[openpgp] Confirming open questions discussed at IETF 114 [was: Re: Meeting Minutes for OpenPGP at IETF 114]
Daniel Kahn Gillmor <dkg@fifthhorseman.net> Tue, 11 October 2022 10:55 UTC
Return-Path: <dkg@fifthhorseman.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 669BAC14F74E for <openpgp@ietfa.amsl.com>; Tue, 11 Oct 2022 03:55:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.107
X-Spam-Level:
X-Spam-Status: No, score=-7.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=fifthhorseman.net header.b=Mt9aNlMJ; dkim=pass (2048-bit key) header.d=fifthhorseman.net header.b=qS/Qv07g
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uPBVnlCySNEf for <openpgp@ietfa.amsl.com>; Tue, 11 Oct 2022 03:55:16 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [IPv6:2001:470:1:116::7]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D2D68C14F692 for <openpgp@ietf.org>; Tue, 11 Oct 2022 03:55:15 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019; t=1665485713; h=from : to : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=AUrnmmqvKi1jYBKkadwzMy0fRfFZ5nbFFirO/OpiVTg=; b=Mt9aNlMJNgmTwwlxZdPCZ3Vy0hdm+dm+JxzlqiFBaPXGi+EZwt3xZNPehWcxJe4Fr680l gIB6PJ14T4ETxQlCg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019rsa; t=1665485713; h=from : to : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=AUrnmmqvKi1jYBKkadwzMy0fRfFZ5nbFFirO/OpiVTg=; b=qS/Qv07gEJdkzuT6Q+yNAMFSlkRoknC18kcX+IeUbEtxc/8zN59atp7ChDlPi3cC5vi+F xdujtFe2WYFJQMQ+IP0Cj/y10kjNSuwrmuI3zC2hM5y+SELlKySl3MpFe+2cDqWw0JrhIPk l4lOYeoQPiXwnWien0W35d1MtcgQyJSJ3/V+jUb8/tN1mLz58PQUpyWVJmZPNuZ5GujtUJB 60C2T8Zv1jPUuP6wRJM2eKKXQ8NPRi7IX8eQiv4hMoK6k+CdqLocvdugyMEfWGBvPgJDSz5 JXGHMRHmWSeK22q5XxT7pJHEk7HRFUGGFFU7H8qYgs9Y9BfvVO3U2nq0E/yQ==
Received: from fifthhorseman.net (lair.fifthhorseman.net [108.58.6.98]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id 3576FF9AD for <openpgp@ietf.org>; Tue, 11 Oct 2022 06:55:13 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000) id 5839A204E5; Tue, 11 Oct 2022 06:55:10 -0400 (EDT)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: openpgp@ietf.org
In-Reply-To: <87tu6wneqh.fsf@fifthhorseman.net>
References: <87tu6wneqh.fsf@fifthhorseman.net>
Autocrypt: addr=dkg@fifthhorseman.net; prefer-encrypt=mutual; keydata= mDMEX+i03xYJKwYBBAHaRw8BAQdACA4xvL/xI5dHedcnkfViyq84doe8zFRid9jW7CC9XBiI0QQf FgoAgwWCX+i03wWJBZ+mAAMLCQcJEOCS6zpcoQ26RxQAAAAAAB4AIHNhbHRAbm90YXRpb25zLnNl cXVvaWEtcGdwLm9yZ/tr8E9NA10HvcAVlSxnox6z62KXCInWjZaiBIlgX6O5AxUKCAKbAQIeARYh BMKfigwB81402BaqXOCS6zpcoQ26AADZHQD/Zx9nc3N2kj13AUsKMr/7zekBtgfSIGB3hRCU74Su G44A/34Yp6IAkndewLxb1WdRSokycnaCVyrk0nb4imeAYyoPtBc8ZGtnQGZpZnRoaG9yc2VtYW4u bmV0PojRBBMWCgCDBYJf6LTfBYkFn6YAAwsJBwkQ4JLrOlyhDbpHFAAAAAAAHgAgc2FsdEBub3Rh dGlvbnMuc2VxdW9pYS1wZ3Aub3JnL0Gwxvypz2tu1IPG+yu1zPjkiZwpscsitwrVvzN3bbADFQoI ApsBAh4BFiEEwp+KDAHzXjTYFqpc4JLrOlyhDboAAPkXAP0Z29z7jW+YzLzPTQML4EQLMbkHOfU4 +s+ki81Czt0WqgD/SJ8RyrqDCtEP8+E4ZSR01ysKqh+MUAsTaJlzZjehiQ24MwRf6LTfFgkrBgEE AdpHDwEBB0DkKHOW2kmqfAK461+acQ49gc2Z6VoXMChRqobGP0ubb4kBiAQYFgoBOgWCX+i03wWJ BZ+mAAkQ4JLrOlyhDbpHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3Jnfvo+ nHoxDwaLaJD8XZuXiaqBNZtIGXIypF1udBBRoc0CmwICHgG+oAQZFgoAbwWCX+i03wkQPp1xc3He VlxHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnaheiqE7Pfi3Atb3GGTw+ jFcBGOaobgzEJrhEuFpXREEWIQQttUkcnfDcj0MoY88+nXFzcd5WXAAAvrsBAIJ5sBg8Udocv25N stN/zWOiYpnjjvOjVMLH4fV3pWE1AP9T6hzHz7hRnAA8d01vqoxOlQ3O6cb/kFYAjqx3oMXSBhYh BMKfigwB81402BaqXOCS6zpcoQ26AADX7gD/b83VObe14xrNP8xcltRrBZF5OE1rQSPkMNy+eWpk eCwA/1hxiS8ZxL5/elNjXiWuHXEvUGnRoVj745Vl48sZPVYMuDgEX+i03xIKKwYBBAGXVQEFAQEH QIGex1WZbH6xhUBve5mblScGYU+Y8QJOomXH+rr5tMsMAwEICYjJBBgWCgB7BYJf6LTfBYkFn6YA CRDgkus6XKENukcUAAAAAAAeACBzYWx0QG5vdGF0aW9ucy5zZXF1b2lhLXBncC5vcmcEAx9vTD3b J0SXkhvcRcCr6uIDJwic3KFKxkH1m4QW0QKbDAIeARYhBMKfigwB81402BaqXOCS6zpcoQ26AAAX mwD8CWmukxwskU82RZLMk5fm1wCgMB5z8dA50KLw3rgsCykBAKg1w/Y7XpBS3SlXEegIg1K1e6dR fRxL7Z37WZXoH8AH
Date: Tue, 11 Oct 2022 06:55:09 -0400
Message-ID: <87y1tm635e.fsf@fifthhorseman.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/rVdU2hnlPmC4q5lG8w2IwK0I8F0>
Subject: [openpgp] Confirming open questions discussed at IETF 114 [was: Re: Meeting Minutes for OpenPGP at IETF 114]
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Oct 2022 10:55:20 -0000
Hi folks-- I'm following up on the notes from IETF 114, which had a series of polls that discussed open issues in the issue tracker, so that we can provide guidance to the WG editors on what to merge. If there are concerns about these recommendations, we need to hear about it on-list. If you think they look reasonable, noting that is also welcome. On Mon 2022-08-01 11:52:06 -0400, Daniel Kahn Gillmor wrote: > # IETF-114 OpenPGP WG Minutes […] > #### Issue #132: Padding octets (zero/random/other) […] > **Poll** keep the random padding scheme: 8 yes, 1 no, confirm in the list, that we want to keep the current text. Huigens wants to remove the justification. The support raised here suggests that we should close (without merging) MRs !203 and !204. Daniel Huigens, if you want to offer an MR to remove the textual justification for random padding, please do so! > #### Issue #134: AEAD Decryption failures > > **Poll** Should change the SHOULD to MUST for AEAD decryption failures as described in merge request 206: 15 yes, 0 no. No one has raised objections to this on the list since IETF 114, and this in-person result suggests that we should merge !206 as a means of resolving https://mailarchive.ietf.org/arch/msg/openpgp/tN2jWx4hUtiMGSo8-ILRXYNumVY/ > #### Issue #135: GCM […] > **Poll**: Keep GCM as an option: 15 yes, 0 no. Despite achieving clear support in the IETF meeting, this issue has remained contentious on the mailing list. No MR has been offered to remove GCM, but advocates for removing GCM might still want to make the case for doing so within the crypto-refresh. Note that the registry for non-MTI AEAD modes as it currently stands will be SPECIFICATION REQUIRED (as are nearly all of the OpenPGP registries, with the exception of new packet types and new packet versions, see discussion of #140 below), so implementations that want to add GCM support to the standard could follow up with a separate standard relatively easily. > #### Issue #136: Binding Keys to Modes […] > **Poll**: Keep HKDF for binding modes as per draft -06: 17 yes, 0 no. This mechanism had strong in-person support, and the on-list consensus seems to support keeping it. We should close #136 without making changes. > #### Issue #137: Direct Key Sigs […] > **Poll**: Certificate-wide parameters live in Direct Key Sigs for v5, keep that: 8 yes, 0 no. This change to the certificate format for v5 keys demonstrated in-person support, and no objections on-list. We should close #137 without making changes. > #### Issue #138: Revocation key subpacket is disallowed for v5 keys. […] > **Poll**: Revocation key subpacket is disallowed for v5 keys, keep that: 10 yes, 0 no. This constraint in updated certificate formats also had in-person support, and on-list consensus seems to be to keep the simplified format. We should close #138 without making changes. > #### Issue #140: IANA […] > **Poll**: I'm happy with the changes to IANA registration rules (but we should give guidance to the DE): 11 yes, 0 no. Ben Kaduk provided some reasonable suggestions about guidance to the designated expert at https://mailarchive.ietf.org/arch/msg/openpgp/3w9bwStWx4NMjvMUiOkVgvNNJlI and no one objected to it. We probably shouldn't close #140 without at least merging some guidance to the designated expert similar to what Ben proposed. Beyond #140, though, completing all the IANA guidance will require some detail-oriented work, identifying specific changes. > #### Issue #142: Argon2 There was no poll on Argon2, and only a single person objected on the mailing list to Argon2. That person is "in the rough", so Argon2 should stay in, and we should close #142 wihout making changes. > #### Issue #143: Problematic keys […] > **Poll**: should we remove the signature checksum from v5 sigs? 5 yes, 2 no. This is MR !208 -- i don't think we have a clear consensus on making this change, and no one has advocated for it here, so unless there is a clear change of heart, i think we should close !208 without merging. > **Poll**: Should we state that implementations MUST reject signatures (v4 or v5) with incorrect signature checksums? 9 yes, 1 no. MR !213 attempts to address this, but i don't think it does so as discussed at IETF 114: it seems focused on v3 signatures, instead of v4 and v5. If !213 were updated to reflect this properly, i think this could be merged. ------ I believe that the following MRs are also suitable for merging before we release the next revision in preparation for WG last call: Clarify that the fingerprint used in ECDH is the encryption-capable subkey's fingerprint: https://gitlab.com/openpgp-wg/rfc4880bis/-/merge_requests/199 Textual simplification: remove duplicated guidance to always use some form of integrity protection: https://gitlab.com/openpgp-wg/rfc4880bis/-/merge_requests/195 Reject malformed MPIs in v5 signatures, v5 keys, and v5 ESKs: https://gitlab.com/openpgp-wg/rfc4880bis/-/merge_requests/212 Clarify guidance about newlines around ASCII Armoring to match all existing implementations: https://gitlab.com/openpgp-wg/rfc4880bis/-/merge_requests/215 ----- Please give feedback on these issues! --dkg
- [openpgp] Meeting Minutes for OpenPGP at IETF 114 Daniel Kahn Gillmor
- Re: [openpgp] Meeting Minutes for OpenPGP at IETF… Daniel Huigens
- Re: [openpgp] Meeting Minutes for OpenPGP at IETF… Daniel Kahn Gillmor
- [openpgp] Confirming open questions discussed at … Daniel Kahn Gillmor
- Re: [openpgp] Confirming open questions discussed… Stephen Farrell
- [openpgp] Marker packet for OpenPGP-NG (was: Conf… Werner Koch
- Re: [openpgp] Marker packet for OpenPGP-NG (was: … Neal H. Walfield
- Re: [openpgp] Marker packet for OpenPGP-NG (was: … Paul Wouters
- Re: [openpgp] Marker packet for OpenPGP-NG (was: … Daniel Kahn Gillmor
- Re: [openpgp] Confirming open questions discussed… Daniel Kahn Gillmor