Skip to main content

Minutes IETF117: openpgp: Fri 19:00

Meeting Minutes Open Specification for Pretty Good Privacy (openpgp) WG
Date and time 2023-07-28 19:00
Title Minutes IETF117: openpgp: Fri 19:00
State Active
Other versions markdown
Last updated 2023-08-07


OpenPGP at IETF 117

Administrivia (chairs, 5)

Agenda bashing


Status of the Crypto Refresh (chairs) (10 minutes)

Daniel Kahn Gillmor (DKG, chair) presents. AD review in progress.

Rechartering Topics

We are close to completing our charter. Do we declare the charter done
and close the WG, or do we recharter?

DKG: Open question: does anyone actively want this WG to close?
Nobody spoke.

Roman Danyliw (Roman): there is a link between OpenPGP and the new
KeyTrans WG which is in the process of chartering. Participants of this
WG are encouraged to review the proposed KeyTrans charter.

DKG: Charter revisions welcome as merge requests in

Stephen Farrell (SF, chair): goal: have the new charter active for the
Prague meeting (assuming everything goes smoothly and there is no
substantial debate about the re-charter)

Mallory Knodel: We have just done a big bis doc; are these additional
topics another big bis, or are they standalone extensions.
DKG: it varies by proposal, but they are largely all extensions that
can be worked on in parallel.

Post-Quantum Cryptography in OpenPGP (Falko Strenzke) (10 minutes)

Orie Steele: You only have hybrid PQC (lattice) algs. Are you
considering pure PQ codepoints; that would align better with the alg
registries in COSE.
Aron Wussler (Aron): We have alined these algorithm choices with the
parallel drafts in LAMPS and we feel this is the right decision given
that OpenPGP and S/MIME are more closely aligned than OpenPGP and COSE /
JOSE. Of course this is open to discussion.

SF: Would need charter text.

Stateless OpenPGP Interface ("SOP")

DKG presents.
DKG: It would be nice to get some feedback if this is a good idea since
this comes from a chair
Paul Wouters (Paul): Yes, I think it's a good idea
Aron: Also good idea

Automatic Forwarding for ECDH Curve25519 OpenPGP messages (Aron Wussler) (10 minutes)

DKG: I have some concerns about making sure the forwarded messages are
correctly displayed
Aron: We have introduced the key usage flags to ensure MUA displays
this forwarding warning

Persistent Symmetric Keys in OpenPGP (Daniel Huigens) (10 minutes)

Philip Hallam-Baker: this is good to do. You should also include a
hybrid mode where you have a persistent symmetric key that you hybrid
with an asymetric. (similar to channel binding concept)

Referred to list for discussion.

Other Rechartering Topics:

DKG presents.

"Attestation Signatures"

Mike Ounsworth: this name-collides with the RATS-style attestation.
DKG: Right, this means you are "attesting" to the content, not to the
hardware that stores the private key. Open to using a different word.
Orie: "endorsement"?
Corey Myers: “Consent”- or “invitation”-based certification?

Aron: I have proposed to put a scheduled deprecation (sunset) date on
algorithms, like "we need to stop using this alg by 2050".

  • DKG: Might be a broader IETF conversation.

Orie: on the KeyTrans topic. PGP has come up a lot in related
discussions (ex. SCITT) for securing supply-chain things that are
already code-signed with pgp. If you search the SCITT list for "pgp"
there may be topics of interest to this group. The SCITT list could use
some pgp enthusiasts as advocates.

Daniel: I also think that forward secrecy is an open criticism to
OpenPGP and we should address it

SF: I'd like to have some more attention to the first point, QR codes
and UX to compare keys

  • Daniel: there is a concrete URL scheme for v4 fprints in URL
    (OPENPGP4FPR prefix)

Mallory: (in ref to the "Fingerprint Human Interface from slide 10"):
there is overlap with KeyTrans, so the KeyTrans item may take care of
some of the items on that line.

Paul: Since it's a QR code we just need to specify how it's formatted,
not UI
DKG: Some expectations on UI need to be envisioned
Paul: This is still not UX design

Roman: if we are concerned about getting it right, then who would we
need to loop in?

Pieter Kasselman: If you are going to give guidance about QR codes than
you should consider device theft and cross-device phishing attacks.
Cross-device security BCP:

Orie: If WoT also comes up in SCITT there is some overlap between this
and KeyTrans. We'll need to determine a mapping, i.e. where are UserIDs
published. If you're creating discoverable identifiers, you need to also
solve this issue, and you could group it together.

DKG: Sequoia has done some WoT work, e.g., and there is also the
OpenPGP-CA project

Aron: Determining the mapping user ID <=> authority is clear for WKD,
but not for distributed systems as HKP

Aron: i'd also be interested in something like WKD v2, etc, but i'm
overloaded with other OpenPGP work.

Mike: Having volunteers is not a pre-requisite to put something in the

  • SF: But we also need to make sure it's achiavable
  • Roman: Don't forget the milestones, which can be used to structure
    the order in which the WG will work on stuff.

DKG: We'll need suggested charter text to put any of these topics
explicitly in scope.

Replacement for Designated Revoker

Complexity with Intended Recipients

Domain separation

Key Superseded

Attestation Signatures, a.k.a. "1PA3PC"

PGP/MIME guidance for v6 signatures

WoT: Trust Signatures, Regex subpackets, Validation constraints, Certification capable subkeys

Any Other Business