From nobody Mon Jun 1 05:18:42 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 59D9F1A87CC for ; Mon, 1 Jun 2015 05:18:40 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.151 X-Spam-Level: X-Spam-Status: No, score=-0.151 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, HELO_EQ_SE=0.35, SPF_PASS=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MwOlFVYOeq6E for ; Mon, 1 Jun 2015 05:18:38 -0700 (PDT) Received: from duva.sjd.se (duva.sjd.se [IPv6:2001:9b0:1:1702::100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 62E061A7032 for ; Mon, 1 Jun 2015 05:18:38 -0700 (PDT) Received: from latte.josefsson.org ([155.4.17.3]) (authenticated bits=0) by duva.sjd.se (8.14.4/8.14.4/Debian-4) with ESMTP id t51CIOi8018033 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT); Mon, 1 Jun 2015 14:18:26 +0200 Date: Mon, 1 Jun 2015 14:18:23 +0200 From: Simon Josefsson To: "Christopher LILJENSTOLPE" , "IETF OpenPGP" , sec-ads@tools.ietf.org, Daniel Kahn Gillmor Message-ID: <20150601141823.797394a1@latte.josefsson.org> X-Mailer: Claws Mail 3.11.1 (GTK+ 2.24.25; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; boundary="Sig_/romKQcd5bge_lCHwraL_ui8"; protocol="application/pgp-signature" X-Virus-Scanned: clamav-milter 0.98.7 at duva.sjd.se X-Virus-Status: Clean Archived-At: Subject: Re: [openpgp] Proposed WG charter X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Jun 2015 12:18:40 -0000 --Sig_/romKQcd5bge_lCHwraL_ui8 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable "Christopher LILJENSTOLPE" writes: > Greetings, > > Here's a first cut of the charter. We'd like to get this > process started ASAP, so please make any comments, suggestions > as soon as possible. Good starting point. It looks rather open ended when it comes to the actual issues with RFC 4880 though. Can you mention at least five top-priority issues in RFC 4880 that needs to be adressed? This would tighten the scope a bit, without limiting ability to adress other issues. /Simon --Sig_/romKQcd5bge_lCHwraL_ui8 Content-Type: application/pgp-signature Content-Description: OpenPGP digital signatur -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJVbE2PAAoJEIYLf7sy+BGd190H/RTL3SLQjZtnNFaKA/BZ8mnJ 7+mKPI+20Opuqnxd+Hts6YdN9UPRjxtVx7BdsZ5Up1S2N3xuCheXo1aEmQYlbOYV xnszIvq8AhFuFt8UWlxx8SNRbykkuI4MqczYQGS/zghVZX7frCNUPnMOuHQc4GpN 8t7hn9QpeET+gU3fq38bKY+vaz655QeVolNU4PQUoghXzgvKtPshuy+w3BjhRyc1 y6UC816wtmHOlRi7Ld8jvKM6n4FeLgpNBgoNB2pXYySgtjOm3rOwrxkyv3NLLC+G jBhYhJ//tQRgLBEXQ0QLEtov0TyN37jTE/lgFJ4KaXLH71xp9gIR9cVPG2QIDSc= =Y1sm -----END PGP SIGNATURE----- --Sig_/romKQcd5bge_lCHwraL_ui8-- From nobody Mon Jun 1 05:30:55 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A42FD1A9079 for ; Mon, 1 Jun 2015 05:30:53 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.335 X-Spam-Level: X-Spam-Status: No, score=-1.335 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_12=0.6, RCVD_IN_DNSWL_LOW=-0.7, SPF_SOFTFAIL=0.665] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uCwwV_rG3MYr for ; Mon, 1 Jun 2015 05:30:50 -0700 (PDT) Received: from mail-lb0-f172.google.com (mail-lb0-f172.google.com [209.85.217.172]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2AE911A875A for ; Mon, 1 Jun 2015 05:30:50 -0700 (PDT) Received: by lbbqq2 with SMTP id qq2so83185072lbb.3 for ; Mon, 01 Jun 2015 05:30:48 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=AKJPPP3JCPPg64s7OmEpKrnZOWYH9tZhdvINkygTzJc=; b=ekLb1QCLTodrTS5S7r0bpuSylosTTWtJL9ZAu+qgDky6vKh6HtREB1+Q9KIEdNLX0h WEetImuLaqpGNEctj7ULRs+IdojQ2b8mrK2YMtVWORI1waA5A9/Fv1KTOJQsfq0wNbWE 0/Nt5MXU1aVV4YNtu4WrATydyJy6IIAKbHlFyB0SNW5waGEYiFswuIAVwqhMQwqeOt6K EPrEVWVSustMlaJiE6gfvM+0qzNSdfJgheBNicnAIcGTfZC1+TI5+OpamSAvS2Tbez5b J8pN+Hz1cxX9/lWTlPg75mvdjZU3kL7Ip2x1sVpfe1cjJr09oGH8hy6FhKc/ak15juOO 2ZdQ== X-Gm-Message-State: ALoCoQklI48gSlGTEFP4dLn0AshOw+6qmDLSpH5NGBR2FSAMX63NH8LDvYIZmVi2R6clgtzb5Kvc X-Received: by 10.152.22.34 with SMTP id a2mr21085149laf.59.1433161848577; Mon, 01 Jun 2015 05:30:48 -0700 (PDT) Received: from [192.168.4.92] ([195.1.8.34]) by mx.google.com with ESMTPSA id p6sm4201797laj.41.2015.06.01.05.30.46 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 01 Jun 2015 05:30:47 -0700 (PDT) Message-ID: <556C5065.2000609@sumptuouscapital.com> Date: Mon, 01 Jun 2015 14:30:29 +0200 From: Kristian Fiskerstrand User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0 MIME-Version: 1.0 To: Simon Josefsson , Christopher LILJENSTOLPE , IETF OpenPGP , sec-ads@tools.ietf.org, Daniel Kahn Gillmor References: <20150601141823.797394a1@latte.josefsson.org> In-Reply-To: <20150601141823.797394a1@latte.josefsson.org> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Archived-At: Subject: Re: [openpgp] Proposed WG charter X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Jun 2015 12:30:53 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 06/01/2015 02:18 PM, Simon Josefsson wrote: > "Christopher LILJENSTOLPE" writes: > >> Greetings, >> >> Here's a first cut of the charter. We'd like to get this process >> started ASAP, so please make any comments, suggestions as soon as >> possible. > > Good starting point. It looks rather open ended when it comes to > the actual issues with RFC 4880 though. Can you mention at least > five top-priority issues in RFC 4880 that needs to be adressed? > This would tighten the scope a bit, without limiting ability to > adress other issues. I agree that limiting the scope will become important at some point, but isn't this a matter for the WG itself and not necessarily something that should be part of an initial charter? its current form looks good to me - -- - ---------------------------- Kristian Fiskerstrand Blog: http://blog.sumptuouscapital.com Twitter: @krifisk - ---------------------------- Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 - ---------------------------- Qui audet vincit Who dares wins -----BEGIN PGP SIGNATURE----- iQEbBAEBCgAGBQJVbFBDAAoJECULev7WN52F0/wH+Iaqdv2JV/Fek2I/OKqI2OJ6 7z//TBgc0r+vgn9B3gLQowOJhwtWQM+ZzFeh8u1aHWktO+kiKueze+YkadbdWOhj oRX0/VQHVGgyAG1y1zamvqZfOJcGPhgIlHxgV3IXgVwWZxj6XXWQrFsP8U6EQXWL 7PCwXuqxSFAFK+JaG3Gtfz7o5975D51pcsklDpprwu21z5hrlwiO0IZ9bXAfJoel j5/9K2ddHU2sNEyVjGUrYPS6hGPCm4GVQYpKp2G3skWcjPoDR3gW51+YbuAwnAWa 6Ml2bpoT6QPBFSnPH1AsOZfSXX2rAA56Zz3i/3QMcLaI0AzDpg7oe4lPI78BEw== =hbXB -----END PGP SIGNATURE----- From nobody Mon Jun 1 05:39:09 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7B41D1A8A6D for ; Mon, 1 Jun 2015 05:39:07 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.21 X-Spam-Level: X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xD_qXvN52-M6 for ; Mon, 1 Jun 2015 05:39:05 -0700 (PDT) Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 797351A903A for ; Mon, 1 Jun 2015 05:39:05 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 2CC79BEBF; Mon, 1 Jun 2015 13:39:04 +0100 (IST) X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xb6zJ02M0To0; Mon, 1 Jun 2015 13:39:01 +0100 (IST) Received: from [10.87.48.73] (unknown [86.46.31.250]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 27098BE87; Mon, 1 Jun 2015 13:38:55 +0100 (IST) Message-ID: <556C5259.1090007@cs.tcd.ie> Date: Mon, 01 Jun 2015 13:38:49 +0100 From: Stephen Farrell User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0 MIME-Version: 1.0 To: Christopher LILJENSTOLPE , IETF OpenPGP References: In-Reply-To: OpenPGP: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url= Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="497LcV1FMDTIT5ihBWDbh3d0dv6HjTejA" Archived-At: Cc: sec-ads@tools.ietf.org, Daniel Kahn Gillmor Subject: Re: [openpgp] Proposed WG charter X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Jun 2015 12:39:07 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --497LcV1FMDTIT5ihBWDbh3d0dv6HjTejA Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable FWIW, I like it. Just tell me when you're happy folks on the list are happy and I'll start the formal chartering ball rolling. Be good to do that in the next week or so if you want to be a WG and schedule a session at the next IETF in Prague. I'm fine as well if you don't want to meet there though, as the charter itself notes, so no need to rush if you don't wanna. But if you do want to meet f2f in Prague, getting the session request in before June 11 is what's needed. (It'd appear as a pseudo-BoF as we're a WG in the process of forming now.) Cheers, S. On 31/05/15 04:28, Christopher LILJENSTOLPE wrote: > Greetings, >=20 > Here's a first cut of the charter. We'd like to get this process sta= rted ASAP, so please make any comments, suggestions as soon as possible. >=20 > It's also available as a gist https://gist.github.com/liljenstolpe/a4a= 45477d1b89ea45e09 >=20 >=20 > Christopher >=20 >=20 > An Open Specification for Pretty Good Privacy (openpgp) > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D >=20 > Charter > ------- >=20 > Chairs: > Christopher Liljenstolpe > Daniel Kahn Gillmor >=20 > Security Area Directors: > Stephen Farrell > Kathleen Moriarty >=20 > Security Area Advisor: > Stephen Farrell >=20 > Mailing Lists: > To Subscribe: https://www.ietf.org/mailman/listinfo/openpgp > Archive: http://www.ietf.org/mail-archive/web/openpgp/ >=20 > Description of Working Group > ---------------------------- >=20 > OpenPGP is an Internet standard that covers object encryption, object > signing, and identity certification. These were defined by the first > incarnation of the OpenPGP working group. >=20 > The following is an excerpt from the charter of the original > incarnation of the openpgp working group >=20 >> The goal of the OpenPGP working group is to provide IETF standards >> for the algorithms and formats of PGP processed objects as well as >> providing the MIME framework for exchanging them via e-mail or other >> transport protocols. >=20 > The working group concluded this work and was closed in March > of 2008. In the intervening period, there has been a rough consensus > reached that the RFC that defined the IETF openpgp standard, RFC4880, > is in need of revision. >=20 > This incarnation of the working group is chartered to primarily > produce a revision of RFC4880 to address issues that have been > identified by the community since the working group was originally > closed. >=20 > The Working Group will perform the following work > ------------------------------------------------- >=20 > Revise RFC4880 >=20 > Other work may be entertained by the working group as long as it does > not interfere with the completion of the RFC4880 revision. As the > revision of RFC4880 is primary goal of the working group, and other > work will also not unduly delay the closure of the working group > after the revision is finished (unless the working group is > rechartered). >=20 > Working Group Process > --------------------- >=20 > The working group will endeavor to complete most if not all of its > work online on the working group's mailing list. We expect that the > requirement for face-to-face sessions at IETF meetings to be minimal. >=20 > Furthermore, the working group will accept no ID's as working group > items unless there is a review by at least two un-interested parties > of the ID as part of the acceptance process. >=20 >=20 > Goals and Milestones > -------------------- >=20 > July 2016: Deliver an RFC 4880bis WG ID to the RFC editor >=20 >=20 >=20 >=20 >=20 >=20 >=20 >=20 > _______________________________________________ > openpgp mailing list > openpgp@ietf.org > https://www.ietf.org/mailman/listinfo/openpgp >=20 --497LcV1FMDTIT5ihBWDbh3d0dv6HjTejA Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJVbFJbAAoJEC88hzaAX42iE3oH/1ogAHaVc3hwXeJ6lkcBWW1t N+U4X19yTeJ5HZks1TeiaHQ+m+SubcOoABlTvSoqMQAbebw8P3ZWw8Ti+yd+RiBe SJF3OoFoOuepXjFHJE/JarBfYDzNeA/CCM4Fi4X7KUFvtqGwL5iS5pS5WuGDfnaz FyRcOTbOuzcZg0uJazvxP2hP/tM//1pd8G7mdUzKVD75BJQcIUa36UPXw9op9Lp0 fO87Et+LODci2YlQDf+9JiCyTlII2MuhrQrNM4FimzFtiXfdBz6qYnpKc4ovNxrP NO3cU9x6XJKujH0NS/wt0BcZ7Yks3o9DNJ+og2fqs6yZB74e/nx110VTPVR0dQA= =yq1h -----END PGP SIGNATURE----- --497LcV1FMDTIT5ihBWDbh3d0dv6HjTejA-- From nobody Mon Jun 1 06:09:51 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3407E1ACDA5 for ; Mon, 1 Jun 2015 06:09:49 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nYDwZHsem7Yg for ; Mon, 1 Jun 2015 06:09:47 -0700 (PDT) Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by ietfa.amsl.com (Postfix) with ESMTP id D2AC41ACD9F for ; Mon, 1 Jun 2015 06:09:47 -0700 (PDT) Received: from fifthhorseman.net (unknown [38.109.115.130]) by che.mayfirst.org (Postfix) with ESMTPSA id 05353F984; Mon, 1 Jun 2015 09:09:42 -0400 (EDT) Received: by fifthhorseman.net (Postfix, from userid 1000) id ECF8F1FF81; Mon, 1 Jun 2015 09:09:20 -0400 (EDT) From: Daniel Kahn Gillmor To: Stephen Farrell , Christopher LILJENSTOLPE , IETF OpenPGP In-Reply-To: <556C5259.1090007@cs.tcd.ie> References: <556C5259.1090007@cs.tcd.ie> User-Agent: Notmuch/0.20 (http://notmuchmail.org) Emacs/24.4.1 (x86_64-pc-linux-gnu) Date: Mon, 01 Jun 2015 09:09:20 -0400 Message-ID: <87eglvfudb.fsf@alice.fifthhorseman.net> MIME-Version: 1.0 Content-Type: text/plain Archived-At: Cc: sec-ads@tools.ietf.org Subject: Re: [openpgp] Proposed WG charter X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Jun 2015 13:09:49 -0000 On Mon 2015-06-01 08:38:49 -0400, Stephen Farrell wrote: > FWIW, I like it. Just tell me when you're happy folks on > the list are happy and I'll start the formal chartering ball > rolling. > > Be good to do that in the next week or so if you want to > be a WG and schedule a session at the next IETF in Prague. > > I'm fine as well if you don't want to meet there though, > as the charter itself notes, so no need to rush if you > don't wanna. But if you do want to meet f2f in Prague, > getting the session request in before June 11 is what's > needed. (It'd appear as a pseudo-BoF as we're a WG in the > process of forming now.) FWIW, i'd be happy to go ahead and try to get a pseudo-BoF on the schedule for Prague, if anyone else in the WG is going to be there. --dkg From nobody Mon Jun 1 06:52:54 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 625731ACDF8 for ; Mon, 1 Jun 2015 06:52:49 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b_UK8EohCpli for ; Mon, 1 Jun 2015 06:52:46 -0700 (PDT) Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by ietfa.amsl.com (Postfix) with ESMTP id 9CEBE1ACDEB for ; Mon, 1 Jun 2015 06:52:44 -0700 (PDT) Received: from fifthhorseman.net (unknown [38.109.115.130]) by che.mayfirst.org (Postfix) with ESMTPSA id 35A07F984; Mon, 1 Jun 2015 09:52:40 -0400 (EDT) Received: by fifthhorseman.net (Postfix, from userid 1000) id 2622E1FF76; Mon, 1 Jun 2015 09:52:18 -0400 (EDT) From: Daniel Kahn Gillmor To: Simon Josefsson , Christopher LILJENSTOLPE , IETF OpenPGP , sec-ads@tools.ietf.org In-Reply-To: <20150601141823.797394a1@latte.josefsson.org> References: <20150601141823.797394a1@latte.josefsson.org> User-Agent: Notmuch/0.20 (http://notmuchmail.org) Emacs/24.4.1 (x86_64-pc-linux-gnu) Date: Mon, 01 Jun 2015 09:52:18 -0400 Message-ID: <878uc3fsdp.fsf@alice.fifthhorseman.net> MIME-Version: 1.0 Content-Type: text/plain Archived-At: Subject: Re: [openpgp] Proposed WG charter X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Jun 2015 13:52:49 -0000 On Mon 2015-06-01 08:18:23 -0400, Simon Josefsson wrote: > Good starting point. It looks rather open ended when it comes to the > actual issues with RFC 4880 though. Can you mention at least five > top-priority issues in RFC 4880 that needs to be adressed? This would > tighten the scope a bit, without limiting ability to adress other > issues. I think it would only tighten the scope if we *did* prohibit addressing any un-mentioned issues, and i'd rather not commit to something with that kind of wording. OTOH, having some explicit targets listed here (without limiting the work to those targets) would help the group to make sure that 4880bis did cover the relevant ground. Simon, if you had to list items that you thought were "must-haves", which would they be? Some highlights I'd go for (needs wordsmithing, just brainstorming here, and not in any particular order): * inclusion of the CFRG elliptic curves * proper AEAD symmetric crypto * updated mandatory-to-implement algorithms * updated fingerprints I'm not sure they need to be in the charter, but if there's a general sense from the group that they should be, and a prompt proposal for the language change, i have no objection to including them. --dkg From nobody Mon Jun 1 07:25:14 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 186241ACE7B for ; Mon, 1 Jun 2015 07:25:13 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.551 X-Spam-Level: X-Spam-Status: No, score=-1.551 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_SE=0.35, SPF_PASS=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mIGI7UIwfzEZ for ; Mon, 1 Jun 2015 07:25:12 -0700 (PDT) Received: from duva.sjd.se (duva.sjd.se [IPv6:2001:9b0:1:1702::100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A181D1ACE7D for ; Mon, 1 Jun 2015 07:25:11 -0700 (PDT) Received: from latte.josefsson.org ([155.4.17.3]) (authenticated bits=0) by duva.sjd.se (8.14.4/8.14.4/Debian-4) with ESMTP id t51EP22j030129 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT); Mon, 1 Jun 2015 16:25:03 +0200 Date: Mon, 1 Jun 2015 16:25:01 +0200 From: Simon Josefsson To: Daniel Kahn Gillmor Message-ID: <20150601162501.73ec29d8@latte.josefsson.org> In-Reply-To: <878uc3fsdp.fsf@alice.fifthhorseman.net> References: <20150601141823.797394a1@latte.josefsson.org> <878uc3fsdp.fsf@alice.fifthhorseman.net> X-Mailer: Claws Mail 3.11.1 (GTK+ 2.24.25; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; boundary="Sig_/uFn1t5X5V/H9UxPKRgkWp25"; protocol="application/pgp-signature" X-Virus-Scanned: clamav-milter 0.98.7 at duva.sjd.se X-Virus-Status: Clean Archived-At: Cc: IETF OpenPGP , sec-ads@tools.ietf.org, Christopher LILJENSTOLPE Subject: Re: [openpgp] Proposed WG charter X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Jun 2015 14:25:13 -0000 --Sig_/uFn1t5X5V/H9UxPKRgkWp25 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Den Mon, 01 Jun 2015 09:52:18 -0400 skrev Re: Proposed WG charter: > On Mon 2015-06-01 08:18:23 -0400, Simon Josefsson wrote: > > Good starting point. It looks rather open ended when it comes to > > the actual issues with RFC 4880 though. Can you mention at least > > five top-priority issues in RFC 4880 that needs to be adressed? > > This would tighten the scope a bit, without limiting ability to > > adress other issues. >=20 > I think it would only tighten the scope if we *did* prohibit > addressing any un-mentioned issues, and i'd rather not commit to > something with that kind of wording. I agree. I suppose this is up to the ADs though. > OTOH, having some explicit targets listed here (without limiting the > work to those targets) would help the group to make sure that 4880bis > did cover the relevant ground. Yes. > Simon, if you had to list items that you thought were "must-haves", > which would they be? I don't know. That is the primary reason for asking the charter to include a list, to give me and others a sense of direction. The charter proposal is written in a broad way now, which can be counter-productive (it leads to meta-discussions). > Some highlights I'd go for (needs wordsmithing, just brainstorming > here, and not in any particular order): >=20 > * inclusion of the CFRG elliptic curves Yes. I would mention Curve25519 and Ed25519 directly, or keep it general and say "new elliptic curve key agreement and digital signatures" instead. There appears to be interest in Curve25519/EdDSA algorithms from people on this list, and I haven't seen interest in any other algorithms. Referring to CFRG explicitly is problematic because of timeline and authority reasons. The CFRG hasn't published anything or made any decisions, so referring to CFRG seems unnecessarily limiting in when we can publish. Regarding authority: the CFRG can make general recommendations, and I'm sure reasonable arguments will be listened to, but I believe the decision on which algorithms are useful for OpenPGP is one that belongs here and not in the CFRG. > * proper AEAD symmetric crypto Sure. Is there any proposals on the table? > * updated mandatory-to-implement algorithms Makes sense. > * updated fingerprints No idea. > I'm not sure they need to be in the charter, but if there's a general > sense from the group that they should be, and a prompt proposal for > the language change, i have no objection to including them. I suggest to mention everything you can think of that there is no controversy over. I recall improvements to PGP/MIME was discussed? There is also my old OpenPGP mail/news header proposal [1], but I'm not sure there is energy for it. I have also started to think that it ended up being too complex for its own good. /Simon [1] https://tools.ietf.org/html/draft-josefsson-openpgp-mailnews-header-07 --Sig_/uFn1t5X5V/H9UxPKRgkWp25 Content-Type: application/pgp-signature Content-Description: OpenPGP digital signatur -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJVbGs9AAoJEIYLf7sy+BGd1LIH/it8slh92tYVPBA8y4Cs7lTq b9tzOlmLYThg9PEVYPUGHIqt2WiTQcKN+HkOtzUeBkqPtN/QL3JMQpglb9st7+x1 IcXNHgX73Fa2vi7nLk9gkceLg/is60ApSLtHm1+iKC5FIL3pGFknL/szwW28bhI3 MeShzf9vnAN6FPdpl9eywwiQLlZu6lpCzk2vhmcZ7QaHHN0myKckmb32uR7SMuWb qGnPModknmlbx/wm4538EW+NkI1LHtpf4c+3UEU9Vll5tE2vnmGkvtohUJ00F5sb /iUdOwj4amN8rN28Qa6s74b8bdzh5xU/2mzQnYgwfLmrf6iiE/K2g4WFp9SRF0A= =o913 -----END PGP SIGNATURE----- --Sig_/uFn1t5X5V/H9UxPKRgkWp25-- From nobody Mon Jun 1 09:00:42 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9A9CD1B2B73 for ; Mon, 1 Jun 2015 09:00:40 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.9 X-Spam-Level: X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5] autolearn=unavailable Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SaDqBDpRBYdN for ; Mon, 1 Jun 2015 09:00:33 -0700 (PDT) Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [217.69.77.222]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 70A3B1B2B79 for ; Mon, 1 Jun 2015 08:52:06 -0700 (PDT) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.80 #2 (Debian)) id 1YzS0Q-0006ws-NH for ; Mon, 01 Jun 2015 17:52:02 +0200 Received: from wk by vigenere.g10code.de with local (Exim 4.84 #3 (Debian)) id 1YzRxI-0006s5-KH; Mon, 01 Jun 2015 17:48:48 +0200 From: Werner Koch To: Simon Josefsson References: <20150601141823.797394a1@latte.josefsson.org> <878uc3fsdp.fsf@alice.fifthhorseman.net> <20150601162501.73ec29d8@latte.josefsson.org> Organisation: g10 Code GmbH X-message-flag: Mails containing HTML will not be read! Please send only plain text. OpenPGP: id=F2AD85AC1E42B367; url=finger:wk@g10code.com Mail-Followup-To: Simon Josefsson , Daniel Kahn Gillmor , IETF OpenPGP , sec-ads@tools.ietf.org, Christopher LILJENSTOLPE Date: Mon, 01 Jun 2015 17:48:48 +0200 In-Reply-To: <20150601162501.73ec29d8@latte.josefsson.org> (Simon Josefsson's message of "Mon, 1 Jun 2015 16:25:01 +0200") Message-ID: <87twursa3j.fsf@vigenere.g10code.de> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Archived-At: Cc: Christopher LILJENSTOLPE , IETF OpenPGP , sec-ads@tools.ietf.org, Daniel Kahn Gillmor Subject: Re: [openpgp] Proposed WG charter X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Jun 2015 16:00:40 -0000 On Mon, 1 Jun 2015 16:25, simon@josefsson.org said: > Yes. I would mention Curve25519 and Ed25519 directly, or keep it > general and say "new elliptic curve key agreement and digital > signatures" instead. Both ways are okay for me. > Referring to CFRG explicitly is problematic because of timeline and > authority reasons. The CFRG hasn't published anything or made Right, we would need to wait for endianess peace ;-) >> * proper AEAD symmetric crypto > > Sure. Is there any proposals on the table? It has been suggested that we should wait for the outcome of the CAESAR competition. However, that will be by the end of 2017 which would required that we plan for 4880bis not ealier than mid 2017 - a year later than the suggested plan. We would also go with OCB mode which would be readily available. >> * updated fingerprints > > No idea. That is important because we need to be future poof and plan to retire SHA-1. That also means a v5 packet format and thus this goal alone would not be sufficent. Better don't put it explictly on the list. > I recall improvements to PGP/MIME was discussed? That means to update RFC-3156. Although related top OpenPGP, it is a different thing. I would be in favor of adding this as a second work item to charter. The required changes are minimal. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From nobody Mon Jun 1 09:32:46 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 18CDE1B2CF7 for ; Mon, 1 Jun 2015 09:32:46 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j5oX_tkJvsrq for ; Mon, 1 Jun 2015 09:32:44 -0700 (PDT) Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by ietfa.amsl.com (Postfix) with ESMTP id 91E351B2C8B for ; Mon, 1 Jun 2015 09:32:44 -0700 (PDT) Received: from fifthhorseman.net (unknown [38.109.115.130]) by che.mayfirst.org (Postfix) with ESMTPSA id F3D8CF984; Mon, 1 Jun 2015 12:32:39 -0400 (EDT) Received: by fifthhorseman.net (Postfix, from userid 1000) id AC1AE1FF64; Mon, 1 Jun 2015 12:32:17 -0400 (EDT) From: Daniel Kahn Gillmor To: Werner Koch , Simon Josefsson In-Reply-To: <87twursa3j.fsf@vigenere.g10code.de> References: <20150601141823.797394a1@latte.josefsson.org> <878uc3fsdp.fsf@alice.fifthhorseman.net> <20150601162501.73ec29d8@latte.josefsson.org> <87twursa3j.fsf@vigenere.g10code.de> User-Agent: Notmuch/0.20 (http://notmuchmail.org) Emacs/24.4.1 (x86_64-pc-linux-gnu) Date: Mon, 01 Jun 2015 12:32:17 -0400 Message-ID: <87y4k3e6em.fsf@alice.fifthhorseman.net> MIME-Version: 1.0 Content-Type: text/plain Archived-At: Cc: IETF OpenPGP , sec-ads@tools.ietf.org, Christopher LILJENSTOLPE Subject: Re: [openpgp] Proposed WG charter X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Jun 2015 16:32:46 -0000 On Mon 2015-06-01 11:48:48 -0400, Werner Koch wrote: >>> * updated fingerprints >> >> No idea. > > That is important because we need to be future poof and plan to retire > SHA-1. That also means a v5 packet format and thus this goal alone > would not be sufficent. Better don't put it explictly on the list. I'm not convinced that an updated fingerprint requires a v5 packet format. Can you explain that? >> I recall improvements to PGP/MIME was discussed? > > That means to update RFC-3156. Although related top OpenPGP, it is a > different thing. I would be in favor of adding this as a second work > item to charter. The required changes are minimal. I think the WG should focus on 4880bis to try to get it done cleanly and promptly. If we do it right, this would indicate functional interest and an active community. If an update to PGP/MIME is something the community also ends up working on, we ought to be able to recharter to expand into work on that. --dkg From nobody Mon Jun 1 10:22:08 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7F0301B2F57 for ; Mon, 1 Jun 2015 10:22:06 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.9 X-Spam-Level: X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ccBZKJY4aKMJ for ; Mon, 1 Jun 2015 10:22:05 -0700 (PDT) Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [217.69.77.222]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 57AC11B2A6E for ; Mon, 1 Jun 2015 10:22:05 -0700 (PDT) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.80 #2 (Debian)) id 1YzTPW-0007Wc-0w for ; Mon, 01 Jun 2015 19:22:02 +0200 Received: from wk by vigenere.g10code.de with local (Exim 4.84 #3 (Debian)) id 1YzTIz-00079u-RD; Mon, 01 Jun 2015 19:15:17 +0200 From: Werner Koch To: Daniel Kahn Gillmor References: <20150601141823.797394a1@latte.josefsson.org> <878uc3fsdp.fsf@alice.fifthhorseman.net> <20150601162501.73ec29d8@latte.josefsson.org> <87twursa3j.fsf@vigenere.g10code.de> <87y4k3e6em.fsf@alice.fifthhorseman.net> Organisation: g10 Code GmbH X-message-flag: Mails containing HTML will not be read! Please send only plain text. OpenPGP: id=F2AD85AC1E42B367; url=finger:wk@g10code.com Mail-Followup-To: Daniel Kahn Gillmor , Simon Josefsson , IETF OpenPGP , sec-ads@tools.ietf.org, Christopher LILJENSTOLPE Date: Mon, 01 Jun 2015 19:15:17 +0200 In-Reply-To: <87y4k3e6em.fsf@alice.fifthhorseman.net> (Daniel Kahn Gillmor's message of "Mon, 01 Jun 2015 12:32:17 -0400") Message-ID: <87k2vns63e.fsf@vigenere.g10code.de> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Archived-At: Cc: Simon Josefsson , IETF OpenPGP , sec-ads@tools.ietf.org, Christopher LILJENSTOLPE Subject: Re: [openpgp] Proposed WG charter X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Jun 2015 17:22:06 -0000 On Mon, 1 Jun 2015 18:32, dkg@fifthhorseman.net said: > I'm not convinced that an updated fingerprint requires a v5 packet > format. Can you explain that? Without that we will have two fingerprints for the same key. That may lead to confusion. In the past it was easy to decide what kind of key you have. A v5 packet format also makes it easier to change the implicit available preferences (e.g. 3DES) because applications supporting a v5 would also support the new preferences OTOH, this introduces backward incompatibility. We need to discuss the advantages of a v5 format versus the need for a new fingerprint format. > I think the WG should focus on 4880bis to try to get it done cleanly and > promptly. If we do it right, this would indicate functional interest > and an active community. If an update to PGP/MIME is something the > community also ends up working on, we ought to be able to recharter to My conclusion from the discussion at the OpenPGP summit was that there is a need to add something to PGP/MIME. For example to split a long message so that a (mobile) device does not need to download the entire message for a summary view. But well, that would affect S/MIME as well so might be better taken up by the MAIL WG (in case that WG exists). Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From nobody Mon Jun 1 10:41:04 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E3FE41B2FE3 for ; Mon, 1 Jun 2015 10:41:02 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1XMepTrAg-Ej for ; Mon, 1 Jun 2015 10:40:58 -0700 (PDT) Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by ietfa.amsl.com (Postfix) with ESMTP id 060ED1A702E for ; Mon, 1 Jun 2015 10:40:55 -0700 (PDT) Received: from fifthhorseman.net (unknown [38.109.115.130]) by che.mayfirst.org (Postfix) with ESMTPSA id 2AC88F984; Mon, 1 Jun 2015 13:40:50 -0400 (EDT) Received: by fifthhorseman.net (Postfix, from userid 1000) id F11A51FF76; Mon, 1 Jun 2015 13:40:37 -0400 (EDT) From: Daniel Kahn Gillmor To: Werner Koch In-Reply-To: <87k2vns63e.fsf@vigenere.g10code.de> References: <20150601141823.797394a1@latte.josefsson.org> <878uc3fsdp.fsf@alice.fifthhorseman.net> <20150601162501.73ec29d8@latte.josefsson.org> <87twursa3j.fsf@vigenere.g10code.de> <87y4k3e6em.fsf@alice.fifthhorseman.net> <87k2vns63e.fsf@vigenere.g10code.de> User-Agent: Notmuch/0.20 (http://notmuchmail.org) Emacs/24.4.1 (x86_64-pc-linux-gnu) Date: Mon, 01 Jun 2015 13:40:37 -0400 Message-ID: <87k2vne38q.fsf@alice.fifthhorseman.net> MIME-Version: 1.0 Content-Type: text/plain Archived-At: Cc: Simon Josefsson , IETF OpenPGP , sec-ads@tools.ietf.org, Christopher LILJENSTOLPE Subject: Re: [openpgp] Proposed WG charter X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Jun 2015 17:41:03 -0000 On Mon 2015-06-01 13:15:17 -0400, Werner Koch wrote: > On Mon, 1 Jun 2015 18:32, dkg@fifthhorseman.net said: > >> I'm not convinced that an updated fingerprint requires a v5 packet >> format. Can you explain that? > > Without that we will have two fingerprints for the same key. That may > lead to confusion. I think i'm still not convinced by this -- can you give an example of what kind of confusion you're hoping to avoid? > In the past it was easy to decide what kind of key you have. A v5 > packet format also makes it easier to change the implicit available > preferences (e.g. 3DES) because applications supporting a v5 would > also support the new preferences Users can infer that keys using new algorithms will implicitly have the new preferences; But we can also indicate the new preferences explicitly within the old format. I think the main difference you're offering with a v5 format is the ability to explicitly disavow the 4880 MTI algorithms. Is that right? Maybe there are other ways that implementations can explicitly disavow the 4880 MTI algorithms, that can be done without introducing a v5 format? What's the advantage of introducing a mandatory incompatibility? > My conclusion from the discussion at the OpenPGP summit was that there > is a need to add something to PGP/MIME. For example to split a long > message so that a (mobile) device does not need to download the entire > message for a summary view. But well, that would affect S/MIME as well > so might be better taken up by the MAIL WG (in case that WG exists). Yes, i think this kind of thinking and work is good to do, but i don't think we should focus on it in this WG until we're comfortable with a 4880bis. If folks want to discuss it elsewhere, and it turns out there are pieces needed in 4880bis to make it work right, then we should include those pieces in 4880bis. But i do think that touches on S/MIME as well, so it'd be nice to keep that perspective in the loop. --dkg From nobody Mon Jun 1 12:22:10 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 931981A00FD for ; Mon, 1 Jun 2015 12:22:08 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.9 X-Spam-Level: X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JA7TOmb1tna9 for ; Mon, 1 Jun 2015 12:22:06 -0700 (PDT) Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [217.69.77.222]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7D6271B2B0D for ; Mon, 1 Jun 2015 12:22:06 -0700 (PDT) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.80 #2 (Debian)) id 1YzVHf-0000A8-6l for ; Mon, 01 Jun 2015 21:22:03 +0200 Received: from wk by vigenere.g10code.de with local (Exim 4.84 #3 (Debian)) id 1YzVEs-0007XB-JK; Mon, 01 Jun 2015 21:19:10 +0200 From: Werner Koch To: Daniel Kahn Gillmor References: <20150601141823.797394a1@latte.josefsson.org> <878uc3fsdp.fsf@alice.fifthhorseman.net> <20150601162501.73ec29d8@latte.josefsson.org> <87twursa3j.fsf@vigenere.g10code.de> <87y4k3e6em.fsf@alice.fifthhorseman.net> <87k2vns63e.fsf@vigenere.g10code.de> <87k2vne38q.fsf@alice.fifthhorseman.net> Organisation: g10 Code GmbH X-message-flag: Mails containing HTML will not be read! Please send only plain text. OpenPGP: id=F2AD85AC1E42B367; url=finger:wk@g10code.com Mail-Followup-To: Daniel Kahn Gillmor , Simon Josefsson , IETF OpenPGP , sec-ads@tools.ietf.org, Christopher LILJENSTOLPE Date: Mon, 01 Jun 2015 21:19:10 +0200 In-Reply-To: <87k2vne38q.fsf@alice.fifthhorseman.net> (Daniel Kahn Gillmor's message of "Mon, 01 Jun 2015 13:40:37 -0400") Message-ID: <87d21fs0cx.fsf@vigenere.g10code.de> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Archived-At: Cc: Simon Josefsson , IETF OpenPGP , sec-ads@tools.ietf.org, Christopher LILJENSTOLPE Subject: Re: [openpgp] Proposed WG charter X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Jun 2015 19:22:08 -0000 On Mon, 1 Jun 2015 19:40, dkg@fifthhorseman.net said: > I think i'm still not convinced by this -- can you give an example of > what kind of confusion you're hoping to avoid? Alice reads her 40 hex digit fingerprints on the phone using oldtool; Bob comapres it using his newtool, which shows a different fingerprint. Both don't know anything about fingerprint details but have been advised to compare them character by character. Their conclusion will be that this is not the right key. Even though I am not working on a helpdesk I have had phone conversions to check X.509 fingerprints which ended into me explaining the different types of fingerprints in use for X.509. For ECC, being pretty new, we could easily switch to a new format but what shall we keep on using the old for RSA keys? Note that I do not insist on binding a new fingerprint format to the public key format version, it is just something which needs to be discussed. > Users can infer that keys using new algorithms will implicitly have the > new preferences; But we can also indicate the new preferences explicitly > within the old format. Which new algorithms? I doubt that we will add a new cipher algorithm to replace 3DES. > I think the main difference you're offering with a v5 format is the > ability to explicitly disavow the 4880 MTI algorithms. Is that right? Yes. So that we won't need to support all old algorithms till 2106. BTW, why do you and some others use the term MTI? That term seems to mean mandatory-to-implement and comes from Jabber, to me this sounds very much like MUST (cf. RFC-2119). > Maybe there are other ways that implementations can explicitly disavow > the 4880 MTI algorithms, that can be done without introducing a v5 > format? What's the advantage of introducing a mandatory > incompatibility? Not sure. However, we are right now discussing the charter ;-) Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From nobody Mon Jun 1 12:33:02 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 69AE71B310E for ; Mon, 1 Jun 2015 12:33:01 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1] autolearn=unavailable Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ad84eHQ1R1Wg for ; Mon, 1 Jun 2015 12:33:00 -0700 (PDT) Received: from mail2.ihtfp.org (mail2.ihtfp.org [IPv6:2001:4830:143:1::3a11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 05CED1B30CF for ; Mon, 1 Jun 2015 12:33:00 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail2.ihtfp.org (Postfix) with ESMTP id 8C3BCE2035; Mon, 1 Jun 2015 15:32:56 -0400 (EDT) Received: from mail2.ihtfp.org ([127.0.0.1]) by localhost (mail2.ihtfp.org [127.0.0.1]) (amavisd-maia, port 10024) with ESMTP id 11871-10; Mon, 1 Jun 2015 15:32:53 -0400 (EDT) Received: by mail2.ihtfp.org (Postfix, from userid 48) id CC673E2036; Mon, 1 Jun 2015 15:32:53 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ihtfp.com; s=default; t=1433187173; bh=yrrI8YuFeb9GZZWCCuX1cI+s/Fp0YRsiSDaVWReXvFs=; h=In-Reply-To:References:Date:Subject:From:To; b=RNfLXa61oyrdsJ5uhhvY5U+B2m3ox7bRZHjnvdiWDPUrpiGmTtlJrimaDR5VryTQ+ mFjVGNWY3TGGfjS8neaB41tZCx/jThW7ZyEUmDmR9LRqunkJKM0to4VIh2B2RZoVKz WJj5lUtIZ0xTMqFaKjCS008R/Q6GlTR56BTGX/OM= Received: from 192.197.121.177 (SquirrelMail authenticated user warlord) by mail2.ihtfp.org with HTTP; Mon, 1 Jun 2015 15:32:53 -0400 Message-ID: In-Reply-To: <87d21fs0cx.fsf@vigenere.g10code.de> References: <20150601141823.797394a1@latte.josefsson.org> <878uc3fsdp.fsf@alice.fifthhorseman.net> <20150601162501.73ec29d8@latte.josefsson.org> <87twursa3j.fsf@vigenere.g10code.de> <87y4k3e6em.fsf@alice.fifthhorseman.net> <87k2vns63e.fsf@vigenere.g10code.de> <87k2vne38q.fsf@alice.fifthhorseman.net> <87d21fs0cx.fsf@vigenere.g10code.de> Date: Mon, 1 Jun 2015 15:32:53 -0400 From: "Derek Atkins" To: "Daniel Kahn Gillmor" , "Simon Josefsson" , "IETF OpenPGP" , sec-ads@tools.ietf.org, "Christopher LILJENSTOLPE" User-Agent: SquirrelMail/1.4.22-14.fc20 MIME-Version: 1.0 Content-Type: text/plain;charset=utf-8 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-Virus-Scanned: Maia Mailguard 1.0.2a Archived-At: Subject: Re: [openpgp] Proposed WG charter X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Jun 2015 19:33:01 -0000 Werner, On Mon, June 1, 2015 3:19 pm, Werner Koch wrote: > On Mon, 1 Jun 2015 19:40, dkg@fifthhorseman.net said: > >> I think i'm still not convinced by this -- can you give an example of >> what kind of confusion you're hoping to avoid? > > Alice reads her 40 hex digit fingerprints on the phone using oldtool; > Bob comapres it using his newtool, which shows a different fingerprint. > Both don't know anything about fingerprint details but have been advised > to compare them character by character. Their conclusion will be that > this is not the right key. Well, most likely the new fingerprint will not be 40 hex digits, it would be a different length. So oldtool and newtool would have different lengths and, as a result, they would (hopefully) know they were looking at different values. That doesn't necessarily help them figure out how to get newtool to output something that oldtool can verify. >> I think the main difference you're offering with a v5 format is the >> ability to explicitly disavow the 4880 MTI algorithms. Is that right? > > Yes. So that we won't need to support all old algorithms till 2106. > > BTW, why do you and some others use the term MTI? That term seems to > mean mandatory-to-implement and comes from Jabber, to me this sounds > very much like MUST (cf. RFC-2119). The term MTI (Mandatory to Implement) is used to differentiate it from MTU (Mandatory to Use). I.e., an MTI algorithm is one that you're guaranteed to be ABLE to use, but there is no requirement that you actually DO use it. -derek -- Derek Atkins 617-623-3745 derek@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant From nobody Mon Jun 1 12:40:57 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5DCA81B2B7E for ; Mon, 1 Jun 2015 12:40:57 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.551 X-Spam-Level: X-Spam-Status: No, score=-1.551 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_SE=0.35, SPF_PASS=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T_PYw2HhWZo8 for ; Mon, 1 Jun 2015 12:40:56 -0700 (PDT) Received: from duva.sjd.se (duva.sjd.se [IPv6:2001:9b0:1:1702::100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CFDBF1B317C for ; Mon, 1 Jun 2015 12:40:54 -0700 (PDT) Received: from latte.josefsson.org ([155.4.17.3]) (authenticated bits=0) by duva.sjd.se (8.14.4/8.14.4/Debian-4) with ESMTP id t51JeiJx028428 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT); Mon, 1 Jun 2015 21:40:45 +0200 Date: Mon, 1 Jun 2015 21:40:43 +0200 From: Simon Josefsson To: "Derek Atkins" Message-ID: <20150601214043.3b9928ea@latte.josefsson.org> In-Reply-To: References: <20150601141823.797394a1@latte.josefsson.org> <878uc3fsdp.fsf@alice.fifthhorseman.net> <20150601162501.73ec29d8@latte.josefsson.org> <87twursa3j.fsf@vigenere.g10code.de> <87y4k3e6em.fsf@alice.fifthhorseman.net> <87k2vns63e.fsf@vigenere.g10code.de> <87k2vne38q.fsf@alice.fifthhorseman.net> <87d21fs0cx.fsf@vigenere.g10code.de> X-Mailer: Claws Mail 3.11.1 (GTK+ 2.24.25; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; boundary="Sig_/UMla=S.n995H0054xVmxNJn"; protocol="application/pgp-signature" X-Virus-Scanned: clamav-milter 0.98.7 at duva.sjd.se X-Virus-Status: Clean Archived-At: Cc: Christopher LILJENSTOLPE , IETF OpenPGP , sec-ads@tools.ietf.org, Daniel Kahn Gillmor Subject: Re: [openpgp] Proposed WG charter X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Jun 2015 19:40:57 -0000 --Sig_/UMla=S.n995H0054xVmxNJn Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable > > BTW, why do you and some others use the term MTI? That term seems > > to mean mandatory-to-implement and comes from Jabber, to me this > > sounds very much like MUST (cf. RFC-2119). >=20 > The term MTI (Mandatory to Implement) is used to differentiate it > from MTU (Mandatory to Use). I.e., an MTI algorithm is one that > you're guaranteed to be ABLE to use, but there is no requirement that > you actually DO use it. I think there is also a possible orthogonal Mandatory to Deploy so you would have: MTI: Code needs to be written MTD: Code that was written need to be enabled in deployment MTU: Code that was written actually need to be used The distinction between the two latter is when a protocol has several MTD algorithms, which is the typical case. /Simon --Sig_/UMla=S.n995H0054xVmxNJn Content-Type: application/pgp-signature Content-Description: OpenPGP digital signatur -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJVbLU7AAoJEIYLf7sy+BGd0EkH/00j3mnfNM3uB37UwZVZy6il hS+iUq27KtSxH/8agZz2bsBqqVdjg808uLQWlUkqKbnJlrw/bOMRl59D0stw7dlW gvCJqmz2+Wu2pBeJP05KzOx5ToTJqqifxQmbZl7u1pcM6UP7Ao6HtrgUHZpfKg1X APjl7nVmZoW3o/GkmRHtXcRLwr08rlrEtwCx1yWHnimev3+mhWQim7CNH2O5vwXq xENqfvbiuBHAZCPARRDOXQ7D9+VjIxg3GTGRymLy4Y7vIuTxf7Mww8hZLJdMfcez po9nybqfKMscGPzASVjHtdoBaJzHSYXLz1341TcLf6C3xIEKgqnpkkrqx7i82nI= =YzYb -----END PGP SIGNATURE----- --Sig_/UMla=S.n995H0054xVmxNJn-- From nobody Mon Jun 1 13:04:29 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E1AE1B339C for ; Mon, 1 Jun 2015 13:04:28 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h8CfceV6dZSp for ; Mon, 1 Jun 2015 13:04:26 -0700 (PDT) Received: from mail-wi0-x22a.google.com (mail-wi0-x22a.google.com [IPv6:2a00:1450:400c:c05::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9C0581B3382 for ; Mon, 1 Jun 2015 13:03:58 -0700 (PDT) Received: by wifw1 with SMTP id w1so118830009wif.0 for ; Mon, 01 Jun 2015 13:03:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=iYe9yg8cQAKlWxX6DN1yrhtUtp/1xGOkkx89N1bljT4=; b=ZsMW/G1MlfLHQEmAZ1jBWzSl97QPn7dfyrmfVnX5ybdPyJpyjTWFKijwdaj4E9xXWD Jfu6xzMHO/xEV1vXSNao5y6maIHLpBFitOqjULBh1lnqdauVPijYFtPdZYw98ril6OkD PnOzXCNcNT3C5+CSecwiq6l0e1MhCTaLPh6nBUI0tBCHDpKTgyZnIsoL8+aG9d+Mg5R3 f4kiWZi51YX17VOFab3nwiaoIHQrW7u5Ku3D72Cv1JQiBOUuC/LcIQTzB+EnmWGvwztM CkOZjtROoxYp9cQtT2SoEo1Hls50TldekF7qRTDEKoTrAiDMFavrJ2BN9iBzk66Ry9wl cegg== MIME-Version: 1.0 X-Received: by 10.180.8.41 with SMTP id o9mr24349349wia.83.1433189037319; Mon, 01 Jun 2015 13:03:57 -0700 (PDT) Received: by 10.194.20.97 with HTTP; Mon, 1 Jun 2015 13:03:56 -0700 (PDT) Received: by 10.194.20.97 with HTTP; Mon, 1 Jun 2015 13:03:56 -0700 (PDT) In-Reply-To: <20150601214043.3b9928ea@latte.josefsson.org> References: <20150601141823.797394a1@latte.josefsson.org> <878uc3fsdp.fsf@alice.fifthhorseman.net> <20150601162501.73ec29d8@latte.josefsson.org> <87twursa3j.fsf@vigenere.g10code.de> <87y4k3e6em.fsf@alice.fifthhorseman.net> <87k2vns63e.fsf@vigenere.g10code.de> <87k2vne38q.fsf@alice.fifthhorseman.net> <87d21fs0cx.fsf@vigenere.g10code.de> <20150601214043.3b9928ea@latte.josefsson.org> Date: Mon, 1 Jun 2015 13:03:56 -0700 Message-ID: From: Watson Ladd To: Simon Josefsson Content-Type: multipart/alternative; boundary=f46d04428f34772e0805177a530a Archived-At: Cc: IETF OpenPGP , Derek Atkins , Christopher LILJENSTOLPE , Daniel Kahn Gillmor , sec-ads@tools.ietf.org Subject: Re: [openpgp] Proposed WG charter X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Jun 2015 20:04:28 -0000 --f46d04428f34772e0805177a530a Content-Type: text/plain; charset=UTF-8 On Jun 1, 2015 12:41 PM, "Simon Josefsson" wrote: > > > > BTW, why do you and some others use the term MTI? That term seems > > > to mean mandatory-to-implement and comes from Jabber, to me this > > > sounds very much like MUST (cf. RFC-2119). > > > > The term MTI (Mandatory to Implement) is used to differentiate it > > from MTU (Mandatory to Use). I.e., an MTI algorithm is one that > > you're guaranteed to be ABLE to use, but there is no requirement that > > you actually DO use it. > > I think there is also a possible orthogonal Mandatory to Deploy so you > would have: > > MTI: Code needs to be written > > MTD: Code that was written need to be enabled in deployment > > MTU: Code that was written actually need to be used > > The distinction between the two latter is when a protocol has several > MTD algorithms, which is the typical case. But I don't want to expose this choice to users, any more then signing and encryption ordering. There are real usability and deployment issues that need to get solved, that require changes to what is going on behind the scenes. > > /Simon > > _______________________________________________ > openpgp mailing list > openpgp@ietf.org > https://www.ietf.org/mailman/listinfo/openpgp > --f46d04428f34772e0805177a530a Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable


On Jun 1, 2015 12:41 PM, "Simon Josefsson" <simon@josefsson.org> wrote:
>
> > > BTW, why do you and some others use the term MTI?=C2=A0 That= term seems
> > > to mean mandatory-to-implement and comes from Jabber, to me = this
> > > sounds very much like MUST (cf. RFC-2119).
> >
> > The term MTI (Mandatory to Implement) is used to differentiate it=
> > from MTU (Mandatory to Use).=C2=A0 I.e., an MTI algorithm is one = that
> > you're guaranteed to be ABLE to use, but there is no requirem= ent that
> > you actually DO use it.
>
> I think there is also a possible orthogonal Mandatory to Deploy so you=
> would have:
>
> MTI: Code needs to be written
>
> MTD: Code that was written need to be enabled in deployment
>
> MTU: Code that was written actually need to be used
>
> The distinction between the two latter is when a protocol has several<= br> > MTD algorithms, which is the typical case.

But I don't want to expose this choice to users, any mor= e then signing and encryption ordering. There are real usability and deploy= ment issues that need to get solved, that require changes to what is going = on behind the scenes.
>
> /Simon
>
> _______________________________________________
> openpgp mailing list
> openpgp@ietf.org
> https://www.= ietf.org/mailman/listinfo/openpgp
>

--f46d04428f34772e0805177a530a-- From nobody Tue Jun 2 00:18:45 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 300C01ACD3E for ; Tue, 2 Jun 2015 00:18:41 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.551 X-Spam-Level: X-Spam-Status: No, score=-1.551 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_SE=0.35, SPF_PASS=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AffwIkgF0vsW for ; Tue, 2 Jun 2015 00:18:39 -0700 (PDT) Received: from duva.sjd.se (duva.sjd.se [IPv6:2001:9b0:1:1702::100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C8C0C1ACDF4 for ; Tue, 2 Jun 2015 00:18:35 -0700 (PDT) Received: from latte.josefsson.org ([155.4.17.3]) (authenticated bits=0) by duva.sjd.se (8.14.4/8.14.4/Debian-4) with ESMTP id t527ILhl029990 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT); Tue, 2 Jun 2015 09:18:22 +0200 Date: Tue, 2 Jun 2015 09:18:20 +0200 From: Simon Josefsson To: Watson Ladd Message-ID: <20150602091820.3a59a0c7@latte.josefsson.org> In-Reply-To: References: <20150601141823.797394a1@latte.josefsson.org> <878uc3fsdp.fsf@alice.fifthhorseman.net> <20150601162501.73ec29d8@latte.josefsson.org> <87twursa3j.fsf@vigenere.g10code.de> <87y4k3e6em.fsf@alice.fifthhorseman.net> <87k2vns63e.fsf@vigenere.g10code.de> <87k2vne38q.fsf@alice.fifthhorseman.net> <87d21fs0cx.fsf@vigenere.g10code.de> <20150601214043.3b9928ea@latte.josefsson.org> X-Mailer: Claws Mail 3.11.1 (GTK+ 2.24.25; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; boundary="Sig_/TFQUb_G=6izGdimb7aTawBm"; protocol="application/pgp-signature" X-Virus-Scanned: clamav-milter 0.98.7 at duva.sjd.se X-Virus-Status: Clean Archived-At: Cc: IETF OpenPGP , Derek Atkins , Christopher LILJENSTOLPE , Daniel Kahn Gillmor , sec-ads@tools.ietf.org Subject: Re: [openpgp] Proposed WG charter X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Jun 2015 07:18:41 -0000 --Sig_/TFQUb_G=6izGdimb7aTawBm Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Den Mon, 1 Jun 2015 13:03:56 -0700 skrev Re: [openpgp] Proposed WG charter: > On Jun 1, 2015 12:41 PM, "Simon Josefsson" > wrote: > > > > > > BTW, why do you and some others use the term MTI? That term > > > > seems to mean mandatory-to-implement and comes from Jabber, to > > > > me this sounds very much like MUST (cf. RFC-2119). > > > > > > The term MTI (Mandatory to Implement) is used to differentiate it > > > from MTU (Mandatory to Use). I.e., an MTI algorithm is one that > > > you're guaranteed to be ABLE to use, but there is no requirement > > > that you actually DO use it. > > > > I think there is also a possible orthogonal Mandatory to Deploy so > > you would have: > > > > MTI: Code needs to be written > > > > MTD: Code that was written need to be enabled in deployment > > > > MTU: Code that was written actually need to be used > > > > The distinction between the two latter is when a protocol has > > several MTD algorithms, which is the typical case. >=20 > But I don't want to expose this choice to users, any more then > signing and encryption ordering. There are real usability and > deployment issues that need to get solved, that require changes to > what is going on behind the scenes. Users aren't involved in the two first parts. Users are involved in the MTU step since ultimately they own the authority to chose their preferred algorithm -- assuming the protocol allows more than one choice, of course. How they are involved, i.e., whether implementations expose the choices or not, is an UX issue. Certainly there are challenges there, but I don't see the IETF has a lot to contribute around UX. /Simon --Sig_/TFQUb_G=6izGdimb7aTawBm Content-Type: application/pgp-signature Content-Description: OpenPGP digital signatur -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJVbVi8AAoJEIYLf7sy+BGd2EsH/1ZRkNCER7Se45gm0l2mKuKF psAStU3jkBLCX23Tf/UworzYLvqAnrEhLdAO+uNeZLGHS9QqNh7dt1nj9vdjnIe+ IxOedd8v/+XPZ6Nc4fd5rsgzVfj94fizdEbGBV8+VQo0DHEbMdZLK3CetUEOkjM0 hCIL/Fh40XUXfEdrBWvqiSClVlnHEEGaEGDQLAOFtCVvCtS7rNrSJn5Hz72Td2r7 RkniznWwY8m8LRyQbS0FwIVVRk4zKa9YIgyqt1s+ZADXInHWf+GafYFPoU/i2Mq+ 1gedumcu1dnHfS456+lU8Lt+1/dc1rhxoie1EhMpaaA3ObqYHU3EUL4Rhyfpj1s= =b9mx -----END PGP SIGNATURE----- --Sig_/TFQUb_G=6izGdimb7aTawBm-- From nobody Tue Jun 2 03:43:27 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B576D1A9233 for ; Tue, 2 Jun 2015 03:43:25 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BSNJs2_Ex0s3 for ; Tue, 2 Jun 2015 03:43:24 -0700 (PDT) Received: from virulha.pair.com (virulha.pair.com [209.68.5.166]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0A76D1A9235 for ; Tue, 2 Jun 2015 03:43:23 -0700 (PDT) Received: from tormenta.local (iang.org [209.197.106.187]) by virulha.pair.com (Postfix) with ESMTPSA id BA7C46D84B; Tue, 2 Jun 2015 06:43:21 -0400 (EDT) Message-ID: <556D88C9.3000803@iang.org> Date: Tue, 02 Jun 2015 11:43:21 +0100 From: ianG User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Thunderbird/31.6.0 MIME-Version: 1.0 To: openpgp@ietf.org References: <20150601141823.797394a1@latte.josefsson.org> <878uc3fsdp.fsf@alice.fifthhorseman.net> <20150601162501.73ec29d8@latte.josefsson.org> <87twursa3j.fsf@vigenere.g10code.de> <87y4k3e6em.fsf@alice.fifthhorseman.net> <87k2vns63e.fsf@vigenere.g10code.de> <87k2vne38q.fsf@alice.fifthhorseman.net> <87d21fs0cx.fsf@vigenere.g10code.de> <20150601214043.3b9928ea@latte.josefsson.org> <20150602091820.3a59a0c7@latte.josefsson.org> In-Reply-To: <20150602091820.3a59a0c7@latte.josefsson.org> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit Archived-At: Subject: Re: [openpgp] Proposed WG charter X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Jun 2015 10:43:25 -0000 On 2/06/2015 08:18 am, Simon Josefsson wrote: > Den Mon, 1 Jun 2015 13:03:56 -0700 > >> On Jun 1, 2015 12:41 PM, "Simon Josefsson" >> wrote: >>> >>>>> BTW, why do you and some others use the term MTI? That term >>>>> seems to mean mandatory-to-implement and comes from Jabber, to >>>>> me this sounds very much like MUST (cf. RFC-2119). >>>> >>>> The term MTI (Mandatory to Implement) is used to differentiate it >>>> from MTU (Mandatory to Use). I.e., an MTI algorithm is one that >>>> you're guaranteed to be ABLE to use, but there is no requirement >>>> that you actually DO use it. >>> >>> I think there is also a possible orthogonal Mandatory to Deploy so >>> you would have: >>> >>> MTI: Code needs to be written >>> >>> MTD: Code that was written need to be enabled in deployment >>> >>> MTU: Code that was written actually need to be used >>> >>> The distinction between the two latter is when a protocol has >>> several MTD algorithms, which is the typical case. Interesting, thanks for the explanation! The thing that I would see as being different from MUST and the above three MTx is that the latter (Jabber?) has thought about how to deploy changes. It would seem to imply there is someone somewhere pulling the strings on the puppet to make the migration happen. There is a foundation behind Jabber, maybe that's the puppetmaster. This is something that IETF has shied away from, and OpenPGP is perhaps a leading proponent of not having any institutional push on the choice of crypto. I think the reality of OpenPGP's lifecycle is that we are going to be dealing with legacy implementations and algorithms anyway, and just specifying MUST(s) will probably be sufficient. The challenge is to really get that list down below 3. Beyond that, distinctions such as MTI and MTD are going to be seen as legacy deployment. tl;dr - I suspect we can stick to MUST rather than MTx. >> But I don't want to expose this choice to users, any more then >> signing and encryption ordering. There are real usability and >> deployment issues that need to get solved, that require changes to >> what is going on behind the scenes. I'm with you! > Users aren't involved in the two first parts. Users are involved in > the MTU step since ultimately they own the authority to chose their > preferred algorithm -- assuming the protocol allows more than one > choice, of course. How they are involved, i.e., whether > implementations expose the choices or not, is an UX issue. Certainly > there are challenges there, but I don't see the IETF has a lot to > contribute around UX. Which is a cop out. Users are not typically capable of making that choice, and in the making of that choice, they cause network problems for everyone. Obviously we can give them that choice and wrap it up in some form of crypto-freedom argument, but we can also give them a pencil, paper and a one time pad. The purpose of the system is to deliver security, not crypto-purity, and everything we know about security points to the protocol author making the crypto decisions for them. (But this is an old debate, everyone knows it, and the charter on the ground is moving OpenPGP forward, not recasting it entirely.) iang From nobody Tue Jun 2 05:17:10 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 015641A1B9E for ; Tue, 2 Jun 2015 05:17:09 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.9 X-Spam-Level: X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iPjV2fAbJRtu for ; Tue, 2 Jun 2015 05:17:06 -0700 (PDT) Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [217.69.77.222]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2D4B11A1AA1 for ; Tue, 2 Jun 2015 05:17:06 -0700 (PDT) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.80 #2 (Debian)) id 1Yzl7u-0000H0-MQ for ; Tue, 02 Jun 2015 14:17:02 +0200 Received: from wk by vigenere.g10code.de with local (Exim 4.84 #3 (Debian)) id 1Yzl4V-0002PD-6X; Tue, 02 Jun 2015 14:13:31 +0200 From: Werner Koch To: ianG References: <20150601141823.797394a1@latte.josefsson.org> <878uc3fsdp.fsf@alice.fifthhorseman.net> <20150601162501.73ec29d8@latte.josefsson.org> <87twursa3j.fsf@vigenere.g10code.de> <87y4k3e6em.fsf@alice.fifthhorseman.net> <87k2vns63e.fsf@vigenere.g10code.de> <87k2vne38q.fsf@alice.fifthhorseman.net> <87d21fs0cx.fsf@vigenere.g10code.de> <20150601214043.3b9928ea@latte.josefsson.org> <20150602091820.3a59a0c7@latte.josefsson.org> <556D88C9.3000803@iang.org> Organisation: g10 Code GmbH X-message-flag: Mails containing HTML will not be read! Please send only plain text. OpenPGP: id=F2AD85AC1E42B367; url=finger:wk@g10code.com Mail-Followup-To: ianG , openpgp@ietf.org Date: Tue, 02 Jun 2015 14:13:31 +0200 In-Reply-To: <556D88C9.3000803@iang.org> (iang@iang.org's message of "Tue, 02 Jun 2015 11:43:21 +0100") Message-ID: <878uc2qpec.fsf@vigenere.g10code.de> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Archived-At: Cc: openpgp@ietf.org Subject: Re: [openpgp] Proposed WG charter X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Jun 2015 12:17:09 -0000 On Tue, 2 Jun 2015 12:43, iang@iang.org said: > I think the reality of OpenPGP's lifecycle is that we are going to be > dealing with legacy implementations and algorithms anyway, and just I don't think that "legacy" is an appropriate term here. In contrast to many other protocols (e.g. IP) we need to care about data at rest. There are huge amounts of encrypted or signed data on disks and tapes which eventually need to be decrypted. It might be good to think of OpenPGP data like the tar format and not like http/smtp/xmpp. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From nobody Tue Jun 2 07:32:51 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B85A51ACCED for ; Tue, 2 Jun 2015 07:32:50 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.622 X-Spam-Level: X-Spam-Status: No, score=0.622 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7CQCwmZeemeq for ; Tue, 2 Jun 2015 07:32:48 -0700 (PDT) Received: from mail-la0-x22f.google.com (mail-la0-x22f.google.com [IPv6:2a00:1450:4010:c03::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 60EF91ACCF3 for ; Tue, 2 Jun 2015 07:32:47 -0700 (PDT) Received: by laew7 with SMTP id w7so34923618lae.1 for ; Tue, 02 Jun 2015 07:32:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:content-type; bh=XbCgAEt1DtwKyKqN2JVlpcPghRD4g3aQFn+q0b/+wA4=; b=bCQP8/6kuM2E/oVggW6AsASKeJL8wlfBRFPDrjbDJODM0yV7KgFqIR+1NfJnimsZV0 yWJISr+qNwgqZ397uMYMa0f7xK1l0tcN009I93qigoFeo/iSHTYSdb8kv+Pv+qgSLyK9 zz6nJVezdrbEC4PNi3vMa0Wwfk6oFygaeyPVY0eWMIgiAI1UuES+JtmZoXC4Sv0jQZjr iL19yb1jbpKjtm3OFUOWPu715FIyspgqnmk1QLWwL09EKllqPPs8KLKbySjQybcT3KmR 8TuRpeLLVJ733Qu+YTRZVexLh0OxsW92wsZSaJ3c9L3IFEpMQ09+eQjeu933pi5mnCr6 csGQ== MIME-Version: 1.0 X-Received: by 10.112.156.231 with SMTP id wh7mr22111878lbb.118.1433255565750; Tue, 02 Jun 2015 07:32:45 -0700 (PDT) Sender: hallam@gmail.com Received: by 10.112.203.163 with HTTP; Tue, 2 Jun 2015 07:32:45 -0700 (PDT) In-Reply-To: <87d21fs0cx.fsf@vigenere.g10code.de> References: <20150601141823.797394a1@latte.josefsson.org> <878uc3fsdp.fsf@alice.fifthhorseman.net> <20150601162501.73ec29d8@latte.josefsson.org> <87twursa3j.fsf@vigenere.g10code.de> <87y4k3e6em.fsf@alice.fifthhorseman.net> <87k2vns63e.fsf@vigenere.g10code.de> <87k2vne38q.fsf@alice.fifthhorseman.net> <87d21fs0cx.fsf@vigenere.g10code.de> Date: Tue, 2 Jun 2015 10:32:45 -0400 X-Google-Sender-Auth: OWv4ZVGglw2Wnm_zUjoonQx9AFg Message-ID: From: Phillip Hallam-Baker To: Daniel Kahn Gillmor , Simon Josefsson , IETF OpenPGP , sec-ads@tools.ietf.org, Christopher LILJENSTOLPE Content-Type: multipart/alternative; boundary=001a11c260d2de7876051789d06f Archived-At: Subject: Re: [openpgp] Proposed WG charter X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Jun 2015 14:32:50 -0000 --001a11c260d2de7876051789d06f Content-Type: text/plain; charset=UTF-8 On Mon, Jun 1, 2015 at 3:19 PM, Werner Koch wrote: > On Mon, 1 Jun 2015 19:40, dkg@fifthhorseman.net said: > > > I think i'm still not convinced by this -- can you give an example of > > what kind of confusion you're hoping to avoid? > > Alice reads her 40 hex digit fingerprints on the phone using oldtool; > Bob comapres it using his newtool, which shows a different fingerprint. > Both don't know anything about fingerprint details but have been advised > to compare them character by character. Their conclusion will be that > this is not the right key. > This is a good point that I had not considered earlier but turns out is covered in my UDF proposal which guarantees that the leading digit of a UDF fingerprint is M or S and thus an invalid hex digit :) There are two issues that I believe we should separate: 1) The method of constructing the fingerprint 2) The method of constructing what is fingerprinted. The first can be set in stone for a century or more. The second must be changeable. Right now we are discussing a v5 key packet format. It would be foolish to imagine it is going to be the last. We should expect the key packet format to change albeit infrequently. A new version every ten years or so. We should also expect and encourage people to fork the key packet format if that is necessary for their particular application. I am currently using fingerprints to S/MIME and DNSSEC but I have absolutely no interest in using the OpenPGP format there and I am certain that those communities won't either. This separation is achieved by the construct: UDF = Base32d (H ( + ':' + H (Content))) Lets say that we are working only with OpenPGP keybindings and we are doing OpenPGPv8. We have three different keybindings that we might encounter application/openpgp-keybindingv5 application/openpgp-keybindingv7 application/openpgp-keybindingv8 Easy enough to cycle through all three to see if we have a match. Alternatively, put a version identifier field in the keybinding and we can use just one identifier. The reason I think this is going to matter a lot is because I use fingerprints to specify a root of trust in any identifier. So for example, let us say you want to say 'go to www.example.com validating the entries via the DLV root with fingerprint MB2GK-6DUF5-YGYYL-JNY5E-RWSHZ-SV75J': www.example.com.MB2GK-6DUF5-YGYYL-JNY5E-RWSHZ-SV75J With this type of construct, I can deploy a DNSSEC hierarchy that is entirely under my control. No control for 'non-profits' whose million a year head has told me a stone cold lie to my face. I also want to be able to use strong email addresses for PGP and S/MIME without the user having to know which is going to be used. The PPE Key manager is almost done. Run the keymanager and it will automatically enable Windows Live Mail to use S/MIME to send and receive end-to-end encrypted with absolutely no additional user interaction. Under the covers, we create a new email address, a 'strong' email address of the form: ?@ Where is the fingerprint of a trust root under which the intended recipient's email encryption preferences are set. Obviously, one of those preferences can be 'send S/MIME mail version X encrypted under cert Y'. But I also intend to add 'send OpenPGP mail version P encrypted under key Q'. The point is that the end user does not need to know whether their email client is doing OpenPGP or S/MIME or whatever next gen mail system we do. And so the fingerprint format should not make a commitment to one single specification. I believe we have at minimum two types of content that we want to take fingerprints of: * Code distributions * Keys For keys, I believe there are at least four format families that may be encountered. * OpenPGP * PKIX Certificate / KeyInfo * DNSSEC * Whatever JSON based scheme replaces all the above. So what I think the charter should give as deliverables are: 1) A new Key package format for OpenPGP keys. 2) A fingerprint mechanism that is content neutral with OpenPGP as the initial use case. --001a11c260d2de7876051789d06f Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
On M= on, Jun 1, 2015 at 3:19 PM, Werner Koch <wk@gnupg.org> wrote:
=
On Mon,=C2=A0 1 Jun 2015 19:40, dkg@fifthhorseman.net said:

> I think i'm still not convinced by this -- can you give an example= of
> what kind of confusion you're hoping to avoid?

Alice reads her 40 hex digit fingerprints on the phone using oldtool= ;
Bob comapres it using his newtool, which shows a different fingerprint.
Both don't know anything about fingerprint details but have been advise= d
to compare them character by character.=C2=A0 Their conclusion will be that=
this is not the right key.

This is a go= od point that I had not considered earlier but turns out is covered in my U= DF proposal which guarantees that the leading digit of a UDF fingerprint is= M or S and thus an invalid hex digit :)

There are= two issues that I believe we should separate:

1) The method of constructing the fingerprint

2) The method of constructing what is fingerprinted.

=
The first can be set in stone for a century or more. The second = must be changeable.


Right now we ar= e discussing a v5 key packet format. It would be foolish to imagine it is g= oing to be the last. We should expect the key packet format to change albei= t infrequently. A new version every ten years or so.=C2=A0

We should also expect and encourage people to fork the key packet = format if that is necessary for their particular application. I am currentl= y using fingerprints to S/MIME and DNSSEC but I have absolutely no interest= in using the OpenPGP format there and I am certain that those communities = won't either.

This separation is achieved by t= he construct:

UDF =3D Base32d (H ( <Content-Typ= e> + ':' + H (Content)))


Lets say that we are working only with OpenPGP keybindings and we are doin= g OpenPGPv8. We have three different keybindings that we might encounter

application/openpgp-keybindingv5
applicati= on/openpgp-keybindingv7
application/openpgp-keybindingv8
<= /div>

Easy enough to cycle through all three to see if w= e have a match.

Alternatively, put a version ident= ifier field in the keybinding and we can use just one identifier.


The reason I think this is going to matter a= lot is because I use fingerprints to specify a root of trust in any identi= fier. So for example, let us say you want to say 'go to www.example.com validating the entries via the DLV = root with fingerprint=C2=A0MB2GK-6DUF5-YGYYL-JNY5E-RWSHZ-SV75J':
<= div>
www.example.com.MB2GK-6DUF5-YGYYL-JNY5E-RWSHZ-SV75J

With this type of construct, I can deploy a DNSSEC hie= rarchy that is entirely under my control. No control for 'non-profits&#= 39; whose million a year head has told me a stone cold lie to my face.=C2= =A0


I also want to be able to use s= trong email addresses for PGP and S/MIME without the user having to know wh= ich is going to be used.

The PPE Key manager is al= most done. Run the keymanager and it will automatically enable Windows Live= Mail to use S/MIME to send and receive end-to-end encrypted with absolutel= y no additional user interaction.=C2=A0

Under the = covers, we create a new email address, a 'strong' email address of = the form:

<fingerprint>?<username>@<= ;domain-name>

Where <fingerprint> is the = fingerprint of a trust root under which the intended recipient's email = encryption preferences are set. Obviously, one of those preferences can be = 'send S/MIME mail version X encrypted under cert Y'. But I also int= end to add 'send OpenPGP mail version P encrypted under key Q'.

The point is that the end user does not need to know = whether their email client is doing OpenPGP or S/MIME or whatever next gen = mail system we do. And so the fingerprint format should not make a commitme= nt to one single specification.


I b= elieve we have at minimum two types of content that we want to take fingerp= rints of:

* Code distributions
* Keys


For keys, I believe there are at leas= t four format families that may be encountered.

* = OpenPGP
* PKIX Certificate / KeyInfo
* DNSSEC
* Whatever JSON based scheme replaces all the above.

<= div>
So what I think the charter should give as deliverables = are:

1) A new Key package format for OpenPGP keys.=
2) A fingerprint mechanism that is content neutral with OpenPGP = as the initial use case.



=

--001a11c260d2de7876051789d06f-- From nobody Tue Jun 2 14:17:23 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4D74D1B30A6 for ; Tue, 2 Jun 2015 14:17:22 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Urx3Xpp_uv_4 for ; Tue, 2 Jun 2015 14:17:20 -0700 (PDT) Received: from virulha.pair.com (virulha.pair.com [209.68.5.166]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D0AFC1B309B for ; Tue, 2 Jun 2015 14:17:20 -0700 (PDT) Received: from tormenta.local (iang.org [209.197.106.187]) by virulha.pair.com (Postfix) with ESMTPSA id EA0416D7AF; Tue, 2 Jun 2015 17:17:18 -0400 (EDT) Message-ID: <556E1D5C.8070101@iang.org> Date: Tue, 02 Jun 2015 22:17:16 +0100 From: ianG User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Thunderbird/31.6.0 MIME-Version: 1.0 To: openpgp@ietf.org References: <20150601141823.797394a1@latte.josefsson.org> <878uc3fsdp.fsf@alice.fifthhorseman.net> <20150601162501.73ec29d8@latte.josefsson.org> <87twursa3j.fsf@vigenere.g10code.de> <87y4k3e6em.fsf@alice.fifthhorseman.net> <87k2vns63e.fsf@vigenere.g10code.de> <87k2vne38q.fsf@alice.fifthhorseman.net> <87d21fs0cx.fsf@vigenere.g10code.de> <20150601214043.3b9928ea@latte.josefsson.org> <20150602091820.3a59a0c7@latte.josefsson.org> <556D88C9.3000803@iang.org> <878uc2qpec.fsf@vigenere.g10code.de> In-Reply-To: <878uc2qpec.fsf@vigenere.g10code.de> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit Archived-At: Subject: Re: [openpgp] Proposed WG charter X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Jun 2015 21:17:22 -0000 On 2/06/2015 13:13 pm, Werner Koch wrote: > On Tue, 2 Jun 2015 12:43, iang@iang.org said: > >> I think the reality of OpenPGP's lifecycle is that we are going to be >> dealing with legacy implementations and algorithms anyway, and just > > I don't think that "legacy" is an appropriate term here. In contrast to > many other protocols (e.g. IP) we need to care about data at rest. > There are huge amounts of encrypted or signed data on disks and tapes > which eventually need to be decrypted. Good point. > It might be good to think of OpenPGP data like the tar format and not > like http/smtp/xmpp. Which really does put the point on cipher suite choices. We should be thinking in terms of decades ahead. I wonder if implementations could add a re-encrypt mode to bring old archives into the new formats? iang From nobody Wed Jun 3 15:59:03 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E0C5D1B3018 for ; Wed, 3 Jun 2015 15:59:02 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 1.3 X-Spam-Level: * X-Spam-Status: No, score=1.3 tagged_above=-999 required=5 tests=[BAYES_50=0.8, HTML_MESSAGE=0.001, MIME_BAD_LINEBREAK=0.5, SPF_PASS=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IicdtNoGDYka for ; Wed, 3 Jun 2015 15:59:01 -0700 (PDT) Received: from smtp5.emailarray.com (smtp5.emailarray.com [65.39.216.39]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7BB771B300A for ; Wed, 3 Jun 2015 15:59:01 -0700 (PDT) Received: (qmail 97946 invoked by uid 89); 3 Jun 2015 22:58:59 -0000 Received: from unknown (HELO ?127.0.0.1?) (Y2RsQGFzZ2FhcmQub3JnQDU0LjE3NS4xODkuMjI0) (POLARISLOCAL) by smtp5.emailarray.com with (DHE-RSA-AES256-SHA encrypted) SMTP; 3 Jun 2015 22:58:59 -0000 Content-Type: multipart/alternative; boundary="----sinikael-?=_1-14333723378810.48956991103477776" From: christopher liljenstolpe To: Daniel Kahn Gillmor In-Reply-To: <878uc3fsdp.fsf@alice.fifthhorseman.net> References: <20150601141823.797394a1@latte.josefsson.org> <878uc3fsdp.fsf@alice.fifthhorseman.net> Date: Wed, 03 Jun 2015 15:58:56 -0700 X-Cm-Message-Id: 1433372337803046b4c519f806dbadf3669c2093b2fb8a7f556f86b1c4197119703489 X-Cm-Draft-Id: WyJhIiwxLCJkcmFmdF9pZCIsMTQzMzM3MjMzNjMyNiwidiIsMV0= X-Mailer: CloudMagic Message-Id: <1433372338751-a71d2150-d71d6257-7eaa84c8@asgaard.org> MIME-Version: 1.0 X-PolarisMail-Flags: x Archived-At: Cc: Simon Josefsson , IETF OpenPGP , sec-ads@tools.ietf.org, Christopher LILJENSTOLPE Subject: Re: [openpgp] Proposed WG charter X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Jun 2015 22:59:03 -0000 ------sinikael-?=_1-14333723378810.48956991103477776 Content-Type: text/plain; format=flowed Content-Transfer-Encoding: 7bit those seem like reasonable issues to identify. Daniel, do you want to edit the gist, and send me a pull? On Mon, Jun 01, 2015 at 6:52 AM, Daniel Kahn Gillmor < dkg@fifthhorseman.net [dkg@fifthhorseman.net] > wrote: On Mon 2015-06-01 08:18:23 -0400, Simon Josefsson wrote: > Good starting point. It looks rather open ended when it comes to the > actual issues with RFC 4880 though. Can you mention at least five > top-priority issues in RFC 4880 that needs to be adressed? This would > tighten the scope a bit, without limiting ability to adress other > issues. I think it would only tighten the scope if we *did* prohibit addressing any un-mentioned issues, and i'd rather not commit to something with that kind of wording. OTOH, having some explicit targets listed here (without limiting the work to those targets) would help the group to make sure that 4880bis did cover the relevant ground. Simon, if you had to list items that you thought were "must-haves", which would they be? Some highlights I'd go for (needs wordsmithing, just brainstorming here, and not in any particular order): * inclusion of the CFRG elliptic curves * proper AEAD symmetric crypto * updated mandatory-to-implement algorithms * updated fingerprints I'm not sure they need to be in the charter, but if there's a general sense from the group that they should be, and a prompt proposal for the language change, i have no objection to including them. --dkg ------sinikael-?=_1-14333723378810.48956991103477776 Content-Type: text/html; format=flowed Content-Transfer-Encoding: 7bit

those seem like reasonable issues to identify.  Daniel, do you want to edit the gist, and send me a pull?

On Mon, Jun 01, 2015 at 6:52 AM, Daniel Kahn Gillmor <dkg@fifthhorseman.net> wrote:

On Mon 2015-06-01 08:18:23 -0400, Simon Josefsson wrote:
> Good starting point.  It looks rather open ended when it comes to the
> actual issues with RFC 4880 though.  Can you mention at least five
> top-priority issues in RFC 4880 that needs to be adressed?  This would
> tighten the scope a bit, without limiting ability to adress other
> issues.

I think it would only tighten the scope if we *did* prohibit addressing
any un-mentioned issues, and i'd rather not commit to something with
that kind of wording.

OTOH, having some explicit targets listed here (without limiting the
work to those targets) would help the group to make sure that 4880bis
did cover the relevant ground.

Simon, if you had to list items that you thought were "must-haves",
which would they be?

Some highlights I'd go for (needs wordsmithing, just brainstorming here,
and not in any particular order):

* inclusion of the CFRG elliptic curves

* proper AEAD symmetric crypto

* updated mandatory-to-implement algorithms

* updated fingerprints

I'm not sure they need to be in the charter, but if there's a general
sense from the group that they should be, and a prompt proposal for the
language change, i have no objection to including them.

     --dkg

------sinikael-?=_1-14333723378810.48956991103477776-- From nobody Wed Jun 3 17:34:47 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 266CC1B30DA for ; Wed, 3 Jun 2015 17:34:46 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.6 X-Spam-Level: X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VVIosImuOncU for ; Wed, 3 Jun 2015 17:34:44 -0700 (PDT) Received: from smtp4.emailarray.com (smtp4.emailarray.com [65.39.216.22]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 335171B30D8 for ; Wed, 3 Jun 2015 17:34:43 -0700 (PDT) Received: (qmail 11153 invoked by uid 89); 4 Jun 2015 00:34:40 -0000 Received: from unknown (HELO ?204.29.149.93?) (Y2RsQGFzZ2FhcmQub3JnQDUwLjc2LjM0LjE4NQ==) (POLARISLOCAL) by smtp4.emailarray.com with (DHE-RSA-AES256-SHA encrypted) SMTP; 4 Jun 2015 00:34:39 -0000 From: "Christopher LILJENSTOLPE" To: "Peter Pentchev" Date: Wed, 03 Jun 2015 17:34:34 -0700 Message-ID: <31D91FD1-610E-4461-A4B4-0E89FD12D455@cdl.asgaard.org> In-Reply-To: <20150531100026.GA3191@straylight.m.ringlet.net> References: <20150531100026.GA3191@straylight.m.ringlet.net> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=_MailMate_FCDA64C9-329B-4CFB-A4F8-CA9C4FB24043_="; micalg=pgp-sha1; protocol="application/pgp-signature" X-Clacks-Overhead: GNU Terry Pratchett X-Mailer: MailMate (1.9.1r5084) X-PolarisMail-Flags: x Archived-At: Cc: IETF OpenPGP , sec-ads@tools.ietf.org, Daniel Kahn Gillmor Subject: Re: [openpgp] Proposed WG charter X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Jun 2015 00:34:46 -0000 This is an OpenPGP/MIME signed message (RFC 3156 and 4880). --=_MailMate_FCDA64C9-329B-4CFB-A4F8-CA9C4FB24043_= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Greetings, On 31 May 2015, at 3:00, Peter Pentchev wrote: > On Sat, May 30, 2015 at 08:28:18PM -0700, Christopher LILJENSTOLPE wrot= e: >> Greetings, >> >> Here's a first cut of the charter. We'd like to get this process >> started ASAP, so please make any comments, suggestions as soon as >> possible. > [snip] >> >> The Working Group will perform the following work >> ------------------------------------------------- >> >> Revise RFC4880 >> >> Other work may be entertained by the working group as long as it does >> not interfere with the completion of the RFC4880 revision. As the >> revision of RFC4880 is primary goal of the working group, and other >> work... > > Just a very, very minor comment: is this supposed to be "any other work= " > instead of "and"? If we were to do that, I would think it would be and any, rather than any= =2E However, I read "and any other" as more permissive than "and other" Christopher > >> ...will also not unduly delay the closure of the working group >> after the revision is finished (unless the working group is >> rechartered). > > G'luck, > Peter > > -- = > Peter Pentchev roam@ringlet.net roam@FreeBSD.org p.penchev@storpool.co= m > PGP key: http://people.FreeBSD.org/~roam/roam.key.asc > Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13 -- = =E6=9D=8E=E6=9F=AF=E7=9D=BF Avt tace, avt loqvere meliora silentio Check my PGP key here: http://www.asgaard.org/cdl/cdl.asc Current vCard here: http://www.asgaard.org/cdl/cdl.vcf keybase: https://keybase.io/liljenstolpe --=_MailMate_FCDA64C9-329B-4CFB-A4F8-CA9C4FB24043_= Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJVb50aAAoJEGmx2Mt/+Iw/TX4IAIEeFVp1s7MlwZzqUDsmMLTL uw+2GVdkACvC/Bo5YOYGrIPoVlSwZD8ORfoc9S35UL7+LIHV8VnCh35itKxz3EoP 3PizIJtQrw8hehcN8Mi9ubyk2Emh3qCmmcH+dhVWGMuZyUxt7KUKqIxS+cY9V8fE FPo2jeFWx7OZG4zCzQCv6ls/aPkrzgySV6sPXGOtdSCLDgTfPEaPOYuQ3uNLD0k/ jsr++gw6CA1LNvQ7LhjLyOrAypNdyv1v/bsxdhSPsHS/VWZcTaCjidMYPypwQg13 CKw6z1yTEEGLbiPio81+v5CbG1Rhvr7DNI3padZQ2UaBnJs14cc4kalLQaWOiIE= =pNAS -----END PGP SIGNATURE----- --=_MailMate_FCDA64C9-329B-4CFB-A4F8-CA9C4FB24043_=-- From nobody Wed Jun 3 17:36:51 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 290D91B30DD for ; Wed, 3 Jun 2015 17:36:50 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sPI_K34PBpcg for ; Wed, 3 Jun 2015 17:36:48 -0700 (PDT) Received: from smtp6.emailarray.com (smtp6.emailarray.com [65.39.216.46]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CB0971B30DC for ; Wed, 3 Jun 2015 17:36:47 -0700 (PDT) Received: (qmail 64522 invoked by uid 89); 4 Jun 2015 00:36:46 -0000 Received: from unknown (HELO ?204.29.149.93?) (Y2RsQGFzZ2FhcmQub3JnQDUwLjc2LjM0LjE4NQ==) (POLARISLOCAL) by smtp6.emailarray.com with (DHE-RSA-AES256-SHA encrypted) SMTP; 4 Jun 2015 00:36:46 -0000 From: "Christopher LILJENSTOLPE" To: "Stephen Farrell" Date: Wed, 03 Jun 2015 17:36:35 -0700 Message-ID: In-Reply-To: <556C5259.1090007@cs.tcd.ie> References: <556C5259.1090007@cs.tcd.ie> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=_MailMate_BD5BA3C4-5592-4E39-93B2-704464E9659B_="; micalg=pgp-sha1; protocol="application/pgp-signature" X-Clacks-Overhead: GNU Terry Pratchett X-Mailer: MailMate (1.9.1r5084) X-PolarisMail-Flags: x Archived-At: Cc: IETF OpenPGP , sec-ads@tools.ietf.org, Daniel Kahn Gillmor Subject: Re: [openpgp] Proposed WG charter X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Jun 2015 00:36:50 -0000 This is an OpenPGP/MIME signed message (RFC 3156 and 4880). --=_MailMate_BD5BA3C4-5592-4E39-93B2-704464E9659B_= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Greetings, Sorry about the silence for the last two days - out on a few day holiday= =2E On 1 Jun 2015, at 5:38, Stephen Farrell wrote: > FWIW, I like it. Just tell me when you're happy folks on > the list are happy and I'll start the formal chartering ball > rolling. > > Be good to do that in the next week or so if you want to > be a WG and schedule a session at the next IETF in Prague. > > I'm fine as well if you don't want to meet there though, > as the charter itself notes, so no need to rush if you > don't wanna. But if you do want to meet f2f in Prague, > getting the session request in before June 11 is what's > needed. (It'd appear as a pseudo-BoF as we're a WG in the > process of forming now.) I am not sure I'm going to be in Prague, although if the group wants to m= eet, that would prod me a bit more. What do we think, do we want a meeti= ng in Prague, or do we want to start on the list? Christopher > > Cheers, > S. > > On 31/05/15 04:28, Christopher LILJENSTOLPE wrote: >> Greetings, >> >> Here's a first cut of the charter. We'd like to get this process st= arted ASAP, so please make any comments, suggestions as soon as possible.= >> >> It's also available as a gist https://gist.github.com/liljenstolpe/a4= a45477d1b89ea45e09 >> >> >> Christopher >> >> >> An Open Specification for Pretty Good Privacy (openpgp) >> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D >> >> Charter >> ------- >> >> Chairs: >> Christopher Liljenstolpe >> Daniel Kahn Gillmor >> >> Security Area Directors: >> Stephen Farrell >> Kathleen Moriarty >> >> Security Area Advisor: >> Stephen Farrell >> >> Mailing Lists: >> To Subscribe: https://www.ietf.org/mailman/listinfo/openpgp >> Archive: http://www.ietf.org/mail-archive/web/openpgp/ >> >> Description of Working Group >> ---------------------------- >> >> OpenPGP is an Internet standard that covers object encryption, object >> signing, and identity certification. These were defined by the first >> incarnation of the OpenPGP working group. >> >> The following is an excerpt from the charter of the original >> incarnation of the openpgp working group >> >>> The goal of the OpenPGP working group is to provide IETF standards >>> for the algorithms and formats of PGP processed objects as well as >>> providing the MIME framework for exchanging them via e-mail or other >>> transport protocols. >> >> The working group concluded this work and was closed in March >> of 2008. In the intervening period, there has been a rough consensus >> reached that the RFC that defined the IETF openpgp standard, RFC4880, >> is in need of revision. >> >> This incarnation of the working group is chartered to primarily >> produce a revision of RFC4880 to address issues that have been >> identified by the community since the working group was originally >> closed. >> >> The Working Group will perform the following work >> ------------------------------------------------- >> >> Revise RFC4880 >> >> Other work may be entertained by the working group as long as it does >> not interfere with the completion of the RFC4880 revision. As the >> revision of RFC4880 is primary goal of the working group, and other >> work will also not unduly delay the closure of the working group >> after the revision is finished (unless the working group is >> rechartered). >> >> Working Group Process >> --------------------- >> >> The working group will endeavor to complete most if not all of its >> work online on the working group's mailing list. We expect that the >> requirement for face-to-face sessions at IETF meetings to be minimal. >> >> Furthermore, the working group will accept no ID's as working group >> items unless there is a review by at least two un-interested parties >> of the ID as part of the acceptance process. >> >> >> Goals and Milestones >> -------------------- >> >> July 2016: Deliver an RFC 4880bis WG ID to the RFC editor >> >> >> >> >> >> >> >> >> _______________________________________________ >> openpgp mailing list >> openpgp@ietf.org >> https://www.ietf.org/mailman/listinfo/openpgp >> -- = =E6=9D=8E=E6=9F=AF=E7=9D=BF Avt tace, avt loqvere meliora silentio Check my PGP key here: http://www.asgaard.org/cdl/cdl.asc Current vCard here: http://www.asgaard.org/cdl/cdl.vcf keybase: https://keybase.io/liljenstolpe --=_MailMate_BD5BA3C4-5592-4E39-93B2-704464E9659B_= Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJVb52TAAoJEGmx2Mt/+Iw/qtoH/0w5eiQJLcYciXdkMWkkUHeo IlwBXwqDAaqZB2vBHe01HwD3SmRVAF+pEW+CFR3yTRVKHbb5B/mVVFeOFA3a7YCC 90aZXn13w4n/GAckI14SsM5qtv0xGRfnwA/QqaFl560dAq8/hi69+CUeQ5AFcKGV uKfRP2MblwIymcZIETPvlqiHCbXAf4DYo4DGlorvIpirJP9eE0Y13a/HVU3AHJN6 h4oWNQvCnKtgpgKsQ2oDjd8WVpx0lzdlWle2MOBSD/A1ZlZTn2WKaX4F/o6I2gVB WDG0/ZJepBaj7rK02xJB7gy+to6OX8K+nCR3B6xGnP4xOwgU7uvKqn4lC9MzbmU= =OUrL -----END PGP SIGNATURE----- --=_MailMate_BD5BA3C4-5592-4E39-93B2-704464E9659B_=-- From nobody Wed Jun 3 17:58:40 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B1471B30F1 for ; Wed, 3 Jun 2015 17:58:39 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.6 X-Spam-Level: X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6RlW60mlO5Jh for ; Wed, 3 Jun 2015 17:58:37 -0700 (PDT) Received: from smtp1.emailarray.com (smtp1.emailarray.com [65.39.216.14]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E0AA01B30F6 for ; Wed, 3 Jun 2015 17:58:36 -0700 (PDT) Received: (qmail 48398 invoked by uid 89); 4 Jun 2015 00:58:35 -0000 Received: from unknown (HELO ?204.29.149.93?) (Y2RsQGFzZ2FhcmQub3JnQDUwLjc2LjM0LjE4NQ==) (POLARISLOCAL) by smtp1.emailarray.com with (DHE-RSA-AES256-SHA encrypted) SMTP; 4 Jun 2015 00:58:35 -0000 From: "Christopher LILJENSTOLPE" To: "IETF OpenPGP" Date: Wed, 03 Jun 2015 17:58:32 -0700 Message-ID: <90EFE8AE-B8E4-42E7-8FED-8485E7857C15@cdl.asgaard.org> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=_MailMate_F43B5AE0-6413-4507-BAAA-9B9079804DA3_="; micalg=pgp-sha1; protocol="application/pgp-signature" X-Clacks-Overhead: GNU Terry Pratchett X-Mailer: MailMate (1.9.1r5084) X-PolarisMail-Flags: Archived-At: Cc: sec-ads@tools.ietf.org, Daniel Kahn Gillmor Subject: [openpgp] Second draft of the charter X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Jun 2015 00:58:39 -0000 This is an OpenPGP/MIME signed message (RFC 3156 and 4880). --=_MailMate_F43B5AE0-6413-4507-BAAA-9B9079804DA3_= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Greetings, Some tweaks based on the comments. Please review ASAP, We would like to = have Simon start the ball before the weekend. Can we also decide if we want to meet in Prague or not ASAP? https://gist.github.com/liljenstolpe/a4a45477d1b89ea45e09 Thx Christopher An Open Specification for Pretty Good Privacy (openpgp) =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D Charter ------- Chairs: Christopher Liljenstolpe Daniel Kahn Gillmor Security Area Directors: Stephen Farrell Kathleen Moriarty Security Area Advisor: Stephen Farrell Mailing Lists: To Subscribe: https://www.ietf.org/mailman/listinfo/openpgp Archive: http://www.ietf.org/mail-archive/web/openpgp/ Description of Working Group ---------------------------- OpenPGP is an Internet standard that covers object encryption, object signing, and identity certification. These were defined by the first incarnation of the OpenPGP working group. The following is an excerpt from the charter of the original incarnation of the openpgp working group > The goal of the OpenPGP working group is to provide IETF standards > for the algorithms and formats of PGP processed objects as well as > providing the MIME framework for exchanging them via e-mail or other > transport protocols. The working group concluded this work and was closed in March of 2008. In the intervening period, there has been a rough consensus reached that the RFC that defined the IETF openpgp standard, RFC4880, is in need of revision. This incarnation of the working group is chartered to primarily produce a revision of RFC4880 to address issues that have been identified by the community since the working group was originally closed. Some of the revisions might include, but are not limited to: * inclusion of the CFRG elliptic curves * proper AEAD symmetric crypto * updated mandatory-to-implement algorithms * updated fingerprints The Working Group will perform the following work ------------------------------------------------- Revise RFC4880 Other work may be entertained by the working group as long as it does not interfere with the completion of the RFC4880 revision. As the revision of RFC4880 is the primary goal of the working group, other work may be undertaken, so long as: 1. Will not unduly delay the closure of the working group after the revision is finished (unless the working group is rechartered). 2. Has widespread support in the working group. Working Group Process --------------------- The working group will endeavor to complete most if not all of its work online on the working group's mailing list. We expect that the requirement for face-to-face sessions at IETF meetings to be minimal. Furthermore, the working group will accept no ID's as working group items unless there is a review by at least two un-interested parties of the ID as part of the acceptance process. Goals and Milestones -------------------- 1. September 2016: Working Group (rough) consensus on the necessary updates to RFC4880. 2. February 2016: First wg-id for RFC4880bis. 3. July 2016: RFC4880bis wg-id final call. -- = =E6=9D=8E=E6=9F=AF=E7=9D=BF Avt tace, avt loqvere meliora silentio Check my PGP key here: http://www.asgaard.org/cdl/cdl.asc Current vCard here: http://www.asgaard.org/cdl/cdl.vcf keybase: https://keybase.io/liljenstolpe --=_MailMate_F43B5AE0-6413-4507-BAAA-9B9079804DA3_= Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJVb6K4AAoJEGmx2Mt/+Iw/QXQIAIGBEDT/XKzA5d2V2XdWK82h DYVAiJ/CgxTjxwllj5q8GJIzL6W99txT4k2yyHmuAcZMtzn+mMLz2Yi3f2oVHNdK qh3sw4hCCrEaD9cZsdqL7oTxyJI7T3mbqvUaKwuOXA49fcNSYPzxi1zdOXcHP+01 bC8AM8TDzkwGCFoL9C0gDTrJZ0AS+FWrMkieDTIRKsQh0pMSMZo7hO1v/groThlw S+sNKey0ueU5zerkwYUqM35h2THjBrHWVjxIEWdsnRibWhkdjXV3+JHT/kgmpLN/ V20k5hS4pY0OKM028TKTQsInNTFxpTLG8GPlPVSXoNN1LxYhfZLe46xtzUhjYNo= =VUhS -----END PGP SIGNATURE----- --=_MailMate_F43B5AE0-6413-4507-BAAA-9B9079804DA3_=-- From nobody Wed Jun 3 18:18:22 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5F44A1B311E for ; Wed, 3 Jun 2015 18:18:21 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BQgujKyAdT1Y for ; Wed, 3 Jun 2015 18:18:19 -0700 (PDT) Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by ietfa.amsl.com (Postfix) with ESMTP id BC5311B3115 for ; Wed, 3 Jun 2015 18:18:19 -0700 (PDT) Received: from fifthhorseman.net (unknown [38.109.115.130]) by che.mayfirst.org (Postfix) with ESMTPSA id DED0BF984; Wed, 3 Jun 2015 21:18:17 -0400 (EDT) Received: by fifthhorseman.net (Postfix, from userid 1000) id 9094720139; Wed, 3 Jun 2015 21:18:05 -0400 (EDT) From: Daniel Kahn Gillmor To: Christopher LILJENSTOLPE , Stephen Farrell In-Reply-To: References: <556C5259.1090007@cs.tcd.ie> User-Agent: Notmuch/0.20.1 (http://notmuchmail.org) Emacs/24.4.1 (x86_64-pc-linux-gnu) Date: Wed, 03 Jun 2015 21:18:02 -0400 Message-ID: <87sia846gl.fsf@alice.fifthhorseman.net> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Archived-At: Cc: IETF OpenPGP , sec-ads@tools.ietf.org Subject: Re: [openpgp] Proposed WG charter X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Jun 2015 01:18:21 -0000 --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Wed 2015-06-03 20:36:35 -0400, Christopher LILJENSTOLPE wrote: > I am not sure I'm going to be in Prague, although if the group wants > to meet, that would prod me a bit more. What do we think, do we want > a meeting in Prague, or do we want to start on the list? Well, we're already started on the list. :) i think offering a meeting in Prague sounds reasonable if enough people will be present and interested, and if there are specific agenda items we want to have in-person discussion on. No hard decisions would be made in-person -- it would be information-gathering (and hopefully consensus-building), with the results sent back to the mailing list for review. Are there other folks on the list who plan to be in Prague who would like to meet?=20=20 Three things i think would be useful for in-person discussion, if we have concrete proposals to review would be: * ECDH for 25519 * signalling mechanisms for the use of a revised AEAD symmetric cipher * Fingerprint content and representations Do people have any proposed agenda items? --dkg --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQJ8BAEBCgBmBQJVb6dKXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFQjk2OTEyODdBN0FEREUzNzU3RDkxMUVB NTI0MDFCMTFCRkRGQTVDAAoJEKUkAbEb/fpcYEoP/1mUwUuWOVonK1zJOHbNcPpi S/rwn7fq76c2SMykJ3dwuK6YhFunBBT+6608di0i5TW07LiEDHQNbrrImm7Y3CO8 Tu7ulD7dnwev5ygxACMlIAnWDqvdF/0Mh3VJGJMi7HmRR5/sJrBHcqKKSS8zfbwu sFQpFdC/mrJ86PCTZn8W5oFiR0QPHa/Ugs33iV29Tto+bkX4sLZtC0gukoddqADb QYu7icQSV2imY+1bJOzMkjGpX8B1rfuE9PZVjEswbwzaOEob30JbnA7dbqDZkcq0 rtfdIxm2onLEY+4b5lLa9eViEZHL3docPFZavre8gzlA2fsWnfihm1Vb5SJZ/ZXP U3PXIt2k3wqdaueMnGE7z4SbxAymyIcmdPfvbzRrsn6RlYDnFRKYzC7CMzwxV+RC kSD+vbqWXN0E/LW/jZuhFNwg8jDUBaHnqzwbFtDAsjIxU1bjcikLL4iswAF1fkCP dWapuU78g+bMlZYpWZrZKH7wS+lesV/W83rrMCm1CCpPDfwgLlJnusMGy5USLG9F vjnlOEx/T0FnEfTJ7ybodBB4bGwpXzK/HMDsL2M3qWe8XDkzwDcVIp4XmB6uR/+N VPa1JGJLtecP5Mo0qnzJTm2dIWYMAhjL7s/H6nlElTpDcZQhb0wh2PE4XFLGtHvK onCMYeGzR1u0vgn/4Wri =cPhB -----END PGP SIGNATURE----- --=-=-=-- From nobody Wed Jun 3 18:47:06 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 94B211B315E for ; Wed, 3 Jun 2015 18:47:05 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bCs0Z4aM-gas for ; Wed, 3 Jun 2015 18:47:04 -0700 (PDT) Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by ietfa.amsl.com (Postfix) with ESMTP id 13CB81B3154 for ; Wed, 3 Jun 2015 18:47:04 -0700 (PDT) Received: from fifthhorseman.net (unknown [38.109.115.130]) by che.mayfirst.org (Postfix) with ESMTPSA id CF552F984; Wed, 3 Jun 2015 21:47:01 -0400 (EDT) Received: by fifthhorseman.net (Postfix, from userid 1000) id E5D081FF5D; Wed, 3 Jun 2015 21:46:39 -0400 (EDT) From: Daniel Kahn Gillmor To: christopher liljenstolpe In-Reply-To: <1433372338751-a71d2150-d71d6257-7eaa84c8@asgaard.org> References: <20150601141823.797394a1@latte.josefsson.org> <878uc3fsdp.fsf@alice.fifthhorseman.net> <1433372338751-a71d2150-d71d6257-7eaa84c8@asgaard.org> User-Agent: Notmuch/0.20.1 (http://notmuchmail.org) Emacs/24.4.1 (x86_64-pc-linux-gnu) Date: Wed, 03 Jun 2015 21:46:39 -0400 Message-ID: <87mw0g454w.fsf@alice.fifthhorseman.net> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" Archived-At: Cc: Simon Josefsson , IETF OpenPGP , sec-ads@tools.ietf.org, Christopher LILJENSTOLPE Subject: Re: [openpgp] Proposed WG charter X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Jun 2015 01:47:05 -0000 --=-=-= Content-Type: text/plain On Wed 2015-06-03 18:58:56 -0400, christopher liljenstolpe wrote: > those seem like reasonable issues to identify. Daniel, do you want to > edit the gist, and send me a pull? It's not clear to me how to give you a pull request on a gist via github's interface. I just mailed you a wordsmithing patch, which i'm also including here. Regards, --dkg --=-=-= Content-Type: text/x-diff Content-Disposition: inline; filename=0001-wordsmithing.patch >From 7b367bdf517820bc97ef6d348d4c728e36148e5f Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Wed, 3 Jun 2015 21:03:15 -0400 Subject: [PATCH] wordsmithing --- openpgp-charter.md | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/openpgp-charter.md b/openpgp-charter.md index 1617533..263a29a 100644 --- a/openpgp-charter.md +++ b/openpgp-charter.md @@ -44,15 +44,17 @@ produce a revision of RFC4880 to address issues that have been identified by the community since the working group was originally closed. -Some of the revisions might include, but are not limited to: +These revisions will include, but are not limited to: -* inclusion of the CFRG elliptic curves +* Inclusion of elliptic curves recommended by the CFRG -* proper AEAD symmetric crypto +* A symmetric encryption mechanism that offers modern message + integrity protection (e.g. AEAD) -* updated mandatory-to-implement algorithms +* Revision of mandatory-to-implement algorithm selection and + deprecation of weak algorithms -* updated fingerprints +* An updated public-key fingerprint mechanism The Working Group will perform the following work ------------------------------------------------- -- 2.1.4 --=-=-=-- From nobody Thu Jun 4 01:42:08 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0673B1B2F5E for ; Thu, 4 Jun 2015 01:42:08 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oIw_usQ24vnz for ; Thu, 4 Jun 2015 01:42:06 -0700 (PDT) Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 40E9C1B2F54 for ; Thu, 4 Jun 2015 01:42:06 -0700 (PDT) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.80 #2 (Debian)) id 1Z0Qiy-0007Q8-3U for ; Thu, 04 Jun 2015 10:42:04 +0200 Received: from wk by vigenere.g10code.de with local (Exim 4.84 #3 (Debian)) id 1Z0QcX-0001ac-DJ; Thu, 04 Jun 2015 10:35:25 +0200 From: Werner Koch To: christopher liljenstolpe References: <20150601141823.797394a1@latte.josefsson.org> <878uc3fsdp.fsf@alice.fifthhorseman.net> <1433372338751-a71d2150-d71d6257-7eaa84c8@asgaard.org> Organisation: g10 Code GmbH X-message-flag: Mails containing HTML will not be read! Please send only plain text. OpenPGP: id=F2AD85AC1E42B367; url=finger:wk@g10code.com Mail-Followup-To: christopher liljenstolpe , Daniel Kahn Gillmor , Simon Josefsson , IETF OpenPGP , sec-ads@tools.ietf.org, Christopher LILJENSTOLPE Date: Thu, 04 Jun 2015 10:35:24 +0200 In-Reply-To: <1433372338751-a71d2150-d71d6257-7eaa84c8@asgaard.org> (christopher liljenstolpe's message of "Wed, 03 Jun 2015 15:58:56 -0700") Message-ID: <87pp5bj2gj.fsf@vigenere.g10code.de> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Archived-At: Cc: Christopher LILJENSTOLPE , Simon Josefsson , IETF OpenPGP , sec-ads@tools.ietf.org, Daniel Kahn Gillmor Subject: Re: [openpgp] Proposed WG charter X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Jun 2015 08:42:08 -0000 On Thu, 4 Jun 2015 00:58, cdl@asgaard.org said: > * inclusion of the CFRG elliptic curves Does that mean we can finish the goal only if we include these curves (as MUST algorithms)? Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From nobody Thu Jun 4 01:42:13 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D4371B2F54 for ; Thu, 4 Jun 2015 01:42:08 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WfzWLopQjd4L for ; Thu, 4 Jun 2015 01:42:06 -0700 (PDT) Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3B7521B2F4C for ; Thu, 4 Jun 2015 01:42:06 -0700 (PDT) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.80 #2 (Debian)) id 1Z0Qiy-0007QL-DX for ; Thu, 04 Jun 2015 10:42:04 +0200 Received: from wk by vigenere.g10code.de with local (Exim 4.84 #3 (Debian)) id 1Z0Qf6-0001bH-IP; Thu, 04 Jun 2015 10:38:04 +0200 From: Werner Koch To: Daniel Kahn Gillmor References: <556C5259.1090007@cs.tcd.ie> <87sia846gl.fsf@alice.fifthhorseman.net> Organisation: g10 Code GmbH X-message-flag: Mails containing HTML will not be read! Please send only plain text. OpenPGP: id=F2AD85AC1E42B367; url=finger:wk@g10code.com Mail-Followup-To: Daniel Kahn Gillmor , Christopher LILJENSTOLPE , Stephen Farrell , IETF OpenPGP , sec-ads@tools.ietf.org Date: Thu, 04 Jun 2015 10:38:04 +0200 In-Reply-To: <87sia846gl.fsf@alice.fifthhorseman.net> (Daniel Kahn Gillmor's message of "Wed, 03 Jun 2015 21:18:02 -0400") Message-ID: <87lhfzj2c3.fsf@vigenere.g10code.de> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Archived-At: Cc: IETF OpenPGP , sec-ads@tools.ietf.org, Christopher LILJENSTOLPE , Stephen Farrell Subject: Re: [openpgp] Proposed WG charter X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Jun 2015 08:42:08 -0000 On Thu, 4 Jun 2015 03:18, dkg@fifthhorseman.net said: > Are there other folks on the list who plan to be in Prague who would > like to meet? I do not plan to go to Prague but my schedule would allow me to come if there is a need for it. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From nobody Thu Jun 4 05:31:27 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 465D81B3296 for ; Thu, 4 Jun 2015 05:31:27 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qSflpsJ14vBJ for ; Thu, 4 Jun 2015 05:31:25 -0700 (PDT) Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by ietfa.amsl.com (Postfix) with ESMTP id 175841B3278 for ; Thu, 4 Jun 2015 05:31:22 -0700 (PDT) Received: from fifthhorseman.net (unknown [38.109.115.130]) by che.mayfirst.org (Postfix) with ESMTPSA id E09DBF984; Thu, 4 Jun 2015 08:31:16 -0400 (EDT) Received: by fifthhorseman.net (Postfix, from userid 1000) id 75D2620E28; Thu, 4 Jun 2015 08:30:54 -0400 (EDT) From: Daniel Kahn Gillmor To: IETF OpenPGP , sec-ads@tools.ietf.org In-Reply-To: <87lhfzj2c3.fsf@vigenere.g10code.de> References: <556C5259.1090007@cs.tcd.ie> <87sia846gl.fsf@alice.fifthhorseman.net> <87lhfzj2c3.fsf@vigenere.g10code.de> User-Agent: Notmuch/0.20.1 (http://notmuchmail.org) Emacs/24.4.1 (x86_64-pc-linux-gnu) Date: Thu, 04 Jun 2015 08:30:54 -0400 Message-ID: <878ubz4pvl.fsf@alice.fifthhorseman.net> MIME-Version: 1.0 Content-Type: text/plain Archived-At: Subject: [openpgp] OpenPGP meeting in Prague? [Was: Re: Proposed WG charter] X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Jun 2015 12:31:27 -0000 On Thu 2015-06-04 04:38:04 -0400, Werner Koch wrote: > On Thu, 4 Jun 2015 03:18, dkg@fifthhorseman.net said: > >> Are there other folks on the list who plan to be in Prague who would >> like to meet? > > I do not plan to go to Prague but my schedule would allow me to come if > there is a need for it. If the group does meet in Prague, we should have the usual IETF remote participation setup, so people who can't make it should be able to participate as well (though it's never the same as in-person). Remote participation usually uses xmpp as a text-based backchannel (in the openpgp@jabber.ietf.org MUC, iirc), and http://www.meetecho.com/ for videoconferencing support. --dkg From nobody Thu Jun 4 08:46:48 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D3ED91A8AB2 for ; Thu, 4 Jun 2015 08:46:47 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.389 X-Spam-Level: X-Spam-Status: No, score=-1.389 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_MISMATCH_ORG=0.611] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QjiQ_kbpRtjB for ; Thu, 4 Jun 2015 08:46:46 -0700 (PDT) Received: from mail2.ihtfp.org (MAIL2.IHTFP.ORG [204.107.200.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7EB791A8A76 for ; Thu, 4 Jun 2015 08:46:28 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail2.ihtfp.org (Postfix) with ESMTP id 268FFE2036; Thu, 4 Jun 2015 11:46:27 -0400 (EDT) Received: from mail2.ihtfp.org ([127.0.0.1]) by localhost (mail2.ihtfp.org [127.0.0.1]) (amavisd-maia, port 10024) with ESMTP id 01281-06; Thu, 4 Jun 2015 11:46:23 -0400 (EDT) Received: from securerf.ihtfp.org (unknown [IPv6:fe80::ea2a:eaff:fe7d:235]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mocana.ihtfp.org", Issuer "IHTFP Consulting Certification Authority" (verified OK)) by mail2.ihtfp.org (Postfix) with ESMTPS id 12BBDE2035; Thu, 4 Jun 2015 11:46:23 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ihtfp.com; s=default; t=1433432783; bh=lpJwJZhcT6zgZoWVoLCO+4wHrzRVKFbKwRxWknL4ws4=; h=From:To:Cc:Subject:References:Date:In-Reply-To; b=j+nkZ+GWHCPj6hbtvFJ+rIEqXk1SVr2bbMBlqlwDI6hBS2rB9/hvkYtIdSulNroMn lY6RtWD+P0oijLtp7mOcwl+Gj3d0lrIQzhJ4esuK971YscpWmwbe+nc0P3uO9KPFbE ZJe2aTyuM9VsP1Xki7UdfYP/lNRatjgR7Y03aKC0= Received: (from warlord@localhost) by securerf.ihtfp.org (8.14.8/8.14.8/Submit) id t54FkMnm031122; Thu, 4 Jun 2015 11:46:22 -0400 From: Derek Atkins To: Daniel Kahn Gillmor References: <556C5259.1090007@cs.tcd.ie> <87sia846gl.fsf@alice.fifthhorseman.net> Date: Thu, 04 Jun 2015 11:46:22 -0400 In-Reply-To: <87sia846gl.fsf@alice.fifthhorseman.net> (Daniel Kahn Gillmor's message of "Wed, 03 Jun 2015 21:18:02 -0400") Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Virus-Scanned: Maia Mailguard 1.0.2a Archived-At: Cc: IETF OpenPGP , sec-ads@tools.ietf.org, Christopher LILJENSTOLPE , Stephen Farrell Subject: Re: [openpgp] Proposed WG charter X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Jun 2015 15:46:48 -0000 Daniel Kahn Gillmor writes: > On Wed 2015-06-03 20:36:35 -0400, Christopher LILJENSTOLPE wrote: >> I am not sure I'm going to be in Prague, although if the group wants >> to meet, that would prod me a bit more. What do we think, do we want >> a meeting in Prague, or do we want to start on the list? > > Well, we're already started on the list. :) > > i think offering a meeting in Prague sounds reasonable if enough people > will be present and interested, and if there are specific agenda items > we want to have in-person discussion on. No hard decisions would be > made in-person -- it would be information-gathering (and hopefully > consensus-building), with the results sent back to the mailing list for > review. > > Are there other folks on the list who plan to be in Prague who would > like to meet? I expect to be there, but I've not confirmed my availability. > Three things i think would be useful for in-person discussion, if we > have concrete proposals to review would be: > > * ECDH for 25519 > * signalling mechanisms for the use of a revised AEAD symmetric cipher > * Fingerprint content and representations > > Do people have any proposed agenda items? Assuming I'm there I'd like to discuss my two drafts. > --dkg -derek -- Derek Atkins 617-623-3745 derek@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant From nobody Thu Jun 4 08:50:39 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1123E1B35A0 for ; Thu, 4 Jun 2015 08:50:39 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dxgA0pQQuAbg for ; Thu, 4 Jun 2015 08:50:38 -0700 (PDT) Received: from mail2.ihtfp.org (mail2.ihtfp.org [IPv6:2001:4830:143:1::3a11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0F9551B359B for ; Thu, 4 Jun 2015 08:50:38 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail2.ihtfp.org (Postfix) with ESMTP id CCB4AE2036; Thu, 4 Jun 2015 11:50:36 -0400 (EDT) Received: from mail2.ihtfp.org ([127.0.0.1]) by localhost (mail2.ihtfp.org [127.0.0.1]) (amavisd-maia, port 10024) with ESMTP id 01281-07; Thu, 4 Jun 2015 11:50:35 -0400 (EDT) Received: from securerf.ihtfp.org (unknown [IPv6:fe80::ea2a:eaff:fe7d:235]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mocana.ihtfp.org", Issuer "IHTFP Consulting Certification Authority" (verified OK)) by mail2.ihtfp.org (Postfix) with ESMTPS id 28F69E2035; Thu, 4 Jun 2015 11:50:35 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ihtfp.com; s=default; t=1433433035; bh=Pxb+9FLrOxU765Ee2VtrKnGcPYVuepnhXT1leI+3NcE=; h=From:To:Cc:Subject:References:Date:In-Reply-To; b=UNCglr22v3Vcwq1HHsts8MoOyw4A3PDoxV93u9Fvhln+haRGRbqeeXJsa7w5t9xgs aXKJpNd16JJf45fcIC84W5sYc2GVY3eNefo4ind3jYy2MDtxxZt4t+4a45xyuIasZv adYo4t5EHh49gcFCpTDxZyp+WLdOroWrUkSjVoEo= Received: (from warlord@localhost) by securerf.ihtfp.org (8.14.8/8.14.8/Submit) id t54FoYZm031231; Thu, 4 Jun 2015 11:50:34 -0400 From: Derek Atkins To: ianG References: <20150601141823.797394a1@latte.josefsson.org> <878uc3fsdp.fsf@alice.fifthhorseman.net> <20150601162501.73ec29d8@latte.josefsson.org> <87twursa3j.fsf@vigenere.g10code.de> <87y4k3e6em.fsf@alice.fifthhorseman.net> <87k2vns63e.fsf@vigenere.g10code.de> <87k2vne38q.fsf@alice.fifthhorseman.net> <87d21fs0cx.fsf@vigenere.g10code.de> <20150601214043.3b9928ea@latte.josefsson.org> <20150602091820.3a59a0c7@latte.josefsson.org> <556D88C9.3000803@iang.org> <878uc2qpec.fsf@vigenere.g10code.de> <556E1D5C.8070101@iang.org> Date: Thu, 04 Jun 2015 11:50:34 -0400 In-Reply-To: <556E1D5C.8070101@iang.org> (iang@iang.org's message of "Tue, 02 Jun 2015 22:17:16 +0100") Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Virus-Scanned: Maia Mailguard 1.0.2a Archived-At: Cc: openpgp@ietf.org Subject: [openpgp] Re-encryption feature (was Re: Proposed WG charter) X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Jun 2015 15:50:39 -0000 ianG writes: > I wonder if implementations could add a re-encrypt mode to bring old > archives into the new formats? I personally would love such a feature... But that's out of scope for the OpenPGP WG as it's completely an implementation detail. Also, it only works if the signature is inside the encryption ;) > iang -derek -- Derek Atkins 617-623-3745 derek@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant From nobody Thu Jun 4 08:57:52 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B7C441A8ADC for ; Thu, 4 Jun 2015 08:57:50 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.277 X-Spam-Level: X-Spam-Status: No, score=-1.277 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pUy4rUu9uPC7 for ; Thu, 4 Jun 2015 08:57:48 -0700 (PDT) Received: from mail-lb0-x230.google.com (mail-lb0-x230.google.com [IPv6:2a00:1450:4010:c04::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D7E5E1A8AC9 for ; Thu, 4 Jun 2015 08:57:47 -0700 (PDT) Received: by lbbtu8 with SMTP id tu8so14057328lbb.2 for ; Thu, 04 Jun 2015 08:57:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=pxxQtW0mSCsreBTym/Na61O9hofSY9HTzW4NzWn7gdA=; b=KTadb43h/pk908GoVwvCosaINKcX4O4wrlo4vdkbaYe3cE29cqdRWmG6BXAxvpgvHt P/b+rd9gLEnCqMG71ct1nWlQb7S7EZofH0ciBeoMDYNBZy1RqlANU3ZIHWl3aBjXAfFx RsZRKKOWm16sP/ZdzlcjAc7FVtEr636+lzhixYsSzFfzBXDkeW4tsKFSZ7aW9UZD3qdo hzedYQE9E7mfiTJa/ck1IJ+gm4ef0vIlJo29zzhclST1VUhXLvlwm+Le3fp65rAoDpL3 vAeDglNZNLR5/ZV7onUWUMBQaRu/rZX8YUsPRK3j7w3FCn5y6cXnHCrPhHLF18jPkBel VBUA== MIME-Version: 1.0 X-Received: by 10.152.29.195 with SMTP id m3mr36171526lah.118.1433433466411; Thu, 04 Jun 2015 08:57:46 -0700 (PDT) Sender: hallam@gmail.com Received: by 10.112.203.163 with HTTP; Thu, 4 Jun 2015 08:57:46 -0700 (PDT) In-Reply-To: <87sia846gl.fsf@alice.fifthhorseman.net> References: <556C5259.1090007@cs.tcd.ie> <87sia846gl.fsf@alice.fifthhorseman.net> Date: Thu, 4 Jun 2015 11:57:46 -0400 X-Google-Sender-Auth: i_b1X55JK02Ahl0LKBkslueDu5A Message-ID: From: Phillip Hallam-Baker To: Daniel Kahn Gillmor Content-Type: multipart/alternative; boundary=089e0158c8d693245e0517b33cc3 Archived-At: Cc: IETF OpenPGP , sec-ads@tools.ietf.org, Christopher LILJENSTOLPE , Stephen Farrell Subject: Re: [openpgp] Proposed WG charter X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Jun 2015 15:57:50 -0000 --089e0158c8d693245e0517b33cc3 Content-Type: text/plain; charset=UTF-8 On Wed, Jun 3, 2015 at 9:18 PM, Daniel Kahn Gillmor wrote: > On Wed 2015-06-03 20:36:35 -0400, Christopher LILJENSTOLPE wrote: > > I am not sure I'm going to be in Prague, although if the group wants > > to meet, that would prod me a bit more. What do we think, do we want > > a meeting in Prague, or do we want to start on the list? > > Well, we're already started on the list. :) > > i think offering a meeting in Prague sounds reasonable if enough people > will be present and interested, and if there are specific agenda items > we want to have in-person discussion on. No hard decisions would be > made in-person -- it would be information-gathering (and hopefully > consensus-building), with the results sent back to the mailing list for > review. > > Are there other folks on the list who plan to be in Prague who would > like to meet? > > Three things i think would be useful for in-person discussion, if we > have concrete proposals to review would be: > > * ECDH for 25519 > * signalling mechanisms for the use of a revised AEAD symmetric cipher > * Fingerprint content and representations > > Do people have any proposed agenda items? > I would like to discuss my UDF fingerprint draft. https://tools.ietf.org/html/draft-hallambaker-udf-00 Most of the design follows the discussion on the list. The question that people might want to discuss is whether to put an OpenPGP specific identifier in the fingerprint value or if it is sufficient to put this in the data that is fingerprinted. So far we have two slots used out of 256 possible version identifiers (128 before we might have to think about strategies to make more version ids.) So assigning 2 slots for general purpose fingerprints and two for OpenPGP is not a big issue as far as registry space goes. I would much prefer to have fingerprints be a general building block that every app uses in the same way though. --089e0158c8d693245e0517b33cc3 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable


On Wed, Jun 3, 2015 at 9:18 PM, Daniel Kahn Gillmor &= lt;dkg@fifthhors= eman.net> wrote:
On We= d 2015-06-03 20:36:35 -0400, Christopher LILJENSTOLPE wrote:
> I am not sure I'm going to be in Prague, although if the group wan= ts
> to meet, that would prod me a bit more.=C2=A0 What do we think, do we = want
> a meeting in Prague, or do we want to start on the list?

Well, we're already started on the list. :)

i think offering a meeting in Prague sounds reasonable if enough people
will be present and interested, and if there are specific agenda items
we want to have in-person discussion on.=C2=A0 No hard decisions would be made in-person -- it would be information-gathering (and hopefully
consensus-building), with the results sent back to the mailing list for
review.

Are there other folks on the list who plan to be in Prague who would
like to meet?

Three things i think would be useful for in-person discussion, if we
have concrete proposals to review would be:

=C2=A0* ECDH for 25519
=C2=A0* signalling mechanisms for the use of a revised AEAD symmetric ciphe= r
=C2=A0* Fingerprint content and representations

Do people have any proposed agenda items?

I would like to discuss my UDF fingerprint draft.=C2=A0


<= /div>

Most of the design follows the discussion on the l= ist. The question that people might want to discuss is whether to put an Op= enPGP specific identifier in the fingerprint value or if it is sufficient t= o put this in the data that is fingerprinted.

So f= ar we have two slots used out of 256 possible version identifiers (128 befo= re we might have to think about strategies to make more version ids.) So as= signing 2 slots for general purpose fingerprints and two for OpenPGP is not= a big issue as far as registry space goes. I would much prefer to have fin= gerprints be a general building block that every app uses in the same way t= hough.

--089e0158c8d693245e0517b33cc3-- From nobody Thu Jun 4 09:27:56 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C96E61A9097 for ; Thu, 4 Jun 2015 09:27:54 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Adh8eHnK1FNk for ; Thu, 4 Jun 2015 09:27:52 -0700 (PDT) Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 11E2B1A905A for ; Thu, 4 Jun 2015 09:27:06 -0700 (PDT) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.80 #2 (Debian)) id 1Z0Xyy-0002g6-GU for ; Thu, 04 Jun 2015 18:27:04 +0200 Received: from wk by vigenere.g10code.de with local (Exim 4.84 #3 (Debian)) id 1Z0Xv7-0002tg-On; Thu, 04 Jun 2015 18:23:05 +0200 From: Werner Koch To: Derek Atkins References: <20150601141823.797394a1@latte.josefsson.org> <878uc3fsdp.fsf@alice.fifthhorseman.net> <20150601162501.73ec29d8@latte.josefsson.org> <87twursa3j.fsf@vigenere.g10code.de> <87y4k3e6em.fsf@alice.fifthhorseman.net> <87k2vns63e.fsf@vigenere.g10code.de> <87k2vne38q.fsf@alice.fifthhorseman.net> <87d21fs0cx.fsf@vigenere.g10code.de> <20150601214043.3b9928ea@latte.josefsson.org> <20150602091820.3a59a0c7@latte.josefsson.org> <556D88C9.3000803@iang.org> <878uc2qpec.fsf@vigenere.g10code.de> <556E1D5C.8070101@iang.org> Organisation: g10 Code GmbH X-message-flag: Mails containing HTML will not be read! Please send only plain text. OpenPGP: id=F2AD85AC1E42B367; url=finger:wk@g10code.com Mail-Followup-To: Derek Atkins , ianG , openpgp@ietf.org Date: Thu, 04 Jun 2015 18:23:05 +0200 In-Reply-To: (Derek Atkins's message of "Thu, 04 Jun 2015 11:50:34 -0400") Message-ID: <87lhfzh28m.fsf@vigenere.g10code.de> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Archived-At: Cc: openpgp@ietf.org, ianG Subject: Re: [openpgp] Re-encryption feature X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Jun 2015 16:27:54 -0000 On Thu, 4 Jun 2015 17:50, derek@ihtfp.com said: >> I wonder if implementations could add a re-encrypt mode to bring old >> archives into the new formats? > > I personally would love such a feature... But that's out of scope for Do you mean a feature to change the bulk encryption mode but keeping the same session key, right? Everything else wwould only work if you do it just for one public key (i.e. the one where you own the secret key) and remove the other PKESKs. Updating the PKESK or adding new PKESKs or SKESKs would a different but also useful feature. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From nobody Thu Jun 4 09:32:54 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7F5531A90A6 for ; Thu, 4 Jun 2015 09:32:53 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1fVuVA5Ciqt8 for ; Thu, 4 Jun 2015 09:32:52 -0700 (PDT) Received: from mail2.ihtfp.org (mail2.ihtfp.org [IPv6:2001:4830:143:1::3a11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E4F251B35C3 for ; Thu, 4 Jun 2015 09:30:34 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail2.ihtfp.org (Postfix) with ESMTP id 8100DE2035; Thu, 4 Jun 2015 12:30:33 -0400 (EDT) Received: from mail2.ihtfp.org ([127.0.0.1]) by localhost (mail2.ihtfp.org [127.0.0.1]) (amavisd-maia, port 10024) with ESMTP id 01683-06; Thu, 4 Jun 2015 12:30:31 -0400 (EDT) Received: by mail2.ihtfp.org (Postfix, from userid 48) id 5235AE2036; Thu, 4 Jun 2015 12:30:31 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ihtfp.com; s=default; t=1433435431; bh=MF1CypOLInrbULoZlwvkXiGZUDzU9YMtyiYcHi7J27A=; h=In-Reply-To:References:Date:Subject:From:To; b=Lf6YgsENbMkARj642IQ/o+eqphCW0+GdJsReYWnZsOiamMmvgcohFps/ZcivSpo6E 4TQg2Ad3a63ANOs81rU1dgEYGYkRAx5qKgbgq3BkxkX+nZCJIJW5hOTgBPty97u5HX hwPeH40Fbu9Mwao4Q+oP1mXUzhmjbBnrTebTZtrw= Received: from 192.168.248.204 (SquirrelMail authenticated user warlord) by mail2.ihtfp.org with HTTP; Thu, 4 Jun 2015 12:30:31 -0400 Message-ID: In-Reply-To: <87lhfzh28m.fsf@vigenere.g10code.de> References: <20150601141823.797394a1@latte.josefsson.org> <878uc3fsdp.fsf@alice.fifthhorseman.net> <20150601162501.73ec29d8@latte.josefsson.org> <87twursa3j.fsf@vigenere.g10code.de> <87y4k3e6em.fsf@alice.fifthhorseman.net> <87k2vns63e.fsf@vigenere.g10code.de> <87k2vne38q.fsf@alice.fifthhorseman.net> <87d21fs0cx.fsf@vigenere.g10code.de> <20150601214043.3b9928ea@latte.josefsson.org> <20150602091820.3a59a0c7@latte.josefsson.org> <556D88C9.3000803@iang.org> <878uc2qpec.fsf@vigenere.g10code.de> <556E1D5C.8070101@iang.org> <87lhfzh28m.fsf@vigenere.g10code.de> Date: Thu, 4 Jun 2015 12:30:31 -0400 From: "Derek Atkins" To: "ianG" , openpgp@ietf.org User-Agent: SquirrelMail/1.4.22-14.fc20 MIME-Version: 1.0 Content-Type: text/plain;charset=utf-8 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-Virus-Scanned: Maia Mailguard 1.0.2a Archived-At: Subject: Re: [openpgp] Re-encryption feature X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Jun 2015 16:32:53 -0000 On Thu, June 4, 2015 12:23 pm, Werner Koch wrote: > On Thu, 4 Jun 2015 17:50, derek@ihtfp.com said: > >>> I wonder if implementations could add a re-encrypt mode to bring old >>> archives into the new formats? >> >> I personally would love such a feature... But that's out of scope for > > Do you mean a feature to change the bulk encryption mode but keeping the > same session key, right? Everything else wwould only work if you do it > just for one public key (i.e. the one where you own the secret key) and > remove the other PKESKs. > > Updating the PKESK or adding new PKESKs or SKESKs would a different but > also useful feature. For me it would be completely replacing the bulk encryption and possibly also the public-key encryption. For example, I have messages that are IDEA-encrypted to my (old) RSA key, and I'd like to re-encrypt them using AES to e.g. an ECC key. but again, this is getting way far off topic for this list. > > Salam-Shalom, > > Werner -derek -- Derek Atkins 617-623-3745 derek@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant From nobody Thu Jun 4 10:19:14 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 41E971A1B88 for ; Thu, 4 Jun 2015 10:19:13 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zwFgzSwWpMOp for ; Thu, 4 Jun 2015 10:19:12 -0700 (PDT) Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by ietfa.amsl.com (Postfix) with ESMTP id E59F71A1B8A for ; Thu, 4 Jun 2015 10:19:11 -0700 (PDT) Received: from fifthhorseman.net (unknown [38.109.115.130]) by che.mayfirst.org (Postfix) with ESMTPSA id 9A880F984; Thu, 4 Jun 2015 13:19:08 -0400 (EDT) Received: by fifthhorseman.net (Postfix, from userid 1000) id 1920820358; Thu, 4 Jun 2015 13:18:56 -0400 (EDT) From: Daniel Kahn Gillmor To: Werner Koch , christopher liljenstolpe In-Reply-To: <87pp5bj2gj.fsf@vigenere.g10code.de> References: <20150601141823.797394a1@latte.josefsson.org> <878uc3fsdp.fsf@alice.fifthhorseman.net> <1433372338751-a71d2150-d71d6257-7eaa84c8@asgaard.org> <87pp5bj2gj.fsf@vigenere.g10code.de> User-Agent: Notmuch/0.20.1 (http://notmuchmail.org) Emacs/24.4.1 (x86_64-pc-linux-gnu) Date: Thu, 04 Jun 2015 13:18:56 -0400 Message-ID: <87h9qn2xz3.fsf@alice.fifthhorseman.net> MIME-Version: 1.0 Content-Type: text/plain Archived-At: Cc: Simon Josefsson , IETF OpenPGP , sec-ads@tools.ietf.org, Christopher LILJENSTOLPE Subject: Re: [openpgp] Proposed WG charter X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Jun 2015 17:19:13 -0000 On Thu 2015-06-04 04:35:24 -0400, Werner Koch wrote: > On Thu, 4 Jun 2015 00:58, cdl@asgaard.org said: > >> * inclusion of the CFRG elliptic curves > > Does that mean we can finish the goal only if we include these curves > (as MUST algorithms)? I don't think this says anything about MUST algorithms (that'd be part of the MTI update decisions, which the charter doesn't make any statement about). I personally think that a 4880bis without at least one of the CFRG curves in it would be a bit of a shame, but that's with no hats on. If the group disagrees with that (if we're generally ok with the value of a 4880bis without any updated curves) then we should loosen the language in the charter so that it's not a requirement for 4880bis. Do we want to do a rough straw poll on this? Do you think that a 4880bis should include some specification for how to use at least one of the new CFRG curves? --dkg From nobody Thu Jun 4 10:27:05 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 12EF71A1C03 for ; Thu, 4 Jun 2015 10:27:04 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jDKG0LoxWCD0 for ; Thu, 4 Jun 2015 10:27:02 -0700 (PDT) Received: from virulha.pair.com (virulha.pair.com [209.68.5.166]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1BCE91A1BFF for ; Thu, 4 Jun 2015 10:27:01 -0700 (PDT) Received: from tormenta.local (iang.org [209.197.106.187]) by virulha.pair.com (Postfix) with ESMTPSA id E76186D735; Thu, 4 Jun 2015 13:26:59 -0400 (EDT) Message-ID: <55708A62.2050203@iang.org> Date: Thu, 04 Jun 2015 18:26:58 +0100 From: ianG User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Thunderbird/31.6.0 MIME-Version: 1.0 To: Derek Atkins References: <20150601141823.797394a1@latte.josefsson.org> <878uc3fsdp.fsf@alice.fifthhorseman.net> <20150601162501.73ec29d8@latte.josefsson.org> <87twursa3j.fsf@vigenere.g10code.de> <87y4k3e6em.fsf@alice.fifthhorseman.net> <87k2vns63e.fsf@vigenere.g10code.de> <87k2vne38q.fsf@alice.fifthhorseman.net> <87d21fs0cx.fsf@vigenere.g10code.de> <20150601214043.3b9928ea@latte.josefsson.org> <20150602091820.3a59a0c7@latte.josefsson.org> <556D88C9.3000803@iang.org> <878uc2qpec.fsf@vigenere.g10code.de> <556E1D5C.8070101@iang.org> In-Reply-To: Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit Archived-At: Cc: openpgp@ietf.org Subject: Re: [openpgp] Re-encryption feature (was Re: Proposed WG charter) X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Jun 2015 17:27:04 -0000 On 4/06/2015 16:50 pm, Derek Atkins wrote: > ianG writes: > >> I wonder if implementations could add a re-encrypt mode to bring old >> archives into the new formats? > > I personally would love such a feature... But that's out of scope for > the OpenPGP WG as it's completely an implementation detail. Well, we could put in the draft a comment that providing a re-encrypt mode would be very useful for helping us all to deprecate old crappy algorithms? > Also, it > only works if the signature is inside the encryption ;) Hmmm... yes. From nobody Thu Jun 4 10:28:29 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E5ED1A1EF1 for ; Thu, 4 Jun 2015 10:28:27 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.277 X-Spam-Level: X-Spam-Status: No, score=-1.277 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y-I8rc5H0hiK for ; Thu, 4 Jun 2015 10:28:26 -0700 (PDT) Received: from mail-la0-x22b.google.com (mail-la0-x22b.google.com [IPv6:2a00:1450:4010:c03::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 135431A1EED for ; Thu, 4 Jun 2015 10:28:25 -0700 (PDT) Received: by laew7 with SMTP id w7so37014849lae.1 for ; Thu, 04 Jun 2015 10:28:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=j72lqYqQd7GAx8wrymosSJvjPJTJFbgqgW0LQXBJSyg=; b=mHjJ93zg5P9UwVMS/tP/tR3V0dR2t1QHjyIGaN9YRfnAai3Pi+SwpvsjLcGyERErGZ PnmLv+vRzKqvnyYVREQ6zXCzqo5YSg+y5cmT+Xm/1JlsYe674F3RkXJoVeALkpT0tgyx l6zZsXYJD8LSy0FA7fDxcVnFDvuDCJXKOUa75itNjrPEhqGZjKNwHTxBtfkB4wFip53B b11hxbR5xqTHGWgf8WtKToByhcOGyqZWfnhSza90tG8hLrEpUQOIz9aovKP+5ToFmj6t y3raE+mrf/pqJCRmzzrB0CMu4fQInrPbM9p83GvjGMmLXETkku9gJ/QwXuIN/j5SILLW kF9g== MIME-Version: 1.0 X-Received: by 10.112.53.226 with SMTP id e2mr34005838lbp.124.1433438904478; Thu, 04 Jun 2015 10:28:24 -0700 (PDT) Sender: hallam@gmail.com Received: by 10.112.203.163 with HTTP; Thu, 4 Jun 2015 10:28:24 -0700 (PDT) In-Reply-To: <87h9qn2xz3.fsf@alice.fifthhorseman.net> References: <20150601141823.797394a1@latte.josefsson.org> <878uc3fsdp.fsf@alice.fifthhorseman.net> <1433372338751-a71d2150-d71d6257-7eaa84c8@asgaard.org> <87pp5bj2gj.fsf@vigenere.g10code.de> <87h9qn2xz3.fsf@alice.fifthhorseman.net> Date: Thu, 4 Jun 2015 13:28:24 -0400 X-Google-Sender-Auth: 0y_egYtFG_N3pwILIqLNC8Yev8M Message-ID: From: Phillip Hallam-Baker To: Daniel Kahn Gillmor Content-Type: multipart/alternative; boundary=001a11c3a2dcb575a00517b48032 Archived-At: Cc: Simon Josefsson , IETF OpenPGP , sec-ads@tools.ietf.org, christopher liljenstolpe , Werner Koch , Christopher LILJENSTOLPE Subject: Re: [openpgp] Proposed WG charter X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Jun 2015 17:28:27 -0000 --001a11c3a2dcb575a00517b48032 Content-Type: text/plain; charset=UTF-8 On Thu, Jun 4, 2015 at 1:18 PM, Daniel Kahn Gillmor wrote: > On Thu 2015-06-04 04:35:24 -0400, Werner Koch wrote: > > On Thu, 4 Jun 2015 00:58, cdl@asgaard.org said: > > > >> * inclusion of the CFRG elliptic curves > > > > Does that mean we can finish the goal only if we include these curves > > (as MUST algorithms)? > > I don't think this says anything about MUST algorithms (that'd be part > of the MTI update decisions, which the charter doesn't make any > statement about). I personally think that a 4880bis without at least > one of the CFRG curves in it would be a bit of a shame, but that's with > no hats on. > > If the group disagrees with that (if we're generally ok with the value > of a 4880bis without any updated curves) then we should loosen the > language in the charter so that it's not a requirement for 4880bis. > > Do we want to do a rough straw poll on this? > No. absolutely not. We are in a charter discussion. At this point all we need to know is if this is something people may want to discuss when CFRG is finished. I think it is obviously something the WG will probably want to consider and if not, the AD should come and slap people with a wet fish till they do. So all we need to do at this stage is to ask if anyone objects to discussing the CFRG curves as MTI. It should be called out in the charter because it is a cross-WG, cross-IETF/IRTF issue but we can't make a decision on it right now. --001a11c3a2dcb575a00517b48032 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable


On Thu, Jun 4, 2015 at 1:18 PM, Daniel Kahn Gillmor &= lt;dkg@fifthhors= eman.net> wrote:
On Thu 2015-06-04 04:35:24 -0400, Werner Koch wrote:
> On Thu,=C2=A0 4 Jun 2015 00:58, cdl= @asgaard.org said:
>
>> * inclusion of the CFRG elliptic curves
>
> Does that mean we can finish the goal only if we include these curves<= br> > (as MUST algorithms)?

I don't think this says anything about MUST algorithms (that'= ;d be part
of the MTI update decisions, which the charter doesn't make any
statement about).=C2=A0 I personally think that a 4880bis without at least<= br> one of the CFRG curves in it would be a bit of a shame, but that's with=
no hats on.

If the group disagrees with that (if we're generally ok with the value<= br> of a 4880bis without any updated curves) then we should loosen the
language in the charter so that it's not a requirement for 4880bis.

Do we want to do a rough straw poll on this?

No. absolutely not.

We are in a charter disc= ussion. At this point all we need to know is if this is something people ma= y want to discuss when CFRG is finished.

I think i= t is obviously something the WG will probably want to consider and if not, = the AD should come and slap people with a wet fish till they do.=C2=A0

So all we need to do at this stage is to ask if anyone= objects to discussing the CFRG curves as MTI. It should be called out in t= he charter because it is a cross-WG, cross-IETF/IRTF issue but we can't= make a decision on it right now.


<= br>
=C2=A0
--001a11c3a2dcb575a00517b48032-- From nobody Thu Jun 4 10:30:42 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9F63F1A002D for ; Thu, 4 Jun 2015 10:30:39 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ENiirBOOS3Ml for ; Thu, 4 Jun 2015 10:30:38 -0700 (PDT) Received: from virulha.pair.com (virulha.pair.com [209.68.5.166]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6ABD21A1F00 for ; Thu, 4 Jun 2015 10:30:38 -0700 (PDT) Received: from tormenta.local (iang.org [209.197.106.187]) by virulha.pair.com (Postfix) with ESMTPSA id 564156D734; Thu, 4 Jun 2015 13:30:37 -0400 (EDT) Message-ID: <55708B3C.4020800@iang.org> Date: Thu, 04 Jun 2015 18:30:36 +0100 From: ianG User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Thunderbird/31.6.0 MIME-Version: 1.0 To: openpgp@ietf.org References: <20150601141823.797394a1@latte.josefsson.org> <878uc3fsdp.fsf@alice.fifthhorseman.net> <1433372338751-a71d2150-d71d6257-7eaa84c8@asgaard.org> <87pp5bj2gj.fsf@vigenere.g10code.de> <87h9qn2xz3.fsf@alice.fifthhorseman.net> In-Reply-To: <87h9qn2xz3.fsf@alice.fifthhorseman.net> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit Archived-At: Subject: Re: [openpgp] Proposed WG charter X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Jun 2015 17:30:39 -0000 On 4/06/2015 18:18 pm, Daniel Kahn Gillmor wrote: > On Thu 2015-06-04 04:35:24 -0400, Werner Koch wrote: >> On Thu, 4 Jun 2015 00:58, cdl@asgaard.org said: >> >>> * inclusion of the CFRG elliptic curves >> >> Does that mean we can finish the goal only if we include these curves >> (as MUST algorithms)? > > I don't think this says anything about MUST algorithms (that'd be part > of the MTI update decisions, which the charter doesn't make any > statement about). I personally think that a 4880bis without at least > one of the CFRG curves in it would be a bit of a shame, but that's with > no hats on. > > If the group disagrees with that (if we're generally ok with the value > of a 4880bis without any updated curves) then we should loosen the > language in the charter so that it's not a requirement for 4880bis. > > Do we want to do a rough straw poll on this? > > Do you think that a 4880bis should include some specification for how to > use at least one of the new CFRG curves? Personally, I think the draft should specify one curve, chosen from what's out there, and it should be the best judgement we can come up with about the future of curves. For that, I'd be prepared to wait a year or so if the CFRG gives us that confidence. Then, ditch the rest... But you all know how I think by now... iang From nobody Thu Jun 4 12:57:25 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8019B1A0053 for ; Thu, 4 Jun 2015 12:57:21 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9DNhXyg2I6Ud for ; Thu, 4 Jun 2015 12:57:15 -0700 (PDT) Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B06321A8F49 for ; Thu, 4 Jun 2015 12:57:05 -0700 (PDT) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.80 #2 (Debian)) id 1Z0bGB-0004BQ-W3 for ; Thu, 04 Jun 2015 21:57:04 +0200 Received: from wk by vigenere.g10code.de with local (Exim 4.84 #3 (Debian)) id 1Z0bE2-0003Xn-D5; Thu, 04 Jun 2015 21:54:50 +0200 From: Werner Koch To: ianG References: <20150601141823.797394a1@latte.josefsson.org> <878uc3fsdp.fsf@alice.fifthhorseman.net> <1433372338751-a71d2150-d71d6257-7eaa84c8@asgaard.org> <87pp5bj2gj.fsf@vigenere.g10code.de> <87h9qn2xz3.fsf@alice.fifthhorseman.net> <55708B3C.4020800@iang.org> Organisation: g10 Code GmbH X-message-flag: Mails containing HTML will not be read! Please send only plain text. OpenPGP: id=F2AD85AC1E42B367; url=finger:wk@g10code.com Mail-Followup-To: ianG , openpgp@ietf.org Date: Thu, 04 Jun 2015 21:54:49 +0200 In-Reply-To: <55708B3C.4020800@iang.org> (iang@iang.org's message of "Thu, 04 Jun 2015 18:30:36 +0100") Message-ID: <87vbf3fdva.fsf@vigenere.g10code.de> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Archived-At: Cc: openpgp@ietf.org Subject: Re: [openpgp] Proposed WG charter X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Jun 2015 19:57:21 -0000 On Thu, 4 Jun 2015 19:30, iang@iang.org said: > with about the future of curves. For that, I'd be prepared to wait a > year or so if the CFRG gives us that confidence. or two ... or three ... or until Lilliput and Blefuscu are united. scnr, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From nobody Thu Jun 4 13:02:09 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 460FB1A8F40 for ; Thu, 4 Jun 2015 13:02:07 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HWCYIiLPTARZ for ; Thu, 4 Jun 2015 13:02:06 -0700 (PDT) Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3E8211A8746 for ; Thu, 4 Jun 2015 13:02:06 -0700 (PDT) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.80 #2 (Debian)) id 1Z0bL2-0004FY-NB for ; Thu, 04 Jun 2015 22:02:04 +0200 Received: from wk by vigenere.g10code.de with local (Exim 4.84 #3 (Debian)) id 1Z0bEy-0003YV-SV; Thu, 04 Jun 2015 21:55:48 +0200 From: Werner Koch To: ianG References: <20150601141823.797394a1@latte.josefsson.org> <878uc3fsdp.fsf@alice.fifthhorseman.net> <20150601162501.73ec29d8@latte.josefsson.org> <87twursa3j.fsf@vigenere.g10code.de> <87y4k3e6em.fsf@alice.fifthhorseman.net> <87k2vns63e.fsf@vigenere.g10code.de> <87k2vne38q.fsf@alice.fifthhorseman.net> <87d21fs0cx.fsf@vigenere.g10code.de> <20150601214043.3b9928ea@latte.josefsson.org> <20150602091820.3a59a0c7@latte.josefsson.org> <556D88C9.3000803@iang.org> <878uc2qpec.fsf@vigenere.g10code.de> <556E1D5C.8070101@iang.org> <55708A62.2050203@iang.org> Organisation: g10 Code GmbH X-message-flag: Mails containing HTML will not be read! Please send only plain text. OpenPGP: id=F2AD85AC1E42B367; url=finger:wk@g10code.com Mail-Followup-To: ianG , Derek Atkins , openpgp@ietf.org Date: Thu, 04 Jun 2015 21:55:48 +0200 In-Reply-To: <55708A62.2050203@iang.org> (iang@iang.org's message of "Thu, 04 Jun 2015 18:26:58 +0100") Message-ID: <87r3prfdtn.fsf@vigenere.g10code.de> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Archived-At: Cc: openpgp@ietf.org, Derek Atkins Subject: Re: [openpgp] Re-encryption feature X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Jun 2015 20:02:07 -0000 On Thu, 4 Jun 2015 19:26, iang@iang.org said: > Well, we could put in the draft a comment that providing a re-encrypt > mode would be very useful for helping us all to deprecate old crappy > algorithms? That is not an protocol issue. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From nobody Thu Jun 4 13:39:38 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0EC391A92DC for ; Thu, 4 Jun 2015 13:39:37 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.21 X-Spam-Level: X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a3cAQm_HHMe5 for ; Thu, 4 Jun 2015 13:39:35 -0700 (PDT) Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 46D131A92B3 for ; Thu, 4 Jun 2015 13:39:35 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 3D4A3BF2C; Thu, 4 Jun 2015 21:39:33 +0100 (IST) X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZhIip0JQ0wiW; Thu, 4 Jun 2015 21:39:32 +0100 (IST) Received: from [10.87.48.73] (unknown [86.46.31.250]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 34A0FBF26; Thu, 4 Jun 2015 21:39:32 +0100 (IST) Message-ID: <5570B783.20201@cs.tcd.ie> Date: Thu, 04 Jun 2015 21:39:31 +0100 From: Stephen Farrell User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0 MIME-Version: 1.0 To: Phillip Hallam-Baker , Daniel Kahn Gillmor References: <20150601141823.797394a1@latte.josefsson.org> <878uc3fsdp.fsf@alice.fifthhorseman.net> <1433372338751-a71d2150-d71d6257-7eaa84c8@asgaard.org> <87pp5bj2gj.fsf@vigenere.g10code.de> <87h9qn2xz3.fsf@alice.fifthhorseman.net> In-Reply-To: OpenPGP: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Archived-At: Cc: Simon Josefsson , IETF OpenPGP , sec-ads@tools.ietf.org, christopher liljenstolpe , Werner Koch , Christopher LILJENSTOLPE Subject: Re: [openpgp] Proposed WG charter X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Jun 2015 20:39:37 -0000 On 04/06/15 18:28, Phillip Hallam-Baker wrote: > if not, the AD should come and slap people with a wet fish till they do. Now where did I leave that wet fish? I know it's around here somewhere.... :-) FWIW, I'm fine that this be considered later or or that the chairs prefer to "bank" a few easy decisions early on. Either is fine. S. From nobody Fri Jun 5 08:22:32 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5B8561B30D4 for ; Fri, 5 Jun 2015 08:21:24 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.566 X-Spam-Level: X-Spam-Status: No, score=-1.566 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, IP_NOT_FRIENDLY=0.334] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MiWTzTkAa8uK for ; Fri, 5 Jun 2015 08:21:23 -0700 (PDT) Received: from smtp2.emailarray.com (smtp.emailarray.com [69.28.212.198]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 223A51B30D3 for ; Fri, 5 Jun 2015 08:21:22 -0700 (PDT) Received: (qmail 75724 invoked by uid 89); 5 Jun 2015 15:21:20 -0000 Received: from unknown (HELO ?204.29.149.87?) (Y2RsQGFzZ2FhcmQub3JnQDUwLjc2LjM0LjE4NQ==) (POLARISLOCAL) by smtp2.emailarray.com with (DHE-RSA-AES256-SHA encrypted) SMTP; 5 Jun 2015 15:21:20 -0000 From: "Christopher LILJENSTOLPE" To: "Daniel Kahn Gillmor" Date: Fri, 05 Jun 2015 08:21:17 -0700 Message-ID: In-Reply-To: <878ubz4pvl.fsf@alice.fifthhorseman.net> References: <556C5259.1090007@cs.tcd.ie> <87sia846gl.fsf@alice.fifthhorseman.net> <87lhfzj2c3.fsf@vigenere.g10code.de> <878ubz4pvl.fsf@alice.fifthhorseman.net> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-Clacks-Overhead: GNU Terry Pratchett X-Mailer: MailMate (1.9.1r5084) X-PolarisMail-Flags: x Archived-At: X-Mailman-Approved-At: Fri, 05 Jun 2015 08:22:31 -0700 Cc: IETF OpenPGP , sec-ads@tools.ietf.org Subject: Re: [openpgp] [eX-bulk] : OpenPGP meeting in Prague? [Was: Re: Proposed WG charter] X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Jun 2015 15:21:24 -0000 On 4 Jun 2015, at 5:30, Daniel Kahn Gillmor wrote: > On Thu 2015-06-04 04:38:04 -0400, Werner Koch wrote: >> On Thu, 4 Jun 2015 03:18, dkg@fifthhorseman.net said: >> >>> Are there other folks on the list who plan to be in Prague who would >>> like to meet? >> >> I do not plan to go to Prague but my schedule would allow me to come >> if >> there is a need for it. > > If the group does meet in Prague, we should have the usual IETF remote > participation setup, so people who can't make it should be able to > participate as well (though it's never the same as in-person). > > Remote participation usually uses xmpp as a text-based backchannel (in > the openpgp@jabber.ietf.org MUC, iirc), and http://www.meetecho.com/ > for > videoconferencing support. One thing (since I'm a frequent remote participant over the years) that I'm sensitive to is the vigorous (virtual) standing at the mic that happens from time to time on XMPP. What I like to do is have one of the chairs watching the XMPP stream to insure that participants that are remote can get a (timely) word in. Christopher > > --dkg > > _______________________________________________ > openpgp mailing list > openpgp@ietf.org > https://www.ietf.org/mailman/listinfo/openpgp -- 李柯睿 Avt tace, avt loqvere meliora silentio Check my PGP key here: http://www.asgaard.org/cdl/cdl.asc Current vCard here: http://www.asgaard.org/cdl/cdl.vcf keybase: https://keybase.io/liljenstolpe From nobody Fri Jun 5 08:58:55 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0566F1B3162 for ; Fri, 5 Jun 2015 08:58:54 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TnmXbXP5V1ET for ; Fri, 5 Jun 2015 08:58:52 -0700 (PDT) Received: from smtp5.emailarray.com (smtp5.emailarray.com [65.39.216.39]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0CCA41B3160 for ; Fri, 5 Jun 2015 08:58:51 -0700 (PDT) Received: (qmail 82208 invoked by uid 89); 5 Jun 2015 15:58:50 -0000 Received: from unknown (HELO ?204.29.149.87?) (Y2RsQGFzZ2FhcmQub3JnQDUwLjc2LjM0LjE4NQ==) (POLARISLOCAL) by smtp5.emailarray.com with (DHE-RSA-AES256-SHA encrypted) SMTP; 5 Jun 2015 15:58:49 -0000 From: "Christopher LILJENSTOLPE" To: "Stephen Farrell" , "IETF OpenPGP" Date: Fri, 05 Jun 2015 08:58:47 -0700 Message-ID: <533243EC-EEC1-41C4-893E-8AFC45A9D764@asgaard.org> In-Reply-To: <5570B783.20201@cs.tcd.ie> References: <20150601141823.797394a1@latte.josefsson.org> <878uc3fsdp.fsf@alice.fifthhorseman.net> <1433372338751-a71d2150-d71d6257-7eaa84c8@asgaard.org> <87pp5bj2gj.fsf@vigenere.g10code.de> <87h9qn2xz3.fsf@alice.fifthhorseman.net> <5570B783.20201@cs.tcd.ie> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=_MailMate_7F7935C6-9B6D-4873-B196-71E64E13ADAF_="; micalg=pgp-sha1; protocol="application/pgp-signature" X-Clacks-Overhead: GNU Terry Pratchett X-Mailer: MailMate (1.9.1r5084) X-PolarisMail-Flags: x Archived-At: Cc: Daniel Kahn Gillmor Subject: Re: [openpgp] Proposed WG charter X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Jun 2015 15:58:54 -0000 This is an OpenPGP/MIME signed message (RFC 3156 and 4880). --=_MailMate_7F7935C6-9B6D-4873-B196-71E64E13ADAF_= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Greetings, To avoid being slapped by a misplaced (hence probably very stinky fish),= I've updated the charter again. Gist, as before is at: https://gist.github.com/liljenstolpe/a4a45477d1b89ea45e09 I THINK I have captured the consensus of the group, so we're going to do = a negative control on this one. If there is no opposition before 12:00 U= TC Saturday, I'm going to ask Stephen to start the chartering process (or= actually, am doing so right now). However, please voice your support if you feel strongly :) Christopher = on 4 Jun 2015, at 13:39, Stephen Farrell wrote: > On 04/06/15 18:28, Phillip Hallam-Baker wrote: >> if not, the AD should come and slap people with a wet fish till they d= o. > > Now where did I leave that wet fish? I know it's around > here somewhere.... :-) > > FWIW, I'm fine that this be considered later or or that > the chairs prefer to "bank" a few easy decisions early > on. Either is fine. > > S. > > _______________________________________________ > openpgp mailing list > openpgp@ietf.org > https://www.ietf.org/mailman/listinfo/openpgp -- = =E6=9D=8E=E6=9F=AF=E7=9D=BF Avt tace, avt loqvere meliora silentio Check my PGP key here: http://www.asgaard.org/cdl/cdl.asc Current vCard here: http://www.asgaard.org/cdl/cdl.vcf keybase: https://keybase.io/liljenstolpe --=_MailMate_7F7935C6-9B6D-4873-B196-71E64E13ADAF_= Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJVccc3AAoJEGmx2Mt/+Iw/4uMIAJktS4s11L81xvkvx8w6cZIx kzkgh6MRZHo2Rg/0UxDk2k4eiFUPLOewIX+1PT3h8HXc1t9jle4XniOe86mdw4bt 6OpwywxSiHXPLtZmriTeg/g3y9cQVArQCOFSpzguivdhRHs/6mWUyTOcQW1d3aqw HKsxYSp8QluOuQO1/tpzU8n6/zYQ/gobCk0zV4YU1i6KULcYkExwHuw5EaVmA1Sb 8qh+a4DS0IrQ5PmrqTQZ4GHNzqOyvzKNZdresxr/5XAuDgX7sIxzV78rV4iFKNFq d5kBTCpJN+BfC1u33cu1HvJwaeu7G5KxAOV1ZEUC99BCYl8eULpfL5oPfMiYvuU= =dz/r -----END PGP SIGNATURE----- --=_MailMate_7F7935C6-9B6D-4873-B196-71E64E13ADAF_=-- From nobody Sun Jun 7 14:13:18 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A0BEE1ACE4C for ; Sun, 7 Jun 2015 14:13:17 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.311 X-Spam-Level: X-Spam-Status: No, score=-2.311 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mzlXK0YiSA7K for ; Sun, 7 Jun 2015 14:13:16 -0700 (PDT) Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 104861ACE49 for ; Sun, 7 Jun 2015 14:13:16 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id CE57BBE5C for ; Sun, 7 Jun 2015 22:13:14 +0100 (IST) X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DAVkFZHRMjUh for ; Sun, 7 Jun 2015 22:13:13 +0100 (IST) Received: from [10.87.48.73] (unknown [86.46.23.15]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 8F7BEBE53 for ; Sun, 7 Jun 2015 22:13:13 +0100 (IST) Message-ID: <5574B3E9.3000102@cs.tcd.ie> Date: Sun, 07 Jun 2015 22:13:13 +0100 From: Stephen Farrell User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0 MIME-Version: 1.0 To: "openpgp@ietf.org" References: <20150607204929.23381.18256.idtracker@ietfa.amsl.com> In-Reply-To: <20150607204929.23381.18256.idtracker@ietfa.amsl.com> OpenPGP: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url= X-Forwarded-Message-Id: <20150607204929.23381.18256.idtracker@ietfa.amsl.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Archived-At: Subject: [openpgp] Fwd: Telechat update notice: X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Jun 2015 21:13:17 -0000 FYI, I've kicked off the WG chartering administrivia. Note that I'll be on vacation from June 11-27 so there may be a pause in that somewhere along the line, but no worries, we'll get it done and anything substantive will be checked with the list. Cheers, S. -------- Forwarded Message -------- Subject: Telechat update notice: Date: Sun, 07 Jun 2015 13:49:29 -0700 From: IETF Secretariat To: iesg-secretary@ietf.org, iesg@ietf.org Placed on agenda for telechat - 2015-06-11 ID Tracker URL: https://datatracker.ietf.org/doc/charter-ietf-openpgp/ From nobody Sun Jun 7 18:04:59 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8028D1A1A12; Sun, 7 Jun 2015 18:04:56 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FHoYG6v-qPVh; Sun, 7 Jun 2015 18:04:55 -0700 (PDT) Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 2EE061A1A5F; Sun, 7 Jun 2015 18:04:50 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: "Barry Leiba" To: "The IESG" X-Test-IDTracker: no X-IETF-IDTracker: 6.0.3.p2 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <20150608010450.12911.10782.idtracker@ietfa.amsl.com> Date: Sun, 07 Jun 2015 18:04:50 -0700 Archived-At: Cc: openpgp@ietf.org Subject: [openpgp] Barry Leiba's No Objection on charter-ietf-openpgp-01-00: (with COMMENT) X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Jun 2015 01:04:56 -0000 Barry Leiba has entered the following ballot position for charter-ietf-openpgp-01-00: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/charter-ietf-openpgp/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Just a question for Stephen: did you check with the Secretariat that resurrecting a closed WG this way won't cause tools problems? From nobody Sun Jun 7 18:13:42 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0A55A1A1A94; Sun, 7 Jun 2015 18:13:39 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.311 X-Spam-Level: X-Spam-Status: No, score=-2.311 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vCu3LDxjqzHr; Sun, 7 Jun 2015 18:13:37 -0700 (PDT) Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A80C91A1AA8; Sun, 7 Jun 2015 18:13:26 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 06E79BE88; Mon, 8 Jun 2015 02:13:25 +0100 (IST) X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cX9rGVa7EH4z; Mon, 8 Jun 2015 02:13:23 +0100 (IST) Received: from [10.87.48.73] (unknown [86.46.23.15]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id A1EC5BE80; Mon, 8 Jun 2015 02:13:23 +0100 (IST) Message-ID: <5574EC33.6080504@cs.tcd.ie> Date: Mon, 08 Jun 2015 02:13:23 +0100 From: Stephen Farrell User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0 MIME-Version: 1.0 To: Barry Leiba , The IESG References: <20150608010450.12911.10782.idtracker@ietfa.amsl.com> In-Reply-To: <20150608010450.12911.10782.idtracker@ietfa.amsl.com> OpenPGP: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Archived-At: Cc: openpgp@ietf.org Subject: Re: [openpgp] Barry Leiba's No Objection on charter-ietf-openpgp-01-00: (with COMMENT) X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Jun 2015 01:13:39 -0000 On 08/06/15 02:04, Barry Leiba wrote: > Barry Leiba has entered the following ballot position for > charter-ietf-openpgp-01-00: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/charter-ietf-openpgp/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Just a question for Stephen: did you check with the Secretariat that > resurrecting a closed WG this way won't cause tools problems? Funnily enough I thought of that a short while after I'd hit the button:-) But... there was a checkbox asking me to confirm I wanted to re-start a formerly closed WG so I'm guessing they've thought it through and it'll be fine. But we'll see and if need be fix what needs fixing. Cheers, S. > > From nobody Sun Jun 7 22:42:44 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0C6A31B2BEE for ; Sun, 7 Jun 2015 22:42:43 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.166 X-Spam-Level: X-Spam-Status: No, score=-0.166 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, IP_NOT_FRIENDLY=0.334] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6XYZx0H8MD8U for ; Sun, 7 Jun 2015 22:42:42 -0700 (PDT) Received: from smtp2.emailarray.com (smtp.emailarray.com [69.28.212.198]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D259F1B2BED for ; Sun, 7 Jun 2015 22:42:41 -0700 (PDT) Received: (qmail 83024 invoked by uid 89); 8 Jun 2015 05:42:40 -0000 Received: from unknown (HELO ?204.29.149.87?) (Y2RsQGFzZ2FhcmQub3JnQDUwLjc2LjM0LjE4NQ==) (POLARISLOCAL) by smtp2.emailarray.com with (DHE-RSA-AES256-SHA encrypted) SMTP; 8 Jun 2015 05:42:39 -0000 From: "Christopher LILJENSTOLPE" To: "Stephen Farrell" Date: Sun, 07 Jun 2015 22:42:38 -0700 Message-ID: In-Reply-To: <5574B3E9.3000102@cs.tcd.ie> References: <20150607204929.23381.18256.idtracker@ietfa.amsl.com> <5574B3E9.3000102@cs.tcd.ie> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Clacks-Overhead: GNU Terry Pratchett X-Mailer: MailMate (1.9.1r5084) X-PolarisMail-Flags: x Archived-At: Cc: "openpgp@ietf.org" Subject: Re: [openpgp] [eX-bulk] : Fwd: Telechat update notice: X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Jun 2015 05:42:43 -0000 On 7 Jun 2015, at 14:13, Stephen Farrell wrote: > FYI, I've kicked off the WG chartering administrivia. > > Note that I'll be on vacation from June 11-27 so there may be > a pause in that somewhere along the line, but no worries, we'll > get it done and anything substantive will be checked with the > list. Thank's Stephen. Christopher > > Cheers, > S. > > -------- Forwarded Message -------- > Subject: Telechat update notice: > Date: Sun, 07 Jun 2015 13:49:29 -0700 > From: IETF Secretariat > To: iesg-secretary@ietf.org, iesg@ietf.org > > Placed on agenda for telechat - 2015-06-11 > ID Tracker URL: https://datatracker.ietf.org/doc/charter-ietf-openpgp/ > > > > _______________________________________________ > openpgp mailing list > openpgp@ietf.org > https://www.ietf.org/mailman/listinfo/openpgp -- 李柯睿 Avt tace, avt loqvere meliora silentio Check my PGP key here: http://www.asgaard.org/cdl/cdl.asc Current vCard here: http://www.asgaard.org/cdl/cdl.vcf keybase: https://keybase.io/liljenstolpe From nobody Mon Jun 8 11:11:52 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 551AE1ACCE2 for ; Mon, 8 Jun 2015 11:11:51 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 1.423 X-Spam-Level: * X-Spam-Status: No, score=1.423 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AN0oGOvwPzeG for ; Mon, 8 Jun 2015 11:11:50 -0700 (PDT) Received: from mail-la0-x22b.google.com (mail-la0-x22b.google.com [IPv6:2a00:1450:4010:c03::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D36111B3174 for ; Mon, 8 Jun 2015 11:11:49 -0700 (PDT) Received: by laar3 with SMTP id r3so53848171laa.3 for ; Mon, 08 Jun 2015 11:11:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:date:message-id:subject:from:to:content-type; bh=pBOy98cl33vde0Bwn5LJzskPg1/+3L2IvHIPcjczUZY=; b=mYS0fZSozY7YzRcHdLQCYC59Dbk1WQ4GnBE6hCrVSdzlgaNLxHn5CNzKM4IJhIT7jg ryfHem/GakvZ9VIsMWXeqTGfqsMpMaEkw0lb46xl4ljWngE3SkJ6EwPib2oQ2DWkgSVZ 3wS2d8vm27ouswvdxN2LGDjwpaqIbdH+oKxmVWW34n90R8F/KUYOiErr5cQRC5b4yctH gfw7krXwIlJ1exTKSwuOFqrsJwF2LrZTs1Jpi+N+qDK9USD2PXfE7aOoy/mmMaHrti1/ mPshA9qtrJH6OcF8nmLEm2dFwLKCbDLfAwDOhTLAomGmatBILx2LlskFxqJsHgCHfvT7 groA== MIME-Version: 1.0 X-Received: by 10.112.156.231 with SMTP id wh7mr15645803lbb.118.1433787108314; Mon, 08 Jun 2015 11:11:48 -0700 (PDT) Sender: hallam@gmail.com Received: by 10.112.203.163 with HTTP; Mon, 8 Jun 2015 11:11:48 -0700 (PDT) Date: Mon, 8 Jun 2015 14:11:48 -0400 X-Google-Sender-Auth: u1-Tplip_E9yoRYoupfHw6K2TyY Message-ID: From: Phillip Hallam-Baker To: IETF OpenPGP Content-Type: multipart/alternative; boundary=001a11c260d24657be05180593b2 Archived-At: Subject: [openpgp] Open Escrow scheme X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Jun 2015 18:11:51 -0000 --001a11c260d24657be05180593b2 Content-Type: text/plain; charset=UTF-8 Yes, before folk start a panic, what I propose is not Louis Freeh approved. If people are going to encrypt personal documents by default we have to take data recovery just as seriously as data confidentiality. For most people the risk that they might lose the pictures of the kids when they are 4 is vastly more significant than the risk that a government or corporation might spy on them. So I have implemented a scheme based on Shamir's secret sharing as follows: * Key manager encrypts private key under a master secret, k * Encrypted private key is uploaded to a cloud based service, indexed under H(k) * Master secret is split using either XOR secret sharing (requiring N of N shares to recombine) or Shamir secret sharing (allowing K of N shares). It occurs to me that if this is going to be widely used it would be better as a standards based specification. Not wanting to derail OpenPGP bis, but I think this is something that OpenPGP NG might want to use as a resource. --001a11c260d24657be05180593b2 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Yes, before folk start a panic, what I propose is not Loui= s Freeh approved.

If people are going to encrypt persona= l documents by default we have to take data recovery just as seriously as d= ata confidentiality. For most people the risk that they might lose the pict= ures of the kids when they are 4 is vastly more significant than the risk t= hat a government or corporation might spy on them.=C2=A0

So I have implemented a scheme based on Shamir's secret sharing = as follows:

* Key manager encrypts private key und= er a master secret, k
* Encrypted private key is uploaded to a cl= oud based service, indexed under H(k)
* Master secret is split us= ing either XOR secret sharing (requiring N of N shares to recombine) or Sha= mir secret sharing (allowing K of N shares).

It oc= curs to me that if this is going to be widely used it would be better as a = standards based specification.=C2=A0

Not wanting t= o derail OpenPGP bis, but I think this is something that OpenPGP NG might w= ant to use as a resource.=C2=A0

--001a11c260d24657be05180593b2-- From nobody Mon Jun 8 20:17:26 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9EBE31ACD6C; Mon, 8 Jun 2015 16:24:39 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.1 X-Spam-Level: X-Spam-Status: No, score=-1.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_ALL=0.8] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Nbi4zSGUr6mi; Mon, 8 Jun 2015 16:24:38 -0700 (PDT) Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id AB8711ACD62; Mon, 8 Jun 2015 16:24:38 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: "Alissa Cooper" To: "The IESG" X-Test-IDTracker: no X-IETF-IDTracker: 6.0.3.p2 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <20150608232438.10577.75302.idtracker@ietfa.amsl.com> Date: Mon, 08 Jun 2015 16:24:38 -0700 Archived-At: X-Mailman-Approved-At: Mon, 08 Jun 2015 20:17:24 -0700 Cc: openpgp@ietf.org Subject: [openpgp] Alissa Cooper's Yes on charter-ietf-openpgp-01-00: (with COMMENT) X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Jun 2015 23:24:39 -0000 Alissa Cooper has entered the following ballot position for charter-ietf-openpgp-01-00: Yes When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/charter-ietf-openpgp/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- This is probably just a drafting issue, but this bit of the charter seems too open-ended: "- Other work may be entertained by the working group as long as it does not interfere with the completion of the RFC4880 revision. As the revision of RFC4880 is the primary goal of the working group, other work may be undertaken, so long as: 1. Will not unduly delay the closure of the working group after the revision is finished (unless the working group is rechartered). 2. as widespread support in the working group." It would be better IMO to characterize what this "other work" might entail or relate to. It may be obvious to the proponents but for someone who has not been following this it sounds like the WG could take up pretty much anything beyond the 4880bis, time and interest permitting. From nobody Tue Jun 9 06:29:10 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0BA6E1A7000 for ; Tue, 9 Jun 2015 06:29:09 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.348 X-Spam-Level: X-Spam-Status: No, score=0.348 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, HELO_EQ_SE=0.35, SPF_PASS=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WJHTS-xOE05L for ; Tue, 9 Jun 2015 06:29:06 -0700 (PDT) Received: from duva.sjd.se (duva.sjd.se [IPv6:2001:9b0:1:1702::100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8B9701A6FFC for ; Tue, 9 Jun 2015 06:29:06 -0700 (PDT) Received: from latte.josefsson.org ([155.4.17.3]) (authenticated bits=0) by duva.sjd.se (8.14.4/8.14.4/Debian-4) with ESMTP id t59DSpx4025260 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT); Tue, 9 Jun 2015 15:28:52 +0200 From: Simon Josefsson To: ianG References: <20150601141823.797394a1@latte.josefsson.org> <878uc3fsdp.fsf@alice.fifthhorseman.net> <20150601162501.73ec29d8@latte.josefsson.org> <87twursa3j.fsf@vigenere.g10code.de> <87y4k3e6em.fsf@alice.fifthhorseman.net> <87k2vns63e.fsf@vigenere.g10code.de> <87k2vne38q.fsf@alice.fifthhorseman.net> <87d21fs0cx.fsf@vigenere.g10code.de> <20150601214043.3b9928ea@latte.josefsson.org> <20150602091820.3a59a0c7@latte.josefsson.org> <556D88C9.3000803@iang.org> <878uc2qpec.fsf@vigenere.g10code.de> OpenPGP: id=54265E8C; url=http://josefsson.org/54265e8c.txt X-Hashcash: 1:22:150609:iang@iang.org::tts2yjvgHCG1gfgP:0GrI X-Hashcash: 1:22:150609:openpgp@ietf.org::vmv5l2P2L7wn4hIb:Mwxt Date: Tue, 09 Jun 2015 15:28:50 +0200 In-Reply-To: <878uc2qpec.fsf@vigenere.g10code.de> (Werner Koch's message of "Tue, 02 Jun 2015 14:13:31 +0200") Message-ID: <87vbexovsd.fsf@latte.josefsson.org> User-Agent: Gnus/5.130014 (Ma Gnus v0.14) Emacs/24.4 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Virus-Scanned: clamav-milter 0.98.7 at duva.sjd.se X-Virus-Status: Clean Archived-At: Cc: openpgp@ietf.org Subject: Re: [openpgp] Proposed WG charter X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Jun 2015 13:29:09 -0000 --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Werner Koch writes: > On Tue, 2 Jun 2015 12:43, iang@iang.org said: > >> I think the reality of OpenPGP's lifecycle is that we are going to be >> dealing with legacy implementations and algorithms anyway, and just > > I don't think that "legacy" is an appropriate term here. In contrast to > many other protocols (e.g. IP) we need to care about data at rest. > There are huge amounts of encrypted or signed data on disks and tapes > which eventually need to be decrypted.=20 > > It might be good to think of OpenPGP data like the tar format and not > like http/smtp/xmpp. It might help to suggest (in the specification) that OpenPGP implementations MAY implement decrypt support for older crypto algorithms but MUST NOT encrypt using them. Otherwise I suspect that implementations might accidentally (or not) end up implement both encrypt and decrypt because that is the natural way of implementing crypto, and supporting both variants simplify testing (you can test roundtrips). However doing that is bad for security. /Simon --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJVduoSAAoJEIYLf7sy+BGduq8H/2gHZml9e0Ag4XkFAbn6YKIm 9mBEtvaOE/WXVQmGRxvtwDKZYaa2OtNKgmBtGERgmbQD2prgb7nDdEJ1P2NghqcA V20aUlzf5kqZLA/JXii+bwwtjcVUSgSziDeXp425r6YNclln6l1CUO6ZZby3zOZS BIeBoZDWPaZvdZ+sOIGBgDOMLnRmRuysDzOtDY7BYNBJoQhRhDA2G0V1gMoMOdSM LAO8912/9r+bTyqmpviMX/n5F+tXYkTEhQqb5b7DmfgjpbVJpKVZNxfYm0odPX5c 56Q+JFRIWnVNRRlb3E8UCKNBmFPCxIiv0gGhR8snf170PZxuM0bSBYWOfkCwPFw= =r6Ci -----END PGP SIGNATURE----- --=-=-=-- From nobody Tue Jun 9 06:34:22 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6A1A31A7011 for ; Tue, 9 Jun 2015 06:34:21 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.348 X-Spam-Level: X-Spam-Status: No, score=0.348 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, HELO_EQ_SE=0.35, SPF_PASS=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o8q1CmrofyY5 for ; Tue, 9 Jun 2015 06:34:20 -0700 (PDT) Received: from duva.sjd.se (duva.sjd.se [IPv6:2001:9b0:1:1702::100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6C9061A1EF9 for ; Tue, 9 Jun 2015 06:34:16 -0700 (PDT) Received: from latte.josefsson.org ([155.4.17.3]) (authenticated bits=0) by duva.sjd.se (8.14.4/8.14.4/Debian-4) with ESMTP id t59DY2Mv025738 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT); Tue, 9 Jun 2015 15:34:03 +0200 From: Simon Josefsson To: "Christopher LILJENSTOLPE" References: <90EFE8AE-B8E4-42E7-8FED-8485E7857C15@cdl.asgaard.org> OpenPGP: id=54265E8C; url=http://josefsson.org/54265e8c.txt X-Hashcash: 1:22:150609:ietf@cdl.asgaard.org::8GmEiipSSaGRMVmZ:1/fc X-Hashcash: 1:22:150609:openpgp@ietf.org::/2MXIjTLYs+2dYwD:3ZbV X-Hashcash: 1:22:150609:sec-ads@tools.ietf.org::OGcNJ5u3BNWsu96W:4iDp X-Hashcash: 1:22:150609:dkg@fifthhorseman.net::zaAiNjWbkJfde4uk:yata Date: Tue, 09 Jun 2015 15:34:00 +0200 In-Reply-To: <90EFE8AE-B8E4-42E7-8FED-8485E7857C15@cdl.asgaard.org> (Christopher LILJENSTOLPE's message of "Wed, 03 Jun 2015 17:58:32 -0700") Message-ID: <87oakpovjr.fsf@latte.josefsson.org> User-Agent: Gnus/5.130014 (Ma Gnus v0.14) Emacs/24.4 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Virus-Scanned: clamav-milter 0.98.7 at duva.sjd.se X-Virus-Status: Clean Archived-At: Cc: IETF OpenPGP , sec-ads@tools.ietf.org, Daniel Kahn Gillmor Subject: Re: [openpgp] Second draft of the charter X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Jun 2015 13:34:21 -0000 --=-=-= Content-Type: text/plain "Christopher LILJENSTOLPE" writes: > * inclusion of the CFRG elliptic curves Is this for ECDH only? That's the only thing they have made a determination on so far. Or do you mean signature algorithm too? I suggest to say "inclusion of newer elliptic curves and/or signature algorithms" to be complete and still not limited. /Simon --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJVdutIAAoJEIYLf7sy+BGdEXUH/ihil/uk8MaV4c+JHvw8nt/d kmswdb9bzyJh3Ar5FoJ8SToNPcIoBiOsp+kr/lGxXPjkXseaWQBW+8eNt8yN2kSW 27uSi8oG+Avr4x7a45dirkMcRRqN7Pr/2mCPwNYZCrdZOxSETYv1OmPx99jXVtIn ZS54zqYivphAK6lf9Jhk41ZK/x565DPPsRRhh8TzOPjejDKthFgS3HckkQvCTiNy /pdk6QAAf7485sNI+TLy2CAa+xiGKsgbNIaDq51xODCsVO3CURYdaXIuzdtofEMC ldX68kHGhEsFwCQcs2iRZNyXUmzrRdAR0Iz5ZRNd345iQZAt5NBN/FLoI7MYKMw= =D/Cc -----END PGP SIGNATURE----- --=-=-=-- From nobody Tue Jun 9 13:25:52 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 244111B30D2; Tue, 9 Jun 2015 13:25:50 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 2.053 X-Spam-Level: ** X-Spam-Status: No, score=2.053 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DATE_IN_PAST_06_12=1.543, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_MISMATCH_ORG=0.611] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CTcjyCwg40SD; Tue, 9 Jun 2015 13:25:49 -0700 (PDT) Received: from mail2.ihtfp.org (MAIL2.IHTFP.ORG [204.107.200.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 09D781B30D6; Tue, 9 Jun 2015 13:25:49 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail2.ihtfp.org (Postfix) with ESMTP id ADA9BE203A; Tue, 9 Jun 2015 16:25:47 -0400 (EDT) Received: from mail2.ihtfp.org ([127.0.0.1]) by localhost (mail2.ihtfp.org [127.0.0.1]) (amavisd-maia, port 10024) with ESMTP id 09994-06-4; Tue, 9 Jun 2015 16:25:45 -0400 (EDT) Received: from securerf.ihtfp.org (unknown [12.48.31.132]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mocana.ihtfp.org", Issuer "IHTFP Consulting Certification Authority" (verified OK)) by mail2.ihtfp.org (Postfix) with ESMTPS id D7EADE2035; Tue, 9 Jun 2015 16:25:43 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ihtfp.com; s=default; t=1433881544; bh=dhqmazvb5NF4TLQdvs8SKCVuSBMSB95jz2h1y3u27uk=; h=From:To:Cc:Subject:References:Date:In-Reply-To; b=VaxwrqTZ2uHz1ihUQwU+gZdpzqeWiCLeUB12eeu07Iic1MW98neFzSPMwuHgzBhFL Rz5MhGnOl6LDSdTaegjanw6oVwN1vQ6ScIPEEH29CMMp6GnJPWKli8syOgMLkLJXD5 aZuzAPZpAZwxCIS9UrBQR0H3I/OjMWV9Kl664qYk= Received: (from warlord@localhost) by securerf.ihtfp.org (8.14.8/8.14.8/Submit) id t59DQXj6027044; Tue, 9 Jun 2015 09:26:33 -0400 From: Derek Atkins To: "Alissa Cooper" References: <20150608232438.10577.75302.idtracker@ietfa.amsl.com> Date: Tue, 09 Jun 2015 09:26:33 -0400 In-Reply-To: <20150608232438.10577.75302.idtracker@ietfa.amsl.com> (Alissa Cooper's message of "Mon, 08 Jun 2015 16:24:38 -0700") Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Virus-Scanned: Maia Mailguard 1.0.2a Archived-At: Cc: openpgp@ietf.org, The IESG Subject: Re: [openpgp] Alissa Cooper's Yes on charter-ietf-openpgp-01-00: (with COMMENT) X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Jun 2015 20:25:50 -0000 Hi, "Alissa Cooper" writes: [snip] > It would be better IMO to characterize what this "other work" might > entail or relate to. It may be obvious to the proponents but for someone > who has not been following this it sounds like the WG could take up > pretty much anything beyond the 4880bis, time and interest permitting. While I can neither speak for the chairs or the ADs, my feeling is that there are a handful of topics that have been proposed on the OpenPGP mailing list that are not necessarily directly related to RFC4880bis but have had some support to progress. My feeling is that this "open ended" notion was to allow the chairs to accept some (or all) of thosed proposed work items (that have already started) without an explicit rechartering effort. But the wording is there to make sure the WG focuses on RFC4880bis first. -derek -- Derek Atkins 617-623-3745 derek@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant From nobody Tue Jun 9 14:40:39 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DCA401A1F1D for ; Tue, 9 Jun 2015 14:40:34 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.6 X-Spam-Level: X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=unavailable Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kUExC8_IcbY8 for ; Tue, 9 Jun 2015 14:40:33 -0700 (PDT) Received: from smtp1.emailarray.com (smtp1.emailarray.com [65.39.216.14]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B2BB21A1BF1 for ; Tue, 9 Jun 2015 14:40:33 -0700 (PDT) Received: (qmail 21229 invoked by uid 89); 9 Jun 2015 21:40:30 -0000 Received: from unknown (HELO ?172.24.10.73?) (Y2RsQGFzZ2FhcmQub3JnQDE5OC4xNDcuMjI2LjY=) (POLARISLOCAL) by smtp1.emailarray.com with (DHE-RSA-AES256-SHA encrypted) SMTP; 9 Jun 2015 21:40:30 -0000 From: "Christopher LILJENSTOLPE" To: "Derek Atkins" Date: Tue, 09 Jun 2015 14:40:28 -0700 Message-ID: <67BBE95C-6B1D-4B04-9FA0-84EF31CFBC90@cdl.asgaard.org> In-Reply-To: References: <20150608232438.10577.75302.idtracker@ietfa.amsl.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-Clacks-Overhead: GNU Terry Pratchett X-Mailer: MailMate (1.9.1r5084) X-PolarisMail-Flags: x Archived-At: Cc: openpgp@ietf.org, Alissa Cooper , The IESG Subject: Re: [openpgp] [eX-bulk] : Re: Alissa Cooper's Yes on charter-ietf-openpgp-01-00: (with COMMENT) X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Jun 2015 21:40:35 -0000 Greetings, Thank's Derek - you saved me the response. That's exactly the intent. It gives the chairs some latitude to accept some of the other work so long as it doesn't impinge on the 4880bis activity. Christopher On 9 Jun 2015, at 6:26, Derek Atkins wrote: > Hi, > > "Alissa Cooper" writes: > > [snip] >> It would be better IMO to characterize what this "other work" might >> entail or relate to. It may be obvious to the proponents but for >> someone >> who has not been following this it sounds like the WG could take up >> pretty much anything beyond the 4880bis, time and interest >> permitting. > > While I can neither speak for the chairs or the ADs, my feeling is > that > there are a handful of topics that have been proposed on the OpenPGP > mailing list that are not necessarily directly related to RFC4880bis > but > have had some support to progress. My feeling is that this "open > ended" > notion was to allow the chairs to accept some (or all) of thosed > proposed work items (that have already started) without an explicit > rechartering effort. But the wording is there to make sure the WG > focuses on RFC4880bis first. > > -derek > -- > Derek Atkins 617-623-3745 > derek@ihtfp.com www.ihtfp.com > Computer and Internet Security Consultant > > _______________________________________________ > openpgp mailing list > openpgp@ietf.org > https://www.ietf.org/mailman/listinfo/openpgp -- 李柯睿 Avt tace, avt loqvere meliora silentio Check my PGP key here: http://www.asgaard.org/cdl/cdl.asc Current vCard here: http://www.asgaard.org/cdl/cdl.vcf keybase: https://keybase.io/liljenstolpe From nobody Tue Jun 9 22:44:19 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0AF1C1AC3B7 for ; Tue, 9 Jun 2015 22:44:18 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.567 X-Spam-Level: X-Spam-Status: No, score=-1.567 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, IP_NOT_FRIENDLY=0.334, SPF_PASS=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hkwTOTxchXtM for ; Tue, 9 Jun 2015 22:44:16 -0700 (PDT) Received: from smtp2.emailarray.com (smtp.emailarray.com [69.28.212.198]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 623151AC3B4 for ; Tue, 9 Jun 2015 22:44:16 -0700 (PDT) Received: (qmail 97621 invoked by uid 89); 10 Jun 2015 05:44:14 -0000 Received: from unknown (HELO ?204.29.149.87?) (Y2RsQGFzZ2FhcmQub3JnQDUwLjc2LjM0LjE4NQ==) (POLARISLOCAL) by smtp2.emailarray.com with (DHE-RSA-AES256-SHA encrypted) SMTP; 10 Jun 2015 05:44:14 -0000 From: "Christopher LILJENSTOLPE" To: "Alissa Cooper" , "Stephen Farrell" Date: Tue, 09 Jun 2015 22:44:12 -0700 Message-ID: In-Reply-To: <85DE0C51-C810-49D1-B1CC-DA38CB288938@cooperw.in> References: <20150608232438.10577.75302.idtracker@ietfa.amsl.com> <67BBE95C-6B1D-4B04-9FA0-84EF31CFBC90@cdl.asgaard.org> <85DE0C51-C810-49D1-B1CC-DA38CB288938@cooperw.in> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-Clacks-Overhead: GNU Terry Pratchett X-Mailer: MailMate (1.9.1r5084) X-PolarisMail-Flags: x Archived-At: Cc: openpgp@ietf.org, Derek Atkins , IESG Subject: Re: [openpgp] [eX-bulk] : Re: Alissa Cooper's Yes on charter-ietf-openpgp-01-00: (with COMMENT) X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Jun 2015 05:44:18 -0000 On 9 Jun 2015, at 16:18, Alissa Cooper wrote: > Is there any possible way you could characterize it so it’s not > entirely open-ended? E.g., “Other work _related to OpenPGP_” or > some such would suffice. Right now it’s written as if the WG could > take up basket weaving and that would be in scope. I know that is not > the intent but would rather not set the precedent for having ambiguous > charter language. We could - Stephen, do you think we would need to restart the process for that? Christopher > > Thanks, > Alissa > > On Jun 9, 2015, at 2:40 PM, Christopher LILJENSTOLPE > wrote: > >> Greetings, >> >> Thank's Derek - you saved me the response. That's exactly the >> intent. It gives the chairs some latitude to accept some of the >> other work so long as it doesn't impinge on the 4880bis activity. >> >> Christopher >> >> On 9 Jun 2015, at 6:26, Derek Atkins wrote: >> >>> Hi, >>> >>> "Alissa Cooper" writes: >>> >>> [snip] >>>> It would be better IMO to characterize what this "other work" might >>>> entail or relate to. It may be obvious to the proponents but for >>>> someone >>>> who has not been following this it sounds like the WG could take up >>>> pretty much anything beyond the 4880bis, time and interest >>>> permitting. >>> >>> While I can neither speak for the chairs or the ADs, my feeling is >>> that >>> there are a handful of topics that have been proposed on the OpenPGP >>> mailing list that are not necessarily directly related to RFC4880bis >>> but >>> have had some support to progress. My feeling is that this "open >>> ended" >>> notion was to allow the chairs to accept some (or all) of thosed >>> proposed work items (that have already started) without an explicit >>> rechartering effort. But the wording is there to make sure the WG >>> focuses on RFC4880bis first. >>> >>> -derek >>> -- >>> Derek Atkins 617-623-3745 >>> derek@ihtfp.com www.ihtfp.com >>> Computer and Internet Security Consultant >>> >>> _______________________________________________ >>> openpgp mailing list >>> openpgp@ietf.org >>> https://www.ietf.org/mailman/listinfo/openpgp >> >> >> -- >> 李柯睿 >> Avt tace, avt loqvere meliora silentio >> Check my PGP key here: http://www.asgaard.org/cdl/cdl.asc >> Current vCard here: http://www.asgaard.org/cdl/cdl.vcf >> keybase: https://keybase.io/liljenstolpe -- 李柯睿 Avt tace, avt loqvere meliora silentio Check my PGP key here: http://www.asgaard.org/cdl/cdl.asc Current vCard here: http://www.asgaard.org/cdl/cdl.vcf keybase: https://keybase.io/liljenstolpe From nobody Wed Jun 10 03:36:44 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 953B01ACE90; Wed, 10 Jun 2015 03:36:41 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.21 X-Spam-Level: X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vQaZdJ6CboBA; Wed, 10 Jun 2015 03:36:38 -0700 (PDT) Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 757681ACE86; Wed, 10 Jun 2015 03:36:36 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 9A971BECA; Wed, 10 Jun 2015 11:36:33 +0100 (IST) X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kYQ-j0IzqfC2; Wed, 10 Jun 2015 11:36:30 +0100 (IST) Received: from [172.16.22.181] (62-50-200-74.client.stsn.net [62.50.200.74]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id A0D00BE4D; Wed, 10 Jun 2015 11:36:29 +0100 (IST) Message-ID: <55781324.6070908@cs.tcd.ie> Date: Wed, 10 Jun 2015 11:36:20 +0100 From: Stephen Farrell User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0 MIME-Version: 1.0 To: Christopher LILJENSTOLPE , Alissa Cooper References: <20150608232438.10577.75302.idtracker@ietfa.amsl.com> <67BBE95C-6B1D-4B04-9FA0-84EF31CFBC90@cdl.asgaard.org> <85DE0C51-C810-49D1-B1CC-DA38CB288938@cooperw.in> In-Reply-To: OpenPGP: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Archived-At: Cc: openpgp@ietf.org, Derek Atkins , IESG Subject: Re: [openpgp] [eX-bulk] : Re: Alissa Cooper's Yes on charter-ietf-openpgp-01-00: (with COMMENT) X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Jun 2015 10:36:41 -0000 On 10/06/15 06:44, Christopher LILJENSTOLPE wrote: > On 9 Jun 2015, at 16:18, Alissa Cooper wrote: > >> Is there any possible way you could characterize it so it’s not >> entirely open-ended? E.g., “Other work _related to OpenPGP_” or some >> such would suffice. Right now it’s written as if the WG could take up >> basket weaving and that would be in scope. I know that is not the >> intent but would rather not set the precedent for having ambiguous >> charter language. > > We could - Stephen, do you think we would need to restart the process > for that? I'll add that shortly. Doing so will have no impact on timing. And I'll check out Ben's comment then too. S. > > Christopher > > >> >> Thanks, >> Alissa >> >> On Jun 9, 2015, at 2:40 PM, Christopher LILJENSTOLPE >> wrote: >> >>> Greetings, >>> >>> Thank's Derek - you saved me the response. That's exactly the >>> intent. It gives the chairs some latitude to accept some of the >>> other work so long as it doesn't impinge on the 4880bis activity. >>> >>> Christopher >>> >>> On 9 Jun 2015, at 6:26, Derek Atkins wrote: >>> >>>> Hi, >>>> >>>> "Alissa Cooper" writes: >>>> >>>> [snip] >>>>> It would be better IMO to characterize what this "other work" might >>>>> entail or relate to. It may be obvious to the proponents but for >>>>> someone >>>>> who has not been following this it sounds like the WG could take up >>>>> pretty much anything beyond the 4880bis, time and interest permitting. >>>> >>>> While I can neither speak for the chairs or the ADs, my feeling is that >>>> there are a handful of topics that have been proposed on the OpenPGP >>>> mailing list that are not necessarily directly related to RFC4880bis >>>> but >>>> have had some support to progress. My feeling is that this "open >>>> ended" >>>> notion was to allow the chairs to accept some (or all) of thosed >>>> proposed work items (that have already started) without an explicit >>>> rechartering effort. But the wording is there to make sure the WG >>>> focuses on RFC4880bis first. >>>> >>>> -derek >>>> -- >>>> Derek Atkins 617-623-3745 >>>> derek@ihtfp.com www.ihtfp.com >>>> Computer and Internet Security Consultant >>>> >>>> _______________________________________________ >>>> openpgp mailing list >>>> openpgp@ietf.org >>>> https://www.ietf.org/mailman/listinfo/openpgp >>> >>> >>> -- >>> 李柯睿 >>> Avt tace, avt loqvere meliora silentio >>> Check my PGP key here: http://www.asgaard.org/cdl/cdl.asc >>> Current vCard here: http://www.asgaard.org/cdl/cdl.vcf >>> keybase: https://keybase.io/liljenstolpe > > From nobody Wed Jun 10 09:19:03 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0777B1A8A3E for ; Tue, 9 Jun 2015 16:18:20 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.7 X-Spam-Level: X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7] autolearn=unavailable Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ToMnVP_zTe6t for ; Tue, 9 Jun 2015 16:18:18 -0700 (PDT) Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 050A01A8A3A for ; Tue, 9 Jun 2015 16:18:18 -0700 (PDT) Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.nyi.internal (Postfix) with ESMTP id 4970120BBB for ; Tue, 9 Jun 2015 19:18:16 -0400 (EDT) Received: from frontend2 ([10.202.2.161]) by compute2.internal (MEProxy); Tue, 09 Jun 2015 19:18:16 -0400 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=cooperw.in; h=cc :content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-sasl-enc :x-sasl-enc; s=mesmtp; bh=nQWbFLIFgGW8Gj2NCIFCdeZPk1g=; b=l6XFlD sCpcq0KBekmkb8K0OknWZQpvOfzbexjv3yvXvZRtuSXzC+c9iFwr8YIHEThlfXQu TRZt534H5BXat5yr7t6OBljEYkh3ALO2d6oKrzOijehOIt6k5NGvAby5WBr89gqw eogJabxLkQm2fn/L9f3VuO7HYiEL8myt6ouaQ= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-sasl-enc:x-sasl-enc; s=smtpout; bh=nQWbFLIFgGW8Gj2 NCIFCdeZPk1g=; b=gkZFpl59jwfIR8ctArrmeKwsr0rS1Z2CHLHLYIdjtGmz0Ka iZQ7uSZZM4btMqWL3qLqNDVJnbtTWpalOtQDNKnPd3GvH7Nn2rB5RN4ISHNeYC8Z qoILQaVrrv5P7HqzR/uVaTkU6vW+vLU4KSGCIu9otlYORR5V14qdtdcmTj1w= X-Sasl-enc: ttJqGieGQDgF1WcLA0ZR7Gf6bamq+xU7m/zrLabJ6ltb 1433891895 Received: from dhcp-171-68-20-240.cisco.com (unknown [171.68.20.240]) by mail.messagingengine.com (Postfix) with ESMTPA id 39DDA680128; Tue, 9 Jun 2015 19:18:14 -0400 (EDT) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\)) From: Alissa Cooper In-Reply-To: <67BBE95C-6B1D-4B04-9FA0-84EF31CFBC90@cdl.asgaard.org> Date: Tue, 9 Jun 2015 16:18:14 -0700 Content-Transfer-Encoding: quoted-printable Message-Id: <85DE0C51-C810-49D1-B1CC-DA38CB288938@cooperw.in> References: <20150608232438.10577.75302.idtracker@ietfa.amsl.com> <67BBE95C-6B1D-4B04-9FA0-84EF31CFBC90@cdl.asgaard.org> To: Christopher LILJENSTOLPE X-Mailer: Apple Mail (2.1878.6) Archived-At: X-Mailman-Approved-At: Wed, 10 Jun 2015 09:19:02 -0700 Cc: openpgp@ietf.org, Derek Atkins , IESG Subject: Re: [openpgp] [eX-bulk] : Re: Alissa Cooper's Yes on charter-ietf-openpgp-01-00: (with COMMENT) X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Jun 2015 23:18:20 -0000 Is there any possible way you could characterize it so it=E2=80=99s not = entirely open-ended? E.g., =E2=80=9COther work _related to OpenPGP_=E2=80=9D= or some such would suffice. Right now it=E2=80=99s written as if the WG = could take up basket weaving and that would be in scope. I know that is = not the intent but would rather not set the precedent for having = ambiguous charter language. Thanks, Alissa On Jun 9, 2015, at 2:40 PM, Christopher LILJENSTOLPE = wrote: > Greetings, >=20 > Thank's Derek - you saved me the response. That's exactly the = intent. It gives the chairs some latitude to accept some of the other = work so long as it doesn't impinge on the 4880bis activity. >=20 > Christopher >=20 > On 9 Jun 2015, at 6:26, Derek Atkins wrote: >=20 >> Hi, >>=20 >> "Alissa Cooper" writes: >>=20 >> [snip] >>> It would be better IMO to characterize what this "other work" might >>> entail or relate to. It may be obvious to the proponents but for = someone >>> who has not been following this it sounds like the WG could take up >>> pretty much anything beyond the 4880bis, time and interest = permitting. >>=20 >> While I can neither speak for the chairs or the ADs, my feeling is = that >> there are a handful of topics that have been proposed on the OpenPGP >> mailing list that are not necessarily directly related to RFC4880bis = but >> have had some support to progress. My feeling is that this "open = ended" >> notion was to allow the chairs to accept some (or all) of thosed >> proposed work items (that have already started) without an explicit >> rechartering effort. But the wording is there to make sure the WG >> focuses on RFC4880bis first. >>=20 >> -derek >> --=20 >> Derek Atkins 617-623-3745 >> derek@ihtfp.com www.ihtfp.com >> Computer and Internet Security Consultant >>=20 >> _______________________________________________ >> openpgp mailing list >> openpgp@ietf.org >> https://www.ietf.org/mailman/listinfo/openpgp >=20 >=20 > --=20 > =E6=9D=8E=E6=9F=AF=E7=9D=BF > Avt tace, avt loqvere meliora silentio > Check my PGP key here: http://www.asgaard.org/cdl/cdl.asc > Current vCard here: http://www.asgaard.org/cdl/cdl.vcf > keybase: https://keybase.io/liljenstolpe From nobody Wed Jun 10 09:19:05 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D148E1A026F; Tue, 9 Jun 2015 20:03:16 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jKytKQkvBgIn; Tue, 9 Jun 2015 20:03:15 -0700 (PDT) Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 73E131A0262; Tue, 9 Jun 2015 20:03:15 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: "Ben Campbell" To: "The IESG" X-Test-IDTracker: no X-IETF-IDTracker: 6.0.3.p2 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <20150610030315.6675.96685.idtracker@ietfa.amsl.com> Date: Tue, 09 Jun 2015 20:03:15 -0700 Archived-At: X-Mailman-Approved-At: Wed, 10 Jun 2015 09:19:02 -0700 Cc: openpgp@ietf.org Subject: [openpgp] Ben Campbell's Yes on charter-ietf-openpgp-01-00: (with COMMENT) X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Jun 2015 03:03:17 -0000 Ben Campbell has entered the following ballot position for charter-ietf-openpgp-01-00: Yes When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/charter-ietf-openpgp/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- I concur with Alissa's comment about "other work". Is it possible to put more scope around the "other work" than "The wg wants to do it and it doesn't get in the way"? Item 2. under "other work" appears to have some missing words. Should that say "The work has widespread support..."? From nobody Wed Jun 10 09:20:54 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E85C51A8901 for ; Wed, 10 Jun 2015 09:20:50 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=unavailable Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nxWvqgSUZo77 for ; Wed, 10 Jun 2015 09:20:50 -0700 (PDT) Received: from smtp5.emailarray.com (smtp5.emailarray.com [65.39.216.39]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 752B61B3393 for ; Wed, 10 Jun 2015 09:20:48 -0700 (PDT) Received: (qmail 23261 invoked by uid 89); 10 Jun 2015 16:20:46 -0000 Received: from unknown (HELO ?172.24.10.73?) (Y2RsQGFzZ2FhcmQub3JnQDE5OC4xNDcuMjI2LjY=) (POLARISLOCAL) by smtp5.emailarray.com with (DHE-RSA-AES256-SHA encrypted) SMTP; 10 Jun 2015 16:20:46 -0000 From: "Christopher LILJENSTOLPE" To: openpgp@ietf.org, "The IESG" Date: Wed, 10 Jun 2015 09:20:44 -0700 Message-ID: <0385CECD-5549-461E-9A26-89D3EF65062F@cdl.asgaard.org> In-Reply-To: References: <20150608232438.10577.75302.idtracker@ietfa.amsl.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-Clacks-Overhead: GNU Terry Pratchett X-Mailer: MailMate (1.9.1r5084) X-PolarisMail-Flags: Archived-At: Subject: Re: [openpgp] Alissa Cooper's Yes on charter-ietf-openpgp-01-00: (with COMMENT) X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Jun 2015 16:20:51 -0000 Greetings, Can I remind folks to sign up for the openpgp mailing list so that they can see all of the responses to mails they are sending? Thx Christopher -- 李柯睿 Avt tace, avt loqvere meliora silentio Check my PGP key here: http://www.asgaard.org/cdl/cdl.asc Current vCard here: http://www.asgaard.org/cdl/cdl.vcf keybase: https://keybase.io/liljenstolpe From nobody Wed Jun 10 09:27:56 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 41AB41A893F for ; Wed, 10 Jun 2015 09:27:55 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.566 X-Spam-Level: X-Spam-Status: No, score=-1.566 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, IP_NOT_FRIENDLY=0.334] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 28QzErmaV6XF for ; Wed, 10 Jun 2015 09:27:54 -0700 (PDT) Received: from smtp2.emailarray.com (smtp.emailarray.com [69.28.212.198]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E4BD11A8928 for ; Wed, 10 Jun 2015 09:27:53 -0700 (PDT) Received: (qmail 39713 invoked by uid 89); 10 Jun 2015 16:27:52 -0000 Received: from unknown (HELO ?172.24.10.73?) (Y2RsQGFzZ2FhcmQub3JnQDE5OC4xNDcuMjI2LjY=) (POLARISLOCAL) by smtp2.emailarray.com with (DHE-RSA-AES256-SHA encrypted) SMTP; 10 Jun 2015 16:27:52 -0000 From: "Christopher LILJENSTOLPE" To: "Ben Campbell" , "Alissa Cooper" Date: Wed, 10 Jun 2015 09:27:50 -0700 Message-ID: <4716A8B1-3E2E-49F7-8699-4730127E5B65@cdl.asgaard.org> In-Reply-To: <20150610030315.6675.96685.idtracker@ietfa.amsl.com> References: <20150610030315.6675.96685.idtracker@ietfa.amsl.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-Clacks-Overhead: GNU Terry Pratchett X-Mailer: MailMate (1.9.1r5084) X-PolarisMail-Flags: x Archived-At: Cc: openpgp@ietf.org, The IESG Subject: Re: [openpgp] [eX-bulk] : Ben Campbell's Yes on charter-ietf-openpgp-01-00: (with COMMENT) X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Jun 2015 16:27:55 -0000 Greetings, I've made some minor tweaks based on Ben's and Alissa's comments. It's on the gist right now... https://gist.github.com/liljenstolpe/a4a45477d1b89ea45e09 Christopher On 9 Jun 2015, at 20:03, Ben Campbell wrote: > Ben Campbell has entered the following ballot position for > charter-ietf-openpgp-01-00: Yes > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut > this > introductory paragraph, however.) > > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/charter-ietf-openpgp/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > I concur with Alissa's comment about "other work". Is it possible to > put > more scope around the "other work" than "The wg wants to do it and it > doesn't get in the way"? > > Item 2. under "other work" appears to have some missing words. Should > that say "The work has widespread support..."? > > > _______________________________________________ > openpgp mailing list > openpgp@ietf.org > https://www.ietf.org/mailman/listinfo/openpgp -- 李柯睿 Avt tace, avt loqvere meliora silentio Check my PGP key here: http://www.asgaard.org/cdl/cdl.asc Current vCard here: http://www.asgaard.org/cdl/cdl.vcf keybase: https://keybase.io/liljenstolpe From nobody Wed Jun 10 13:50:02 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB74D1ACD1C for ; Wed, 10 Jun 2015 13:50:01 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.001 X-Spam-Level: X-Spam-Status: No, score=-0.001 tagged_above=-999 required=5 tests=[BAYES_20=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Tl64AJd7Y0vA for ; Wed, 10 Jun 2015 13:50:00 -0700 (PDT) Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by ietfa.amsl.com (Postfix) with ESMTP id 401371ACCF3 for ; Wed, 10 Jun 2015 13:50:00 -0700 (PDT) Received: from fifthhorseman.net (unknown [199.119.118.21]) by che.mayfirst.org (Postfix) with ESMTPSA id B2517F984; Wed, 10 Jun 2015 16:49:55 -0400 (EDT) Received: by fifthhorseman.net (Postfix, from userid 1000) id E5CFC20139; Wed, 10 Jun 2015 16:49:42 -0400 (EDT) From: Daniel Kahn Gillmor To: Simon Josefsson , Christopher LILJENSTOLPE In-Reply-To: <87oakpovjr.fsf@latte.josefsson.org> References: <90EFE8AE-B8E4-42E7-8FED-8485E7857C15@cdl.asgaard.org> <87oakpovjr.fsf@latte.josefsson.org> User-Agent: Notmuch/0.20.1 (http://notmuchmail.org) Emacs/24.4.1 (x86_64-pc-linux-gnu) Date: Wed, 10 Jun 2015 16:49:42 -0400 Message-ID: <87a8w7p9uh.fsf@alice.fifthhorseman.net> MIME-Version: 1.0 Content-Type: text/plain Archived-At: Cc: IETF OpenPGP , sec-ads@tools.ietf.org Subject: Re: [openpgp] Second draft of the charter X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Jun 2015 20:50:02 -0000 On Tue 2015-06-09 09:34:00 -0400, Simon Josefsson wrote: > "Christopher LILJENSTOLPE" writes: > >> * inclusion of the CFRG elliptic curves > > Is this for ECDH only? That's the only thing they have made a > determination on so far. Or do you mean signature algorithm too? > > I suggest to say "inclusion of newer elliptic curves and/or signature > algorithms" to be complete and still not limited. I think "elliptic curves" on its own should be able to cover both DH and signature work. If we really feel that the current language is insufficiently inclusive, we should make it: * inclusion of the CFRG elliptic curves for encryption and/or signatures but i don't think such a change is necessary, personally. --dkg From nobody Wed Jun 10 13:54:32 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 02CDB1A8A6C for ; Wed, 10 Jun 2015 13:54:28 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bwLIcUkyh-bP for ; Wed, 10 Jun 2015 13:54:23 -0700 (PDT) Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by ietfa.amsl.com (Postfix) with ESMTP id 832D11A1A31 for ; Wed, 10 Jun 2015 13:54:23 -0700 (PDT) Received: from fifthhorseman.net (unknown [199.119.118.21]) by che.mayfirst.org (Postfix) with ESMTPSA id 7C529F984; Wed, 10 Jun 2015 16:54:20 -0400 (EDT) Received: by fifthhorseman.net (Postfix, from userid 1000) id 331961FFFB; Wed, 10 Jun 2015 16:54:01 -0400 (EDT) From: Daniel Kahn Gillmor To: Simon Josefsson , ianG In-Reply-To: <87vbexovsd.fsf@latte.josefsson.org> References: <20150601141823.797394a1@latte.josefsson.org> <878uc3fsdp.fsf@alice.fifthhorseman.net> <20150601162501.73ec29d8@latte.josefsson.org> <87twursa3j.fsf@vigenere.g10code.de> <87y4k3e6em.fsf@alice.fifthhorseman.net> <87k2vns63e.fsf@vigenere.g10code.de> <87k2vne38q.fsf@alice.fifthhorseman.net> <87d21fs0cx.fsf@vigenere.g10code.de> <20150601214043.3b9928ea@latte.josefsson.org> <20150602091820.3a59a0c7@latte.josefsson.org> <556D88C9.3000803@iang.org> <878uc2qpec.fsf@vigenere.g10code.de> <87vbexovsd.fsf@latte.josefsson.org> User-Agent: Notmuch/0.20.1 (http://notmuchmail.org) Emacs/24.4.1 (x86_64-pc-linux-gnu) Date: Wed, 10 Jun 2015 16:54:01 -0400 Message-ID: <877frbp9na.fsf@alice.fifthhorseman.net> MIME-Version: 1.0 Content-Type: text/plain Archived-At: Cc: openpgp@ietf.org Subject: Re: [openpgp] Proposed WG charter X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Jun 2015 20:54:28 -0000 On Tue 2015-06-09 09:28:50 -0400, Simon Josefsson wrote: > It might help to suggest (in the specification) that OpenPGP > implementations MAY implement decrypt support for older crypto > algorithms but MUST NOT encrypt using them. > > Otherwise I suspect that implementations might accidentally (or not) end > up implement both encrypt and decrypt because that is the natural way of > implementing crypto, and supporting both variants simplify testing (you > can test roundtrips). However doing that is bad for security. I agree with this approach for encryption algorithms (something like MAY decrypt, MUST NOT encrypt), and probably with something analogous for outdated signature algorithms (e.g. MAY verify, MUST NOT sign). We'd also want to provide guidance that encourages signalling to the user somehow that while the decryption was successful, the confidentiality of the content can't be assured. Some similar semantics should be exposed about the verified signature being unreliable due to known-weak crypto. --dkg From nobody Wed Jun 10 20:27:24 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 990DF1A0149; Wed, 10 Jun 2015 20:27:21 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.898 X-Spam-Level: X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, FREEMAIL_FROM=0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p7-sAatxRUBC; Wed, 10 Jun 2015 20:27:20 -0700 (PDT) Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 545D31A011B; Wed, 10 Jun 2015 20:27:20 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: "Spencer Dawkins" To: "The IESG" X-Test-IDTracker: no X-IETF-IDTracker: 6.0.3.p2 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <20150611032720.19917.32176.idtracker@ietfa.amsl.com> Date: Wed, 10 Jun 2015 20:27:20 -0700 Archived-At: Cc: openpgp@ietf.org Subject: [openpgp] Spencer Dawkins' No Objection on charter-ietf-openpgp-01-01: (with COMMENT) X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Jun 2015 03:27:21 -0000 Spencer Dawkins has entered the following ballot position for charter-ietf-openpgp-01-01: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/charter-ietf-openpgp/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- This seemed to read slightly oddly: "The Working Group will consider CFRG curves as possible Mandatory to Implement (MTI) based on the output of the CFRG and/or Working Group consensus in the matter." Is "and/or" right? I'm reading that as saying that Working Group consensus isn't required, and the output of the CFRG is sufficient, and I'm guessing that's not what the text is intended to mean. From nobody Thu Jun 11 10:11:42 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8DFDD1A8971 for ; Thu, 11 Jun 2015 10:11:41 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 4.098 X-Spam-Level: **** X-Spam-Status: No, score=4.098 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_JP_SURBL=4] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kDCH_YD46r_X for ; Thu, 11 Jun 2015 10:11:39 -0700 (PDT) Received: from smtp5.hushmail.com (smtp5.hushmail.com [65.39.178.142]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 501F31A894E for ; Thu, 11 Jun 2015 10:11:39 -0700 (PDT) Received: from smtp5.hushmail.com (localhost [127.0.0.1]) by smtp5.hushmail.com (Postfix) with SMTP id BBFAB601BB for ; Thu, 11 Jun 2015 17:11:38 +0000 (UTC) X-Hush-Encrypted: 1 X-hush-tls-connected: 1 Received: from smtp.hushmail.com (w3.hushmail.com [65.39.178.62]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp5.hushmail.com (Postfix) with ESMTPS; Thu, 11 Jun 2015 17:11:38 +0000 (UTC) Received: by smtp.hushmail.com (Postfix, from userid 99) id 7B4ABC046D; Thu, 11 Jun 2015 17:11:38 +0000 (UTC) MIME-Version: 1.0 Date: Thu, 11 Jun 2015 13:11:38 -0400 To: "Daniel Kahn Gillmor" , "openpgp" From: vedaal@nym.hush.com In-Reply-To: <877frbp9na.fsf@alice.fifthhorseman.net> References: <20150601141823.797394a1@latte.josefsson.org> <878uc3fsdp.fsf@alice.fifthhorseman.net> <20150601162501.73ec29d8@latte.josefsson.org> <87twursa3j.fsf@vigenere.g10code.de> <87y4k3e6em.fsf@alice.fifthhorseman.net> <87k2vns63e.fsf@vigenere.g10code.de> <87k2vne38q.fsf@alice.fifthhorseman.net> <87d21fs0cx.fsf@vigenere.g10code.de> <20150601214043.3b9928ea@latte.josefsson.org> <20150602091820.3a59a0c7@latte.josefsson.org> <556D88C9.3000803@iang.org> <878uc2qpec.fsf@vigenere.g10code.de> <87vbexovsd.fsf@latte.josefsson.org> <877frbp9na.fsf@alice.fifthhorseman.net> Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="UTF-8" Message-Id: <20150611171138.7B4ABC046D@smtp.hushmail.com> Archived-At: Subject: Re: [openpgp] Proposed WG charter X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Jun 2015 17:11:41 -0000 On 6/10/2015 at 4:54 PM, "Daniel Kahn Gillmor" wrote: >We'd also want to provide guidance that encourages signalling to >the user somehow that while the decryption was successful, the >confidentiality of the content can't be assured. Some similar >semantics should be exposed about the verified signature being unreliable >due to known-weak crypto. ===== There are also some other issues which might be useful to bring to the user's attention. Here is one, but am not sure if the 4880 revision is the place for it, or if it belongs more in some tutorial. When GnuPG/PGP symmetrically encrypts a message, there is no padding added to the plaintext before encryption. As a result it is possible to tell from PGPDump if the plaintext of two different symmetrically encrypted messages differ by only one character. Here are some examples of PGP symmetrically encrypted messages consisting of only the word 'no' or only the word 'yes' : Checking the messages in PGPdump, http://www.pgpdump.net/, and looking at the 'Symmetrically Encrypted Data Packet' analysis, instantly distinguishes between plaintexts of different lengths. Here are 3 sets of PGP symmetrically encrypted ciphertexts, each set consisting of 'no' and 'yes', followed by the PGPdump analysis. ***** plaintext: no -----BEGIN PGP MESSAGE----- Comment: TWOFISH passphrase: qwertyuiop jA0ECgMIH73FxczREUpg0kUBBSTGKlLao/fpnIQ7L3+Ra2nAACC8sysTrBfpJMU0 RVU09heeNuPJYjdbT2hP+rJnCYj7cP0nTBXkybCienrodNmKScY= =ocmH -----END PGP MESSAGE----- Old: Symmetric-Key Encrypted Session Key Packet(tag 3)(13 bytes) New version(4) Sym alg - Twofish with 256-bit key(sym 10) Iterated and salted string-to-key(s2k 3): Hash alg - SHA256(hash 8) Salt - 1f bd c5 c5 cc d1 11 4a Count - 65536(coded count 96) New: Symmetrically Encrypted and MDC Packet(tag 18)(69 bytes) <-- Ver 1 Encrypted data [sym alg is specified in sym-key encrypted session key] (plain text + MDC SHA1(20 bytes)) ***** plaintext: yes -----BEGIN PGP MESSAGE----- Comment: TWOFISH passphrase: qwertyuiop jA0ECgMIH/9I4BkX+fdg0kYB26EwlSMKRRcm0ZnrDSII3vfRZPy1tOfU3qWneZWi 22B2epEtMB5NuiTz1s7NbDCGCo8dG8N8MzoLC6WISwHYYqTPgw1l =Huvc -----END PGP MESSAGE----- PGPdump Results Old: Symmetric-Key Encrypted Session Key Packet(tag 3)(13 bytes) New version(4) Sym alg - Twofish with 256-bit key(sym 10) Iterated and salted string-to-key(s2k 3): Hash alg - SHA256(hash 8) Salt - 1f ff 48 e0 19 17 f9 f7 Count - 65536(coded count 96) New: Symmetrically Encrypted and MDC Packet(tag 18)(70 bytes) <-- Ver 1 Encrypted data [sym alg is specified in sym-key encrypted session key] (plain text + MDC SHA1(20 bytes)) ****** plaintext: no -----BEGIN PGP MESSAGE----- Comment: AES 256 passphrase: asdfghjkl jA0ECQMIG13H6QXv9i5g0kUBn9G3703UbqhFEmqs0yctvbNbLR+aIJsEkMBkDezT TM0+KR4QcueSWMnwUk+dVh3D7B2GMlwK2YtoE7Z0cO4P0ktgPp0= =NXzG -----END PGP MESSAGE----- PGPdump Results Old: Symmetric-Key Encrypted Session Key Packet(tag 3)(13 bytes) New version(4) Sym alg - AES with 256-bit key(sym 9) Iterated and salted string-to-key(s2k 3): Hash alg - SHA256(hash 8) Salt - 1b 5d c7 e9 05 ef f6 2e Count - 65536(coded count 96) New: Symmetrically Encrypted and MDC Packet(tag 18)(69 bytes)<-- Ver 1 Encrypted data [sym alg is specified in sym-key encrypted session key] (plain text + MDC SHA1(20 bytes)) ***** plaintext: yes -----BEGIN PGP MESSAGE----- Comment: AES 256 passphrase: asdfghjkl jA0ECQMIvxt/F3fReGZg0kYBAVA8xJ9PMVw1eGpXwk1WQDR997Cljq96Gzux6ooH R8LzXebgX/HtUgsQLSKIFzEpwLvmv7hmDxGaZXk4Q/JR5j3a9nZ2 =dZSw -----END PGP MESSAGE----- PGPdump Results Old: Symmetric-Key Encrypted Session Key Packet(tag 3)(13 bytes) New version(4) Sym alg - AES with 256-bit key(sym 9) Iterated and salted string-to-key(s2k 3): Hash alg - SHA256(hash 8) Salt - bf 1b 7f 17 77 d1 78 66 Count - 65536(coded count 96) New: Symmetrically Encrypted and MDC Packet(tag 18)(70 bytes)<-- Ver 1 Encrypted data [sym alg is specified in sym-key encrypted session key] (plain text + MDC SHA1(20 bytes)) ***** plaintext: no -----BEGIN PGP MESSAGE----- Comment: 3DES passphrase: zxcvbnm jA0EAgMITph9qaozSw5gySYXdnPe+HrZDbe1UdeYqgjWGnCmcyfGvzGnNu2Wn9qO f615g/OI9A== =ssLD -----END PGP MESSAGE----- PGPdump Results Old: Symmetric-Key Encrypted Session Key Packet(tag 3)(13 bytes) New version(4) Sym alg - Triple-DES(sym 2) Iterated and salted string-to-key(s2k 3): Hash alg - SHA256(hash 8) Salt - 4e 98 7d a9 aa 33 4b 0e Count - 65536(coded count 96) New: Symmetrically Encrypted Data Packet(tag 9)(38 bytes)<-- Encrypted data [sym alg is specified in sym-key encrypted session key] ***** plaintext: yes -----BEGIN PGP MESSAGE----- Comment: 3DES passphrase: zxcvbnm jA0EAgMI75uPvU83l/1gySdLWM29FolWYbqieErp4Y0U1M/LSGiIMO9zHrLMWK6U rb8wDPi3UcU= =UQyJ -----END PGP MESSAGE----- PGPdump Results Old: Symmetric-Key Encrypted Session Key Packet(tag 3)(13 bytes) New version(4) Sym alg - Triple-DES(sym 2) Iterated and salted string-to-key(s2k 3): Hash alg - SHA256(hash 8) Salt - ef 9b 8f bd 4f 37 97 fd Count - 65536(coded count 96) New: Symmetrically Encrypted Data Packet(tag 9)(39 bytes)<-- Encrypted data [sym alg is specified in sym-key encrypted session key] ***** As an additional oddity in the PGP armoring, for PGP symmetrically encrypted texts, it is possible to distinguish between 'no' and 'yes' just by briefly *looking* at the ciphertext. The 'no' ciphertext has a padding character added, '=' to the end of the ciphertext, on the line before the checksum, while the 'yes' texts do not. (In the 3DES example, there is an 'extra' '=' for the 'no'. Have tested this for several 'either/or' messages of different lengths : (accept, decline), (pardon, execute), (pass, recommend), etc. and it is always possible to distinguish between them in PGPdump, even when the messages is signed and encrypted to a public key. For a third party checking PGP messages, it is easy to encrypt these plaintext sets to any public key, and check the length of the Symmetrically Encrypted Packet in PGPdump, and reasonably infer which of the either/or set is sent. There is a simple workaround to prevent this type of analysis: Just press the spacebar to add empty characters to a decided length (e.g. no followed by 6 spaces or 'yes' followed by 5 spaces). Again, Sorry if it does not belong in the 4880 revision, but wanted to bring it up to hear where the best place is to alert users to it, who might otherwise thing that conventional encryption of short messages does not offer a way to make a good guess at the content. vedaal From nobody Thu Jun 11 11:15:35 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0ACC31B2B15 for ; Thu, 11 Jun 2015 11:15:33 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.702 X-Spam-Level: X-Spam-Status: No, score=-0.702 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PSqigyBXFvr8 for ; Thu, 11 Jun 2015 11:15:30 -0700 (PDT) Received: from smtp4.emailarray.com (smtp4.emailarray.com [65.39.216.22]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 063DA1B2AEC for ; Thu, 11 Jun 2015 11:15:29 -0700 (PDT) Received: (qmail 91909 invoked by uid 89); 11 Jun 2015 18:15:28 -0000 Received: from unknown (HELO ?172.24.10.73?) (Y2RsQGFzZ2FhcmQub3JnQDE5OC4xNDcuMjI2LjY=) (POLARISLOCAL) by smtp4.emailarray.com with (DHE-RSA-AES256-SHA encrypted) SMTP; 11 Jun 2015 18:15:28 -0000 From: "Christopher LILJENSTOLPE" To: "Daniel Kahn Gillmor" , "IETF OpenPGP" Date: Thu, 11 Jun 2015 11:15:24 -0700 Message-ID: <74627DBA-3179-4C30-A2EE-D4E9F59328D2@asgaard.org> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=_MailMate_3D5B5BF1-9925-484E-B750-B700B6778DBB_="; micalg=pgp-sha1; protocol="application/pgp-signature" X-Clacks-Overhead: GNU Terry Pratchett X-Mailer: MailMate (1.9.1r5084) X-PolarisMail-Flags: x Archived-At: Cc: sec-ads@tools.ietf.org Subject: [openpgp] Changing my keys X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Jun 2015 18:15:33 -0000 This is an OpenPGP/MIME signed message (RFC 3156 and 4880). --=_MailMate_3D5B5BF1-9925-484E-B750-B700B6778DBB_= Content-Type: multipart/mixed; boundary="=_MailMate_D310E466-62DE-47C7-8E01-64A0C3B10314_=" --=_MailMate_D310E466-62DE-47C7-8E01-64A0C3B10314_= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Greetings, I've decided it's time to retire my old keys. I've created a new set an= d pushed them to the key servers: pub 4096R/67530EB5 (30BB046567530EB5) 2015-06-11 [expires: 2016-06-10] Key fingerprint =3D 740A B190 A549 3F70 0FF5 CB48 30BB 0465 6753 0= EB5 I'm signing this with my old keys, but plan on retiring them from active= use within the next few days. Based on Daniel's key-roll document proof= of a while ago, I have created a doc, attached below, signed with both m= y old and new keys. = The document can be found at http://www.asgaard.org/cdl/pgp-key-roll.asc= (and attached here), and the new key can be found at: http://www.asgaard.org/cdl/cdl.asc, with the old keys now found at http:/= /www.asgaard.org/cdl/cdl-old.asc Please contact me with concerns. If anyone would be willing to sign the= new key, I'd be greatly appreciative. Christopher -- = =E6=9D=8E=E6=9F=AF=E7=9D=BF Avt tace, avt loqvere meliora silentio Check my PGP key here: http://www.asgaard.org/cdl/cdl.asc Current vCard here: http://www.asgaard.org/cdl/cdl.vcf keybase: https://keybase.io/liljenstolpe --=_MailMate_D310E466-62DE-47C7-8E01-64A0C3B10314_= Content-Disposition: attachment; filename=pgp-key-roll.asc Content-Transfer-Encoding: quoted-printable -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 11 June 2015, 18:00Z It is time for me to rotate my very old key out of use, and replace it with one that has a better cipher and longer key-length. The old key will continue to be valid until 01 August 2015 at 00:01Z, but I prefer all future correspondence to come to the new one. I would also like this new key to be re-integrated into the web of trust. This message is signed by both keys to certify the transition. the old key was: pub 1024D/CB67593B (4EA9946ACB67593B) 2004-10-27 Key fingerprint =3D 343A CD9A 5AD7 D62A F75F 4CA3 4EA9 946A CB67 5= 93B = And the new key is: pub 4096R/67530EB5 (30BB046567530EB5) 2015-06-11 [expires: 2016-06-10] Key fingerprint =3D 740A B190 A549 3F70 0FF5 CB48 30BB 0465 6753 0= EB5 = To fetch the full key (including a photo uid, which is commonly stripped by public keyservers), you can get it with: wget -q -O- http://www.asgaard.org/cdl/cdl.asc | gpg --import - The old key can similarly be fetched by: wget -q -O- http://www.asgaard.org/cdl/cdl-old.asc | gpg --import - = Or, to fetch my new key from a public key server, you can simply do: gpg --keyserver hkps.pool.sks-keyservers.net --recv-key 67530EB5 If you already know my old key, you can now verify that the new key is signed by the old one: gpg --check-sigs 67530EB5 If you don't already know my old key, or you just want to be double extra paranoid, you can check the fingerprint against the one above: gpg --fingerprint 67530EB5 If you are satisfied that you've got the right key, and the UIDs match what you expect, I'd appreciate it if you would sign my key: gpg --sign-key 67530EB5 Lastly, if you could upload these signatures, i would appreciate it. You can either send me an e-mail with the new signatures (if you have a functional MTA on your system): gpg --armor --export 67530EB5 | mail -s 'OpenPGP Signatures' cdl@asgaar= d.org Or you can just upload the signatures to a public keyserver directly: gpg --keyserver pgp.mit.edu --send-key 67530EB5 If you do the later, please let me know you have done so. Please let me know if you have questions, and sorry in advance for the bo= ther. Cordially, Christopher -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQEcBAEBCgAGBQJVec7lAAoJEGmx2Mt/+Iw/6rEH/0/Qu/Lwr9waiepP9fDzvtCf yPcI5AyeSYMzcj7iXZvqoYRmSWQHSH6lhN3YxVhE50YfYpURhNdjwzbz96sScRCW vEkzCuHUgt6Lg+m3vflxcfF2c7CbYpRV6KNhI58qWz5dwGeBQYAoogbd+TRFCjJm V38Nt471/0U1vqrq4xdkHQEiLE84Gce78ajqGVsK7p4vK3bcvhpCTYcTfP03qjKt XpfA6lbl1KKCcIcDtt0ZqzOKkZ51DS0yGO3n7pOq5xW3qeGW+csl9/E6SVAWVodK d6XiaYZ6lsA5XItfSRwXHcqgvgeB4t9F4otaZSD8Id5VBUCieXC0aT4Pb/QTfluJ ARwEAQEKAAYFAlV5zuUACgkQZnMtxox2QNvqsQf+NH9Y2e7//Ljw3s4q0a5d9Zuc JVngDGdy/wOZT2MJACsiX0gWEznVs8c+kxmpm3gfeYYaGA/CuIG7QMkRx6NzkKfd xyJ1R1PcWExiRGHFnAj862Akn13BlzM8ynsYIXTjOML9H+fytBLU0LANcDPCBkLm 7liAzFYRWrA1Z9M85f9g+DK6JoCRIb5UzYm2/QP0Gt0ihv/9PCcgHibp3cDAs26l TFfyjT/31ffpx8UwXuH/39SfAh5Y1Sf5/yV4CHgXQBQqjUwmKmkhCQGpI/YcAnpb 8j9Ujj8iFhjdbE+qFg60tIARaNcdIs7cuvJdghKEkKpuiYejQtbYp61XAkcx7A=3D=3D =3DmRFP -----END PGP SIGNATURE----- --=_MailMate_D310E466-62DE-47C7-8E01-64A0C3B10314_=-- --=_MailMate_3D5B5BF1-9925-484E-B750-B700B6778DBB_= Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJVedA8AAoJEGmx2Mt/+Iw/zJAIAJRVW9+M/kDEnzMPgSRLJ9dg H4pd91c7JJ5JzJ+bMDqEGvbi2xRDLB/S0RbH73N/+zQizp0YnOAFJbCW6VVDJbHQ KP5HoOt6KAS8XMHjvdZqKYz3NiV054ELfofXW6iSUIX4LM52uBl0ippidwMwGMSt AgGNCgtRpmtvjA6fKvm6Qqj2B+VxOAM/rFOdKVk4SF4el+wkrWoglZempn+36/wV pCprDyrkLO8ac2aqoptNkulttp+Xm34hIYZLFyTf5auj/wIrqTD0KzV06EfZD9dv y1/Be5lXp/FGi4+dQ515/JIGl7x3nMd/uiUc0PAVGMQuF4vRW3tk7eQseG8p0r0= =9gJK -----END PGP SIGNATURE----- --=_MailMate_3D5B5BF1-9925-484E-B750-B700B6778DBB_=-- From nobody Thu Jun 11 11:28:14 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E75171B2BA8 for ; Thu, 11 Jun 2015 11:28:11 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.8 X-Spam-Level: X-Spam-Status: No, score=0.8 tagged_above=-999 required=5 tests=[BAYES_50=0.8] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v4FHEwXm1Xfa for ; Thu, 11 Jun 2015 11:28:10 -0700 (PDT) Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by ietfa.amsl.com (Postfix) with ESMTP id 3EFB11B2BA1 for ; Thu, 11 Jun 2015 11:28:10 -0700 (PDT) Received: from fifthhorseman.net (unknown [38.109.115.130]) by che.mayfirst.org (Postfix) with ESMTPSA id 59510F984; Thu, 11 Jun 2015 14:28:08 -0400 (EDT) Received: by fifthhorseman.net (Postfix, from userid 1000) id D610E1FECC; Thu, 11 Jun 2015 14:27:55 -0400 (EDT) From: Daniel Kahn Gillmor To: vedaal@nym.hush.com, openpgp In-Reply-To: <20150611171138.7B4ABC046D@smtp.hushmail.com> References: <20150601141823.797394a1@latte.josefsson.org> <878uc3fsdp.fsf@alice.fifthhorseman.net> <20150601162501.73ec29d8@latte.josefsson.org> <87twursa3j.fsf@vigenere.g10code.de> <87y4k3e6em.fsf@alice.fifthhorseman.net> <87k2vns63e.fsf@vigenere.g10code.de> <87k2vne38q.fsf@alice.fifthhorseman.net> <87d21fs0cx.fsf@vigenere.g10code.de> <20150601214043.3b9928ea@latte.josefsson.org> <20150602091820.3a59a0c7@latte.josefsson.org> <556D88C9.3000803@iang.org> <878uc2qpec.fsf@vigenere.g10code.de> <87vbexovsd.fsf@latte.josefsson.org> <877frbp9na.fsf@alice.fifthhorseman.net> <20150611171138.7B4ABC046D@smtp.hushmail.com> User-Agent: Notmuch/0.20.1 (http://notmuchmail.org) Emacs/24.4.1 (x86_64-pc-linux-gnu) Date: Thu, 11 Jun 2015 14:27:55 -0400 Message-ID: <87wpzam76c.fsf@alice.fifthhorseman.net> MIME-Version: 1.0 Content-Type: text/plain Archived-At: Subject: [openpgp] content-length hiding [was: Re: Proposed WG charter] X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Jun 2015 18:28:12 -0000 On Thu 2015-06-11 13:11:38 -0400, vedaal@nym.hush.com wrote: > There are also some other issues which might be useful to bring to the > user's attention. I think the issue you're raising here can be summarized as "content-length hiding for encrypted messages" It seems to me that this would fit in 4880bis, at the very least in the security considerations section. The way people usually try to defend against this sort of attack is to pad the content up to some common boundary size (this doesn't help if your two messages straddle a boundary, of course). Your example of "hit the spacebar" is a very domain-specific instance of this suggestion, though it assumes that the recipient will interpret "pardon " the same as "pardon", which may or may not be true depending on the make and model of the lethal machinery interpreting the governor's directive. The literature on the efficacy of padding algorithms suggests that statistical modeling attacks (on datasets more complex than your pardon/execute example) can defeat simple padding schemes a non-negligible percent of time, for example: http://arxiv.org/abs/1403.0297 That said, entirely non-padded mechanisms fail even more often :) An interesting approach would be to look at the existing standard and common implementations to see whether there is a way to provide a more generic padding mechanism using only existing packet types. Have you tried to do that? --dkg From nobody Thu Jun 11 13:32:13 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5BEDF1A8895 for ; Thu, 11 Jun 2015 13:32:11 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z57svUzwXxaU for ; Thu, 11 Jun 2015 13:32:09 -0700 (PDT) Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8D1521A8883 for ; Thu, 11 Jun 2015 13:32:09 -0700 (PDT) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.80 #2 (Debian)) id 1Z398x-0000uX-Im for ; Thu, 11 Jun 2015 22:32:07 +0200 Received: from wk by vigenere.g10code.de with local (Exim 4.84 #3 (Debian)) id 1Z392q-0004mk-DR; Thu, 11 Jun 2015 22:25:48 +0200 From: Werner Koch To: Daniel Kahn Gillmor References: <20150601141823.797394a1@latte.josefsson.org> <878uc3fsdp.fsf@alice.fifthhorseman.net> <20150601162501.73ec29d8@latte.josefsson.org> <87twursa3j.fsf@vigenere.g10code.de> <87y4k3e6em.fsf@alice.fifthhorseman.net> <87k2vns63e.fsf@vigenere.g10code.de> <87k2vne38q.fsf@alice.fifthhorseman.net> <87d21fs0cx.fsf@vigenere.g10code.de> <20150601214043.3b9928ea@latte.josefsson.org> <20150602091820.3a59a0c7@latte.josefsson.org> <556D88C9.3000803@iang.org> <878uc2qpec.fsf@vigenere.g10code.de> <87vbexovsd.fsf@latte.josefsson.org> <877frbp9na.fsf@alice.fifthhorseman.net> <20150611171138.7B4ABC046D@smtp.hushmail.com> <87wpzam76c.fsf@alice.fifthhorseman.net> Organisation: g10 Code GmbH X-message-flag: Mails containing HTML will not be read! Please send only plain text. OpenPGP: id=F2AD85AC1E42B367; url=finger:wk@g10code.com Mail-Followup-To: Daniel Kahn Gillmor , vedaal@nym.hush.com, openpgp Date: Thu, 11 Jun 2015 22:25:48 +0200 In-Reply-To: <87wpzam76c.fsf@alice.fifthhorseman.net> (Daniel Kahn Gillmor's message of "Thu, 11 Jun 2015 14:27:55 -0400") Message-ID: <87mw0656wj.fsf@vigenere.g10code.de> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Archived-At: Cc: openpgp , vedaal@nym.hush.com Subject: Re: [openpgp] content-length hiding X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Jun 2015 20:32:11 -0000 On Thu, 11 Jun 2015 20:27, dkg@fifthhorseman.net said: > An interesting approach would be to look at the existing standard and > common implementations to see whether there is a way to provide a more OpenPGP does not define any _content_ padding rules and thus this can't be implemented. Without a strict standard on this we would also open a large hidden channel. Actually, you can't solve that on the OpenPGP protocol level because it is application specific. In contrast to transport encryption we can't use filler traffic. This is similar to meta data and should be solved in that context (or at the application level). Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From nobody Thu Jun 11 14:28:33 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DCE2F1A87A9 for ; Thu, 11 Jun 2015 14:28:31 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XyfBftuYAztL for ; Thu, 11 Jun 2015 14:28:30 -0700 (PDT) Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by ietfa.amsl.com (Postfix) with ESMTP id 11CC71A1B2E for ; Thu, 11 Jun 2015 14:28:30 -0700 (PDT) Received: from fifthhorseman.net (unknown [38.109.115.130]) by che.mayfirst.org (Postfix) with ESMTPSA id CA272F984; Thu, 11 Jun 2015 17:28:27 -0400 (EDT) Received: by fifthhorseman.net (Postfix, from userid 1000) id CA8061FF48; Thu, 11 Jun 2015 17:28:04 -0400 (EDT) From: Daniel Kahn Gillmor To: Werner Koch In-Reply-To: <87mw0656wj.fsf@vigenere.g10code.de> References: <20150601141823.797394a1@latte.josefsson.org> <878uc3fsdp.fsf@alice.fifthhorseman.net> <20150601162501.73ec29d8@latte.josefsson.org> <87twursa3j.fsf@vigenere.g10code.de> <87y4k3e6em.fsf@alice.fifthhorseman.net> <87k2vns63e.fsf@vigenere.g10code.de> <87k2vne38q.fsf@alice.fifthhorseman.net> <87d21fs0cx.fsf@vigenere.g10code.de> <20150601214043.3b9928ea@latte.josefsson.org> <20150602091820.3a59a0c7@latte.josefsson.org> <556D88C9.3000803@iang.org> <878uc2qpec.fsf@vigenere.g10code.de> <87vbexovsd.fsf@latte.josefsson.org> <877frbp9na.fsf@alice.fifthhorseman.net> <20150611171138.7B4ABC046D@smtp.hushmail.com> <87wpzam76c.fsf@alice.fifthhorseman.net> <87mw0656wj.fsf@vigenere.g10code.de> User-Agent: Notmuch/0.20.1 (http://notmuchmail.org) Emacs/24.4.1 (x86_64-pc-linux-gnu) Date: Thu, 11 Jun 2015 17:28:04 -0400 Message-ID: <87d212lyu3.fsf@alice.fifthhorseman.net> MIME-Version: 1.0 Content-Type: text/plain Archived-At: Cc: openpgp , vedaal@nym.hush.com Subject: Re: [openpgp] content-length hiding X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Jun 2015 21:28:32 -0000 On Thu 2015-06-11 16:25:48 -0400, Werner Koch wrote: > On Thu, 11 Jun 2015 20:27, dkg@fifthhorseman.net said: > >> An interesting approach would be to look at the existing standard and >> common implementations to see whether there is a way to provide a more > > OpenPGP does not define any _content_ padding rules and thus this can't > be implemented. Without a strict standard on this we would also open a > large hidden channel. hmm... just brainstorming, and all within RFC 4880... What if you did: A Sym. Encrypted Integrity Protected Data Packet containing three packets: B Literal Data packet (message) C Literal Data packet (padding) D Modification Detection Code packet How would this be interpreted byexisting implementations? Alternately, what if C was an entirely new packet type (e.g. "Padding packet", with a new type assignment). How do existing implementations deal with such a sequence? Could updated implementations be designed to ignore/discard the contents of C ? What are the risks of the hidden channel here? the hidden channel could be constrained by requiring that padding packets contain a certain required sequence of octets (e.g. all 0s), though that still leaves the hidden channel that is just the size of the padding used. > Actually, you can't solve that on the OpenPGP protocol level because it > is application specific. In contrast to transport encryption we can't > use filler traffic. > > This is similar to meta data and should be solved in that context (or at > the application level). Certainly the application layer is going to have a better understanding of the general characteristics of similar messages, and so can make a better guess at what kinds/patterns of padding make sense in this context. But we can define a padding mechanism within OpenPGP that application layers could operate, leaving the policy of the padding mechanism to the layer that knows most about it. --dkg From nobody Thu Jun 11 15:45:28 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A0A1C1B33EB for ; Thu, 11 Jun 2015 15:45:26 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.602 X-Spam-Level: X-Spam-Status: No, score=-2.602 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LYlkcbhy6e_V for ; Thu, 11 Jun 2015 15:45:25 -0700 (PDT) Received: from smtp1.hushmail.com (smtp1.hushmail.com [65.39.178.135]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 966C91B33E4 for ; Thu, 11 Jun 2015 15:45:25 -0700 (PDT) Received: from smtp1.hushmail.com (localhost [127.0.0.1]) by smtp1.hushmail.com (Postfix) with SMTP id E198040197 for ; Thu, 11 Jun 2015 22:45:24 +0000 (UTC) X-hush-tls-connected: 1 Received: from smtp.hushmail.com (w3.hushmail.com [65.39.178.62]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp1.hushmail.com (Postfix) with ESMTPS for ; Thu, 11 Jun 2015 22:45:24 +0000 (UTC) Received: by smtp.hushmail.com (Postfix, from userid 99) id C0D81C1178; Thu, 11 Jun 2015 22:45:24 +0000 (UTC) MIME-Version: 1.0 Date: Thu, 11 Jun 2015 18:45:24 -0400 To: openpgp@ietf.org From: vedaal@nym.hush.com In-Reply-To: <87d212lyu3.fsf@alice.fifthhorseman.net> References: <20150601141823.797394a1@latte.josefsson.org> <878uc3fsdp.fsf@alice.fifthhorseman.net> <20150601162501.73ec29d8@latte.josefsson.org> <87twursa3j.fsf@vigenere.g10code.de> <87y4k3e6em.fsf@alice.fifthhorseman.net> <87k2vns63e.fsf@vigenere.g10code.de> <87k2vne38q.fsf@alice.fifthhorseman.net> <87d21fs0cx.fsf@vigenere.g10code.de> <20150601214043.3b9928ea@latte.josefsson.org> <20150602091820.3a59a0c7@latte.josefsson.org> <556D88C9.3000803@iang.org> <878uc2qpec.fsf@vigenere.g10code.de> <87vbexovsd.fsf@latte.josefsson.org> <877frbp9na.fsf@alice.fifthhorseman.net> <20150611171138.7B4ABC046D@smtp.hushmail.com> <87wpzam76c.fsf@alice.fifthhorseman.net> <87mw0656wj.fsf@vigenere.g10code.de> <87d212lyu3.fsf@alice.fifthhorseman.net> Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="UTF-8" Message-Id: <20150611224524.C0D81C1178@smtp.hushmail.com> Archived-At: Subject: Re: [openpgp] content-length hiding X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Jun 2015 22:45:26 -0000 On 6/11/2015 at 5:28 PM, "Daniel Kahn Gillmor" wrote: > >On Thu 2015-06-11 16:25:48 -0400, Werner Koch wrote: >> OpenPGP does not define any _content_ padding rules and thus >this can't be implemented. Without a strict standard on this we would also >open a large hidden channel. ..... >A Sym. Encrypted Integrity Protected Data Packet > containing three packets: >B Literal Data packet (message) >C Literal Data packet (padding) >D Modification Detection Code packet ..... > But we can define a padding mechanism within OpenPGP that >application layers could operate, leaving the policy of the padding >mechanism to the layer that knows most about it. ===== But could it be made backward compatible ? Another possible workaround that would be both backward compatible, and not tamper at all with the plaintext content, would be to simply do: Encrypt, then Sign and Encrypt The first layer of encryption provides more than enough beautiful padding. Any analysis of the Sym. Encrypted Integrity Protected Data Packet of the final [S&E ( E)] message would show a large enough length to be infeasible to determine the original plaintext length and content. It's not necessary to change any standards, only to mention it in the security considerations, with possible simple workarounds, and leave it up to the user. (Don't you guys already have more than enough work ? ;-) ) vedaal From nobody Fri Jun 12 08:25:23 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE45F1A0338 for ; Fri, 12 Jun 2015 08:25:21 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.001 X-Spam-Level: X-Spam-Status: No, score=-0.001 tagged_above=-999 required=5 tests=[BAYES_40=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KKIjkfiPAjpp for ; Fri, 12 Jun 2015 08:25:20 -0700 (PDT) Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by ietfa.amsl.com (Postfix) with ESMTP id D574E1A0045 for ; Fri, 12 Jun 2015 08:25:15 -0700 (PDT) Received: from fifthhorseman.net (unknown [38.109.115.130]) by che.mayfirst.org (Postfix) with ESMTPSA id 05AD2F984; Fri, 12 Jun 2015 11:25:13 -0400 (EDT) Received: by fifthhorseman.net (Postfix, from userid 1000) id 073EB1FF49; Fri, 12 Jun 2015 11:24:51 -0400 (EDT) From: Daniel Kahn Gillmor To: vedaal@nym.hush.com, openpgp@ietf.org In-Reply-To: <20150611224524.C0D81C1178@smtp.hushmail.com> References: <20150601141823.797394a1@latte.josefsson.org> <878uc3fsdp.fsf@alice.fifthhorseman.net> <20150601162501.73ec29d8@latte.josefsson.org> <87twursa3j.fsf@vigenere.g10code.de> <87y4k3e6em.fsf@alice.fifthhorseman.net> <87k2vns63e.fsf@vigenere.g10code.de> <87k2vne38q.fsf@alice.fifthhorseman.net> <87d21fs0cx.fsf@vigenere.g10code.de> <20150601214043.3b9928ea@latte.josefsson.org> <20150602091820.3a59a0c7@latte.josefsson.org> <556D88C9.3000803@iang.org> <878uc2qpec.fsf@vigenere.g10code.de> <87vbexovsd.fsf@latte.josefsson.org> <877frbp9na.fsf@alice.fifthhorseman.net> <20150611171138.7B4ABC046D@smtp.hushmail.com> <87wpzam76c.fsf@alice.fifthhorseman.net> <87mw0656wj.fsf@vigenere.g10code.de> <87d212lyu3.fsf@alice.fifthhorseman.net> <20150611224524.C0D81C1178@smtp.hushmail.com> User-Agent: Notmuch/0.20.1 (http://notmuchmail.org) Emacs/24.4.1 (x86_64-pc-linux-gnu) Date: Fri, 12 Jun 2015 11:24:51 -0400 Message-ID: <877fr9lzjw.fsf@alice.fifthhorseman.net> MIME-Version: 1.0 Content-Type: text/plain Archived-At: Subject: Re: [openpgp] content-length hiding X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Jun 2015 15:25:22 -0000 On Thu 2015-06-11 18:45:24 -0400, vedaal@nym.hush.com wrote: > On 6/11/2015 at 5:28 PM, "Daniel Kahn Gillmor" wrote: >>On Thu 2015-06-11 16:25:48 -0400, Werner Koch wrote: > >>> OpenPGP does not define any _content_ padding rules and thus this >>> can't be implemented. Without a strict standard on this we would >>> also open a large hidden channel. > > ..... > >>A Sym. Encrypted Integrity Protected Data Packet >> containing three packets: >>B Literal Data packet (message) >>C Literal Data packet (padding) >>D Modification Detection Code packet > > ..... > >> But we can define a padding mechanism within OpenPGP that >>application layers could operate, leaving the policy of the padding >>mechanism to the layer that knows most about it. > > ===== > > But could it be made backward compatible ? My proposal above might actually be backward compatible -- have you tried it with existing implementations? i haven't, i'm just suggesting it as a possible mechanism. It may turn out that part C needs to be something other than a Literal Data packet to make it work, but that might *still* be backward compatible with many OpenPGP implementations, i haven't checked. > Another possible workaround that would be both backward compatible, > and not tamper at all with the plaintext content, would be to simply > do: > > Encrypt, then Sign and Encrypt this is backward-compatible only in the sense that existing tools can process it -- but it wouldn't produce the cleartext with: gpg --decrypt foo.pgp because you'd need an extra layer of decryption to make that work. > The first layer of encryption provides more than enough beautiful padding. It's not a question of "enough" padding -- if the padding size is constant each time, you'll still see the offset. Have you actually tried this scheme with your "pardon" and "execute" examples? the difference in size is still visible: 0 dkg@alice:~$ echo pardon | gpg --encrypt -r $PGPID | gpg --sign --encrypt -r $PGPID > x.pgp 0 dkg@alice:~$ echo execute | gpg --encrypt -r $PGPID | gpg --sign --encrypt -r $PGPID > y.pgp 0 dkg@alice:~$ ls -l total 8 -rw-r--r-- 1 dkg dkg 1843 Jun 12 11:19 x.pgp -rw-r--r-- 1 dkg dkg 1844 Jun 12 11:20 y.pgp 0 dkg@alice:~$ > Any analysis of the Sym. Encrypted Integrity Protected Data Packet of > the final [S&E ( E)] message would show a large enough length to be > infeasible to determine the original plaintext length and content. If you know how many layers of encryption have been done, the length is still computable. > It's not necessary to change any standards, only to mention it in the > security considerations, with possible simple workarounds, and leave > it up to the user. If that turns out to be the best way forward, i'm fine with that too. --dkg From nobody Mon Jun 15 07:21:46 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E2A81B2DCB; Mon, 15 Jun 2015 07:21:34 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JblWSVqlHUBG; Mon, 15 Jun 2015 07:21:30 -0700 (PDT) Received: from mail-wg0-x22a.google.com (mail-wg0-x22a.google.com [IPv6:2a00:1450:400c:c00::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C84F31B2DAC; Mon, 15 Jun 2015 07:20:56 -0700 (PDT) Received: by wgez8 with SMTP id z8so70206387wge.0; Mon, 15 Jun 2015 07:20:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=GNSS19d5Xudkps3ULdTu+HktmVeqXmWV4kLMK/Fj+Bo=; b=QvaijWsYD+WRxd5a1mtcZ0uXoqbPfq3WJRSXmrug3M8bTmCRbC1piNVduAfHJybmQ7 Cy+1pbkKE+4x8XonbAGL7rL1ql0K8AxK/Vemii3k4yaQR52XDHhtsCkuC7PgycF/YPV5 +0IYoTjjVcgd+tu93vDgaqquOItTLMvi40PGVRZM4fg3OaHDWqFo4HsrVGNnCUXUXvQx aSMvjOyJBnaj3ym3GdQBaCuX4AiHCeLlMP1wJuPUE37GBSGNLU2PA+RQeOCSkk6bcykh moqVk1H5ds5cqktR0F1OeHofTdLMwb+c4KzCjgm8UHqFqaPSci5Mt87rTEEQLqm8F1wG QrcQ== MIME-Version: 1.0 X-Received: by 10.180.95.67 with SMTP id di3mr31385882wib.78.1434378055574; Mon, 15 Jun 2015 07:20:55 -0700 (PDT) Received: by 10.28.148.148 with HTTP; Mon, 15 Jun 2015 07:20:55 -0700 (PDT) In-Reply-To: <20150611032720.19917.32176.idtracker@ietfa.amsl.com> References: <20150611032720.19917.32176.idtracker@ietfa.amsl.com> Date: Mon, 15 Jun 2015 10:20:55 -0400 Message-ID: From: Kathleen Moriarty To: Spencer Dawkins Content-Type: multipart/alternative; boundary=f46d044287e279e8d005188f2a22 Archived-At: Cc: openpgp@ietf.org, The IESG Subject: Re: [openpgp] Spencer Dawkins' No Objection on charter-ietf-openpgp-01-01: (with COMMENT) X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Jun 2015 14:21:34 -0000 --f46d044287e279e8d005188f2a22 Content-Type: text/plain; charset=UTF-8 Hi Spencer, I'm helping to move this along while Stephen is on holiday... inline On Wed, Jun 10, 2015 at 11:27 PM, Spencer Dawkins < spencerdawkins.ietf@gmail.com> wrote: > Spencer Dawkins has entered the following ballot position for > charter-ietf-openpgp-01-01: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/charter-ietf-openpgp/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > This seemed to read slightly oddly: > > "The Working Group will consider CFRG curves as possible Mandatory to > Implement (MTI) based on the output of the CFRG and/or Working Group > consensus in the matter." > > Is "and/or" right? I'm reading that as saying that Working Group > consensus isn't required, and the output of the CFRG is sufficient, and > I'm guessing that's not what the text is intended to mean. > > > I think the intent was CFRG + WG consensus or WG consensus with the and/or. If the or is removed, then CFRG is 'considered' and that's fine because considered doesn't mean MUST. But perhaps the following would clear up any ambiguity: "The Working Group will consider CFRG curves as possible Mandatory to Implement (MTI) based on the output of the CFRG and Working Group consensus or based strictly on Working Group consensus." Is the WG okay with this suggested change? -- Best regards, Kathleen --f46d044287e279e8d005188f2a22 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Hi Spencer,

I'm helping to move thi= s along while Stephen is on holiday... inline

On Wed, Jun 10, 2015 at 11:27 PM, Spencer= Dawkins <spencerdawkins.ietf@gmail.com> wrote:<= br>
Spencer Dawkins has entered the following ballot positi= on for
charter-ietf-openpgp-01-01: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)



The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/charter-ietf-= openpgp/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

This seemed to read slightly oddly:

"The Working Group will consider CFRG curves as possible Mandatory to<= br> Implement (MTI) based on the output of the CFRG and/or Working Group
consensus in the matter."

Is "and/or" right? I'm reading that as saying that Working Gr= oup
consensus isn't required, and the output of the CFRG is sufficient, and=
I'm guessing that's not what the text is intended to mean.


I think the intent was CFRG + WG consensus or WG cons= ensus with the and/or.=C2=A0 If the or is removed, then CFRG is 'consid= ered' and that's fine because considered doesn't mean MUST.=C2= =A0 But perhaps the following would clear up any ambiguity:

<= /div>
"The Working Group will consider CFRG curves as possible Man= datory to
Implement (MTI) based on the output of the CFRG and Working Gr= oup
consensus or based strictly on Working Group consensus."

Is the WG okay with this suggested change?



--

Best regards,
Kathleen
--f46d044287e279e8d005188f2a22-- From nobody Mon Jun 15 07:26:10 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B6F451AD338; Mon, 15 Jun 2015 07:26:07 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ommv90yEHsAA; Mon, 15 Jun 2015 07:26:06 -0700 (PDT) Received: from mail-wg0-x234.google.com (mail-wg0-x234.google.com [IPv6:2a00:1450:400c:c00::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2FAED1B2DD9; Mon, 15 Jun 2015 07:24:10 -0700 (PDT) Received: by wgv5 with SMTP id 5so70226737wgv.1; Mon, 15 Jun 2015 07:24:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=F7xtKRht4YkeReNNvHizdTNHkGoOgBZ1E3Uj5ioKcoA=; b=GrZnFaEEDSULYA62qVy5ZjBahfWk3mOepPgFbI3wu88+Ta8APGE8OMeEeRdIS9/O+H QHTl/3vbV0dyga5iqh4C7lOWJzWKYSH6TFEqkXkduBGrurXus7jfeYt+T3NI8r6ZZjnB jQgXENOqkDwffkVAiWoLKyLfQTXbE5hXwXTtyk5fCK/PmQpK7gZbO/rqt40Us61qC1rc Hy7bYNzvrkqS0vnXxkarHM9Rse9Le0bxFkh8D+xQdBEztuGiph0ZRBWfMoUfLtL5eHYB uhDHENR4Vy2Y6AnNG1IIjS1bndpPs2z3oTj/H5zs/X5b6dE7SRGDOrFjTjNSlYTALKj/ xi4g== MIME-Version: 1.0 X-Received: by 10.180.94.106 with SMTP id db10mr31598687wib.1.1434378248972; Mon, 15 Jun 2015 07:24:08 -0700 (PDT) Received: by 10.28.148.148 with HTTP; Mon, 15 Jun 2015 07:24:08 -0700 (PDT) In-Reply-To: References: <20150608232438.10577.75302.idtracker@ietfa.amsl.com> Date: Mon, 15 Jun 2015 10:24:08 -0400 Message-ID: From: Kathleen Moriarty To: Derek Atkins Content-Type: multipart/alternative; boundary=f46d043bddc600f0ac05188f364b Archived-At: Cc: openpgp@ietf.org, Alissa Cooper , The IESG Subject: Re: [openpgp] Alissa Cooper's Yes on charter-ietf-openpgp-01-00: (with COMMENT) X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Jun 2015 14:26:07 -0000 --f46d043bddc600f0ac05188f364b Content-Type: text/plain; charset=UTF-8 In response to Alissa and Benoit's comment, I added the sentence suggested by Benoit towards the end of the text on scope: These additional work items may only be added with approval from the responsible Area Director or by re-chartering. Best regards, Kathleen On Tue, Jun 9, 2015 at 9:26 AM, Derek Atkins wrote: > Hi, > > "Alissa Cooper" writes: > > [snip] > > It would be better IMO to characterize what this "other work" might > > entail or relate to. It may be obvious to the proponents but for someone > > who has not been following this it sounds like the WG could take up > > pretty much anything beyond the 4880bis, time and interest permitting. > > While I can neither speak for the chairs or the ADs, my feeling is that > there are a handful of topics that have been proposed on the OpenPGP > mailing list that are not necessarily directly related to RFC4880bis but > have had some support to progress. My feeling is that this "open ended" > notion was to allow the chairs to accept some (or all) of thosed > proposed work items (that have already started) without an explicit > rechartering effort. But the wording is there to make sure the WG > focuses on RFC4880bis first. > > -derek > -- > Derek Atkins 617-623-3745 > derek@ihtfp.com www.ihtfp.com > Computer and Internet Security Consultant > > -- Best regards, Kathleen --f46d043bddc600f0ac05188f364b Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
In response to Alissa and Benoit's comment, I added th= e sentence suggested by Benoit towards the end of the text on scope:
These additional work items may only be add=
ed with approval from the responsible
Area Director or by re-chartering.
Best regards,
Kathleen

=
On Tue, Jun 9, 2015 at 9:26 AM, Derek Atkins <der= ek@ihtfp.com> wrote:
Hi,
"Alissa Cooper" <alissa@c= ooperw.in> writes:

[snip]
> It would be better IMO to characterize what this &quo= t;other work" might
> entail or relate to. It may be obvious to the proponents but for someo= ne
> who has not been following this it sounds like the WG could take up > pretty much anything beyond the 4880bis, time and interest permitting.=

While I can neither speak for the chairs or the ADs, my feeling is t= hat
there are a handful of topics that have been proposed on the OpenPGP
mailing list that are not necessarily directly related to RFC4880bis but have had some support to progress.=C2=A0 My feeling is that this "open= ended"
notion was to allow the chairs to accept some (or all) of thosed
proposed work items (that have already started) without an explicit
rechartering effort.=C2=A0 But the wording is there to make sure the WG
focuses on RFC4880bis first.

-derek
--
=C2=A0 =C2=A0 =C2=A0 =C2=A0Derek Atkins=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0617-623-3745
=C2=A0 =C2=A0 =C2=A0 =C2=A0derek@ihtfp.c= om=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0www.ihtfp.com
=C2=A0 =C2=A0 =C2=A0 =C2=A0Computer and Internet Security Consultant




--

Best regards,
Kathleen
--f46d043bddc600f0ac05188f364b-- From nobody Mon Jun 15 07:36:21 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C674C1B2BCB; Mon, 15 Jun 2015 07:36:18 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -101.9 X-Spam-Level: X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, USER_IN_WHITELIST=-100] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3s6qNWXuRJMZ; Mon, 15 Jun 2015 07:36:17 -0700 (PDT) Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id B7E2D1ACE36; Mon, 15 Jun 2015 07:36:15 -0700 (PDT) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: The IESG To: "IETF-Announce" X-Test-IDTracker: no X-IETF-IDTracker: 6.0.3.p3 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <20150615143615.18332.96249.idtracker@ietfa.amsl.com> Date: Mon, 15 Jun 2015 07:36:15 -0700 Archived-At: Cc: openpgp WG Subject: [openpgp] WG Review: Open Specification for Pretty Good Privacy (openpgp) X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Jun 2015 14:36:18 -0000 A new IETF working group has been proposed in the Security Area. The IESG has not made any determination yet. The following draft charter was submitted, and is provided for informational purposes only. Please send your comments to the IESG mailing list (iesg at ietf.org) by 2015-06-25. Open Specification for Pretty Good Privacy (openpgp) ------------------------------------------------ Current Status: Proposed WG Chairs: Daniel Gillmor Christopher Liljenstolpe Assigned Area Director: Stephen Farrell Mailing list Address: openpgp@ietf.org To Subscribe: https://www.ietf.org/mailman/listinfo/openpgp Archive: https://www.ietf.org/mail-archive/web/openpgp/current/maillist.html Charter: OpenPGP is an Internet standard that covers object encryption, object signing, and identity certification. These were defined by the first incarnation of the OpenPGP working group. The following is an excerpt from the charter of the original incarnation of the openpgp working group > The goal of the OpenPGP working group is to provide IETF standards for > the algorithms and formats of PGP processed objects as well as providing the MIME > framework for exchanging them via e-mail or other transport protocols. The working group concluded this work and was closed in March of 2008. In the intervening period, there has been a rough consensus reached that the RFC that defined the IETF openpgp standard, RFC4880, is in need of revision. This incarnation of the working group is chartered to primarily produce a revision of RFC4880 to address issues that have been identified by the community since the working group was originally closed. These revisions will include, but are not limited to: - Potential inclusion of elliptic curves recommended by the CFRG (see note below) - A symmetric encryption mechanism that offers modern message integrity protection (e.g. AEAD) - Revision of mandatory-to-implement algorithm selection and deprecation of weak algorithms - An updated public-key fingerprint mechanism The Working Group will perform the following work: - Revise RFC4880 - Other work related to OpenPGP may be entertained by the working group as long as it does not interfere with the completion of the RFC4880 revision. As the revision of RFC4880 is the primary goal of the working group, other work may be undertaken, so long as: 1. The work will not unduly delay the closure of the working group after the revision is finished (unless the working group is rechartered). 2. The work has widespread support in the working group. These additional work items may only be added with approval from the responsible Area Director or by re-chartering. Inclusion of CFRG Curves ----------------------------- The Working Group will consider CFRG curves as possible Mandatory to Implement (MTI) based on the output of the CFRG and/or Working Group consensus in the matter. Working Group Process -------------------------- The working group will endeavor to complete most if not all of its work online on the working group's mailing list. We expect that the requirement for face-to-face sessions at IETF meetings to be minimal. Furthermore, the working group will accept no ID's as working group items unless there is a review by at least two un-interested parties of the ID as part of the acceptance process. Milestones: Sep 2015 - Working Group (rough) consensus on the necessary updates to RFC4880. Feb 2016 - First wg-id for RFC4880bis Jul 2016 - RFC4880bis wg-id final call From nobody Mon Jun 15 08:21:15 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E4EAF1A884E; Mon, 15 Jun 2015 08:21:12 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.278 X-Spam-Level: X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id St3cK2-5NvWa; Mon, 15 Jun 2015 08:21:08 -0700 (PDT) Received: from mail-ie0-x234.google.com (mail-ie0-x234.google.com [IPv6:2607:f8b0:4001:c03::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AEADF1A8847; Mon, 15 Jun 2015 08:21:08 -0700 (PDT) Received: by iecrd14 with SMTP id rd14so33196405iec.3; Mon, 15 Jun 2015 08:21:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=J6aVji897FsGTViNgnvCQR+0Zk25iiT4ksFDdU2IDp8=; b=YcS8N+sj1wGtFo6q0sJQRnlZpXidQg71Ej6Vm59vzLV1ZA9f/B+wZxABS0OP1ha0xC iaP0ivHjNNGxfvQ2xoJXJtJtww6tXUGdz4HdVJwff6qHD7NHXlsgHTDntgGFEGI5Vp/d R/AlaWKqg6PErkZJf+awHxqjfPyF847sZuy3XdEESboVl7rz47xF1Od3SP4Vw5Lxy+eF M1gr9KQZc8UwcMa489KY4bjNZ4ggEKzr25QrHiDwPWX8bzK4lKRMB0kt5N2IstY+ukad cd/qQ+dJEnsxB0zwvhRPBEhfuzr/M/VYHCuuNY/Y4cvRWJSGHwoqOEH56BDrcvzgBiot PXHw== MIME-Version: 1.0 X-Received: by 10.107.137.42 with SMTP id l42mr34311545iod.60.1434381668162; Mon, 15 Jun 2015 08:21:08 -0700 (PDT) Sender: barryleiba@gmail.com Received: by 10.107.16.222 with HTTP; Mon, 15 Jun 2015 08:21:08 -0700 (PDT) In-Reply-To: References: <20150608232438.10577.75302.idtracker@ietfa.amsl.com> Date: Mon, 15 Jun 2015 16:21:08 +0100 X-Google-Sender-Auth: feSZgbOJ8lCuCB5C5Bh9uRmEb90 Message-ID: From: Barry Leiba To: Kathleen Moriarty Content-Type: text/plain; charset=UTF-8 Archived-At: Cc: Alissa Cooper , openpgp@ietf.org, Derek Atkins , The IESG Subject: Re: [openpgp] Alissa Cooper's Yes on charter-ietf-openpgp-01-00: (with COMMENT) X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Jun 2015 15:21:13 -0000 > In response to Alissa and Benoit's comment, I added the sentence suggested > by Benoit towards the end of the text on scope: > > These additional work items may only be added with approval from the > responsible Area Director or by re-chartering. That satisfies my concern with it; thanks. Barry From nobody Tue Jun 16 09:27:36 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BDA7A1B3451; Tue, 16 Jun 2015 09:27:32 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id onSrSd8aA6e0; Tue, 16 Jun 2015 09:27:31 -0700 (PDT) Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by ietfa.amsl.com (Postfix) with ESMTP id 39CA01B33A8; Tue, 16 Jun 2015 09:27:31 -0700 (PDT) Received: from fifthhorseman.net (unknown [38.109.115.130]) by che.mayfirst.org (Postfix) with ESMTPSA id 2D242F986; Tue, 16 Jun 2015 12:27:29 -0400 (EDT) Received: by fifthhorseman.net (Postfix, from userid 1000) id B733F1FF4A; Tue, 16 Jun 2015 12:27:06 -0400 (EDT) From: Daniel Kahn Gillmor To: Kathleen Moriarty , Spencer Dawkins In-Reply-To: References: <20150611032720.19917.32176.idtracker@ietfa.amsl.com> User-Agent: Notmuch/0.20.1 (http://notmuchmail.org) Emacs/24.4.1 (x86_64-pc-linux-gnu) Date: Tue, 16 Jun 2015 12:27:06 -0400 Message-ID: <87h9q7hb51.fsf@alice.fifthhorseman.net> MIME-Version: 1.0 Content-Type: text/plain Archived-At: Cc: openpgp@ietf.org, The IESG Subject: Re: [openpgp] Spencer Dawkins' No Objection on charter-ietf-openpgp-01-01: (with COMMENT) X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Jun 2015 16:27:32 -0000 On Mon 2015-06-15 10:20:55 -0400, Kathleen Moriarty wrote: > I think the intent was CFRG + WG consensus or WG consensus with the > and/or. If the or is removed, then CFRG is 'considered' and that's fine > because considered doesn't mean MUST. But perhaps the following would > clear up any ambiguity: > > "The Working Group will consider CFRG curves as possible Mandatory to > Implement (MTI) based on the output of the CFRG and Working Group > consensus or based strictly on Working Group consensus." > > Is the WG okay with this suggested change? This change looks fine to me. Thanks, Kathleen. --dkg From nobody Tue Jun 16 10:09:24 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E5DD1B36F9 for ; Tue, 16 Jun 2015 10:09:22 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.622 X-Spam-Level: X-Spam-Status: No, score=0.622 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8RH-ySiAuxfO for ; Tue, 16 Jun 2015 10:09:21 -0700 (PDT) Received: from mail-lb0-x234.google.com (mail-lb0-x234.google.com [IPv6:2a00:1450:4010:c04::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A33631B36F5 for ; Tue, 16 Jun 2015 10:09:20 -0700 (PDT) Received: by lbbwc1 with SMTP id wc1so15263174lbb.2 for ; Tue, 16 Jun 2015 10:09:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:date:message-id:subject:from:to:content-type; bh=Gd1unUE538Bks3bELOXyJOHNKidtmfe7O3zb/bKTsrM=; b=uLCEPPR+BllIxG7f5o4OOc4sALwDxVKJhMA60B1PudzvhhWmU1jebwkph/VIFlBJQA hwp2wQIzMMCHzB3mXwjZVS/ryWDsYQZiyP14sBrLWqk7etUEq59UlGxdvde0RJhglLUh +sBIf1AT21ESe9OTluZxTMF7HzFlfsyVoG8id4Fwu54n3totV16GbXI8MhA/qlrN7yAm D2IoOQ4K8GTUuuY8F4rzBR1MvNYzAI7NJGG/SbVzN6XiX2zmFz97v9uZtDvmfpq90nTT K0e8JVHhZxraueodH+rag3sS9t8OZGQh8MyAilUlAV5qcMHrkixOz9HtJkC8eWwlV5L/ 5xeA== MIME-Version: 1.0 X-Received: by 10.152.87.173 with SMTP id az13mr2500955lab.118.1434474559012; Tue, 16 Jun 2015 10:09:19 -0700 (PDT) Sender: hallam@gmail.com Received: by 10.112.203.163 with HTTP; Tue, 16 Jun 2015 10:09:18 -0700 (PDT) Date: Tue, 16 Jun 2015 13:09:18 -0400 X-Google-Sender-Auth: NmucngGOtgqyZ84UfWrEQ7EAfOA Message-ID: From: Phillip Hallam-Baker To: IETF OpenPGP Content-Type: multipart/alternative; boundary=001a11c22532878ea40518a5a272 Archived-At: Subject: [openpgp] The need for (superb) private key management X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Jun 2015 17:09:22 -0000 --001a11c22532878ea40518a5a272 Content-Type: text/plain; charset=UTF-8 As I have mentioned before, I have been looking for ways to make encrypted mail as easy to use as regular mail. I now have a prototype that works with S/MIME but the same approach would transfer to OpenPGP without any substantial changes. The part that has held me up longest is how to manage private keys so that people can make use of them on multiple devices. The idea that if I buy a new phone or a watch, I should be able to enable it for all my applications instantly in one operation. This would naturally include S/MIME and OpenPGP. What I have running is a manager that does not depend on a trusted service. It is service based, but the service never has a plaintext private key. Looking at the technology choices, this does not look like OpenPGP BIS work. Any new spec should look like ACME type stuff, i.e. JSON Web Service. But I think it is still relevant. The big pain point for a lot of Internet users is managing their passwords at multiple sites. PKI provides a mechanism that lets us get away from passwords completely. But there will be legacy requirements for password support regardless. We have just seen a massive failure by a password management service. Which has me thinking. There is clearly demand for a password management tool that does not rely on a trusted service. If that tool also enables S/MIME and OpenPGP we get encrypted mail users for free. Does that make sense? --001a11c22532878ea40518a5a272 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
As I have mentioned before, I have been looking for ways t= o make encrypted mail as easy to use as regular mail. I now have a prototyp= e that works with S/MIME but the same approach would transfer to OpenPGP wi= thout any substantial changes.

The part that has held me= up longest is how to manage private keys so that people can make use of th= em on multiple devices. The idea that if I buy a new phone or a watch, I sh= ould be able to enable it for all my applications instantly in one operatio= n. This would naturally include S/MIME and OpenPGP.

What I have running is a manager that does not depend on a trusted servic= e. It is service based, but the service never has a plaintext private key.<= /div>

Looking at the technology choices, this does not l= ook like OpenPGP BIS work. Any new spec should look like ACME type stuff, i= .e. JSON Web Service. But I think it is still relevant.


The big pain point for a lot of Internet users is mana= ging their passwords at multiple sites. PKI provides a mechanism that lets = us get away from passwords completely. But there will be legacy requirement= s for password support regardless.=C2=A0

We have j= ust seen a massive failure by a password management service. Which has me t= hinking. There is clearly demand for a password management tool that does n= ot rely on a trusted service. If that tool also enables S/MIME and OpenPGP = we get encrypted mail users for free.


Does that make sense?
--001a11c22532878ea40518a5a272-- From nobody Tue Jun 16 12:54:16 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D4B981B2D80; Tue, 16 Jun 2015 12:54:14 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.23 X-Spam-Level: X-Spam-Status: No, score=-1.23 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_SORBS_WEB=0.77, SPF_PASS=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pZkurzyy_Bl3; Tue, 16 Jun 2015 12:54:14 -0700 (PDT) Received: from mail-wi0-x231.google.com (mail-wi0-x231.google.com [IPv6:2a00:1450:400c:c05::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DA5B11B2D72; Tue, 16 Jun 2015 12:54:12 -0700 (PDT) Received: by wicnd19 with SMTP id nd19so8181370wic.1; Tue, 16 Jun 2015 12:54:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:content-type:mime-version:subject:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=L4A8xrjuYpCEvFUuvnmzCIBBWTANnmcSVnHb97HISGQ=; b=TDTxmfa7dl0Ibb09ufDitTUWnC+ih5V1TwuxBx+raNFv2H+ljJq7CPEAmcOl3mk3OC DiSjvh7XwmSv1Hi0RKJWnCSDBhOn7Mh8hHSFAmlLI/F+fCTlqcEYPPMACz7mwIrr1V8/ KPiR9j/mb92kW7G5xqvwRDHFxUX74MITLoh3Rsme4KNdrNGd1EIMPtlcjhVfHp+M3muV cpe4AdjKrlbWVmPFyjFee+7DCtI6qwA6092P7WSGJu1lEWL3w4UrJckhisO0yLp8r+jC YeyDYaCirEKBNaUcprX3gnY2GKtj3kdfUolEZf2xoELJw4S/YOmNWVF3LADJmOSQ2XLH Ih+g== X-Received: by 10.180.83.40 with SMTP id n8mr10077408wiy.57.1434484451689; Tue, 16 Jun 2015 12:54:11 -0700 (PDT) Received: from [10.0.5.115] ([89.246.150.136]) by mx.google.com with ESMTPSA id ny7sm22335648wic.11.2015.06.16.12.54.10 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 16 Jun 2015 12:54:10 -0700 (PDT) From: Kathleen Moriarty X-Google-Original-From: Kathleen Moriarty Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (1.0) X-Mailer: iPhone Mail (11D257) In-Reply-To: <87h9q7hb51.fsf@alice.fifthhorseman.net> Date: Tue, 16 Jun 2015 21:54:10 +0200 Content-Transfer-Encoding: quoted-printable Message-Id: <04DB1C26-40F7-46D0-A684-866D6BFD6B7E@gmail.com> References: <20150611032720.19917.32176.idtracker@ietfa.amsl.com> <87h9q7hb51.fsf@alice.fifthhorseman.net> To: Daniel Kahn Gillmor Archived-At: Cc: "openpgp@ietf.org" , Spencer Dawkins , The IESG Subject: Re: [openpgp] Spencer Dawkins' No Objection on charter-ietf-openpgp-01-01: (with COMMENT) X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Jun 2015 19:54:15 -0000 Sent from my iPhone > On Jun 16, 2015, at 6:27 PM, Daniel Kahn Gillmor w= rote: >=20 >> On Mon 2015-06-15 10:20:55 -0400, Kathleen Moriarty wrote: >> I think the intent was CFRG + WG consensus or WG consensus with the >> and/or. If the or is removed, then CFRG is 'considered' and that's fine >> because considered doesn't mean MUST. But perhaps the following would >> clear up any ambiguity: >>=20 >> "The Working Group will consider CFRG curves as possible Mandatory to >> Implement (MTI) based on the output of the CFRG and Working Group >> consensus or based strictly on Working Group consensus." >>=20 >> Is the WG okay with this suggested change? >=20 > This change looks fine to me. >=20 > Thanks, Kathleen. >=20 > --dkg Thanks. If I don't hear otherwise, I'll make the change tomorrow morning an= d push the buttons for the next review phase. Kathleen =20= From nobody Thu Jun 25 00:48:34 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 933891B317A; Thu, 25 Jun 2015 00:48:31 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o8uUazOE-LJO; Thu, 25 Jun 2015 00:48:30 -0700 (PDT) Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 932DC1B2B25; Thu, 25 Jun 2015 00:48:30 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: "Benoit Claise" To: "The IESG" X-Test-IDTracker: no X-IETF-IDTracker: 6.0.4 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <20150625074830.16563.49373.idtracker@ietfa.amsl.com> Date: Thu, 25 Jun 2015 00:48:30 -0700 Archived-At: Cc: openpgp@ietf.org Subject: [openpgp] Benoit Claise's No Objection on charter-ietf-openpgp-01-03: (with COMMENT) X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Jun 2015 07:48:31 -0000 Benoit Claise has entered the following ballot position for charter-ietf-openpgp-01-03: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/charter-ietf-openpgp/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- "CRFG curves". Certainly some sort of elliptic curves for cryptography I don't know anything about. Google pointed to me: CRFG - Chronic Renal Failure Gene Until I realized it was the research group :-) Pure editorial (use it or drop it) OLD: Potential inclusion of elliptic curves recommended by the CFRG (see note below) NEW: Potential inclusion of elliptic curves recommended by the Crypto Forum Research Group, CFRG (see note below) From nobody Thu Jun 25 05:15:22 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A5451A0111; Thu, 25 Jun 2015 05:15:19 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NFs1kvQeET62; Thu, 25 Jun 2015 05:15:17 -0700 (PDT) Received: from mail-wi0-x236.google.com (mail-wi0-x236.google.com [IPv6:2a00:1450:400c:c05::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 553541A00EF; Thu, 25 Jun 2015 05:15:16 -0700 (PDT) Received: by wicgi11 with SMTP id gi11so73907629wic.0; Thu, 25 Jun 2015 05:15:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=cjUMMil14bN7HAiU/HykykCIA8LaspZdrK2Tv8SIYRQ=; b=tBkAEl2Cm3FL4uuXxcVu1z7OpK/xHD6NrFEn0BuAoLwK9VeOKsWtACA+wmXL3WqgdL /ZH78ckO+7CClk/nBfz7/ecSF7Q47OE6BjT6zApRmfEb7ki/VMfj2V/lis4QyVvXKny1 dorP1f/bH3sQxReVc9SdsbIzk633YaqDBnItvWRCz37yCGPyJdkF28Qpy6o7h9WvElkL sCebtex4L+lVaRjlLBXCxhLmGtIr6Y8ZtMqHANJQwi4dgHit4YGuypW9S/DwsIphAC6q 9Iz0uzP5znEKC8AXNijVxYXNx5vJ4qCaeJwG31s81C/yxhstGpFKXmIHGXsZKyaoc+e0 fDaw== MIME-Version: 1.0 X-Received: by 10.180.106.73 with SMTP id gs9mr5132753wib.1.1435234515152; Thu, 25 Jun 2015 05:15:15 -0700 (PDT) Received: by 10.28.188.134 with HTTP; Thu, 25 Jun 2015 05:15:15 -0700 (PDT) In-Reply-To: <20150625074830.16563.49373.idtracker@ietfa.amsl.com> References: <20150625074830.16563.49373.idtracker@ietfa.amsl.com> Date: Thu, 25 Jun 2015 08:15:15 -0400 Message-ID: From: Kathleen Moriarty To: Benoit Claise Content-Type: multipart/alternative; boundary=f46d04428fce71f48d05195693e2 Archived-At: Cc: openpgp@ietf.org, The IESG Subject: Re: [openpgp] Benoit Claise's No Objection on charter-ietf-openpgp-01-03: (with COMMENT) X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Jun 2015 12:15:19 -0000 --f46d04428fce71f48d05195693e2 Content-Type: text/plain; charset=UTF-8 Hi, On Thu, Jun 25, 2015 at 3:48 AM, Benoit Claise wrote: > Benoit Claise has entered the following ballot position for > charter-ietf-openpgp-01-03: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/charter-ietf-openpgp/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > "CRFG curves". Certainly some sort of elliptic curves for cryptography I > don't know anything about. > Google pointed to me: CRFG - Chronic Renal Failure Gene > Until I realized it was the research group :-) > > Pure editorial (use it or drop it) > OLD: Potential inclusion of elliptic curves recommended by the CFRG (see > note below) > NEW: Potential inclusion of elliptic curves recommended by the Crypto > Forum Research Group, CFRG (see note > below) > > Good catch, the update has been applied. Thanks. -- Best regards, Kathleen --f46d04428fce71f48d05195693e2 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Hi,

On Thu, Jun 25, 2015 at 3:48 AM, Benoit Claise <= ;bclaise@cisco.com> wrote:
Benoit Claise has en= tered the following ballot position for
charter-ietf-openpgp-01-03: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)



The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/charter-ietf-= openpgp/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

"CRFG curves". Certainly some sort of elliptic curves for cryptog= raphy I
don't know anything about.
Google pointed to me: CRFG - Chronic Renal Failure Gene
Until I realized it was the research group :-)

Pure editorial (use it or drop it)
OLD: Potential inclusion of elliptic curves recommended by the CFRG (see note below)
NEW: Potential inclusion of elliptic curves recommended by the Crypto
Forum Research Group, CFRG (see note
below)


Good catch, the update has been applie= d.

Thanks.=C2=A0


=

--

<= div>Best regards,
Kathleen
--f46d04428fce71f48d05195693e2-- From nobody Fri Jun 26 09:58:07 2015 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 56EF31A8881; Fri, 26 Jun 2015 09:58:04 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -101.9 X-Spam-Level: X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, USER_IN_WHITELIST=-100] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iHKlraDnagjw; Fri, 26 Jun 2015 09:58:02 -0700 (PDT) Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id BCAA31A8943; Fri, 26 Jun 2015 09:57:58 -0700 (PDT) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: The IESG To: "IETF-Announce" X-Test-IDTracker: no X-IETF-IDTracker: 6.0.4.p1 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <20150626165758.18696.80931.idtracker@ietfa.amsl.com> Date: Fri, 26 Jun 2015 09:57:58 -0700 Archived-At: Cc: openpgp WG Subject: [openpgp] WG Action: Rechartered Open Specification for Pretty Good Privacy (openpgp) X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Jun 2015 16:58:04 -0000 The Open Specification for Pretty Good Privacy (openpgp) working group in the Security Area of the IETF has been rechartered. For additional information please contact the Area Directors or the WG Chairs. Open Specification for Pretty Good Privacy (openpgp) ------------------------------------------------ Current Status: Proposed WG Chairs: Daniel Kahn Gillmor Christopher Liljenstolpe Assigned Area Director: Stephen Farrell Mailing list Address: openpgp@ietf.org To Subscribe: https://www.ietf.org/mailman/listinfo/openpgp Archive: https://mailarchive.ietf.org/arch/browse/openpgp/ Charter: OpenPGP is an Internet standard that covers object encryption, object signing, and identity certification. These were defined by the first incarnation of the OpenPGP working group. The following is an excerpt from the charter of the original incarnation of the openpgp working group > The goal of the OpenPGP working group is to provide IETF > standards for the algorithms and formats of PGP processed > objects as well as providing the MIME framework for exchanging > them via e-mail or other transport protocols. The working group concluded this work and was closed in March of 2008. In the intervening period, there has been a rough consensus reached that the RFC that defined the IETF openpgp standard, RFC4880, is in need of revision. This incarnation of the working group is chartered to primarily produce a revision of RFC4880 to address issues that have been identified by the community since the working group was originally closed. These revisions will include, but are not limited to: - Potential inclusion of elliptic curves recommended by the Crypto Forum Research Group (CFRG) (see note below) - A symmetric encryption mechanism that offers modern message integrity protection (e.g. AEAD) - Revision of mandatory-to-implement algorithm selection and deprecation of weak algorithms - An updated public-key fingerprint mechanism The Working Group will perform the following work: - Revise RFC4880 - Other work related to OpenPGP may be entertained by the working group as long as it does not interfere with the completion of the RFC4880 revision. As the revision of RFC4880 is the primary goal of the working group, other work may be undertaken, so long as: 1. The work will not unduly delay the closure of the working group after the revision is finished (unless the working group is rechartered). 2. The work has widespread support in the working group. These additional work items may only be added with approval from the responsible Area Director or by re-chartering. Inclusion of CFRG Curves ----------------------------- The Working Group will consider CFRG curves as possible Mandatory to Implement (MTI) based on the output of the CFRG and Working Group consensus or based strictly on Working Group consensus.. Working Group Process -------------------------- The working group will endeavor to complete most if not all of its work online on the working group's mailing list. We expect that the requirement for face-to-face sessions at IETF meetings to be minimal. Furthermore, the working group will accept no ID's as working group items unless there is a review by at least two un-interested parties of the ID as part of the acceptance process. Milestones: Sep 2015 - Working Group (rough) consensus on the necessary updates to RFC4880. Feb 2016 - First wg-id for RFC4880bis Jul 2016 - RFC4880bis wg-id final call