IETF Logo Mail Archive

Re: [openpgp] a new draft overlapping the WG draft

Daniel Kahn Gillmor <dkg@fifthhorseman.net> Fri, 07 October 2022 18:30 UTC

Return-Path: <dkg@fifthhorseman.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 67B69C14F73E for <openpgp@ietfa.amsl.com>; Fri, 7 Oct 2022 11:30:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.313
X-Spam-Level:
X-Spam-Status: No, score=-6.313 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, RDNS_NONE=0.793, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=fifthhorseman.net header.b=b1gM9cN6; dkim=pass (2048-bit key) header.d=fifthhorseman.net header.b=M26OI7VI
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VfiJz6G5hars for <openpgp@ietfa.amsl.com>; Fri, 7 Oct 2022 11:29:58 -0700 (PDT)
Received: from che.mayfirst.org (unknown [162.247.75.117]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E6F7CC14CE3A for <openpgp@ietf.org>; Fri, 7 Oct 2022 11:29:55 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019; t=1665167393; h=from : to : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=7mU5rd2Z+BxaJ79gcabr3ZoorERt3luALj2I6/OivU4=; b=b1gM9cN6cCk130ukhwXxMzEoY5XFbav1wEFYokwvu8rHvKs9cBX0sMehcquGsdW1PtONx a//CmCnfeTS0lCUDw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019rsa; t=1665167393; h=from : to : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=7mU5rd2Z+BxaJ79gcabr3ZoorERt3luALj2I6/OivU4=; b=M26OI7VIRw0idjIu0r1TYUKGctATU9aGuAbGncyu1WLRrhmr4c0db5cJn1+2O5jhk7Gk1 s+Z9NbYZolUHak1cUURW4k7WdoTldWt0LlOpiDm3Hd0mYYe8gQH4/53hNOzyMShGooUiP4M lck/YI4M4jICr+88IeSRN4/b1gJix1wZYPlCA9V3RFk09u9dWF773xeW2x8ELtTdT1QpubV BRDD4ga1gBrL13w7vw97KItxmPGX+2ob8QCN/EP0qdy7oPjnBz63o/oMf4E8PcFqCohdsE/ VX8OlDF01y1KjeC4z60dJOcmx3U2E53cOfYLWQ+v2fM0JGt66USIurt5I7jA==
Received: from fifthhorseman.net (lair.fifthhorseman.net [108.58.6.98]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id 9AE58F9AD for <openpgp@ietf.org>; Fri, 7 Oct 2022 14:29:53 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000) id 88DF5209E8; Fri, 7 Oct 2022 14:29:50 -0400 (EDT)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: openpgp@ietf.org
In-Reply-To: <f33b9731-6d89-c3a3-3a44-8682b82aed16@kuix.de>
References: <b8ddeb1e-fdbb-edab-3693-722c9e14f3d8@cs.tcd.ie> <f33b9731-6d89-c3a3-3a44-8682b82aed16@kuix.de>
Autocrypt: addr=dkg@fifthhorseman.net; prefer-encrypt=mutual; keydata= mDMEX+i03xYJKwYBBAHaRw8BAQdACA4xvL/xI5dHedcnkfViyq84doe8zFRid9jW7CC9XBiI0QQf FgoAgwWCX+i03wWJBZ+mAAMLCQcJEOCS6zpcoQ26RxQAAAAAAB4AIHNhbHRAbm90YXRpb25zLnNl cXVvaWEtcGdwLm9yZ/tr8E9NA10HvcAVlSxnox6z62KXCInWjZaiBIlgX6O5AxUKCAKbAQIeARYh BMKfigwB81402BaqXOCS6zpcoQ26AADZHQD/Zx9nc3N2kj13AUsKMr/7zekBtgfSIGB3hRCU74Su G44A/34Yp6IAkndewLxb1WdRSokycnaCVyrk0nb4imeAYyoPtBc8ZGtnQGZpZnRoaG9yc2VtYW4u bmV0PojRBBMWCgCDBYJf6LTfBYkFn6YAAwsJBwkQ4JLrOlyhDbpHFAAAAAAAHgAgc2FsdEBub3Rh dGlvbnMuc2VxdW9pYS1wZ3Aub3JnL0Gwxvypz2tu1IPG+yu1zPjkiZwpscsitwrVvzN3bbADFQoI ApsBAh4BFiEEwp+KDAHzXjTYFqpc4JLrOlyhDboAAPkXAP0Z29z7jW+YzLzPTQML4EQLMbkHOfU4 +s+ki81Czt0WqgD/SJ8RyrqDCtEP8+E4ZSR01ysKqh+MUAsTaJlzZjehiQ24MwRf6LTfFgkrBgEE AdpHDwEBB0DkKHOW2kmqfAK461+acQ49gc2Z6VoXMChRqobGP0ubb4kBiAQYFgoBOgWCX+i03wWJ BZ+mAAkQ4JLrOlyhDbpHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3Jnfvo+ nHoxDwaLaJD8XZuXiaqBNZtIGXIypF1udBBRoc0CmwICHgG+oAQZFgoAbwWCX+i03wkQPp1xc3He VlxHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnaheiqE7Pfi3Atb3GGTw+ jFcBGOaobgzEJrhEuFpXREEWIQQttUkcnfDcj0MoY88+nXFzcd5WXAAAvrsBAIJ5sBg8Udocv25N stN/zWOiYpnjjvOjVMLH4fV3pWE1AP9T6hzHz7hRnAA8d01vqoxOlQ3O6cb/kFYAjqx3oMXSBhYh BMKfigwB81402BaqXOCS6zpcoQ26AADX7gD/b83VObe14xrNP8xcltRrBZF5OE1rQSPkMNy+eWpk eCwA/1hxiS8ZxL5/elNjXiWuHXEvUGnRoVj745Vl48sZPVYMuDgEX+i03xIKKwYBBAGXVQEFAQEH QIGex1WZbH6xhUBve5mblScGYU+Y8QJOomXH+rr5tMsMAwEICYjJBBgWCgB7BYJf6LTfBYkFn6YA CRDgkus6XKENukcUAAAAAAAeACBzYWx0QG5vdGF0aW9ucy5zZXF1b2lhLXBncC5vcmcEAx9vTD3b J0SXkhvcRcCr6uIDJwic3KFKxkH1m4QW0QKbDAIeARYhBMKfigwB81402BaqXOCS6zpcoQ26AAAX mwD8CWmukxwskU82RZLMk5fm1wCgMB5z8dA50KLw3rgsCykBAKg1w/Y7XpBS3SlXEegIg1K1e6dR fRxL7Z37WZXoH8AH
Date: Fri, 07 Oct 2022 14:29:49 -0400
Message-ID: <87tu4fwkpu.fsf@fifthhorseman.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/uFUuus38ucIygm15bh9COKXUTVA>
Subject: Re: [openpgp] a new draft overlapping the WG draft
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Oct 2022 18:30:04 -0000

On Fri 2022-10-07 19:48:39 +0200, Kai Engert wrote:
> For example, would it make sense to call the previous, commonly accepted 
> RFC 4880 as "OpenPGP-v1"

No one is contesting the contents of RFC 4880.  That document is fixed,
and has been public and static since its publication nearly 15 years
ago.

There are many subtle version numbers tucked in various parts of the
OpenPGP specification that make it difficult to call any one particular
thing as "OpenPGP vX", but probably the closest thing would be to call
RFC 4880 "OpenPGP v4", although the v4 key format was first described in
RFC 2440 (the predecessor to 4880).

> and call an upcoming document, potentially based on crypto-refresh, as
> "OpenPGP-v2"?

The document that this WG is chartered to draft is probably best
approximated as "OpenPGP v5", because of its introduction of v5 keys and
v5 signatures.  The crypto-refresh draft also introduces v2 of the SEIPD
(symmetrically-encrypted, integrity-protected data) packet to support
modern AEAD constructions.

And yes, a future with two competing and incompatible claims to "v5"
(for either keys or signatures) would be a disaster for the OpenPGP
ecosystem.

A future where we have two new formats that are incompatible, but are
explicitly differently-versioned and thus detectable seems like slightly
less of a disaster overall, but it would still result in signficant
additional overhead for implementations that have to support multiple
formats.  In addition to the overhead, having many different formats in
the wild that everyone tries to interoperate with also seems likely to
introduce risks of security problems, for example in "cross-grade"
attacks, or in cases where an attacker may be able to select among
formats to target the most vulnerable wire format.

I do hope the community can come together on a single draft based around
a rough consensus.

    --dkg

v2.29.0 | Report a Bug | By Email | System Status