Javascript disabled? Like other modern websites, the IETF Datatracker relies on Javascript. Please enable Javascript for full functionality.

Minutes IETF115: openpgp: Tue 13:00
minutes-115-openpgp-202211081300-00

Versions:

Meeting Minutes		Open Specification for Pretty Good Privacy (openpgp) WG
Title		Minutes IETF115: openpgp: Tue 13:00
State		Active
Other versions		markdown
Last updated		2022-11-08

minutes-115-openpgp-202211081300-00

IETF-115 OpenPGP WG

Co-chairs: Stephen Farrell, Daniel Kahn Gillmor
Notetakers: Aron Wussler, Rick van Rein

Need draft readers; 3 in the room + 1 remote are pretty familiar
with draft-ietf-openpgp-crypto-refresh-06 or
draft-ietf-openpgp-crypto-refresh-07; that is too few.
Volunteers to send more reviews:
- Robin Wilton
- Rick van Rein
- Jonathan Hammell
- Daniel Huigens

Both define a key v5 and sig v5, but are different
Paul: we should not allow IANA registry squatting
Aron: V5 signature and keys are not deployed yet, deconflicting is
not necessary
Daniel: Werner Koch hinted on the mailing list to being open to
changes for keys and sigs, since they are not implemented yet. For
keys and sigs the conflict does not exist yet.
dkg: Proposal to bump PKESK, OPS, Sig, and Keys to v6
Paul: let's not start a race to the latest version
Roman: what's the issue with a "race to the latest version"?
POLL: 13 for moving to v6, 0 against
Daniel: We should still reach out to Werner to ensure that he's not
willing to adapt v5
Action: sftcd to Reach out to Werner about v5 changes

v5 sigs use 16 octet salt, enlarge in preparation of PQ sigs?
Aron: Bind sig salt size to signature hash ID
dkg: Variant: Column in hash algs table, with a length of the salt
for that hash. Introduce new hashes when going PQ (that are the same
as the old ones but with higher collision resistance). Withdrawn.
Options: 1. keep as-is 16 octets; 2. salt size bound to sighashid;
POLL: 15 choose hash-bound salt size; 1 person chooses kee at 16,
because 16 is big enough
Action: Aron volunteers to make a PR for this

v5 sigs over data < 4GiB can be turned into a v3 sig, sometimes also
v4 sig, over subtly different data
cause is in old v3 format (deprecated), a modified v5 can at least
be distinguished from v4
POLL: change v5 signature trailer to avoid aliasing. in favor: 8,
opposed: 2
Action: dkg volunteers to make a PR

to allow separation of applications' uses of OpenPGP
doing this in an interoperable way (registry of known contexts;
definitions of how to derive context string for each context; peer
signalling support) to raises a fair amount of complexity.
If we publish nothing but the "default" context string, that is
similar to what we already have, but interop risks
if a registry of even one context, string derivation, and signalling
mechanism are well-defined, should be easy to adopt a non-default
approach in the future.
Kick this can down the road?
no poll

ECDH and ECDSA pubkeys can move to x-coordinate only
Aron: Opposes, only representational, small savings, but adds
complexity and breaks the previous format
POLL: 0 vote for change 9 votes against, keep the status quo

Aron: I-D is the desired publication format for "specification
required"
Version Numbers and Packet Types are special: RFC required; any type
will do
Guidance for Expert Review: Open, stable, likely to foster
interoperability
Are there registries so small that numbers are scarce? Otherwise
"specification required will do"
Action: Stephen and dkg write a text proposal to capture this

Composite multi-alg (classic+PQC)
Seek input: algorithms, binding sigsaltsize to hash ID, binding
hashfunction to hash ID