IETF Logo Mail Archive

[openpgp] Re: WGLC for draft-ietf-openpgp-pqc [was: Re: I-D Action: draft-ietf-openpgp-pqc-08.txt]

Daniel Huigens <d.huigens@protonmail.com> Tue, 06 May 2025 09:12 UTC

Return-Path: <d.huigens@protonmail.com>
X-Original-To: openpgp@mail2.ietf.org
Delivered-To: openpgp@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 89D792543FB7 for <openpgp@mail2.ietf.org>; Tue, 6 May 2025 02:12:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=protonmail.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eFl8zQC4nsJs for <openpgp@mail2.ietf.org>; Tue, 6 May 2025 02:12:43 -0700 (PDT)
Received: from mail-24417.protonmail.ch (mail-24417.protonmail.ch [109.224.244.17]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 7C6F52543FAC for <openpgp@ietf.org>; Tue, 6 May 2025 02:12:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1746522762; x=1746781962; bh=9OSyx9WWpuRgYYmQDYd2ToC4m+n3Ca2lMFSj+tRJ3Ys=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector:List-Unsubscribe:List-Unsubscribe-Post; b=CcYv2IJH0cUUOkDpTH8aLR/7lQc/swgyY8q4IVimqPi8FubET/QqFWUQnUOxn5Zy3 GGbsdpgC+9CoO/aeC6X5NFMwgr8fb+CeZcEtUXrZYuV0ztzzTQm1QM8HxJgSy5lMU8 W4BV6emX6iP8Wp6BgkgE3TTYwAfB1eh9tYv+4A2dpfdbWqni4ho5j8nq4Papp1POVe FRPn6jy8RY8Olr7bGwXuVZOlWQ9de/zHPtgqDARXVlL/MbkDxb9sq1nkED41+GOiMA YXH7qYbu8I38YlvlF6tdrhJndy4wQAsDFfEuE5cIcDbuhy6+Got/hJduDTUrupR3Dg n5e0T0IFAb5kQ==
Date: Tue, 06 May 2025 09:12:37 +0000
To: Heiko Schäfer <heiko.schaefer@posteo.de>
From: Daniel Huigens <d.huigens@protonmail.com>
Message-ID: <tjL4ynTE9NJFn8rNxUVyb2s-NxorQ_1GKD4SHCl6DgFRSsb9A05B4Oq9PZMqTUYc7jTxb3pf-d_CkcrrAIDoFwv1QJIIbGfMjhj7Md6fyQo=@protonmail.com>
In-Reply-To: <a2fa1a9b-7094-4487-a014-c3e623fec8ad@posteo.de>
References: <174470653269.1286532.14892820163225351018@dt-datatracker-64c5c9b5f9-hz6qg> <LSicuu3DyGQdz5FlANti-HGJ6GuAucc5BKufbsCa603EsSZ0q1XMXYvt_OubLd0UQkg0gh2F--9y9WpoqWfQu5XU-KEcJ15GG66cSFk9ByU=@wussler.it> <87wmblcr8i.fsf@fifthhorseman.net> <a2fa1a9b-7094-4487-a014-c3e623fec8ad@posteo.de>
Feedback-ID: 2934448:user:proton
X-Pm-Message-ID: c6679af3a8717bad08ad94bf27c315c251d7d88e
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: 2NZJU3PDE2DAMYLDYP5TVWVHIDDOWM45
X-Message-ID-Hash: 2NZJU3PDE2DAMYLDYP5TVWVHIDDOWM45
X-MailFrom: d.huigens@protonmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-openpgp.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: openpgp@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [openpgp] Re: WGLC for draft-ietf-openpgp-pqc [was: Re: I-D Action: draft-ietf-openpgp-pqc-08.txt]
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/w80PEDlJmP80OjE6lwlA4HR1awM>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Owner: <mailto:openpgp-owner@ietf.org>
List-Post: <mailto:openpgp@ietf.org>
List-Subscribe: <mailto:openpgp-join@ietf.org>
List-Unsubscribe: <mailto:openpgp-leave@ietf.org>

Hi Heiko,

On Friday, May 2nd, 2025 at 16:23, Heiko Schäfer wrote:
> I'll note that while this is not ideal for all scenarios, migrating to
> post quantum encryption is possible without further clarifying subkey
> selection, as follows:
> 
> 1. Adding a PQC subkey
> 2. Observing that this subkey is being (either exclusively or
> additionally) encrypted to by all relevant peers, and then
> 3. Decomissioning any pre-PQC encryption subkeys (by expiration or
> revocation).

Section 8.3, option 2 seems to imply that it should be possible to
achieve post-quantum encryption security from new implementations
_while_ being backwards-compatible with implementations that don't
support PQC:

> Implementations understanding PQ(/T) will be able to parse and use the
> subkeys, while PQ(/T)-incapable implementations can gracefully ignore
> them.

Revoking or expiring the old subkeys obviously makes the certificate
backwards-incompatible. So, I still think there's a contradiction
between what the draft says and what's actually possible when using
(2 out of 3 of) the current implementations of the draft.

Best,
Daniel

v2.31.3 | Report a Bug | By Email | System Status