IETF Logo Mail Archive

[openpgp] Re: WGLC for draft-ietf-openpgp-pqc [was: Re: I-D Action: draft-ietf-openpgp-pqc-08.txt]

Aron Wussler <aron@wussler.it> Thu, 08 May 2025 08:58 UTC

Return-Path: <aron@wussler.it>
X-Original-To: openpgp@mail2.ietf.org
Delivered-To: openpgp@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 1EA1D2648C92 for <openpgp@mail2.ietf.org>; Thu, 8 May 2025 01:58:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=wussler.it
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WyvT2XlQPlhH for <openpgp@mail2.ietf.org>; Thu, 8 May 2025 01:58:06 -0700 (PDT)
Received: from mail-24422.protonmail.ch (mail-24422.protonmail.ch [109.224.244.22]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 4DBC52648B8C for <openpgp@ietf.org>; Thu, 8 May 2025 01:57:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wussler.it; s=protonmail2; t=1746694656; x=1746953856; bh=jXr2nr8vDiwa5tGOjR/jCzWgDN/9G98V/S66XHOSq+o=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector:List-Unsubscribe:List-Unsubscribe-Post; b=mPIQs4g09vgMCN0affoRaEYO4ZsfgWMm294jg93OdTjzkRL5yPevBYyiqh77k8EFn mTy2Y5scK2ThQZ2ELk1f1joHhWPFrJv2MXLbNYkVbDwREGLxK/GD46rh2q8T3G8iCo BEZFBcgLbR/T7ZSFjhqyRpfsdsHO1nwfK3+doixqNKP+wECSeqFDNK7/fgS/2p80PC e0xgi65sHIcvHaEyXu1yy0dJH0VosPeBCIIdGKxFIMLo8DTdpxphMlFuvka1JcH+Q+ 3kEyirD6FBnLDebz4+FRq1DTI2p6w+hMLJDNslmIt1PfK1RHbPfoPWcpq/nsV6joBf tc2sg7pnf3ejQ==
Date: Thu, 08 May 2025 08:57:30 +0000
To: Daniel Huigens <d.huigens=40protonmail.com@dmarc.ietf.org>
From: Aron Wussler <aron@wussler.it>
Message-ID: <QaP8eC7kShQ4wP25aIZPw-3iXIZByHmpa9X30EG1t0NuV8iTXKqsgYdTp5AKSLB5jho_NdgTjppUmaBI8kThnvpkp8moB8-Fp2XWLOuA9oA=@wussler.it>
In-Reply-To: <tjL4ynTE9NJFn8rNxUVyb2s-NxorQ_1GKD4SHCl6DgFRSsb9A05B4Oq9PZMqTUYc7jTxb3pf-d_CkcrrAIDoFwv1QJIIbGfMjhj7Md6fyQo=@protonmail.com>
References: <174470653269.1286532.14892820163225351018@dt-datatracker-64c5c9b5f9-hz6qg> <LSicuu3DyGQdz5FlANti-HGJ6GuAucc5BKufbsCa603EsSZ0q1XMXYvt_OubLd0UQkg0gh2F--9y9WpoqWfQu5XU-KEcJ15GG66cSFk9ByU=@wussler.it> <87wmblcr8i.fsf@fifthhorseman.net> <a2fa1a9b-7094-4487-a014-c3e623fec8ad@posteo.de> <tjL4ynTE9NJFn8rNxUVyb2s-NxorQ_1GKD4SHCl6DgFRSsb9A05B4Oq9PZMqTUYc7jTxb3pf-d_CkcrrAIDoFwv1QJIIbGfMjhj7Md6fyQo=@protonmail.com>
Feedback-ID: 10883271:user:proton
X-Pm-Message-ID: 79e3fc03f32ef63d873160c121c6d40669bcdec6
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="pgp-sha512"; boundary="------fdefd8d1f0357679249f4780a6bcdb981df54f80dda146d0acfd0da4e4b58747"; charset="utf-8"
Message-ID-Hash: XNI2RQGNNWQUOB4Z7XNRTEZYACIQ2AFO
X-Message-ID-Hash: XNI2RQGNNWQUOB4Z7XNRTEZYACIQ2AFO
X-MailFrom: aron@wussler.it
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-openpgp.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Heiko Schäfer <heiko.schaefer@posteo.de>, openpgp@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [openpgp] Re: WGLC for draft-ietf-openpgp-pqc [was: Re: I-D Action: draft-ietf-openpgp-pqc-08.txt]
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/sm6i5W_0akTu_cvMappf4fCGK3A>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Owner: <mailto:openpgp-owner@ietf.org>
List-Post: <mailto:openpgp@ietf.org>
List-Subscribe: <mailto:openpgp-join@ietf.org>
List-Unsubscribe: <mailto:openpgp-leave@ietf.org>

Hi everyone,

After gathering all the feedback, we decided to simplify the guidance, and consistently remove the remaining statements regarding sub-key selection.
This is reflected in the editor copy [1].

The test vectors have also been accordingly updated as announced last week.

We thank the people involved in this discussion and ask them to review this change.

Cheers,
Aron

[1] https://openpgp-pqc.github.io/draft-openpgp-pqc/draft-ietf-openpgp-pqc.html

--
Aron Wussler
Sent with ProtonMail, OpenPGP key 0x7E6761563EFE3930



On Tuesday, 6 May 2025 at 11:12, Daniel Huigens <d.huigens=40protonmail.com@dmarc.ietf.org> wrote:

> Hi Heiko,
> 

> On Friday, May 2nd, 2025 at 16:23, Heiko Schäfer wrote:
> 

> > I'll note that while this is not ideal for all scenarios, migrating to
> > post quantum encryption is possible without further clarifying subkey
> > selection, as follows:
> > 

> > 1. Adding a PQC subkey
> > 2. Observing that this subkey is being (either exclusively or
> > additionally) encrypted to by all relevant peers, and then
> > 3. Decomissioning any pre-PQC encryption subkeys (by expiration or
> > revocation).
> 

> 

> Section 8.3, option 2 seems to imply that it should be possible to
> achieve post-quantum encryption security from new implementations
> while being backwards-compatible with implementations that don't
> support PQC:
> 

> > Implementations understanding PQ(/T) will be able to parse and use the
> > subkeys, while PQ(/T)-incapable implementations can gracefully ignore
> > them.
> 

> 

> Revoking or expiring the old subkeys obviously makes the certificate
> backwards-incompatible. So, I still think there's a contradiction
> between what the draft says and what's actually possible when using
> (2 out of 3 of) the current implementations of the draft.
> 

> Best,
> Daniel
> 

> _______________________________________________
> openpgp mailing list -- openpgp@ietf.org
> To unsubscribe send an email to openpgp-leave@ietf.org

v2.31.3 | Report a Bug | By Email | System Status