Re: [openpgp] WG Review: Open Specification for Pretty Good Privacy (openpgp)

Bob Hinden <bob.hinden@gmail.com> Fri, 27 November 2020 01:24 UTC

Return-Path: <bob.hinden@gmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D77C3A0DE9; Thu, 26 Nov 2020 17:24:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O4puyAOakYrA; Thu, 26 Nov 2020 17:23:58 -0800 (PST)
Received: from mail-wr1-x42a.google.com (mail-wr1-x42a.google.com [IPv6:2a00:1450:4864:20::42a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0419B3A0DE6; Thu, 26 Nov 2020 17:23:58 -0800 (PST)
Received: by mail-wr1-x42a.google.com with SMTP id s8so3949867wrw.10; Thu, 26 Nov 2020 17:23:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=UMIVlo3O029/VJ/F25qIyNv1O/BqjYIhVWPGD4j3kkE=; b=Tr69z//2KMN+3v0WBGzPkhiewUQDH76b4isjNIi5WWagjo9Z70SVTAn4y01KNBYuEo kGWd5Y/xXDIlSqAnbf4XMDsDjgYQvAcG45tudtQy5IKGpp+owF4lHdr7HwVX/B/ueUIk rJVgcr3cbHfk/tKDBbCWzhN0GMFlal/t+g+jD2RyahMcMEkchrcV83gqa/+KuPJ+W8HG ZP5G3Klq9w0LgJMU5XX6BXG1Csg0Jr/cDAohI8ne9QkAvFozfpAww64yOqY7I/3THUvb iUuz1ycpJbY4JN3YpaQjt/hRYYp1thdqdtgk3at5oABr3MI5HBJ4qXniqG9SZzHmYGJJ /tsw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=UMIVlo3O029/VJ/F25qIyNv1O/BqjYIhVWPGD4j3kkE=; b=bLpEBJAwMA7GOe2tjJuN2ZV4V7+dzf/EtjaisaViOYRmdUr1VjITVb+YecuYddLQOC hdNRau8w3iKtanMVpID8jxuEkdsBlR0XvETPPLFqZUAcVDyPTbAUf6C2+//bdeh1Lbgb phcxy1tJX+TjvWryG1wVyTnuBFEQD7tv1b9lkyfQX7LkgqBvTBb0kwTZh6gw4vxHOmbc OzNXs7X9LnJ2CX4cbp67nd/a4XYPXRcpW7/YdvSkqzSLeK0sM4H2l2rryEeAyc1coN9O 4Wy/olBE0YL3dc4Mopq5KnUTC1ATqXz1lnQvTUG5pZUTJnjd9fefX6G7VGXtl/hs3mBT 0m+g==
X-Gm-Message-State: AOAM532fAL/eSEtFfUiQdONc+iMrbqVAkm+JkUelJvcLEg9m3Q491uPV n2KeeSD9wdN1H5xbH+pPb//w0tuhuRY=
X-Google-Smtp-Source: ABdhPJxPxQv8vb7Ygkw34ak5c2JHRBUZ3DrCipMYZYPGQ5I9xWshNd+S5N4oL0bEPFeS2GCvI1qYLw==
X-Received: by 2002:a5d:530d:: with SMTP id e13mr7250524wrv.92.1606440236046; Thu, 26 Nov 2020 17:23:56 -0800 (PST)
Received: from ?IPv6:2601:647:5a00:ef0b:b872:b82b:94f2:cd46? ([2601:647:5a00:ef0b:b872:b82b:94f2:cd46]) by smtp.gmail.com with ESMTPSA id l23sm10030706wmh.40.2020.11.26.17.23.53 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 26 Nov 2020 17:23:54 -0800 (PST)
From: Bob Hinden <bob.hinden@gmail.com>
Message-Id: <991BC406-84A8-4004-9D04-F5F5FD495159@gmail.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_28272BDC-17D6-4815-8FB2-BCBBD13A9E5B"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.17\))
Date: Thu, 26 Nov 2020 17:23:50 -0800
In-Reply-To: <160643436808.11589.17889575697881704601@ietfa.amsl.com>
Cc: Bob Hinden <bob.hinden@gmail.com>, openpgp@ietf.org
To: IESG <iesg@ietf.org>
References: <160643436808.11589.17889575697881704601@ietfa.amsl.com>
X-Mailer: Apple Mail (2.3445.104.17)
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/wHGUAx6UazTFSVSMzgPJmk3xudY>
Subject: Re: [openpgp] WG Review: Open Specification for Pretty Good Privacy (openpgp)
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Nov 2020 01:24:00 -0000

IESG,

I support forming this proposed working group.  I am a user of PGP and think updating the specification is a good idea.

Bob


> On Nov 26, 2020, at 3:46 PM, The IESG <iesg-secretary@ietf.org> wrote:
> 
> A new IETF WG has been proposed in the Security Area. The IESG has not made
> any determination yet. The following draft charter was submitted, and is
> provided for informational purposes only. Please send your comments to the
> IESG mailing list (iesg@ietf.org) by 2020-12-06.
> 
> Open Specification for Pretty Good Privacy (openpgp)
> -----------------------------------------------------------------------
> Current status: Proposed WG
> 
> Chairs:
>  Stephen Farrell <stephen.farrell@cs.tcd.ie>
>  Daniel Gillmor <dkg@fifthhorseman.net>
> 
> Assigned Area Director:
>  Benjamin Kaduk <kaduk@mit.edu>
> 
> Security Area Directors:
>  Benjamin Kaduk <kaduk@mit.edu>
>  Roman Danyliw <rdd@cert.org>
> 
> Mailing list:
>  Address: openpgp@ietf.org
>  To subscribe: https://www.ietf.org/mailman/listinfo/openpgp
>  Archive: https://mailarchive.ietf.org/arch/browse/openpgp/
> 
> Group page: https://datatracker.ietf.org/group/openpgp/
> 
> Charter: https://datatracker.ietf.org/doc/charter-ietf-openpgp/
> 
> OpenPGP is an Internet standard that covers object encryption, object
> signing, and identity certification. These were defined by the first
> incarnation of the OpenPGP working group.
> 
> The following is an excerpt from the charter of the original incarnation
> of the openpgp working group
> 
>> The goal of the OpenPGP working group is to provide IETF
>> standards for the algorithms and formats of PGP processed
>> objects as well as providing the MIME framework for exchanging
>> them via e-mail or other transport protocols.
> 
> The working group concluded this work and was closed in March of 2008.
> In the intervening period, there has been a rough consensus reached that
> the RFC that defined the IETF openpgp standard, RFC4880, is in need of
> revision.
> 
> This incarnation of the working group is chartered to primarily produce
> a revision of RFC4880 to address issues that have been identified by the
> community since the working group was originally closed.
> 
> These revisions will include, but are not necessarily limited to:
> 
> - Inclusion of elliptic curves recommended by the Crypto Forum
> Research Group (CFRG) (see note below)
> 
> - A symmetric encryption mechanism that offers modern message integrity
> protection (e.g. AEAD)
> 
> - Revision of mandatory-to-implement algorithm selection and deprecation
> of weak algorithms
> 
> - An updated public-key fingerprint mechanism
> 
> The Working Group will perform the following work:
> 
> - Revise RFC4880.  The intent is to start from the current rfc4880bis draft.
> 
> - Other work related to OpenPGP may be entertained by the working group
> as long as it does not interfere with the completion of the RFC4880
> revision. As the revision of RFC4880 is the primary goal of the working
> group, other work may be undertaken, so long as:
> 
> 1. The work will not unduly delay the closure of the working group after
> the revision is finished (unless the working group is rechartered).
> 
> 2. The work has widespread support in the working group.
> 
> These additional work items may only be added with approval from the
> responsible Area Director who may additionally require re-chartering
> for certain work items, as needed.
> 
> Inclusion of CFRG Curves
> -----------------------------
> 
> The Working Group will consider CFRG curves as possible Mandatory to
> Implement (MTI) algorithms.
> 
> Working Group Process
> --------------------------
> 
> The working group will endeavor to complete most if not all of its work
> online on the working group's mailing list. We expect that the
> requirement for face-to-face sessions at IETF meetings to be minimal.
> 
> For the revision of RFC 4880, all changes from RFC 4880, and for other
> work items, all content, require both consensus on the mailing list and
> the demonstration of interoperable support by at least two independent
> implementations, before being submitted to the IESG.
> 
> Furthermore, the working group will adopt no I-D's as working group
> items unless there is a review by at least two un-interested parties of
> the I-D as part of the adoption process.
> 
> Milestones:
> 
>  Jun 2021 - submit RFC 4880 revision to the IESG
> 
> 
> 
> _______________________________________________
> IETF-Announce mailing list
> IETF-Announce@ietf.org
> https://www.ietf.org/mailman/listinfo/ietf-announce