Re: [openpgp] Requesting the editor to step down

Justus Winter <justuswinter@gmail.com> Tue, 21 April 2020 09:46 UTC

Return-Path: <justuswinter@gmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F2B873A0B31 for <openpgp@ietfa.amsl.com>; Tue, 21 Apr 2020 02:46:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.198
X-Spam-Level:
X-Spam-Status: No, score=-0.198 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aRT2g80G3xmU for <openpgp@ietfa.amsl.com>; Tue, 21 Apr 2020 02:46:37 -0700 (PDT)
Received: from mail-wr1-x431.google.com (mail-wr1-x431.google.com [IPv6:2a00:1450:4864:20::431]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 238FE3A0B2C for <openpgp@ietf.org>; Tue, 21 Apr 2020 02:46:37 -0700 (PDT)
Received: by mail-wr1-x431.google.com with SMTP id x18so15743189wrq.2 for <openpgp@ietf.org>; Tue, 21 Apr 2020 02:46:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:in-reply-to:references:date:message-id :mime-version; bh=/vjqUdL9xBxSfQdAgl7qX1fFFjRe75XIF8ZT4mM6t7o=; b=BN+vOnT7UFWxDTASr+2755V2A/pV50L059QTv4fBLoaT2emXZTSxB0gIiBy19Yy/U6 RhQ/DhDT5neHsJtUA5/n7YJSEl53D2jIw6VzEB6LuJFLNs6cj+MIbgNRkoFvXyNYj0Q/ WCLY0eVV73NEq4Ezn01W37h9vfwNpHDmGtvJJLXmWRA3mWcgjroMtURn2ontU9YMb3+l 7dfeKdqI/FbHg005nXuRH80XRT4L9r/or2mnFAq05ZVZRT9kxU90lYexHaGyiPQyOLYG fsZjKjvJXULtyVpRnxij0esIs+GiuptlZifxTd8vfSOY3rRsJ8UhzlD5Yrhj/noDJ1mK B8hA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:in-reply-to:references:date :message-id:mime-version; bh=/vjqUdL9xBxSfQdAgl7qX1fFFjRe75XIF8ZT4mM6t7o=; b=dpCGaQHah5fc7b9AGaHhQU2EjP0io0LY9lQgjVOKF1/Yt6n9IG+AFdcOTxunkrXtB2 DHxYp9VlE2iS8T6IF9ilueaJ+YjjmcXJwvePVpdnLcWf7Z4Yl2DgyJBQRzUlSqx3aiAn IkXYuHdNHb2hkAj0MXtFagh/oLl0ELxKWEiaZNWBGOSYKCcNIeO9Z3/pDm6j+YvHS99V vAdh0btwD8ZdelVQ0GpuLuMN4CYxgwWASbTqVR4Kch5xrtE3FSP6M6Pyy6jbf0DXxeKw Noxzy0JRuuPMUD7smNA7CIBfG9TNjVyVym/4zf8ucwmTE+XwqrKy1agxt1X/2zCnXOjj HSKA==
X-Gm-Message-State: AGi0PuboPlnvr5IkRCspvOtExLDWqWc/NYEKQHhSGnuyfisGty3K01Dn ggH8IepMwFanPPFxofgYDws=
X-Google-Smtp-Source: APiQypLzgRlQE8HY2b2Sg7BaPLnRnJp2mGxrVyzxni831R7DijXqDJAm/z8eTFMd4z8jDGU8LDIE8w==
X-Received: by 2002:adf:8441:: with SMTP id 59mr24383641wrf.237.1587462395693; Tue, 21 Apr 2020 02:46:35 -0700 (PDT)
Received: from localhost (port-92-193-36-215.dynamic.as20676.net. [92.193.36.215]) by smtp.gmail.com with ESMTPSA id z16sm3171575wrl.0.2020.04.21.02.46.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 21 Apr 2020 02:46:34 -0700 (PDT)
From: Justus Winter <justuswinter@gmail.com>
To: Werner Koch <wk@gnupg.org>
Cc: "openpgp\@ietf.org" <openpgp@ietf.org>
In-Reply-To: <871roi5y5f.fsf@wheatstone.g10code.de>
References: <3J6ZOTPGPXG6Y.2JRNW7TO2C5HZ@my.amazin.horse> <B74328A2-2CC0-4D0A-8C07-E9D52DCC46B3@ribose.com> <871roi5y5f.fsf@wheatstone.g10code.de>
Date: Tue, 21 Apr 2020 11:46:33 +0200
Message-ID: <87zhb51892.fsf@europa.jade-hamburg.de>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/v2HdC-Z9i5J5i_M5s6rH-LrhQ3U>
Subject: Re: [openpgp] Requesting the editor to step down
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Apr 2020 09:46:51 -0000

Werner,

Vincent expressed concerns about *how* you fulfilled the role as the
editor, not *what* you did as editor.  Your response is only about
technical details.

Werner Koch <wk@gnupg.org> writes:

> On Fri, 17 Apr 2020 10:35, Ronald Tse said:
>
>> The said issues would be better resolved by finalizing the RFC 4880bis
>> document and publishing it.
>
> Except for some unimportant details we already had rough consensus on
> the I-D a long time ago.  There are even at least 3 interoperable
> implementations of the new features.

There is clearly no consensus, not even a rough one, on key aspects of
the draft.  The fact that there are multiple implementations supporting
the features of said draft does not change that.

On the contrary: The official appearance of the draft and the fact that
the main author and editor of that draft also controls the most widely
used implementation is a strong incentive to implement it.  As an
implementation, you need to be compatible with GnuPG, whatever it does.
If GnuPG starts emitting something, you should better be ready to
consume it, otherwise your users will assume that your implementation is
faulty.  But, that is not consenting, that is being bullied.

From the top of my head, areas of major contention are the scope of
changes and AEAD.

> With the attacks on the keyserver in the last summer there was the idea
> to add countermeasures to the I-D.  They are now specified (attestation
> key signatures) and I am not aware of technical problems with that
> proposal.

Vincent mentioned a major technical problem with this: What is supposed
to be hashed for attestation signatures differs from all other
signatures.  There is no motivation given for this.  This either needs
to be aligned with how other signatures are computed, or properly
motivated.

> Right, the Key Block subpacket[1] has not yet been discussed but I hope
> this is non-controversial because it is another workaround for the
> keyserver problems and allows for better decentralized use.

Have you considered discussing this with us?

For the record, this idea has been discussed on this list before [0],
and there were concerns raised in that thread.

0: 87ef6v71jm.fsf@europa.jade-hamburg.de


All the best,
Justus