[openpgp] details of 4880bis work

Stephen Farrell <stephen.farrell@cs.tcd.ie> Fri, 10 April 2015 11:38 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 17ED31A016B for <openpgp@ietfa.amsl.com>; Fri, 10 Apr 2015 04:38:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.21
X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id Ta6CsF7obA1f for <openpgp@ietfa.amsl.com>; Fri, 10 Apr 2015 04:38:11 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A66111B2C93 for <openpgp@ietf.org>; Fri, 10 Apr 2015 04:38:11 -0700 (PDT)
Received: from localhost (localhost []) by mercury.scss.tcd.ie (Postfix) with ESMTP id 76B68BE87 for <openpgp@ietf.org>; Fri, 10 Apr 2015 12:38:10 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([]) by localhost (mercury.scss.tcd.ie []) (amavisd-new, port 10024) with ESMTP id 8T5BIT5Z6Kzu for <openpgp@ietf.org>; Fri, 10 Apr 2015 12:38:09 +0100 (IST)
Received: from [] (unknown []) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 392A6BEEE for <openpgp@ietf.org>; Fri, 10 Apr 2015 12:38:09 +0100 (IST)
Message-ID: <5527B621.3040104@cs.tcd.ie>
Date: Fri, 10 Apr 2015 12:38:09 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.6.0
MIME-Version: 1.0
To: "openpgp@ietf.org" <openpgp@ietf.org>
OpenPGP: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/ll36RGS81vXSXkVey0cR0zZ7WkI>
Subject: [openpgp] details of 4880bis work
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Apr 2015 11:38:13 -0000

Hiya, here's the 2nd thread, starting from DKG's list. Please
discuss... (We don't need +1's for this, just tweaks, corrections,
additions etc.) If someone wanted to put this on github or
somewhere else the group can edit it, that'd also be fine.


a) update the fingerprint format (avoid inclusion of creation date, use
   stronger digest algorithm; i'm dubious about embedding algorithm
   agility in the fingerprint itself, but explicit version info in the
   fingerprint might be reasonable so we don't have to keep guessing by
   fpr structure for future versions)

b) get rid of keyids entirely -- when referring to a key, use the
   fingerprint where a compact hint is needed (e.g. in a replacement of
   the issuer subpacket) or the full primary key where it is more
   sensitive (e.g. in designated revoker).  With EC keys, we could
   consider using the full key (not the full cert) even in the issuer
   subpacket case, which could make things cleaner.

c) deprecate MD5, SHA1, and RIPEMD160

d) clarify that cleartext signatures should all use charset/encoding

e) update S2K with something more modern (PBKDF2, HKDF, scrypt?),
   deprecate all the other mechnanisms explicitly

f) standardize the two new curves coming out of the CFRG: 25519 and
   curve448 ("goldilocks") for both signatures and encryption (Werner
   has already started this process for 25519 signatures)

g) remove compression entirely

h) clean up the language: clearly distinguish between "public key" and
   "certificate", and ensure that the use of the terms "trust" and
   "validity", if still present, are used unambiguously.

i) declare a literal data packet type "m" that means "MIME content" so
   that we can punt on the rest of the message
   structure/format/encoding/type craziness to MIME.

j) deprecate 3DES, IDEA, and as many of the weaker ciphers as we can
   get away with.

k) provide a modern streamable/chunkable AEAD replacement for
   Symmetrically-Encrypted Integrity-Protected Data (SEIPD) packets

l) change MTI algorithms: SHA512, the two new ECs, and the new AEAD
   mechanism should be the baseline.