[openpgp] Re: WGLC for draft-ietf-openpgp-pqc [was: Re: I-D Action: draft-ietf-openpgp-pqc-08.txt]

[Heiko Schäfer <heiko.schaefer@posteo.de>]

Hello Aron, all,

> After gathering all the feedback, we decided to simplify the guidance, and consistently remove the remaining statements regarding sub-key selection.
> This is reflected in the editor copy [1].

I agree with removing guidance, while consensus is clearly not in 
immediate reach.

Thank you for diligently working towards getting this draft out the door 
soon! I look forward to seeing it finalized.
> We thank the people involved in this discussion and ask them to review this change.

I'm happy with the draft, as is. But I do wonder idly if it would be 
possible and useful to add some kind of informational text that 
clarifies that senders can consider encrypting only to PQ(/T) keys to 
achieve post-quantum security, when a sender encounters a case where it 
finds this possible.

Just to state, in the most general of terms, that senders *can* apply 
such policy decisions, and might want to.
But without prescribing any particular approach.

Thanks,
Heiko


PS: FWIW, in the experimental "rsop-pqc" implementation, I have decided 
to adjust key selection for encryption as follows:

For each recipient certificate, if any valid PQC encryption keys exist, 
rsop now encrypts only to the set of valid PQC subkeys, while ignoring 
any non-PQC subkeys.

While this is somewhat arbitrary, and I look forward to one day 
implementing official guidance instead, this seems like a reasonable 
interim solution. I assume most recipients will want this kind of 
approach to be taken.