[{"author": "Carsten Bormann", "text": "


", "time": "2023-02-09T12:01:52Z"}, {"author": "Carsten Bormann", "text": "

JFYI I'll only listen with half an ear...

", "time": "2023-02-09T12:03:01Z"}, {"author": "Stephen Farrell", "text": "

this is where you join the mic line to opine

", "time": "2023-02-09T12:10:07Z"}, {"author": "Daniel Huigens", "text": "

@Jonathan McDowell: out of curiosity, which implementation is that?

", "time": "2023-02-09T12:11:34Z"}, {"author": "Vincent Breitmoser", "text": "

most important questions asked about OpenPGP for the decade, right here

", "time": "2023-02-09T12:11:45Z"}, {"author": "Daniel Huigens", "text": "

(I'm in favor of moving everything to v6, as I mentioned on the mailing list)

", "time": "2023-02-09T12:12:25Z"}, {"author": "Jonathan McDowell", "text": "

@Daniel: onak, a keyserver. (https://github.com/u1f35c/onak). It's very basic support to ensure it can store + retrieve such keys.

", "time": "2023-02-09T12:12:53Z"}, {"author": "Daniel Huigens", "text": "

I see, thanks!

", "time": "2023-02-09T12:13:09Z"}, {"author": "Stephen Farrell", "text": "

ok who's taking the great notes?

", "time": "2023-02-09T12:24:55Z"}, {"author": "Daniel Huigens", "text": "

Neal, I think :)

", "time": "2023-02-09T12:25:52Z"}, {"author": "Stephen Farrell", "text": "

doing a great job anyway, so thanks!

", "time": "2023-02-09T12:26:13Z"}, {"author": "Justus Winter", "text": "

That was correct.

", "time": "2023-02-09T12:30:33Z"}, {"author": "Justus Winter", "text": "

Yes, sure.

", "time": "2023-02-09T12:30:50Z"}, {"author": "Daniel Huigens", "text": "

I'm in favor of this change, I think it's a pretty small change in the scheme of things, and everyone still has to implement v6 anyway

", "time": "2023-02-09T12:30:57Z"}, {"author": "Andrew Gallagher", "text": "

deprecated == n/a surely?

", "time": "2023-02-09T12:31:26Z"}, {"author": "Justus Winter", "text": "

don't think it matters much

", "time": "2023-02-09T12:33:39Z"}, {"author": "Andrew Gallagher", "text": "

that's not a strong opinion, if anyone else objects I'm fine with that :-)

", "time": "2023-02-09T12:33:40Z"}, {"author": "Daniel Huigens", "text": "

Personally I don't have a strong opinion. If we want to make deprecated algos N/A, I can volunteer to update the PR to change that since Aron is currently on vacation

", "time": "2023-02-09T12:33:45Z"}, {"author": "Daniel Huigens", "text": "

No worries :)

", "time": "2023-02-09T12:34:45Z"}, {"author": "Stephen Farrell", "text": "

so s/v5/v6/ is how we read this slide

", "time": "2023-02-09T12:35:29Z"}, {"author": "Daniel Huigens", "text": "

The button is disabled for me

", "time": "2023-02-09T12:36:12Z"}, {"author": "Daniel Huigens", "text": "

One sec

", "time": "2023-02-09T12:36:15Z"}, {"author": "Daniel Huigens", "text": "

I didn't hear you, dkg, I think you were muted

", "time": "2023-02-09T13:02:45Z"}, {"author": "Daniel Huigens", "text": "

@Neal: yeah that's a fair point also

", "time": "2023-02-09T13:03:09Z"}, {"author": "Michael Richardson", "text": "

so, if there is a context parameter, then it would restrict what application can open/process the data?

", "time": "2023-02-09T13:03:17Z"}, {"author": "Michael Richardson", "text": "

not having it, means that the user has to know which application should process the data?

", "time": "2023-02-09T13:04:01Z"}, {"author": "Daniel Huigens", "text": "

You would need some metadata / out-of-band information about what the context is, to be able to process it, at least

", "time": "2023-02-09T13:04:10Z"}, {"author": "Michael Richardson", "text": "

so, if it's a foo.tar.gz.pgp, then probably I can guess how to exact the data. But, foo.pgp, would need some internal marker, a MIME type essentially.

", "time": "2023-02-09T13:05:44Z"}, {"author": "Michael Richardson", "text": "

if we didn't accept it now, are we saying that we just need to do more work first?

", "time": "2023-02-09T13:06:40Z"}, {"author": "Andrew Gallagher", "text": "

It was me who proposed a third way

", "time": "2023-02-09T13:06:55Z"}, {"author": "Andrew Gallagher", "text": "

tl;dr: an application that really wants to put a context parameter into a sig can do it by abusing notation subpackets

", "time": "2023-02-09T13:07:36Z"}, {"author": "Michael Richardson", "text": "

@cabo, reuse RFC9277 :-)

", "time": "2023-02-09T13:09:17Z"}, {"author": "Stephen Farrell", "text": "

we should keep an eye on time (though this is maybe the most pressing thing remaining for today)

", "time": "2023-02-09T13:10:18Z"}, {"author": "Jonathan McDowell", "text": "

I'm not clear if the intent is to keep the data secret unless you know the context, or just prevent an application from decrypting/verifying something that was encrypted/signed in a different context.

", "time": "2023-02-09T13:11:26Z"}, {"author": "Daniel Huigens", "text": "

Yeah, that could also work

", "time": "2023-02-09T13:12:04Z"}, {"author": "Daniel Huigens", "text": "

The goal is the latter, especially in the context of an attack

", "time": "2023-02-09T13:12:35Z"}, {"author": "Daniel Huigens", "text": "


", "time": "2023-02-09T13:12:50Z"}, {"author": "Daniel Huigens", "text": "

For signatures that's true, but for encryption it's not possible to do today

", "time": "2023-02-09T13:15:08Z"}, {"author": "Michael Richardson", "text": "

Since this in a new version, can't we just say that the previous versions have an implicit email context?

", "time": "2023-02-09T13:17:01Z"}, {"author": "Justus Winter", "text": "

Maybe we can introduce a context, but insist that it is the empty context for v6.

", "time": "2023-02-09T13:17:54Z"}, {"author": "Andrew Gallagher", "text": "

the default context is the empty string unless the application says otherwise.

", "time": "2023-02-09T13:17:56Z"}, {"author": "Michael Richardson", "text": "

yeah, but people are coping already without context for those other things.... move to poll.

", "time": "2023-02-09T13:18:13Z"}, {"author": "Daniel Huigens", "text": "

Well, we're not really coping, we had concrete attacks because of this at Proton :')

", "time": "2023-02-09T13:19:46Z"}, {"author": "Daniel Huigens", "text": "

Or, concrete vulnerabilities, I should say

", "time": "2023-02-09T13:20:02Z"}, {"author": "Michael Richardson", "text": "

@Daniel, we'd have to continue \"coping\" for older versions anyway, and older senders, right?

", "time": "2023-02-09T13:21:30Z"}, {"author": "Daniel Huigens", "text": "

Well, I'm mostly thinking about domain separation between different applications, and greenfield applications can mandate using the new version

", "time": "2023-02-09T13:22:22Z"}, {"author": "Justus Winter", "text": "

Sorry about the problems :/

", "time": "2023-02-09T13:26:31Z"}, {"author": "Stephen Farrell", "text": "

no probs

", "time": "2023-02-09T13:26:37Z"}, {"author": "Michael Richardson", "text": "

I notice they all have \"OpenPGP\" in the title. I think we should change that :-)

", "time": "2023-02-09T13:29:37Z"}, {"author": "Andrew Gallagher", "text": "

keep it generic

", "time": "2023-02-09T13:29:41Z"}, {"author": "Michael Richardson", "text": "

I like second last.

", "time": "2023-02-09T13:29:58Z"}, {"author": "Michael Richardson", "text": "

publish early and publish often!

", "time": "2023-02-09T13:30:45Z"}, {"author": "Michael Richardson", "text": "

is here anything we could rip out?

", "time": "2023-02-09T13:31:08Z"}, {"author": "Stephen Farrell", "text": "

wrt rip out: would love it but too late (in WG process) IMO

", "time": "2023-02-09T13:32:16Z"}, {"author": "Daniel Huigens", "text": "

We could rip out EAX, maybe?

", "time": "2023-02-09T13:32:30Z"}, {"author": "Michael Richardson", "text": "

We think the document is sufficient, but I mean, is everything in the document necessary.

", "time": "2023-02-09T13:33:00Z"}, {"author": "Daniel Huigens", "text": "

I won't be physically present but I'll join remotely

", "time": "2023-02-09T13:34:01Z"}, {"author": "Daniel Huigens", "text": "


", "time": "2023-02-09T13:39:55Z"}, {"author": "Daniel Huigens", "text": "

Thanks all!

", "time": "2023-02-09T13:46:16Z"}]