OpenPGP WG at IETF 112

Date: 2021-11-10, Wednesday Session I

Time: 12:00 to 14:00 UTC


20 min: Paul Wouters: Summary of recent changes in crypto-refresh draft

20 min: Daniel Huigens: Upcoming MTI choices, and what is left before "done"

20 min: Daniel Kahn Gillmor: SOP background (unchartered, but useful for demonstrating interop)

20 min: Justus Winter: Interop test suite; testing new features


Notetaker: Jonathan Hammell

Administrivia and agenda bash

Design team has been making good progress. Membership is closed, but mailing list for design team is open at

No agenda changes.

Crypto-refresh draft (Paul Wouters)

Work on the draft is being carried out here:

No questions or comments.

MTI Choices (Daniel Huigens)

Jonathan Hammell: Post-quantum algorithms were mentioned as being something to look at in the future. Will you publish this refresh draft first, or hold for after the NIST PQC Process to publish.

Daniel: We do not expect to hold publication until after the NIST PQC standards are complete, so it would be a future draft.

Quynh Dang: There were comments in the chat regarding FIPS validation. FIPS validated software is used outside of US government, too. NIST has no plans to approve OCB, be do plan to approve the CFRG curves. Right not, you cannot get validation, but it is coming. No plans to approve EAX, either. Right now, the focus is on the lightweight crypto and some of those might be appropriate. GCM is okay and NIST has no plan to remove it.

Daniel: GCM is not currently in the crypto refresh. That could be a topic for discussion. It is implemented as an experimental module.

Quynh: Could have a recommended/should column.

Ben Kaduk: The Sec ADs are working to establish a dedicated WG to consider post-quantum (PQ) algorithms for protocols that do not have a WG home. If OpenPGP WG stays open, PQ adoption work can definitely done here, but alternatively that PQ "maintenance" WG could pick it up. Agree with not holding the document for PQ algorithms.

Paul Wouters: In 6-8 months, we may do a small document to update the algorithm tables.

DKG: Part of the crypto-refresh update is to make looser guidelines as to how we update the algorithm tables.

Action for chairs: start a mailing list topic when the design team is finished with algorithm recommendations.

Stateless OpenPGP Interface (SOP) (Daniel Khan Gillmor)

Justus Winter: Having language-specific SOP interfaces is useful for implementators.

Interop Testing (Justus Winter)

Contributors welcome for writing tests (in Rust), reviewing tests and results. Implementors can help by providing a SOP interface.

DKG: This has been really valuable work for the community. A big thanks to Justus.

Ben: Many implementations supporting the implementation test suite in QUIC following the specification development was really valuable, so this is a great way to improve things here.


Ben: Thanks to the design team for all the great work. Any thoughts as to when we would be going to WGLC?

DKG: Early in 2022, perhaps.