure that the use of the terms "trust" and "validity", if still present, are used unambiguously. i) declare a literal data packet type "m" that means "MIME content" so that we can punt on the rest of the message structure/format/encoding/type craziness to MIME. j) deprecate 3DES, IDEA, and as many of the weaker ciphers as we can get away with. k) provide a modern streamable/chunkable AEAD replacement for Symmetrically-Encrypted Integrity-Protected Data (SEIPD) packets l) change MTI algorithms: SHA512, the two new ECs, and the new AEAD mechanism should be the baseline.
- [openpgp] 4880bis: Update S2K Werner Koch
- Re: [openpgp] details of 4880bis work Werner Koch
- [openpgp] details of 4880bis work Stephen Farrell
- Re: [openpgp] details of 4880bis work ianG
- Re: [openpgp] 4880bis: Update S2K Benjamin Kaduk
- Re: [openpgp] details of 4880bis work Christoph Anton Mitterer
- Re: [openpgp] details of 4880bis work Nils Durner
- Re: [openpgp] details of 4880bis work Tom Ritter
- Re: [openpgp] details of 4880bis work Stephen Farrell
- Re: [openpgp] details of 4880bis work Benjamin Kaduk
- Re: [openpgp] details of 4880bis work ianG
- Re: [openpgp] details of 4880bis work Stephen Paul Weber
- Re: [openpgp] 4880bis: Compression (was: details … Werner Koch
- Re: [openpgp] 4880bis: Compression (was: details … Wyllys Ingersoll
- Re: [openpgp] 4880bis: Compression (was: details … Phillip Hallam-Baker
- Re: [openpgp] details of 4880bis work Jon Callas
- Re: [openpgp] 4880bis: Compression (was: details … Jon Callas
- Re: [openpgp] 4880bis: Compression (was: details … Jon Callas
- Re: [openpgp] 4880bis: Compression (was: details … Bill Frantz
- Re: [openpgp] details of 4880bis work Jon Callas
- Re: [openpgp] 4880bis: Compression (was: details … Christoph Anton Mitterer
- Re: [openpgp] details of 4880bis work Christoph Anton Mitterer
- Re: [openpgp] details of 4880bis work Peter Gutmann
- Re: [openpgp] 4880bis: Compression (was: details … Daniel Kahn Gillmor
- Re: [openpgp] details of 4880bis work Vincent Breitmoser
- Re: [openpgp] 4880bis: Compression Werner Koch
- Re: [openpgp] details of 4880bis work Peter Gutmann
- Re: [openpgp] details of 4880bis work Vincent Breitmoser
- Re: [openpgp] details of 4880bis work Stephen Farrell
- Re: [openpgp] details of 4880bis work Werner Koch
- Re: [openpgp] details of 4880bis work Phillip Hallam-Baker
- Re: [openpgp] details of 4880bis work Christoph Anton Mitterer
- Re: [openpgp] details of 4880bis work Christoph Anton Mitterer
- Re: [openpgp] details of 4880bis work Christoph Anton Mitterer
- [openpgp] Opening up the debate on PKI / WoT / fu… ianG
- Re: [openpgp] details of 4880bis work Vincent Breitmoser
- Re: [openpgp] details of 4880bis work Derek Atkins
- Re: [openpgp] Opening up the debate on PKI / WoT … Stephen Farrell
- Re: [openpgp] details of 4880bis work Derek Atkins
- Re: [openpgp] details of 4880bis work Derek Atkins
- Re: [openpgp] Opening up the debate on PKI / WoT … Derek Atkins
- Re: [openpgp] details of 4880bis work Vincent Breitmoser
- Re: [openpgp] details of 4880bis work Werner Koch
- Re: [openpgp] Opening up the debate on PKI / WoT … ianG
- Re: [openpgp] Opening up the debate on PKI / WoT … ianG
- Re: [openpgp] Opening up the debate on PKI / WoT … Phillip Hallam-Baker
- Re: [openpgp] Opening up the debate on PKI / WoT … Derek Atkins
- Re: [openpgp] details of 4880bis work Ben McGinnes
- Re: [openpgp] Opening up the debate on PKI / WoT … Ben McGinnes
- Re: [openpgp] details of 4880bis work Ben McGinnes
- Re: [openpgp] details of 4880bis work Ben McGinnes
- Re: [openpgp] Opening up the debate on PKI / WoT … Phillip Hallam-Baker
- Re: [openpgp] details of 4880bis work Werner Koch
- [openpgp] rfc3880bis - hard expiration time (was:… Werner Koch
- Re: [openpgp] details of 4880bis work Ben McGinnes
- Re: [openpgp] details of 4880bis work Christoph Anton Mitterer
- Re: [openpgp] details of 4880bis work Werner Koch
- Re: [openpgp] rfc3880bis - hard expiration time (… Jon Callas
- Re: [openpgp] details of 4880bis work Ben McGinnes
- Re: [openpgp] rfc3880bis - hard expiration time Werner Koch
- Re: [openpgp] rfc3880bis - hard expiration time (… Christoph Anton Mitterer
- Re: [openpgp] 4880bis: Update S2K David Leon Gil
- Re: [openpgp] 4880bis: Update S2K Werner Koch
- Re: [openpgp] 4880bis: Update S2K Alessandro Barenghi
- Re: [openpgp] 4880bis: Update S2K Alessandro Barenghi
- Re: [openpgp] 4880bis: Update S2K Nils Durner
- Re: [openpgp] 4880bis: Update S2K Nils Durner
- Re: [openpgp] 4880bis: Update S2K Alessandro Barenghi
- Re: [openpgp] rfc3880bis - hard expiration time Derek Atkins
- Re: [openpgp] rfc3880bis - hard expiration time Christoph Anton Mitterer
- Re: [openpgp] 4880bis: Update S2K Earle Lowe
- Re: [openpgp] 4880bis: Update S2K Alessandro Barenghi
- Re: [openpgp] 4880bis: Update S2K Earle Lowe
- Re: [openpgp] rfc3880bis - hard expiration time Phillip Hallam-Baker
- Re: [openpgp] 4880bis: Update S2K Alessandro Barenghi
- Re: [openpgp] 4880bis: Update S2K David Leon Gil
- Re: [openpgp] 4880bis: Update S2K Andrey Jivsov
- Re: [openpgp] 4880bis: Update S2K Werner Koch
- Re: [openpgp] rfc3880bis - hard expiration time Derek Atkins
- Re: [openpgp] rfc3880bis - hard expiration time Derek Atkins
- Re: [openpgp] Opening up the debate on PKI / WoT … Jon Callas
- Re: [openpgp] Opening up the debate on PKI / WoT … Jon Callas
- [openpgp] Key Usage, Designated Revocation Jon Callas
- Re: [openpgp] details of 4880bis work Jon Callas
- Re: [openpgp] Opening up the debate on PKI / WoT … Phillip Hallam-Baker
- Re: [openpgp] rfc3880bis - hard expiration time (… Jon Callas
- Re: [openpgp] 4880bis: Update S2K Jon Callas
- Re: [openpgp] rfc3880bis - hard expiration time Christoph Anton Mitterer
- Re: [openpgp] rfc3880bis - hard expiration time Christoph Anton Mitterer
- Re: [openpgp] 4880bis: Update S2K Christoph Anton Mitterer
- Re: [openpgp] rfc3880bis - hard expiration time (… Christoph Anton Mitterer
- Re: [openpgp] Opening up the debate on PKI / WoT … Christoph Anton Mitterer
- Re: [openpgp] 4880bis: Update S2K Andrey Jivsov
- Re: [openpgp] 4880bis: Update S2K Werner Koch
- Re: [openpgp] 4880bis: Update S2K Christoph Anton Mitterer
- Re: [openpgp] 4880bis: Update S2K Peter Gutmann
- Re: [openpgp] 4880bis: Update S2K Peter Gutmann
- Re: [openpgp] rfc3880bis - hard expiration time (… Nicholas Cole
- Re: [openpgp] rfc3880bis - hard expiration time Dominik Schuermann
- Re: [openpgp] rfc3880bis - hard expiration time Christoph Anton Mitterer
- Re: [openpgp] rfc3880bis - hard expiration time Derek Atkins
- Re: [openpgp] rfc3880bis - hard expiration time Dominik Schuermann
- Re: [openpgp] rfc3880bis - hard expiration time Christoph Anton Mitterer
- Re: [openpgp] rfc3880bis - hard expiration time Derek Atkins
- Re: [openpgp] rfc3880bis - hard expiration time Dominik Schuermann
- Re: [openpgp] rfc3880bis - hard expiration time Christoph Anton Mitterer
- Re: [openpgp] 4880bis: Update S2K David Gil
- Re: [openpgp] rfc3880bis - hard expiration time Christoph Anton Mitterer
- Re: [openpgp] rfc3880bis - hard expiration time Werner Koch
- Re: [openpgp] 4880bis: Update S2K Andrey Jivsov
- Re: [openpgp] 4880bis: Update S2K David Leon Gil
- Re: [openpgp] 4880bis: Update S2K Jon Callas
- Re: [openpgp] rfc3880bis - hard expiration time Nicholas Cole
- Re: [openpgp] rfc3880bis - hard expiration time Christoph Anton Mitterer
- Re: [openpgp] rfc3880bis - hard expiration time Jon Callas
- Re: [openpgp] rfc3880bis - hard expiration time Christoph Anton Mitterer
- Re: [openpgp] 4880bis: Update S2K Werner Koch
- Re: [openpgp] Key Usage, Designated Revocation ianG
- Re: [openpgp] Opening up the debate on PKI / WoT … ianG
- Re: [openpgp] Opening up the debate on PKI / WoT … Phillip Hallam-Baker
- Re: [openpgp] rfc3880bis - hard expiration time Derek Atkins
- Re: [openpgp] rfc3880bis - hard expiration time Derek Atkins
- Re: [openpgp] rfc3880bis - hard expiration time Phillip Hallam-Baker
- Re: [openpgp] rfc3880bis - hard expiration time Christoph Anton Mitterer
- Re: [openpgp] rfc3880bis - hard expiration time Phillip Hallam-Baker
- Re: [openpgp] 4880bis: Update S2K Nils Durner
- Re: [openpgp] 4880bis: Update S2K Werner Koch
- Re: [openpgp] 4880bis: Update S2K Nils Durner
- Re: [openpgp] 4880bis: Update S2K David Gil
- Re: [openpgp] 4880bis: Update S2K David Leon Gil
- Re: [openpgp] 4880bis: Update S2K David Leon Gil
- Re: [openpgp] 4880bis: Update S2K Werner Koch
- Re: [openpgp] 4880bis: Update S2K Werner Koch
- Re: [openpgp] rfc3880bis - hard expiration time Derek Atkins
- Re: [openpgp] 4880bis: Update S2K Derek Atkins
- Re: [openpgp] 4880bis: Update S2K David Leon Gil
- Re: [openpgp] 4880bis: Update S2K David Leon Gil
- Re: [openpgp] rfc3880bis - hard expiration time Phillip Hallam-Baker
- Re: [openpgp] rfc3880bis - hard expiration time Derek Atkins
- Re: [openpgp] rfc3880bis - hard expiration time Nicholas Cole
- Re: [openpgp] 4880bis: Update S2K Nils Durner
- Re: [openpgp] 4880bis: Update S2K Nils Durner
- Re: [openpgp] rfc3880bis - hard expiration time Phillip Hallam-Baker
- Re: [openpgp] 4880bis: Update S2K Werner Koch
- Re: [openpgp] rfc3880bis - hard expiration time Derek Atkins
- Re: [openpgp] rfc3880bis - hard expiration time Derek Atkins
- Re: [openpgp] rfc3880bis - hard expiration time Phillip Hallam-Baker
- Re: [openpgp] rfc3880bis - hard expiration time Christoph Anton Mitterer
- Re: [openpgp] rfc3880bis - hard expiration time Nicholas Cole
- Re: [openpgp] rfc3880bis - hard expiration time Derek Atkins
- Re: [openpgp] rfc3880bis - hard expiration time Derek Atkins
- Re: [openpgp] rfc3880bis - hard expiration time Phillip Hallam-Baker
- Re: [openpgp] rfc3880bis - hard expiration time Christoph Anton Mitterer
- Re: [openpgp] rfc3880bis - hard expiration time Werner Koch