Skip to main content

Minutes interim-2023-openpgp-02: Wed 14:00

Meeting Minutes Open Specification for Pretty Good Privacy (openpgp) WG
Date and time 2023-09-27 14:00
Title Minutes interim-2023-openpgp-02: Wed 14:00
State Active
Other versions markdown
Last updated 2023-09-27


OpenPGP Interim 2023-09-27

  • Co-chairs: Daniel Kahn Gillmor, Stephen Farrell
  • Thanks to our note takers: Aron Wussler, Stavros Kousidis

Agenda bashing

  • Justus will also present WoT

Crypto-refresh status

  • AD review, resulting proposed changes available in Gitlab (tagged
    with ad-review)
  • Paul: Wait for further feedback before merging
  • Next steps: once merged, cut a new draft and give it to Roman
  • Timeline: 1-2 weeks
  • Paul would like to have someone else review the changes
  • DKG and Daniel are volunteering to have a look
  • IANA: List all changes (goal is to have an appendix for that)


  • AD asked for specific milestones for rechartered topics
  • Milestones represent the priority of the projects
  • Stephen (Chat): We are looking at a lot of work and should collect
    thoughts as to how to prioritise

Semantics Alignment (Justus Winter)

  • Status Quo in RFC4880 & crypto-refresh
  • Messages are fairly well understood, but keys and signatures aren't
  • We think what should happen are revocations
  • What should be done with certificates containing multiple encryption
    subkeys? We should include guidance for that.
  • There should be guidance on how many subpackets we expect (add


  • Andrew: Parsing depth for ASN1 and tsig?
  • Justus: Verifier could decide on the depth.
  • Stephen: How should this work be done? Base document, seperate
  • Justus: Should be figured out in the group.
  • Andrew: Rule semantics of signatures in a seperate document?
  • Aron: Initiatives should have an order, split people into three
    categories - owners, contributors, reviewers

Post-Quantum Work (Falko Strenzke)

  • We proposed a recharter text on "Addition of PQC to OpenPGP"
  • We have an I-D and a public repository
  • We would like to see our I-D adopted by the WG


  • Aron: We also have running code
  • Stephen: Adressing PQC is a good topic for rechartering
  • Stephen: Discussion of adressing store now, decrypt later (i.e.
    encryption) and (hybrid) signatures during adoption?
  • Falko: Yes, we will keep the discussion about tackling PQC-KEM and
    PQC-DSA for the adoption process

Certificate Directory (Justus Winter)

  • OpenPGP stores keys generally into keyrings, that scales poorly. We
    could define an interoperable key store
  • Various storage solutions for key rings (some proprietary)
  • There has been some effort to use a common certificate store
  • We would like to see applications behave consistently
  • Proposed solution: flat file cert store, inspired by Maildir
  • Have an (expired) I-D and implementations (PGPainless, Sequioa)
  • We would like this work to be adopted
  • Hope for better performance and consistency among OpenPGP


  • DKG: Willing to have the WG change control over the document?
  • Justus: Yes
  • DKG: Willing to propose recharter text?
  • Justus: Yes
  • Stephen: Trust root owner of cert store or operating system to
    distribute trust root?
  • Justus: Various conceivable possibilities.
  • Stephen: Topic to be discussed.
  • Jonathan: Is this about interop between programs? How is
    sub-indexing planned?
  • Justus: reduce vendor lock-in. There is an extension for
  • Jonathan: How is the problem with having too many files in a folder
  • Justus: We solved the folder scalability looking at Git
  • DKG: As a WG we can work on a file storage format too

Web of Trust (Neal Walfield) (Presented by Justus)

  • Justus: OpenPGP supports third party certifications, delegation,
    partial trust and scoping
  • It is not defined how to authenticate User IDs
  • OpenPGP WoT defines a network, not just a tree like x509
  • Authentication provides also context
  • Modus Operandi: P2P, Federal, Centralized, WoT calculus
  • Trust should be a "Maximum Flow Model",
  • There is a draft (not in datatracker) and 2 implementations

OpenPGP Miscellany (Daniel Kahn Gillmor)

  • DKG: This is a collection of open issues, that I'm not gonna be
    author of

OpenPGP revocation:

  • What is revocation and what does it mean?
  • I-D available that tries to narrow down use cases for revocation
  • Goal is to try to standardize what we think about revocation and how
    it should be done

First party approval of third party certifications

  • Problem is fairly well understood
  • There is an I-D

UserID conventions

  • We define a standard, but don't follow it
  • I-D about what the convention actually is

PGP/MIME multipart signed

  • No way to do one pass way to do signature verification of v6 sigs in
    mime context, the salt is known beforehand
  • Can a salt be added to the MIME header?
  • No draft


  • Basis of the interop test suite while being minimalist
  • There is a draft
  • Several implementations
  • Handful of extension proposals


  • DKG: How could SOP work as a WG draft?
  • Aron: Living document or could be part of the community work
  • DKG: Do you think it's relevant to have SOP as part of the process
    of implementing new features
  • Aron: Yes, but it should be in a single draft, not in bits and
    pieces over the various drafts
  • Jonathan: Are there any SOP implementations at present that can use
    a hardware backed key?
  • DKG: The WG could push on how to identify.

Charter text considerations

  • Result: Positive 9, Negative 0, 13 in the room
  • Daniel Huigens: Suggest to drop the one-pass processing of
    multipart/signed messages, unless anyones uses that, but am not
    opposed to anything else
  • Aron: Who is willing to work on what and is willing to review
    (proposal: prioritise according to the number of people who are
    willing to work on a topic)
  • Daniel: Some items already have a draft, and I sorted them by
    percieved priority
  • Jonathan (Chat): It seems like topics such as PQC are higher
    priority, as it'll take time for implementations to support them.
  • Stephen: Would it be possible to have a broad charter then limiting
    the number of adopted initiatives?
  • Aron: I like it
  • Stavros: Funding from the BSI for the current project on PQC in
    OpenPGP will finish in about 1.5y, so it would be useful to charter
    it now
  • Andrew: I would also like to work on the background on some projects
  • Stephen: This could also be done in individual drafts
  • Daniel: Asking for the favourite topics may lead on very different
    answers, everyone betting on their own interest. What about we try
    to complete what's closer to the finish line? The PQC draft e.g. is
    already far advanced. Maybe sort by dates when we think things can
    be finished and put an infinite date on things that haven't really
    started yet (e.g. no draft so far)
  • DKG: Milestones can be changed without changing the charter
  • Stephen: DKG and I will propose a way to poll the WG to see if we
    have rough consenus on which topics to prioritise and follow up in
    the next week on the list


Existing Drafts