IETF Logo Mail Archive

Re: [openpgp] Guidance for Designated Expert?

Paul Wouters <paul@nohats.ca> Wed, 08 February 2023 02:03 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 66330C15256B for <openpgp@ietfa.amsl.com>; Tue, 7 Feb 2023 18:03:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.094
X-Spam-Level:
X-Spam-Status: No, score=-2.094 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tMBs8oydlv1v for <openpgp@ietfa.amsl.com>; Tue, 7 Feb 2023 18:03:02 -0800 (PST)
Received: from mx.nohats.ca (mx.nohats.ca [IPv6:2a03:6000:1004:1::85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7171AC14CE52 for <openpgp@ietf.org>; Tue, 7 Feb 2023 18:03:02 -0800 (PST)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 4PBNYv130rzCyP; Wed, 8 Feb 2023 03:02:59 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1675821779; bh=oyz/wECy1e0TKLlgqF74k6fdm8c5JYgZaRLtwhjrRuY=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=eMUUGhHDgmxtWfm1/UqWqtSfQMLjR2upCWeCQFv9R6watb6emJoaS+HzM9/MXsyKz vwXdBnCZrEI/MaC8iTA5FOgIegdhMFBurqUYRhhScNFPGIFsCxVqTKcbzx8hbfKS42 8zI0N0eG7ZNJuxQwgz45VmueUz+jPORwSKjs6K8c=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id pvYgg1mXVWvI; Wed, 8 Feb 2023 03:02:57 +0100 (CET)
Received: from bofh.nohats.ca (bofh.nohats.ca [193.110.157.194]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Wed, 8 Feb 2023 03:02:57 +0100 (CET)
Received: by bofh.nohats.ca (Postfix, from userid 1000) id 0094868FB82; Tue, 7 Feb 2023 21:02:56 -0500 (EST)
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id F209568FB81; Tue, 7 Feb 2023 21:02:56 -0500 (EST)
Date: Tue, 07 Feb 2023 21:02:56 -0500
From: Paul Wouters <paul@nohats.ca>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
cc: openpgp@ietf.org
In-Reply-To: <87sffhkvjb.fsf@fifthhorseman.net>
Message-ID: <ad3d14d0-e876-060f-38d6-e3c43a6601ce@nohats.ca>
References: <87v8kgm3ah.fsf@fifthhorseman.net> <87sffhkvjb.fsf@fifthhorseman.net>
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="US-ASCII"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/ybft6L9iYNHdupF-uWa0vg_wgPo>
Subject: Re: [openpgp] Guidance for Designated Expert?
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Feb 2023 02:03:07 -0000

On Tue, 7 Feb 2023, Daniel Kahn Gillmor wrote:

> I've just knocked together
> https://gitlab.com/openpgp-wg/rfc4880bis/-/merge_requests/232, which
> adds text to the IANA considerations section:
>
> ------------
> --- a/crypto-refresh.md
> +++ b/crypto-refresh.md
> @@ -3331,6 +3331,31 @@ Because this document obsoletes {{RFC4880}}, IANA is requested to update all reg
> OpenPGP is highly parameterized, and consequently there are a number of considerations for allocating parameters for extensions.
> This section describes how IANA should look at extensions to the protocol as described in this document.
>
> +Most of these registries have been moved the SPECIFICATION REQUIRED method.

Most registries have been updated to use a Specification Required policy.

> +As indicated in {{RFC8126}}, the designated expert is expected to ensure that a clear and detailed specification capable of producing interoperable implementations is permanent and readily available.
> +Because interoperability in the store-and-forward domains where OpenPGP most often used is made more challenging by combinatorial explosions of options, and because many of these registries are limited in size, the designated expert is expected to minimize codepoint squatting and vanity registrations by taking the following steps:
> +
> +- Ensure that the specification is concretely useful.
> +  Does a clear use case exist?
> +  Is that use case *not* handled by any existing mechanism in OpenPGP?
> +  Is the referenced specification fit for purpose for that use case?

I don't think these are very relevant for specification required. All
that is really needed is that the specification is complete enough for
implementors to be able to implement this. Whether a "use case" is
covered or not is very subjective.

> +- Ensure that the specification is complete.

Right.

> +  Does it describe the expected semantics or behavior when the proposed codepoint is present?
> +  (For example, when adding a new elliptic curve, are all tables referencing the curve populated as expected?)

Makes sense, although it feels like just an example of "specification is
complete"

> +  Do the expected semantics or behavior when the codepoint is *not* present conform to existing baseline deployments?
> +  Does the specification identify *where* the codepoint is expected to be observed?
> +  (For example, when designating a new signature subpacket, does the specification indicate which types of signature it is to be found in?)
> +  Does the specification clearly identify the expected semantics or behavior when the code point is observed in unexpected places?

I am not sure about these. I would probably formulate it more
generically. Eg If the code point is a modular extension that adds a new
feature that is okay. If the code point would modify existing behaviour,
it should probably be IETF stream RFC required. (eg if it Updates: the
core spec by modifying its behaviour)

> +- Ensure that the specification and its use case is not contradictory to existing registered codepoints.

I don't know what this really means.

> +  Can the the specification or its deployment produce confusion or interoperability failures when it is observed in combination with some other mechanism in OpenPGP?

This comes down to the above. If it is a modular extension, a new
feature that is independent of the existing features, or just a new
algorithm or cipher, then it would be fine. This would not require
Update:ing this draft. If it wants to update this draft, it must be
by standards action RFC required.

> +- Ensure that any registered algorithms meet the security requirements of the community and the message structures for which they are proposed to be used.
> +  When a novel cryptographic approach is considered, is it strong enough to be worth deploying?
> +  Are there enough diverse expressions of interest to determine a sense of the security needs of the community that would adopt the feature?
> +  Does the proposed algorithm meet those security needs?

I'm not sure I agree with all of this. For example "requirements of the
community" might be hard for nation state ciphers, where the community
doens't really see a point or cannot prove it means any security
standard. If Wakanda wants its vanity cipher Foo, and we have no idea
about Foo's security properties, we should still let them have the
code point and use it.

Paul

v2.39.1 | Report a Bug | By Email | System Status