IETF Logo Mail Archive

Re: [openpgp] PQC encryption algorithm selection

Daniel Kahn Gillmor <dkg@fifthhorseman.net> Wed, 07 February 2024 18:41 UTC

Return-Path: <dkg@fifthhorseman.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 58B85C151075 for <openpgp@ietfa.amsl.com>; Wed, 7 Feb 2024 10:41:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.313
X-Spam-Level:
X-Spam-Status: No, score=-1.313 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, RDNS_NONE=0.793, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=fifthhorseman.net header.b="IlMAOZJA"; dkim=pass (2048-bit key) header.d=fifthhorseman.net header.b="0PXOKazN"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4oJPsLrSi38X for <openpgp@ietfa.amsl.com>; Wed, 7 Feb 2024 10:41:49 -0800 (PST)
Received: from che.mayfirst.org (unknown [162.247.75.117]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C6E95C151065 for <openpgp@ietf.org>; Wed, 7 Feb 2024 10:41:49 -0800 (PST)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019; t=1707331308; h=from : to : cc : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=u5VbnwVlOi7QMpUnePxwiN9CCIInIbtx8u2dJuDi1Zg=; b=IlMAOZJAIyTAl2TyVaXGw9YZzbonVzaz7wpC9f12hcrcrOX+gIIKKxCRcvHVKE16Ex3Om 2WI6wOQwlvSUYCyAA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019rsa; t=1707331308; h=from : to : cc : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=u5VbnwVlOi7QMpUnePxwiN9CCIInIbtx8u2dJuDi1Zg=; b=0PXOKazNF29LrjoRlGnDEOLos+RU+uC+80QfTMgD1KYWFTk1FSis84a8+ZV9qq9J3Z6TS KBGyeW2IquTBc/j/AqaQBMAEmaUcKqptfZJjIO6SHlw36S9RCoUX30ZbzUHEBJR0RXVn6in RIe/OjCC0QWpfpnZWMDcueoy6LPa01As+lVyONEYXogONM93ZF5kxhSPMaeoWgbcjaCKihr nWjDfBGGTL74G/pJniJ0lvmu0qhmdVA3W+eaEs0MMr6YTQys5i2DUkCBYm2Hek/aT/FFjFa rGsbUHTJXH1NwzKXGY8uGpavuVqchL3vNQ3VNRNQ0NAxsqfnpVESYduI3qEw==
Received: from fifthhorseman.net (AMERICAN-CI.ear2.NewYork6.Level3.net [4.59.214.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id 3674BF9DC; Wed, 7 Feb 2024 13:41:48 -0500 (EST)
Received: by fifthhorseman.net (Postfix, from userid 1000) id EFA99204CE; Wed, 7 Feb 2024 13:41:45 -0500 (EST)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Daniel Huigens <d.huigens=40protonmail.com@dmarc.ietf.org>, Paul Wouters <paul@nohats.ca>
Cc: Aron Wussler <aron@wussler.it>, "openpgp@ietf.org" <openpgp@ietf.org>
In-Reply-To: <PiYDAbkilQtku2kMJMytM_GF3dBdP1TkO7mxHzg8m0GxHLSlnsDCTGd5KXhMJ2X3B7zYWYWddFN_0IawI6H0J8r5ILtd6WlDCTEwcB-fgwE=@protonmail.com>
References: <WlmG-t8W8gPB6BePADYNwa365fmk6DGf3GF8Q4XZ3Ho1X3h0W9wykE364A6KDLQvU2p-lUKsftm0rQEe8V5p2jTuQgUEOQWOnlnhQJzdsgs=@wussler.it> <cd68a5bb-7ed9-c1f9-ab4e-c1466d96ebae@nohats.ca> <PiYDAbkilQtku2kMJMytM_GF3dBdP1TkO7mxHzg8m0GxHLSlnsDCTGd5KXhMJ2X3B7zYWYWddFN_0IawI6H0J8r5ILtd6WlDCTEwcB-fgwE=@protonmail.com>
Autocrypt: addr=Daniel Kahn Gillmor; prefer-encrypt=mutual; keydata= xjMEZXEJyxYJKwYBBAHaRw8BAQdA5BpbW0bpl5qCng/RiqwhQINrplDMSS5JsO/YO+5Zi7HCi QQfFgoAMQWCZadnIAUJBdtHCwMLCQcDFQoIApsBAh4BFiEE1HcEDHDCFWpcKYVJu36RAUlea/ cACgkQu36RAUlea/edDQD+M2QjnoEyu/TjI+gRXBpXQ5jCsnnp9FdYhaSSUW/vZ8kBAJByWlj A9aMfVaVrmvgcYw7jzJz+gmZspBRB++5LZ20NzRc8ZGtnQGZpZnRoaG9yc2VtYW4ubmV0PsLA EQQTFgoAeQMLCQdHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnEu/CS CeyWwC6j4ihJr2u/z6delsF1pvYW3ufgf1L538DFQoIApsBAh4BFiEE1HcEDHDCFWpcKYVJu3 6RAUlea/cFAmWnX5AFCQXZ8EUACgkQu36RAUlea/cjVwD+ONjdHM74rAa6EEiiqaPjlptiaZx CVqFYXnib6EbZARkBAPnnR8pW8vCBnDXHKu65jNqwF3aH761NaOqqMFfppg8GzjMEZXEJyxYJ KwYBBAHaRw8BAQdAjX25Fq2Q9IUFeHy6yByIQPBnFOedFliuEiCIUzJsENDCwMUEGBYKAS1HF AAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnwqKWsw56uoWVLIFcs7ZecJ gwpsSNevWCzbviKQ8yRLUCmwK+oAQZFgoAbwWCZXEJywkQdy0WHjXNS4FHFAAAAAAAHgAgc2F sdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnEIJSOxuw2y/UJmg5M3BLpN0JYjODZpXiEVFu 1byARzMWIQR0vATEPYYIS+hnLAZ3LRYeNc1LgQAAsH8BAKg1C5LK/D7pSkXCD+jfTSP+CqM58 iHLjh4vKhpOKsTJAQCHldtEjxJ1ksPTFgG9HihHH7qc6/wvvLw77ETMpwlrAxYhBNR3BAxwwh VqXCmFSbt+kQFJXmv3BQJlp1+rBQkCF4lgAAoJELt+kQFJXmv3ydsA/2roQZ2Jm/7iUrg/2C5 ClWA/xbvPC31LyMkGGH2/rq8tAP9BgqLuCPnNTVPqeX9+9qqMmaFq7wmvjq5I+yycAw9CDc44 BGVxCcsSCisGAQQBl1UBBQEBB0BZMsRrRaaeFSYMF1ZdfRmVgBriDUIr99eDQ085BK14DgMBC AfCwAYEGBYKAG5HFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnsazAWX tEHUPmSTmcRZAIsAsNiO8k0hdjsfRlRVipgJgCmwwWIQTUdwQMcMIValwphUm7fpEBSV5r9wU CZadfqwUJAheJYAAKCRC7fpEBSV5r90AjAPwLgY1iKiFJEj32SVD5f721929l79VxQB5FlQss x1n5kQEA6Uct2tPvbB6T7p5KG3Gl+tbi7oJAuxFmpkpW5/N2Owg=
Date: Wed, 07 Feb 2024 13:41:45 -0500
Message-ID: <87eddoruae.fsf@fifthhorseman.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/sVHVy7QR6uGg4swGGAZo1aX-JW0>
Subject: Re: [openpgp] PQC encryption algorithm selection
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Feb 2024 18:41:54 -0000

On Wed 2024-02-07 17:27:33 +0000, Daniel Huigens wrote:
> I'd assume the requirements are specific to the document,

The IANA registries at https://www.iana.org/assignments/openpgp are not
document-specific.  The document will eventually need to provide
explicit, unambiguous guidance for how IANA should update those tables.

Those tables currently DO NOT have a column listing MUST/SHOULD/MAY for
asymmetric algorithms.

> meaning that if draft-personX-openpgp-algorithmY says that it MUST be
> implemented, that only means that in order for an implementation to
> claim it implements *that draft* it must implement that algorithm, not
> that it must do so in order to claim it implements OpenPGP, right?

If the draft is "OpenPGP", and it obsoletes all previous OpenPGP drafts,
then these are the same thing.  That was true for
draft-ietf-openpgp-crypto-refresh, but this draft won't do that.

If we want to be able to talk about whether some implementation is
conformant to "RFC XXXX" (assuming we can progress this draft all the
way to an RFC) then MUST and SHOULD need to be in the text of the draft,
but not in the registry tables.

I don't think this draft is the right place to add MUST/SHOULD to
existing IANA registry tables.

         --dkg

v2.23.0 | Report a Bug | By Email