From nobody Thu Oct 1 03:41:41 2020 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 557B03A0F26; Thu, 1 Oct 2020 03:41:40 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.877 X-Spam-Level: X-Spam-Status: No, score=-0.877 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MISSING_HEADERS=1.021, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FC47pFnWmqqf; Thu, 1 Oct 2020 03:41:38 -0700 (PDT) Received: from mail.dasr.de (mail.dasr.de [217.69.77.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7F4803A0F25; Thu, 1 Oct 2020 03:41:38 -0700 (PDT) Received: from p5de92429.dip0.t-ipconnect.de ([93.233.36.41] helo=forster.huenfield.org) by mail.dasr.de with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.86_2) (envelope-from ) id 1kNw1n-0002h6-Ix; Thu, 01 Oct 2020 10:41:35 +0000 Received: from grit.huenfield.org ([192.168.20.9] helo=grit.walfield.org) by forster.huenfield.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1kNw1n-0000pn-0r; Thu, 01 Oct 2020 12:41:35 +0200 Date: Thu, 01 Oct 2020 12:41:34 +0200 Message-ID: <87v9fu449t.wl-neal@walfield.org> From: "Neal H. Walfield" Cc: Wiktor Kwapisiewicz , "openpgp@ietf.org" , Jon Callas In-Reply-To: <7500A2C4-A42F-4FD0-8957-86E5593FA05F@icloud.com> References: <7500A2C4-A42F-4FD0-8957-86E5593FA05F@icloud.com> User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM/1.14.9 (=?ISO-8859-4?Q?Goj=F2?=) APEL/10.8 EasyPG/1.0.0 Emacs/26 (x86_64-pc-linux-gnu) MULE/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=US-ASCII X-SA-Exim-Connect-IP: 192.168.20.9 X-SA-Exim-Mail-From: neal@walfield.org X-SA-Exim-Scanned: No (on forster.huenfield.org); SAEximRunCond expanded to false Archived-At: Subject: Re: [openpgp] Registration of the 'proof' notation X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Oct 2020 10:41:40 -0000 Hi Jon, Thanks for your comments. On Thu, 01 Oct 2020 01:14:22 +0200, Jon Callas wrote: > I can think of another utterly different syntax, though, that would > be similar to what Vinnie Moscaritolo and Tony Mione did in "PGP > Tickets" which you can find as an I-D at > . > > The idea here would be that it would be like an Attribute > Certificate, or a capability. It would permit (e.g.) a sysadmin to > be able to say that the holder of a key is the owner of a file path > on a server. (Vinnie wrote software for this exact case. You could > sign in to a file server with an OpenPGP key and the ticket could > describe what authorizations you had.) > > I don't think this is exactly what you want, but it's close. An > advantage of the ticket approach is that you don't need anyone's > permission to do it. It could literally be a bit of defined YAML or > JSON that you clear-sign as text, and then poof, you're done. You > don't have to listen to any of us give helpful comments about what > you want to do, you just do it. Thanks for pointing this out, I was not aware of this work. I have a special place in my heart for object capability systems, so I was happy to learn that some work has already been done on that in the OpenPGP ecosystem. I'm a bit confused, however, how PGPtickets are analogous to social proofs. A social proof is an identity ("my handle on this service is X"). PGPtickets are authorizations. When I create a social proof, I'm not normally delegating any authority; I'm advertising an identity. And, an authorization in the o-cap world is normally free of identity information (authorization-based, not identity-based, access control is the mantra). Thanks for any feedback. :) Neal From nobody Fri Oct 2 05:30:12 2020 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 117943A0FAC for ; Fri, 2 Oct 2020 05:30:10 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.099 X-Spam-Level: X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=metacode.biz Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XOGYYCXUpTGv for ; Fri, 2 Oct 2020 05:30:08 -0700 (PDT) Received: from mail-ej1-x631.google.com (mail-ej1-x631.google.com [IPv6:2a00:1450:4864:20::631]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D49393A0FA0 for ; Fri, 2 Oct 2020 05:30:07 -0700 (PDT) Received: by mail-ej1-x631.google.com with SMTP id nw23so1719885ejb.4 for ; Fri, 02 Oct 2020 05:30:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=metacode.biz; s=2017; h=from:to:references:autocrypt:organization:subject:message-id:date :mime-version:in-reply-to; bh=GI9hKG5K44vFwBwacbcEgeLoma34mC6Gh5S39BP6qgQ=; b=GsBdtJsNUVH9FEcl/GdStNd4dZ2nC+z/g2RshmHOLb6nN/ig6U/Fu189zgLLsPJ1na V0gnF460Izyuolx1OiBuxDGtzDfoPFW7nw07+tOLeBvJ6FUzkZdMnAl1YfXRWJEViPa6 2MEZmpMksN4ZxALdmVe9lBuf3ez+Zg6CJEjbmFYN3Qu3pF1QdLdC8352gDt16PKP5v6s v5dWtlH0fcR4qaNtLghvTdVDciH4UeYSUF/mfnTagwqkiAuwsNas0oHwIFKe0cvKirIF FYk69kZcdUdKrF1Qc0muIZR+mTuLBZnlJ9gw66eLrj9IXEj4ohOSzUPurDqNm3G/SUwZ DmSw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:references:autocrypt:organization :subject:message-id:date:mime-version:in-reply-to; bh=GI9hKG5K44vFwBwacbcEgeLoma34mC6Gh5S39BP6qgQ=; b=CFVsYOiVxTNFLYkQ+lh0J5EZ6tUk+Uc76SRtd/EJsEnG2gKvoeXirh2ngybaCSKPZM xp2LjRbF8SJYmq5QMNVGBWsBq3f6E1RArdF99UH8XiJOuu+YyHQQ4vHN+AbEZX7e3FKw QAWK0iZ9GaNk5GeHLAeGn1iEocDly/Nx1XsOHHbnZYzMW3y1WcqFN9PhY4Igv1gxUXWz dZivIKthQhsamyvhAGtJOTYMmsH+cLivbfr+yiaXjdxHLAvYROHejmBiKkOhyUKcKRof tooSbrq72AU9cIY7TGuBmD+MFlKZt9n76MRtsmJncJNa2f/Ri6FTVn+QacNHXR9yi3xD /IZg== X-Gm-Message-State: AOAM533VuSfUBWKg+aQO+N1E5fY6UwJbyn8PwROMo/8jHTUsUh1I3lrh RrJpL3qtfiHSr7GQ3ze3LLJaaMhULscTLA== X-Google-Smtp-Source: ABdhPJyei1p763h4W3JKDVwMhaGN1NjST2Oqo+Xo2afrF7ySGZqK7KclzZK/QdLbpkm0nfwGaamkyw== X-Received: by 2002:a17:906:a1d8:: with SMTP id bx24mr1953276ejb.161.1601641805043; Fri, 02 Oct 2020 05:30:05 -0700 (PDT) Received: from [192.168.2.69] (aehd220.neoplus.adsl.tpnet.pl. [79.186.185.220]) by smtp.googlemail.com with ESMTPSA id oa19sm1061933ejb.95.2020.10.02.05.30.02 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 02 Oct 2020 05:30:03 -0700 (PDT) From: Wiktor Kwapisiewicz To: Jon Callas , "openpgp@ietf.org" References: <7500A2C4-A42F-4FD0-8957-86E5593FA05F@icloud.com> Autocrypt: addr=wiktor@metacode.biz; prefer-encrypt=mutual; keydata= mQINBFhoYHoBEADzmg9UuwDrtvyejU01gDY1J1iJiCi4XGJ4lCfYeLC2jSagIxU/5Lu0lRft 0Loi2tsjpo0c8docP7HFxafEEvnnt/iabd6I536llMuw0uno4PgnD3ljcCMZLT+vn+amIDta lzVoMnSqzoNUotMNMtjIFuAaQ/wr4/Mp9CIgJdviGUc3PscqUiiUVVtk6uF0x657NULZgSIT /Mrqlr2i4RuyPwXe2Qt0uEA3KWWjF0l2NpAMVrqz+nHsLoNOaAsfdx94bzKQrrSeSQqEO2f+ /eO/hbUAFAmEhrotmUO8wJNygo8TgkdlzFI+UE4p8/KW0aCgGGgR8YkCvHq2OQhAAYFNJoNz Hqw0FGxdsY8qWFkYpoSB8zKspNy8KliofCamMYXoPF7eVIxIiKvxrAykGP4jNnzSoV0cn+bY fXnox1IhnqbnoJIT7kTmXv4JmWoYm8ThHqpEgcQOUUQzSRXb9OiNwiXT71ijeO1qswMRpsgk 6AGKSZGWxa3c4ive/p8z1Ax27BFZSh2FceIcMCcGLrDjnQYgeFsAJ1jSxZQXkGuJFHfb4nff Big7aq/vyKrQFQXG0NQQL7rZAdk/s665vifos0yPmRDu7yDT1ggdyBp4Pa4re+ZJcNRNzNHo zU9al+CoImCQjnTtKMXmOe/BzGrpHI4QR3NNzVa423WCIWkHfwARAQABtClXaWt0b3IgS3dh cGlzaWV3aWN6IDx3aWt0b3JAbWV0YWNvZGUuYml6PokELgQTAQoCGAIbAQgLCQgHDQwLCgUV CgkICwIeAQIXgDQUgAAAAAASABlwcm9vZkBtZXRhY29kZS5iaXpkbnM6bWV0YWNvZGUuYml6 P3R5cGU9VFhUXBSAAAAAABIAQXByb29mQG1ldGFjb2RlLmJpemh0dHBzOi8vZ2lzdC5naXRo dWIuY29tL3dpa3Rvci1rLzM4OWQ1ODlkZDE5MjUwZTFmOWE0MmJjM2Q1ZDQwYzE2VRSAAAAA ABIAOnByb29mQG1ldGFjb2RlLmJpemh0dHBzOi8vd3d3LnJlZGRpdC5jb20vdXNlci93aWt0 b3Itay9jb21tZW50cy9ibzVvaWgvdGVzdC9zFIAAAAAAKgBAdGltZXN0YW1wK2JpdGNvaW4t dHJhbnNhY3Rpb25AbWV0YWNvZGUuYml6YWZjYjA5MmM1Y2E2NDA5NTI2ZDE4YWU5Y2YyMmQz YjU1ZDM3ZTcyM2ViMWI3NGUzZjg0ZjdlNmIwNTJhMTYyYUgUgAAAAAASAC1wcm9vZkBtZXRh Y29kZS5iaXpodHRwczovL25ld3MueWNvbWJpbmF0b3IuY29tL3VzZXI/aWQ9d2lrdG9yLWs3 FIAAAAAAEgAccHJvb2ZAbWV0YWNvZGUuYml6aHR0cHM6Ly9tZXRhY29kZS5iaXovQHdpa3Rv chYhBGU5CaLw43wQb1+vVGyIV+DY6PB0BQJdK4YGBQkHhq5HAAoJEGyIV+DY6PB0qPsQAIKT MUYx8RPHfLMM3F11XtLUobKO6CpU83TM894/uF06woM3OaHiajVqC8d6jBXcw2OLH9cCQ9oP Qsfxns3YcKLpWLnSv6F46U9M1e1rZM7H/ooEsNWZNiTyZPaO0bBDsLtpEEOzo609IftKaP3+ BFyEr4YGerHeXcmBzoGlxR84GVsoTzs+VLZn4zAxPMPSe+s9mTTU85uGAXDdhSjTvb5sKARV DQNAlrEo5tZ17/K0BcSztYBT+rnRVAROaxxsqvVQG8lGuohBQuv3BDaqSBwJp/qcDHz3eOLN LfvanZvGtoXtRybimd8mDjzG18wd/V1DJOIzixdsBA2PHzPvFAoYzohjZrEjC7KPFXiUN1NN 9B5PsTKXEWzZiqffjEQHCD8o3JO5tJwI04tN+g55HXxM750639OFuZRGpBTysY7NSqkzDcDN uzkcPU7mXFfNZNG1+t54NlSaU9cwfZNdOd4y6ClE3qZReKwZMiqgQPNF7h4FPpFzkR79z6CL Wt5iHhMVJ1au00xuf1c+NDGXp6oKUbtlTRpmGnLjLn1z+7s9wUDdfvUf+aRRDXRLPcseI0wv k82mkBhSbX5ZDRgFqEB+giNS7ydZw4ur5scXgMA2i6JUe3eAoDflygpB0+EWiJWv/Eyzwsoj 1V/z9TXDeTME1sQckXPpmspnuO0uogrEuQENBFs/lS0BCAC5oX3r3luF7czMF8UFxJz55Xuv NRs4tEjoHzqcqoe4+RJyfNDtspgevYIq1WTKw/H3ZYsd2wZpkM3I+BJn9eeHZKs77qXQZGN5 PBB65rZoLjMx+qHa6wH4lIYMYW7eB9HHMsT/5E3ILBSRzZIwJimd/QdIMKSrJ5mPMkAd+9+x ob5zKHO5L5pbQtJSGS0m17/hA0kCTLI885hLtT3JsI/KWwuAYDrTwsayzh/hG/NgdA3I8xlr QCLC0EFJoxHkN9tCyXeKPlrIPYyMB1jHTo1iNV0CQGpk+zf6DA/ySGfJxd30ksJZ8y5qxD43 zS0YffYMC01CeuqPoGZ2Fy9VxhODABEBAAGJAjwEGAEKACYCGwwWIQRlOQmi8ON8EG9fr1Rs iFfg2OjwdAUCXSuGiQUJBK95lQAKCRBsiFfg2OjwdHBFD/97ijOr6M+IcKbDHBTz1+5YP1VK XTwcea5YlwK8gByd/urvUr/+d/OdOu5Z6+N8r1TKI60JhawaZD2l8TcViuwFz1wi+hywBSDR KRRnDhz7g5gESsYiX0+1Vp3IOBRHgvQT2RdgirRccRNcDyo3Rna9XOhcKZoF4ykd7P8ja0ae ekeGU81xAHrZxJO930CYS3Eo+hlf6+F5qfcDv20Z4HdY9/9QrDCRwz64lgQlbAPoANHdTLPa m46ZBS/u5nrlqsTWBiFHXwnMmI+e54mC0UK+SrafLlCsEC3Qn5o1VaEx6WicAfNsl8vmYTyB Wf8lkLMXGSeH8QjF5lAmyCrGaHwcfkM5AaJJRd9OrtG2PgGRoHuYNri6Rs+Zwg3wc1Y5w3ir WGMJGJAGh33nsxpr63/onyaIea3lBpXe0ql6wlKN59PVARYIpNhOHs+m3K4mAqJ2GxBZn0Gn /uai+qFSNsFS3Zb00bGqfAIDaPx91VZp7gMoT2+OXlopyj9gtsJgRviQUEvn+DhieBTO9gQT 2N7aRqP3J2sB8nxIRp3SG1Nibt5mG2+m3JCJldgpFMrkP4JEmJNemaRURZU7lQLb8Xd8NlOZ mTtGgA/gUZqleWGdaRbQxJaV+AFCusMZMbR57KqLSKsN3gU5pV7l8DyWKTbzuG33DtD20Zie 2ben8GJucbkBDQRbP5VqAQgAt/NogC7amuAQT6aYul3lnaj7DmiZvLG99QBoTNRaQjJpbKd3 Mvu0pfah+GnQQicxOO3GOuPVWecTVMLBKDFX8L8WWTq2NFhwoZV55MBcVgVsO7a9SHWLUwzr sfKHh9G+77UNqxUldkKTRIjs0GSCivpVXJ222F4nYP0UlYsUQcNo9YS5m8vXwwbGygPRzpWr 5c5Bh6/9VmCH3WZ5O16BRqNietOBbqVKIrjdw5uL9SZFLYW4OksLOX70PvMzn9c0BWIUVSAw MJYGwlkN+xFiRKZkfh1+aLc4CmEZGstt9poqHCZAUUVnhTgjzheXswYgUpHYxtq/XeX2E5vk LK+JDQARAQABiQNyBBgBCgAmAhsCFiEEZTkJovDjfBBvX69UbIhX4Njo8HQFAl0rhokFCQSv eVgBQMB0IAQZAQoAHRYhBO8e4PqUIPgE/e/AJpf97zTauPgrBQJbP5VqAAoJEJf97zTauPgr udoIAIRxBiSbZeou42kj1cLNp0Tbwo9P0GcQm3OjrMt6NhwkSmOZtYznn6+TJoxHVqfGsFwO XgftJK25zKwsUpGV7p4GdwrYRn+rHFKkrsh2XKjiVWtVUD5SD/cGBgM6dMghqQrazLbmB8AV qzemayYX9u9w5NMxMVe4Zuze12dOgAf0wv+RPXVxxn0mVYlxOWjiod6VLn3g24aTv+bN6hmc sjGJRlQpBA0DVsSp9wYxlMCdtaThzCfOSToQOXmYMJmXmd3eSoAJNQRlSARlrP5ysiMbgS08 EukbL/hvs6mayfKA22RO5rjCQqGzN4BUqSw4RMxQQQOz/BO/sKY7RdICRtYJEGyIV+DY6PB0 n9wQAMF4H5qen/oDr3J37Y2N0OKctZxxii7fFqWSNc7GMS2tlZuakWQ7GbBC3vHBAC5j66d2 WXi3Yaf0uM4ydyu7LZ1fKpJ+9aWXjKMTdg+l7d9WV5UWY8fcXDl+nUEjO2biAJHhFfa3dKXL 3/1GwG5Q5vqjDiNhlhVVCqI4DoreuimLzHfs8QVulEm0WInrcPXKPevgYg7slwAax+Y4rXSx JeIeJo2GtgKD8nqaEX2TIEdajg5hS5MV2Wj6tvB9ZiWYy7ybPkNw/j4V5v0mUo5Hh5W+T3h2 FOMNFTJFQ7oC4AYNUwFoajh9tdgWNuKzU/Hdqoftjx387Kn4RtQIv8Clgfqt1zPjeWg1lYdp +RbjRRwV57Jq/LuKTBWAFp8zJ/tv4kVlZDxiBeeJWGoQ9LYQr6+LX7HMFmfXk1yYExwAGAwH w0h1C2Ldf5c2HoZQ7euHpbv5K1Y2MEMOiYkzwYX4XrGqsQFVGrgct0nKc5qD6BzY188sb9g4 RUa8L7MTsJyqOtkrWB1mYtNeclP9a3Eta1K6zHX90HqGjPDWjRXQ4KAhYaE8HPNkEuiI6OTR jGtSyM9iiv7LEo4D9Y8YW38XrRlCXjIhFvblDSZI/5qc+3YPT0nQ/Zb4Hwzi6OPFWwrAN3YY UyLsB+reNqoC57hhy/Q9hByH59vd03om+lfBvdPC Organization: Metacode Message-ID: Date: Fri, 2 Oct 2020 14:29:51 +0200 MIME-Version: 1.0 In-Reply-To: <7500A2C4-A42F-4FD0-8957-86E5593FA05F@icloud.com> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="hR1pI9ulTh1cJurciyOjLiwAyz7dKUkOd" Archived-At: Subject: Re: [openpgp] Registration of the 'proof' notation X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Oct 2020 12:30:10 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --hR1pI9ulTh1cJurciyOjLiwAyz7dKUkOd Content-Type: multipart/mixed; boundary="hpIayJhJWTTYyXiwhQVueJuDdbgdi6PQH"; protected-headers="v1" From: Wiktor Kwapisiewicz To: Jon Callas , "openpgp@ietf.org" Message-ID: Subject: Re: [openpgp] Registration of the 'proof' notation References: <7500A2C4-A42F-4FD0-8957-86E5593FA05F@icloud.com> In-Reply-To: <7500A2C4-A42F-4FD0-8957-86E5593FA05F@icloud.com> --hpIayJhJWTTYyXiwhQVueJuDdbgdi6PQH Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable Hi Jon, On 01.10.2020 01:14, Jon Callas wrote: > I've been reading through a lot of this documentation and I like the id= ea of whatever we want to call them. Thanks! > Notations are supposed to be an analogue to X.509v3 extensions; Yes. One extension in particular seems like a direct analogue: Subject Alternative Name [0]. Let me quote the RFC 5280: The subject alternative name extension allows identities to be bound to the subject of the certificate. (...) Defined options include an Internet electronic mail address, a DNS name, an IP address, and a Uniform Resource Identifier (URI). [0]: https://tools.ietf.org/html/rfc5280#section-4.2.1.6 This is exactly what the notation I proposed contains: URIs for identities that can be verified. > In contrast, a User Attribute is the generalization of a User ID. It sa= ys "this key speaks for " whether that ID is an email address, etc. a= nd then various keys make certification signatures stating that they agre= e with that. But does this generalization bring any benefit over just regular User IDs that contain the identity directly? For example what would be the actual benefit of having User Attribute that contains URI such as "https://twitter.com/user" over a User ID that contains the same exact value? In my opinion for values such as URIs there is no benefit and using User Attribute in this case would be making the solution more complex than necessary. 4880 says that User Attribute "is capable of storing more types of data than the User ID packet, which is limited to text." but in this case text is all that is necessary to represent a URI. Having implemented social proofs in software using User Attributes [1] and then User IDs [2] and then using notations [3] I must say, as an implementer and user of these systems, that User Attributes were the worst of all three. (We could use the feedback from the implementation phase to improve the specification of User Attributes but I don't want to derail the discussion even further). [1]: https://tools.ietf.org/html/draft-vb-openpgp-linked-ids-01 [2]: https://github.com/wiktor-k/distributed-ids#distributed-ids [3]: https://github.com/wiktor-k/openpgp-proofs#openpgp-proofs > I can think of another utterly different syntax, though, that would be = similar to what Vinnie Moscaritolo and Tony Mione did in "PGP Tickets" wh= ich you can find as an I-D at .=20 Thank you for the reference. I have never seen this one. After a couple of days of discussions and some time to reflect I decided that I'd like to retract the registration of the "proof" notation. Social proof system, while interesting to play around, is of limited use to the general public and as such do not smoothly fit the OpenPGP RFC. For private projects such as keyoxide.org private/user space for extensions is everything what's needed and is available right now. Jon, Neal, thank you for your time discussing this matter! Kind regards, Wiktor --=20 https://metacode.biz/@wiktor --hpIayJhJWTTYyXiwhQVueJuDdbgdi6PQH-- --hR1pI9ulTh1cJurciyOjLiwAyz7dKUkOd Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEWaKd6o03OIxlaGPfuXoe4J20F+wFAl93HUMpGGh0dHBzOi8v bWV0YWNvZGUuYml6L0B3aWt0b3Ivb3BlbnBncC9rZXkACgkQuXoe4J20F+yG5w// UXDOOMO5w91ZtfSh6TegW1LAWCoDHqIhENad2iZJ650ljW3tWcISYU/1IUe0ZLr0 Xm3klGSehKbY16WdOfnQj7ukZgmKa35xWOV1/M+hJwh7D1OA6rWaXUcB+FlUEAoF KYVeNEMDqPxmkI5BtO+FUrfL/SsfCMINtR7nZP6cCe41Cui/ZCPYcIOn41wkuF6n y7Q1S7E/Me2ikThex/8X0cSZZWLuKacMIWW8TlGqI7NQmKb+3I0Qo7SS85reDv0a Fo4nrAnXpsSJvp9rbrAxaPJbzRAW3JdblROnQvD75N0sqw06GvuJswVC0EADS6Bm NwdN1+BlCIO1ekU01LfcjefUScfOKhlThf6d+16/37Qba3Wzx2uDIAAYZcEmQu9w DYxq+MX1tnMhDpSEYN5BEa48GryyzuEUSxoeR6jfYRau067rJx8yEJNBbk5vEQ2W cG+JIDtDj5fiWGQzBBgmGNQJsp14GTty6x52e7OjE38D2VUHu/P3EdyaOo7AXCvK kgxRb5wi679S+VQZ+A9D+OVv02+aN2MS9bUX09x9XqtvaAhaTkDtabYF2yKjZ+3H LhY/ce0yjkXlOD7tILnOO6bj0v9KIdf/KQnWFx0Lva2Fv3zTSwseDiHE78JW1+s7 VYg6tJ3WV9VDDw8ROyMQKF2t9VJQsfEn0bFNOetYCZE= =o251 -----END PGP SIGNATURE----- --hR1pI9ulTh1cJurciyOjLiwAyz7dKUkOd-- From nobody Fri Oct 2 06:38:06 2020 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2E8D03A162E for ; Fri, 2 Oct 2020 06:38:05 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.099 X-Spam-Level: X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=metacode.biz Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LryweeYGgwhm for ; Fri, 2 Oct 2020 06:38:02 -0700 (PDT) Received: from mail-ed1-x52c.google.com (mail-ed1-x52c.google.com [IPv6:2a00:1450:4864:20::52c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 65C543A162C for ; Fri, 2 Oct 2020 06:38:01 -0700 (PDT) Received: by mail-ed1-x52c.google.com with SMTP id w1so1688019edr.3 for ; Fri, 02 Oct 2020 06:38:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=metacode.biz; s=2017; h=from:autocrypt:organization:to:subject:message-id:date:mime-version; bh=+pWyVwOEpiehztzSSKFnT7ZhZ1W3edmlN/L6AupdeyA=; b=PrPwPdWTKKNZ0uOtlYMSZevtoalkbu4iGk4l2ftqXNEXryCusyvWgSv5RV7uaSAwkV EAm66DtYMSHqaxn3TOrFhMhg9nL3+oH1Z8S62T3gD5Y2aPPQM2Sn5+jXuIXWs3NZOh7l 3N4pwQZmdZV62dYVPtmnfyp5evN1ae77atr+BKOijXcBwqigLvkm1jfc2Z7KbNDvoIQT Fi9+CLOqHdB3xkr87Sah6TLoIHB31w5VMtJ/LOXfVYTUfAEfYyG2Y+PJ+S3EJ9PFB1EM Wvkg5ppVCJjnY+E25GrEBZNiBo5PEFCOxaDlr/hfgTxii51MfLIzK3GcDFllqf3lacN/ D1Mg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:autocrypt:organization:to:subject :message-id:date:mime-version; bh=+pWyVwOEpiehztzSSKFnT7ZhZ1W3edmlN/L6AupdeyA=; b=gZbsJjsEUCvSDaaxBN1crHuuu6C5Kt3Rd3cSqhjgcbIATiSb59n55dwOtQ8KyXKS+u p4GBP+bPXYHYQhJfj6xaOEcpoqnLNUDpFx2PceyH3bj97+xHLO/p5FCm9cDPajjXCqgZ mAPwwNoeI/fYrDADrv3Tg4RhLOdTuDWzG4CiTTVbxszFSx200ZA7mVnimivoWEl69zY5 baJFxmTda+AOt9a+SqdUqbloYQrz+T1d4FHwN4sV1kz/oamwXQd670hXRRio/EeHwUEZ qdRFNDdPB9oD9YsJ6Ky/D3UlvUWVPMbXM3na/5Zty0o7oCa2G6exxfYVBOjcrBRQOpGc toDA== X-Gm-Message-State: AOAM531Lj2E7K1ZVZ17mGeAGyymE9/uAN8I/iDL5STj6KJHz5FJFe4ca UCTHC90g1O1b9Qd4fvIbnszx6HuBKmj/GA== X-Google-Smtp-Source: ABdhPJwWW5+vFT65NIkVvpKPL9Px50SiJNMByVfPZZAEk+L+OCxhZGi88CdKM3IGTqao+EaTyPZM9w== X-Received: by 2002:aa7:da89:: with SMTP id q9mr2308938eds.111.1601645879561; Fri, 02 Oct 2020 06:37:59 -0700 (PDT) Received: from [192.168.2.69] (aehd220.neoplus.adsl.tpnet.pl. [79.186.185.220]) by smtp.googlemail.com with ESMTPSA id p17sm1255116edw.10.2020.10.02.06.37.57 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 02 Oct 2020 06:37:58 -0700 (PDT) From: Wiktor Kwapisiewicz Autocrypt: addr=wiktor@metacode.biz; prefer-encrypt=mutual; keydata= mQINBFhoYHoBEADzmg9UuwDrtvyejU01gDY1J1iJiCi4XGJ4lCfYeLC2jSagIxU/5Lu0lRft 0Loi2tsjpo0c8docP7HFxafEEvnnt/iabd6I536llMuw0uno4PgnD3ljcCMZLT+vn+amIDta lzVoMnSqzoNUotMNMtjIFuAaQ/wr4/Mp9CIgJdviGUc3PscqUiiUVVtk6uF0x657NULZgSIT /Mrqlr2i4RuyPwXe2Qt0uEA3KWWjF0l2NpAMVrqz+nHsLoNOaAsfdx94bzKQrrSeSQqEO2f+ /eO/hbUAFAmEhrotmUO8wJNygo8TgkdlzFI+UE4p8/KW0aCgGGgR8YkCvHq2OQhAAYFNJoNz Hqw0FGxdsY8qWFkYpoSB8zKspNy8KliofCamMYXoPF7eVIxIiKvxrAykGP4jNnzSoV0cn+bY fXnox1IhnqbnoJIT7kTmXv4JmWoYm8ThHqpEgcQOUUQzSRXb9OiNwiXT71ijeO1qswMRpsgk 6AGKSZGWxa3c4ive/p8z1Ax27BFZSh2FceIcMCcGLrDjnQYgeFsAJ1jSxZQXkGuJFHfb4nff Big7aq/vyKrQFQXG0NQQL7rZAdk/s665vifos0yPmRDu7yDT1ggdyBp4Pa4re+ZJcNRNzNHo zU9al+CoImCQjnTtKMXmOe/BzGrpHI4QR3NNzVa423WCIWkHfwARAQABtClXaWt0b3IgS3dh cGlzaWV3aWN6IDx3aWt0b3JAbWV0YWNvZGUuYml6PokELgQTAQoCGAIbAQgLCQgHDQwLCgUV CgkICwIeAQIXgDQUgAAAAAASABlwcm9vZkBtZXRhY29kZS5iaXpkbnM6bWV0YWNvZGUuYml6 P3R5cGU9VFhUXBSAAAAAABIAQXByb29mQG1ldGFjb2RlLmJpemh0dHBzOi8vZ2lzdC5naXRo dWIuY29tL3dpa3Rvci1rLzM4OWQ1ODlkZDE5MjUwZTFmOWE0MmJjM2Q1ZDQwYzE2VRSAAAAA ABIAOnByb29mQG1ldGFjb2RlLmJpemh0dHBzOi8vd3d3LnJlZGRpdC5jb20vdXNlci93aWt0 b3Itay9jb21tZW50cy9ibzVvaWgvdGVzdC9zFIAAAAAAKgBAdGltZXN0YW1wK2JpdGNvaW4t dHJhbnNhY3Rpb25AbWV0YWNvZGUuYml6YWZjYjA5MmM1Y2E2NDA5NTI2ZDE4YWU5Y2YyMmQz YjU1ZDM3ZTcyM2ViMWI3NGUzZjg0ZjdlNmIwNTJhMTYyYUgUgAAAAAASAC1wcm9vZkBtZXRh Y29kZS5iaXpodHRwczovL25ld3MueWNvbWJpbmF0b3IuY29tL3VzZXI/aWQ9d2lrdG9yLWs3 FIAAAAAAEgAccHJvb2ZAbWV0YWNvZGUuYml6aHR0cHM6Ly9tZXRhY29kZS5iaXovQHdpa3Rv chYhBGU5CaLw43wQb1+vVGyIV+DY6PB0BQJdK4YGBQkHhq5HAAoJEGyIV+DY6PB0qPsQAIKT MUYx8RPHfLMM3F11XtLUobKO6CpU83TM894/uF06woM3OaHiajVqC8d6jBXcw2OLH9cCQ9oP Qsfxns3YcKLpWLnSv6F46U9M1e1rZM7H/ooEsNWZNiTyZPaO0bBDsLtpEEOzo609IftKaP3+ BFyEr4YGerHeXcmBzoGlxR84GVsoTzs+VLZn4zAxPMPSe+s9mTTU85uGAXDdhSjTvb5sKARV DQNAlrEo5tZ17/K0BcSztYBT+rnRVAROaxxsqvVQG8lGuohBQuv3BDaqSBwJp/qcDHz3eOLN LfvanZvGtoXtRybimd8mDjzG18wd/V1DJOIzixdsBA2PHzPvFAoYzohjZrEjC7KPFXiUN1NN 9B5PsTKXEWzZiqffjEQHCD8o3JO5tJwI04tN+g55HXxM750639OFuZRGpBTysY7NSqkzDcDN uzkcPU7mXFfNZNG1+t54NlSaU9cwfZNdOd4y6ClE3qZReKwZMiqgQPNF7h4FPpFzkR79z6CL Wt5iHhMVJ1au00xuf1c+NDGXp6oKUbtlTRpmGnLjLn1z+7s9wUDdfvUf+aRRDXRLPcseI0wv k82mkBhSbX5ZDRgFqEB+giNS7ydZw4ur5scXgMA2i6JUe3eAoDflygpB0+EWiJWv/Eyzwsoj 1V/z9TXDeTME1sQckXPpmspnuO0uogrEuQENBFs/lS0BCAC5oX3r3luF7czMF8UFxJz55Xuv NRs4tEjoHzqcqoe4+RJyfNDtspgevYIq1WTKw/H3ZYsd2wZpkM3I+BJn9eeHZKs77qXQZGN5 PBB65rZoLjMx+qHa6wH4lIYMYW7eB9HHMsT/5E3ILBSRzZIwJimd/QdIMKSrJ5mPMkAd+9+x ob5zKHO5L5pbQtJSGS0m17/hA0kCTLI885hLtT3JsI/KWwuAYDrTwsayzh/hG/NgdA3I8xlr QCLC0EFJoxHkN9tCyXeKPlrIPYyMB1jHTo1iNV0CQGpk+zf6DA/ySGfJxd30ksJZ8y5qxD43 zS0YffYMC01CeuqPoGZ2Fy9VxhODABEBAAGJAjwEGAEKACYCGwwWIQRlOQmi8ON8EG9fr1Rs iFfg2OjwdAUCXSuGiQUJBK95lQAKCRBsiFfg2OjwdHBFD/97ijOr6M+IcKbDHBTz1+5YP1VK XTwcea5YlwK8gByd/urvUr/+d/OdOu5Z6+N8r1TKI60JhawaZD2l8TcViuwFz1wi+hywBSDR KRRnDhz7g5gESsYiX0+1Vp3IOBRHgvQT2RdgirRccRNcDyo3Rna9XOhcKZoF4ykd7P8ja0ae ekeGU81xAHrZxJO930CYS3Eo+hlf6+F5qfcDv20Z4HdY9/9QrDCRwz64lgQlbAPoANHdTLPa m46ZBS/u5nrlqsTWBiFHXwnMmI+e54mC0UK+SrafLlCsEC3Qn5o1VaEx6WicAfNsl8vmYTyB Wf8lkLMXGSeH8QjF5lAmyCrGaHwcfkM5AaJJRd9OrtG2PgGRoHuYNri6Rs+Zwg3wc1Y5w3ir WGMJGJAGh33nsxpr63/onyaIea3lBpXe0ql6wlKN59PVARYIpNhOHs+m3K4mAqJ2GxBZn0Gn /uai+qFSNsFS3Zb00bGqfAIDaPx91VZp7gMoT2+OXlopyj9gtsJgRviQUEvn+DhieBTO9gQT 2N7aRqP3J2sB8nxIRp3SG1Nibt5mG2+m3JCJldgpFMrkP4JEmJNemaRURZU7lQLb8Xd8NlOZ mTtGgA/gUZqleWGdaRbQxJaV+AFCusMZMbR57KqLSKsN3gU5pV7l8DyWKTbzuG33DtD20Zie 2ben8GJucbkBDQRbP5VqAQgAt/NogC7amuAQT6aYul3lnaj7DmiZvLG99QBoTNRaQjJpbKd3 Mvu0pfah+GnQQicxOO3GOuPVWecTVMLBKDFX8L8WWTq2NFhwoZV55MBcVgVsO7a9SHWLUwzr sfKHh9G+77UNqxUldkKTRIjs0GSCivpVXJ222F4nYP0UlYsUQcNo9YS5m8vXwwbGygPRzpWr 5c5Bh6/9VmCH3WZ5O16BRqNietOBbqVKIrjdw5uL9SZFLYW4OksLOX70PvMzn9c0BWIUVSAw MJYGwlkN+xFiRKZkfh1+aLc4CmEZGstt9poqHCZAUUVnhTgjzheXswYgUpHYxtq/XeX2E5vk LK+JDQARAQABiQNyBBgBCgAmAhsCFiEEZTkJovDjfBBvX69UbIhX4Njo8HQFAl0rhokFCQSv eVgBQMB0IAQZAQoAHRYhBO8e4PqUIPgE/e/AJpf97zTauPgrBQJbP5VqAAoJEJf97zTauPgr udoIAIRxBiSbZeou42kj1cLNp0Tbwo9P0GcQm3OjrMt6NhwkSmOZtYznn6+TJoxHVqfGsFwO XgftJK25zKwsUpGV7p4GdwrYRn+rHFKkrsh2XKjiVWtVUD5SD/cGBgM6dMghqQrazLbmB8AV qzemayYX9u9w5NMxMVe4Zuze12dOgAf0wv+RPXVxxn0mVYlxOWjiod6VLn3g24aTv+bN6hmc sjGJRlQpBA0DVsSp9wYxlMCdtaThzCfOSToQOXmYMJmXmd3eSoAJNQRlSARlrP5ysiMbgS08 EukbL/hvs6mayfKA22RO5rjCQqGzN4BUqSw4RMxQQQOz/BO/sKY7RdICRtYJEGyIV+DY6PB0 n9wQAMF4H5qen/oDr3J37Y2N0OKctZxxii7fFqWSNc7GMS2tlZuakWQ7GbBC3vHBAC5j66d2 WXi3Yaf0uM4ydyu7LZ1fKpJ+9aWXjKMTdg+l7d9WV5UWY8fcXDl+nUEjO2biAJHhFfa3dKXL 3/1GwG5Q5vqjDiNhlhVVCqI4DoreuimLzHfs8QVulEm0WInrcPXKPevgYg7slwAax+Y4rXSx JeIeJo2GtgKD8nqaEX2TIEdajg5hS5MV2Wj6tvB9ZiWYy7ybPkNw/j4V5v0mUo5Hh5W+T3h2 FOMNFTJFQ7oC4AYNUwFoajh9tdgWNuKzU/Hdqoftjx387Kn4RtQIv8Clgfqt1zPjeWg1lYdp +RbjRRwV57Jq/LuKTBWAFp8zJ/tv4kVlZDxiBeeJWGoQ9LYQr6+LX7HMFmfXk1yYExwAGAwH w0h1C2Ldf5c2HoZQ7euHpbv5K1Y2MEMOiYkzwYX4XrGqsQFVGrgct0nKc5qD6BzY188sb9g4 RUa8L7MTsJyqOtkrWB1mYtNeclP9a3Eta1K6zHX90HqGjPDWjRXQ4KAhYaE8HPNkEuiI6OTR jGtSyM9iiv7LEo4D9Y8YW38XrRlCXjIhFvblDSZI/5qc+3YPT0nQ/Zb4Hwzi6OPFWwrAN3YY UyLsB+reNqoC57hhy/Q9hByH59vd03om+lfBvdPC Organization: Metacode To: "openpgp@ietf.org" Message-ID: Date: Fri, 2 Oct 2020 15:37:44 +0200 MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="CZpPPJ2eUHeGFvFPBAm3DPACSaDS2xRzY" Archived-At: Subject: [openpgp] List of "semantic" changes between 4880 and bis X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Oct 2020 13:38:05 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --CZpPPJ2eUHeGFvFPBAm3DPACSaDS2xRzY Content-Type: multipart/mixed; boundary="kTzEVfD6tO1IXu1g05yXIk9EvqVhoirrH"; protected-headers="v1" From: Wiktor Kwapisiewicz To: "openpgp@ietf.org" Message-ID: Subject: List of "semantic" changes between 4880 and bis --kTzEVfD6tO1IXu1g05yXIk9EvqVhoirrH Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable Hello OpenPGP ML, As the diff tool on IETF Tools includes whitespace and editorial changes I compiled a list of "semantic" changes between 4880 and bis. You may find this interesting especially for parties that look to implement bis. If something is mentioned then it's new (in bis). If there is a difference I listed old (4880) and new (bis) values. Here it goes: 5.1. Public-Key Encrypted Session Key Packets (Tag 1) > Algorithm-Specific Fields for ECDH encryption: > - MPI of an EC point representing an ephemeral public key. > - a one-octet size, followed by a symmetric key encoded using the > method described in Section 13.5. 5.2. Signature Packet (Tag 2) > Implementations MUST generate version 5 signatures when using a > version 5 key. Implementations SHOULD generate V4 signatures with > version 4 keys. Implementations MUST NOT create version 3 > signatures; they MAY accept version 3 signatures. 5.2.1. Signature Types > 0x16 Attested Key Signature. 5.2.3. Version 4 and 5 Signature Packet Formats Version 5 Signature Packet Format: > The difference between a V4 and V5 signature is that the latter > includes additional meta data. 5.2.3.1. Signature Subpacket Specification | Type | Description | ------------------------------------------------------- | 33 | Issuer Fingerprint | | 34 | Preferred AEAD Algorithms | | 35 | Intended Recipient Fingerprint | | 37 | Attested Certifications | 4880: > Implementations SHOULD implement the three preferred algorithm > subpackets (11, 21, and 22), bis: > Implementations SHOULD implement the four preferred algorithm > subpackets (11, 21, 22, and 34), 5.2.3.17. Notation Data New notations: charset, manu, make, model, prodid, pvers, lot, qty, loc, dest, hash. 5.2.3.22. Key Flags > Second octet: > 0x04 - This key may be used as an additional decryption subkey (ADSK). > 0x08 - This key may be used for timestamping. 5.2.3.25. Features > 0x02 - AEAD Encrypted Data Packet (packet 20) and version 5 > Symmetric-Key Encrypted Session Key Packets (packet 3) > 0x04 - Version 5 Public-Key Packet format and corresponding new > fingerprint format 5.2.3.28. Issuer Fingerprint > Note that the length N of the fingerprint for a version 4 key is 20 > octets; for a version 5 key N is 32. 5.2.3.29. Intended Recipient Fingerprint 5.3. Symmetric-Key Encrypted Session Key Packets (Tag 3) New: version 5 Symmetric-Key Encrypted Session Key 5.5.2. Public-Key Packet Formats > A version 5 packet contains: > * A one-octet version number (5). > * A four-octet number denoting the time that the key was created. > * A one-octet number denoting the public-key algorithm of this key. > * A four-octet scalar octet count for the following public key > material. > * A series of values comprising the public key material. This is > algorithm-specific and described in Section 5.6. 5.5.3. Secret-Key Packet Formats New: value "253" (a one-octet AEAD algorithm). Version 4 Signature Packet Format becomes "Version 4 and 5 Signature Packet Formats". > The packet contains: > (...) > * Only for a version 5 packet, a one-octet scalar octet count of the > next 4 optional fields. > (...) > * Only for a version 5 packet, a four-octet scalar octet count for > the following secret key material. This includes the encrypted > SHA-1 hash or AEAD tag if the string-to-key usage octet is 254 or > 253. > Note that the version 5 packet format adds two count values to help > parsing packets with unknown S2K or public key algorithms. 5.6. Algorithm-specific Parts of Keys Improved and added ECDSA, EdDSA, ECDH. 5.13. User Attribute Packet (Tag 17) | Type | Attribute Subpacket | ----------------------------------------- | [TBD1] | User ID Attribute Subpacket | 5.8. Symmetrically Encrypted Data Packet (Tag 9) bis: Deprecates it. 5.10. Literal Data Packet (Tag 11) > * A one-octet field that describes how the data is formatted. > ... > If it is a 'm' (0x6d), then it contains a MIME message body part > Note that V3 and V4 signatures do not include the formatting octet, > the file name, and the date field of the literal packet in a > signature hash and thus are not protected against tampering in a > signed document. In contrast V5 signatures include them. 5.16. AEAD Encrypted Data Packet (Tag 20) > Implementations SHOULD NOT create data with a chunk size > octet value larger than 21 (128 MiB chunks) to facilitate buffering > of not yet authenticated plaintext. 5.16.1. EAX Mode 5.16.2. OCB Mode 8. Regular Expressions 4880: > A piece is an atom possibly followed by '*', '+', or '?'. bis: > A piece is an atom possibly followed by '_', '+', or '?'. 9. Constants 9.1. Public-Key Algorithms | ID | Algorithm | --------------------------------------------------------------- | 22 | EdDSA [RFC8032] | | 23 | Reserved for AEDH | | 24 | Reserved for AEDSA | 9.2. ECC Curve OID 9.3. Symmetric-Key Algorithms | ID | Algorithm | -------------------------------------------------- | 11 | Camellia with 128-bit key [RFC3713] | | 12 | Camellia with 192-bit key | | 13 | Camellia with 256-bit key | 4880: > Implementations MUST implement TripleDES. Implementations SHOULD > implement AES-128 and CAST5. bis: > Implementations MUST implement AES-128. Implementations SHOULD > implement AES-256. Implementations that interoperate with RFC-4880 > implementations need to support TripleDES and CAST5. 9.5. Hash Algorithms | ID | Algorithm | Text Name | ---------------------------------------------------------- | 12 | SHA3-256 [FIPS202] | "SHA3-256" | | 13 | Reserved | | | 14 | SHA3-512 [FIPS202] | "SHA3-512" | Note: > The ID 13 has been reserved so that the SHA3 algorithm IDs align > nicely with their SHA2 counterparts 4880: > Implementations MUST implement SHA-1. Implementations MAY implement > other algorithms. MD5 is deprecated. bis: >Implementations MUST implement SHA2-256. Implementations MAY >implement other algorithms. Implementations SHOULD NOT create messages >which require the use of SHA-1 with the exception of computing version4 >key fingerprints and for purposes of the MDC packet. Implementations >SHOULD NOT use MD5 or RIPE-MD/160. 10.2. New Packets 4880: > Adding a new packet type MUST be done through the IETF CONSENSUS method= bis: > Adding a new packet type MUST be done through the RFC REQUIRED method 10.2.1. User Attribute Types IETF CONSENSUS -> SPECIFICATION REQUIRED 10.2.2. Image Format Subpacket Types IETF CONSENSUS -> SPECIFICATION REQUIRED 10.2.3. New Signature Subpackets IETF CONSENSUS -> SPECIFICATION REQUIRED 11.1. Transferable Public Keys 4880: > - One or more User ID packets bis: > * Zero or more User ID packets 12.2. Key IDs and Fingerprints > V5 fingerprint is the 256-bit SHA2-256 hash (...) 13. Elliptic Curve Cryptography 16.1. OpenPGP ECC Profile > A compliant application MUST implement NIST curve P-256, SHOULD > implement NIST curve P-521, SHOULD implemend Ed25519, SHOULD > implement Curve25519, MAY implement NIST curve P-384, MAY implement > brainpoolP256r1, and MAY implement brainpoolP512r1, as defined in > Section 9.2. A compliant application MUST implement SHA2-256 and > SHOULD implement SHA2-384 and SHA2-512. A compliant application MUST > implement AES-128 and SHOULD implement AES-256. --------- I've compiled the list from the Appendix [0], grepping for "version 5" and notes from Justus Winter (whom I greatly thank for help). [0]: https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-10#appendi= x-C If anyone sees some omissions I've made but which are significant please bring it up. Kind regards, Wiktor --=20 https://metacode.biz/@wiktor --kTzEVfD6tO1IXu1g05yXIk9EvqVhoirrH-- --CZpPPJ2eUHeGFvFPBAm3DPACSaDS2xRzY Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEWaKd6o03OIxlaGPfuXoe4J20F+wFAl93LSgpGGh0dHBzOi8v bWV0YWNvZGUuYml6L0B3aWt0b3Ivb3BlbnBncC9rZXkACgkQuXoe4J20F+zYgBAA vnXOxHrKH9muUZx5gPqIdBp3976setyE5HYIGFdQPjhOTATGOOOn4MJ2ErBMwQ4i SoadDNDsrQ7isGVWEenwF7ox2RbejX52rvDG6lydd6s7Dq3eFWUuZESpGmWqlsQl mW0hK5acCWyaVHQU03jUOagSP7V6mVdRpZqoLWSj2EEIVfBl+/Wwlvp4752jk38/ +6kxzo7lfgm1amTuJPoY+2kHPBlkjggAHqaJVLpiLIq8PG2FjqNmq+d1d3ZOuYJZ 9+QxT/KckmyF7U0nDfH3QH7lF9hIAreTxKarQbrQ4Fh9TUz5jvvPMqgQcqTJ4QRf dZK15GQDd1TigFjEiYoDB/gQddLPWPN9sLlU83kBIUQgRVkaj+JL0bbwchDOet1h QnehQA+d1GSKuJUKP7zhx/Toj05KsG+fhGErtX0wxgDPFo8p6wR2tAgUgYdKcsCU q1V5QxkgYzIPn5I7xmoxOF3j5MRfHSvzbrhMc4tB6f+ifvJY/lGHnL1cpX256laY JtiZ8hEJyXUYQpFC3+KB0zBjwlOJfRreGRDPi+wTqnBNhW0feYJofOy4ghruWiXb NeEGOA28XSGu5rTQmFwU1+/4/7LMpw447Y3d7xl7yDmNp4SNUmWOGNGN5EBC5J4R Bj0EFZR/2e1L6moIWnWMcAdEInuYbdiOMSZZz0dgp3E= =Dkds -----END PGP SIGNATURE----- --CZpPPJ2eUHeGFvFPBAm3DPACSaDS2xRzY-- From nobody Sat Oct 3 11:25:15 2020 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ED66C3A09FB for ; Sat, 3 Oct 2020 11:25:13 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.099 X-Spam-Level: X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=gnupg.org Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id te3IJhVZxC29 for ; Sat, 3 Oct 2020 11:25:12 -0700 (PDT) Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 576173A09FF for ; Sat, 3 Oct 2020 11:25:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnupg.org; s=20181017; h=Content-Type:MIME-Version:Message-ID:Date:References: In-Reply-To:Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=jBzB8uljAp3TvvyFNSYPYGUZUyK7OP0GAhJWC1UQu6Y=; b=FqUJ7V7WOB0o8w92fedPxGNSBN qJLv7Pyb19laRdwzRii2B5fWZPPRRBR9EoLgIGS3SXZJZ76aEdJx1UWRnxCA5yxQFH0p1IYi+s0FK M/tlEq9EyVz/m9f6PUAmdGX4jHbCGqJcX/K9tWZPmR2DSBsqUs2QT4cBm8bN/uj0QHSE=; Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.89 #1 (Debian)) id 1kOmDV-0002yo-Dl for ; Sat, 03 Oct 2020 20:25:09 +0200 Received: from wk by wheatstone.g10code.de with local (Exim 4.92 #5 (Debian)) id 1kOm9N-0005QK-8E; Sat, 03 Oct 2020 20:20:53 +0200 From: Werner Koch To: Wiktor Kwapisiewicz Cc: "openpgp\@ietf.org" In-Reply-To: (Wiktor Kwapisiewicz's message of "Fri, 2 Oct 2020 15:37:44 +0200") References: User-Agent: Gnus/5.13 (Gnus v5.13) Organisation: GnuPG e.V. X-message-flag: Mails containing HTML will not be read! Please send only plain text. Mail-Followup-To: Wiktor Kwapisiewicz , "openpgp\@ietf.org" Date: Sat, 03 Oct 2020 20:20:53 +0200 Message-ID: <87v9frgohm.fsf@wheatstone.g10code.de> MIME-Version: 1.0 Content-Type: text/plain Archived-At: Subject: Re: [openpgp] List of "semantic" changes between 4880 and bis X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 03 Oct 2020 18:25:14 -0000 On Fri, 2 Oct 2020 15:37, Wiktor Kwapisiewicz said: >> A piece is an atom possibly followed by '*', '+', or '?'. > > bis: > >> A piece is an atom possibly followed by '_', '+', or '?'. Good catch. That seems to be a bug introduced with the change to the new Ruby tool. In the soruce it is correct: A piece is an atom possibly followed by '*', '+', or '?'. An atom followed by '*' matches a sequence of 0 or more matches of the Has anyone more experience with that new tool? Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From nobody Sat Oct 3 15:36:26 2020 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 779D63A0962 for ; Sat, 3 Oct 2020 15:36:25 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.096 X-Spam-Level: X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=icloud.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cYQjQaeRwsDB for ; Sat, 3 Oct 2020 15:36:24 -0700 (PDT) Received: from pv50p00im-hyfv10021501.me.com (pv50p00im-hyfv10021501.me.com [17.58.6.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F048B3A095F for ; Sat, 3 Oct 2020 15:36:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=icloud.com; s=1a1hai; t=1601764583; bh=Z64PzG7da3Wcpie0HHRka3VK3S5FP9ubapuN02Y40DE=; h=Content-Type:Mime-Version:Subject:From:Date:Message-Id:To; b=wUmja/gai3ms6NhTui3q3QcX6jP5C7qRQDDSKsl7ykB76ktUlLCT8EP9bgi7FHTyX vvWOgLhxvIYjD1jmRTSzdWlwhVKGUNP3zwVxmDXhTvupcggQlLdGTBC3V/Jwj99e+/ 3az/o5L0NAwLntUAmoVwB5YZ4ODnEIy88YOJhF1g0hRNMM171yg0YcIKnB1/0vmPf/ zfqGyMgH6NX5oshRQ/LAD0n2JQNphilQJbDFeNmMbXRQVXkDqLn5NucBZSmFTAcHA/ IpSAcme5w5WzeIuQ1k/+42XAQtBJv2R6EjKEWga4/6VWMRH7e7yhmh9Ut4gn7wnR2K RecmZlNr59gFQ== Received: from [192.168.7.161] (70-228-76-163.lightspeed.sntcca.sbcglobal.net [70.228.76.163]) by pv50p00im-hyfv10021501.me.com (Postfix) with ESMTPSA id 03B17B40363; Sat, 3 Oct 2020 22:36:22 +0000 (UTC) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.1\)) From: Jon Callas In-Reply-To: <87v9fu449t.wl-neal@walfield.org> Date: Sat, 3 Oct 2020 15:36:22 -0700 Cc: Jon Callas , Wiktor Kwapisiewicz , "openpgp@ietf.org" Content-Transfer-Encoding: quoted-printable Message-Id: References: <7500A2C4-A42F-4FD0-8957-86E5593FA05F@icloud.com> <87v9fu449t.wl-neal@walfield.org> To: "Neal H. Walfield" X-Mailer: Apple Mail (2.3608.120.23.2.1) X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-10-03_17:2020-10-02, 2020-10-03 signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=2 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-2006250000 definitions=main-2010030191 Archived-At: Subject: Re: [openpgp] Registration of the 'proof' notation X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 03 Oct 2020 22:36:26 -0000 > On Oct 1, 2020, at 3:41 AM, Neal H. Walfield = wrote: >=20 > Hi Jon, >=20 > Thanks for your comments. >=20 > I'm a bit confused, however, how PGPtickets are analogous to social > proofs. A social proof is an identity ("my handle on this service is > X"). PGPtickets are authorizations. When I create a social proof, > I'm not normally delegating any authority; I'm advertising an > identity. And, an authorization in the o-cap world is normally free > of identity information (authorization-based, not identity-based, > access control is the mantra). One point is that they don't have to be embedded in the OpenPGP key. = They're separate statements with their own syntax. Just because OpenPGP = is a nice hammer doesn't mean that everything's got to be a nail. It's = okay to have other hardware. While I agree with you that these social proofs correspond reasonably = well to an identifier, especially more than making them be a notation, = there's no reason to jam them into even that. Wiktor has his own uses, = and the fact that he's suggested an approach different to what you and I = thought says to me that perhaps we don't quite get his use case. Thus, why not just go take something and do it? Other people have done = it before. When Vinnie and Tony were doing the tickets, they could have = done it so that it was a notation as well. In their case, the sysadmin = could have signed the actor's key with a notation, even, and had it work = that way. It also makes sense to make it be a wholly separate object, = purpose built to its need. Moreover, it doesn't require the likes of us = to agree to it. That's why I suggested it. Among the implementation options is for = Wiktor to go off to the side and do his social proofs with another = syntax. Moreover, the consumer of the proofs only has to verify the = signature around the proof and then parse the proof on its own, without = having to go to the trouble of parsing a whole OpenPGP key. Jon From nobody Sat Oct 3 16:03:20 2020 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 045353A097D for ; Sat, 3 Oct 2020 16:03:20 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.099 X-Spam-Level: X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=icloud.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4HDA6tOzNP4M for ; Sat, 3 Oct 2020 16:03:18 -0700 (PDT) Received: from pv50p00im-ztbu10011701.me.com (pv50p00im-ztbu10011701.me.com [17.58.6.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 99A013A0972 for ; Sat, 3 Oct 2020 16:03:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=icloud.com; s=1a1hai; t=1601766197; bh=EKaBvo3WCiyvAR260GQwyImdRmdo/d7TBBfo6583DdE=; h=Content-Type:Mime-Version:Subject:From:Date:Message-Id:To; b=MjSAlTiH0jTg1TI/kyZnOwTeoPdP8avvgrxh26lGamOtQ88cumnthyQTh7MocKngY +YaoZx6F6QRj6RJIdu3yRiM81naz47sUY5lR6ljbQkK5ufi5Vb3rCbmVbcOKFE24Al Mpp6cr2HTJHr47ZpMiCkTJrq5itKppzpOcyBVMqBd4NXgX1Jo0Fp/sqF3D/7av4Qej VEVTZLAqY5YEZO3HU2tOWL/0nPU5f9VP16rloDprNzeTEfEEfm6aWbU+xkfA83/qjJ G6gJGmPVlgu/EujWi4FjzWnR7xWbxPjP/Qhm1ybRKtBy8aTxYJOjYvJwetUUDgMwaz oLvcd88q1uTWA== Received: from [192.168.7.161] (70-228-76-163.lightspeed.sntcca.sbcglobal.net [70.228.76.163]) by pv50p00im-ztbu10011701.me.com (Postfix) with ESMTPSA id 67DEA8A0076; Sat, 3 Oct 2020 23:03:15 +0000 (UTC) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.1\)) From: Jon Callas In-Reply-To: Date: Sat, 3 Oct 2020 16:03:14 -0700 Cc: Jon Callas , "openpgp@ietf.org" Content-Transfer-Encoding: quoted-printable Message-Id: <2814B597-AAB0-4D3E-8DE2-AE6CF2615CE2@icloud.com> References: <7500A2C4-A42F-4FD0-8957-86E5593FA05F@icloud.com> To: Wiktor Kwapisiewicz X-Mailer: Apple Mail (2.3608.120.23.2.1) X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-10-03_17:2020-10-02, 2020-10-03 signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-2006250000 definitions=main-2010030196 Archived-At: Subject: Re: [openpgp] Registration of the 'proof' notation X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 03 Oct 2020 23:03:20 -0000 > On Oct 2, 2020, at 5:29 AM, Wiktor Kwapisiewicz = wrote: >=20 > Hi Jon, >=20 > Yes. One extension in particular seems like a direct analogue: Subject > Alternative Name [0]. Let me quote the RFC 5280: >=20 > The subject alternative name extension allows identities to be bound > to the subject of the certificate. (...) Defined options include an > Internet electronic mail address, a DNS name, an IP address, and a > Uniform Resource Identifier (URI). >=20 > [0]: https://tools.ietf.org/html/rfc5280#section-4.2.1.6 >=20 > This is exactly what the notation I proposed contains: URIs for > identities that can be verified. I think I see. >=20 >> In contrast, a User Attribute is the generalization of a User ID. It = says "this key speaks for " whether that ID is an email address, = etc. and then various keys make certification signatures stating that = they agree with that. >=20 > But does this generalization bring any benefit over just regular User > IDs that contain the identity directly? For example what would be the > actual benefit of having User Attribute that contains URI such as > "https://twitter.com/user" over a User ID that contains the same exact > value? I don't know. The definition of a User ID is intentionally that it's just a string and = is by convention an email address. There's no reason you can't do what = you said or even "twitter:@user" and just have it be a User ID. That's = completely covered by 4880. >=20 > In my opinion for values such as URIs there is no benefit and using = User > Attribute in this case would be making the solution more complex than > necessary. 4880 says that User Attribute "is capable of storing more > types of data than the User ID packet, which is limited to text." but = in > this case text is all that is necessary to represent a URI. Okay, so that says that it could just be a User ID. Why not? >=20 >=20 >> I can think of another utterly different syntax, though, that would = be similar to what Vinnie Moscaritolo and Tony Mione did in "PGP = Tickets" which you can find as an I-D at = .=20 >=20 > Thank you for the reference. I have never seen this one. >=20 > After a couple of days of discussions and some time to reflect I = decided > that I'd like to retract the registration of the "proof" notation. > Social proof system, while interesting to play around, is of limited = use > to the general public and as such do not smoothly fit the OpenPGP RFC. >=20 > For private projects such as keyoxide.org private/user space for > extensions is everything what's needed and is available right now. Well said. That's really why things need to be in the standard. I try to = remember Jeff Schiller's comment from when he was AD that the primary = purpose of a standard is interoperability. Today, there are a lot of ways that one can take standard parts and put = them together in reasonably obvious ways -- like my suggestion of clear = signing a text-based structure, like YAML, JSON, etc. It just works, and = you can write your own document about what the structure means. In PGP days, we ended up doing a lot of work where we wanted to have a = complex email with embedded attachments (like pix) be encrypted and = signed. The OpenPGP/MIME documents are simple, elegant, and allow one to = format the MIME in a lot of ways. To get now-modern MUAs to reassemble = the message the right way, dropping the pictures in the text in the = right places, all the parts had to be assembled just the right way. So = we documented what we'd found and used a notation to let a key declare, = "if you send me MIME this way, I can make it look pretty." We thus = didn't need to have a standards discussion, we could just do it. There's a lot to be said for innovating in a way that doesn't break = other people, and if it becomes popular, *then* standardize it. (And of = course, accept the cost of migrating one's things to the standard one = inspired.) >=20 > Jon, Neal, thank you for your time discussing this matter! No problem and please keep us all informed. This is interesting and cool = and it's nice that you let us know what you're up to. It sounds like = you're doing some awesome innovative things. Jon From nobody Sun Oct 4 12:50:40 2020 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6F1093A09CD for ; Sun, 4 Oct 2020 12:50:38 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.099 X-Spam-Level: X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=metacode.biz Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3zkrtzFWxgLe for ; Sun, 4 Oct 2020 12:50:36 -0700 (PDT) Received: from mail-ed1-x535.google.com (mail-ed1-x535.google.com [IPv6:2a00:1450:4864:20::535]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C09843A09BE for ; Sun, 4 Oct 2020 12:50:35 -0700 (PDT) Received: by mail-ed1-x535.google.com with SMTP id 33so7121156edq.13 for ; Sun, 04 Oct 2020 12:50:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=metacode.biz; s=2017; h=to:cc:references:from:autocrypt:organization:subject:message-id :date:mime-version:in-reply-to; bh=T7GsJIipKS6KGMtRpihB/hxmWM8kmn9t4rbw9PJJ5n0=; b=ysdOcwYg53TLbm42dovNA14fb7Z4lk4eKB3dXP4sAr0XSA/KPiS6rmQcYnsp1aHLLR plsUh5Jx1oNRxBBgEH4BsIFENiBJz3A7CkeeC/5bDdiDJ/UHZ0umhC4yJVmTUf7KHX46 X86BkXNw8nkbhg+/Lx8bBapv2t1ADgX0Z2Q4S4mOUvOYzyc+1e7sgy/R/2DscieaIOOW Wi5C169IuXPfFAUrbWG7ZKukXe1R7zrTWGURLVPMMAS/iZdJnoN3rrAeN4ZghwdOYtpL R9UeLVYbad1zyvsU5Iupliug229XdtmNKuEOGyPAZkLjG/5/EUKzI6RxIo7/8efxabpC rDhQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:to:cc:references:from:autocrypt:organization :subject:message-id:date:mime-version:in-reply-to; bh=T7GsJIipKS6KGMtRpihB/hxmWM8kmn9t4rbw9PJJ5n0=; b=pyjlYo40NOLd7rBMvXgYQl/y+nuP00QFRw1ffn0CPkMVmJDbvhpBqS0Ju/jkDbkJzP Zt86ikhsTzWTGhLAa2XhOKLETjy61NtUmFlLNl3TMiWRdlL+12sJ8fGNFGjKFxev8t0k XgXLapQfpo/3DfpRnniX9S3JVM1B0UgiOwjfjEB0BYYb9+db5dCYK40FJl1r9cG1Aqr+ SY0GYJ6d8r1szfyrprM8eqVkZ49TIBm/1t8X0tqT0yuX14pniA6TWAdxhwKm4J6/gFCj TP8okBQbDVRNrp4Gx//GDkaTMhYkQletsRwWRgMY5FwtkaRiN1EYQftBqQz7YU821zQl qj3g== X-Gm-Message-State: AOAM530JZIyrPEzI7d+P252/rcNQIiJtotRjPlwt902KRp7x51Ld1v78 iJIEH6IYT+owLLZux7zlceAGzwUnUp0Www== X-Google-Smtp-Source: ABdhPJwMSRtRQT/vuNdm0GmVL1SuSh6y5pZinMes9SVLOFbCkLnBmBd6I0jnId3BFqYgDxIXXSmUmA== X-Received: by 2002:a05:6402:1548:: with SMTP id p8mr14281017edx.65.1601841033068; Sun, 04 Oct 2020 12:50:33 -0700 (PDT) Received: from [192.168.2.69] (aehd220.neoplus.adsl.tpnet.pl. [79.186.185.220]) by smtp.googlemail.com with ESMTPSA id y25sm7067216edv.15.2020.10.04.12.50.31 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sun, 04 Oct 2020 12:50:31 -0700 (PDT) To: Jon Callas Cc: "openpgp@ietf.org" References: <7500A2C4-A42F-4FD0-8957-86E5593FA05F@icloud.com> <2814B597-AAB0-4D3E-8DE2-AE6CF2615CE2@icloud.com> From: Wiktor Kwapisiewicz Autocrypt: addr=wiktor@metacode.biz; prefer-encrypt=mutual; keydata= mQINBFhoYHoBEADzmg9UuwDrtvyejU01gDY1J1iJiCi4XGJ4lCfYeLC2jSagIxU/5Lu0lRft 0Loi2tsjpo0c8docP7HFxafEEvnnt/iabd6I536llMuw0uno4PgnD3ljcCMZLT+vn+amIDta lzVoMnSqzoNUotMNMtjIFuAaQ/wr4/Mp9CIgJdviGUc3PscqUiiUVVtk6uF0x657NULZgSIT /Mrqlr2i4RuyPwXe2Qt0uEA3KWWjF0l2NpAMVrqz+nHsLoNOaAsfdx94bzKQrrSeSQqEO2f+ /eO/hbUAFAmEhrotmUO8wJNygo8TgkdlzFI+UE4p8/KW0aCgGGgR8YkCvHq2OQhAAYFNJoNz Hqw0FGxdsY8qWFkYpoSB8zKspNy8KliofCamMYXoPF7eVIxIiKvxrAykGP4jNnzSoV0cn+bY fXnox1IhnqbnoJIT7kTmXv4JmWoYm8ThHqpEgcQOUUQzSRXb9OiNwiXT71ijeO1qswMRpsgk 6AGKSZGWxa3c4ive/p8z1Ax27BFZSh2FceIcMCcGLrDjnQYgeFsAJ1jSxZQXkGuJFHfb4nff Big7aq/vyKrQFQXG0NQQL7rZAdk/s665vifos0yPmRDu7yDT1ggdyBp4Pa4re+ZJcNRNzNHo zU9al+CoImCQjnTtKMXmOe/BzGrpHI4QR3NNzVa423WCIWkHfwARAQABtClXaWt0b3IgS3dh cGlzaWV3aWN6IDx3aWt0b3JAbWV0YWNvZGUuYml6PokELgQTAQoCGAIbAQgLCQgHDQwLCgUV CgkICwIeAQIXgDQUgAAAAAASABlwcm9vZkBtZXRhY29kZS5iaXpkbnM6bWV0YWNvZGUuYml6 P3R5cGU9VFhUXBSAAAAAABIAQXByb29mQG1ldGFjb2RlLmJpemh0dHBzOi8vZ2lzdC5naXRo dWIuY29tL3dpa3Rvci1rLzM4OWQ1ODlkZDE5MjUwZTFmOWE0MmJjM2Q1ZDQwYzE2VRSAAAAA ABIAOnByb29mQG1ldGFjb2RlLmJpemh0dHBzOi8vd3d3LnJlZGRpdC5jb20vdXNlci93aWt0 b3Itay9jb21tZW50cy9ibzVvaWgvdGVzdC9zFIAAAAAAKgBAdGltZXN0YW1wK2JpdGNvaW4t dHJhbnNhY3Rpb25AbWV0YWNvZGUuYml6YWZjYjA5MmM1Y2E2NDA5NTI2ZDE4YWU5Y2YyMmQz YjU1ZDM3ZTcyM2ViMWI3NGUzZjg0ZjdlNmIwNTJhMTYyYUgUgAAAAAASAC1wcm9vZkBtZXRh Y29kZS5iaXpodHRwczovL25ld3MueWNvbWJpbmF0b3IuY29tL3VzZXI/aWQ9d2lrdG9yLWs3 FIAAAAAAEgAccHJvb2ZAbWV0YWNvZGUuYml6aHR0cHM6Ly9tZXRhY29kZS5iaXovQHdpa3Rv chYhBGU5CaLw43wQb1+vVGyIV+DY6PB0BQJdK4YGBQkHhq5HAAoJEGyIV+DY6PB0qPsQAIKT MUYx8RPHfLMM3F11XtLUobKO6CpU83TM894/uF06woM3OaHiajVqC8d6jBXcw2OLH9cCQ9oP Qsfxns3YcKLpWLnSv6F46U9M1e1rZM7H/ooEsNWZNiTyZPaO0bBDsLtpEEOzo609IftKaP3+ BFyEr4YGerHeXcmBzoGlxR84GVsoTzs+VLZn4zAxPMPSe+s9mTTU85uGAXDdhSjTvb5sKARV DQNAlrEo5tZ17/K0BcSztYBT+rnRVAROaxxsqvVQG8lGuohBQuv3BDaqSBwJp/qcDHz3eOLN LfvanZvGtoXtRybimd8mDjzG18wd/V1DJOIzixdsBA2PHzPvFAoYzohjZrEjC7KPFXiUN1NN 9B5PsTKXEWzZiqffjEQHCD8o3JO5tJwI04tN+g55HXxM750639OFuZRGpBTysY7NSqkzDcDN uzkcPU7mXFfNZNG1+t54NlSaU9cwfZNdOd4y6ClE3qZReKwZMiqgQPNF7h4FPpFzkR79z6CL Wt5iHhMVJ1au00xuf1c+NDGXp6oKUbtlTRpmGnLjLn1z+7s9wUDdfvUf+aRRDXRLPcseI0wv k82mkBhSbX5ZDRgFqEB+giNS7ydZw4ur5scXgMA2i6JUe3eAoDflygpB0+EWiJWv/Eyzwsoj 1V/z9TXDeTME1sQckXPpmspnuO0uogrEuQENBFs/lS0BCAC5oX3r3luF7czMF8UFxJz55Xuv NRs4tEjoHzqcqoe4+RJyfNDtspgevYIq1WTKw/H3ZYsd2wZpkM3I+BJn9eeHZKs77qXQZGN5 PBB65rZoLjMx+qHa6wH4lIYMYW7eB9HHMsT/5E3ILBSRzZIwJimd/QdIMKSrJ5mPMkAd+9+x ob5zKHO5L5pbQtJSGS0m17/hA0kCTLI885hLtT3JsI/KWwuAYDrTwsayzh/hG/NgdA3I8xlr QCLC0EFJoxHkN9tCyXeKPlrIPYyMB1jHTo1iNV0CQGpk+zf6DA/ySGfJxd30ksJZ8y5qxD43 zS0YffYMC01CeuqPoGZ2Fy9VxhODABEBAAGJAjwEGAEKACYCGwwWIQRlOQmi8ON8EG9fr1Rs iFfg2OjwdAUCXSuGiQUJBK95lQAKCRBsiFfg2OjwdHBFD/97ijOr6M+IcKbDHBTz1+5YP1VK XTwcea5YlwK8gByd/urvUr/+d/OdOu5Z6+N8r1TKI60JhawaZD2l8TcViuwFz1wi+hywBSDR KRRnDhz7g5gESsYiX0+1Vp3IOBRHgvQT2RdgirRccRNcDyo3Rna9XOhcKZoF4ykd7P8ja0ae ekeGU81xAHrZxJO930CYS3Eo+hlf6+F5qfcDv20Z4HdY9/9QrDCRwz64lgQlbAPoANHdTLPa m46ZBS/u5nrlqsTWBiFHXwnMmI+e54mC0UK+SrafLlCsEC3Qn5o1VaEx6WicAfNsl8vmYTyB Wf8lkLMXGSeH8QjF5lAmyCrGaHwcfkM5AaJJRd9OrtG2PgGRoHuYNri6Rs+Zwg3wc1Y5w3ir WGMJGJAGh33nsxpr63/onyaIea3lBpXe0ql6wlKN59PVARYIpNhOHs+m3K4mAqJ2GxBZn0Gn /uai+qFSNsFS3Zb00bGqfAIDaPx91VZp7gMoT2+OXlopyj9gtsJgRviQUEvn+DhieBTO9gQT 2N7aRqP3J2sB8nxIRp3SG1Nibt5mG2+m3JCJldgpFMrkP4JEmJNemaRURZU7lQLb8Xd8NlOZ mTtGgA/gUZqleWGdaRbQxJaV+AFCusMZMbR57KqLSKsN3gU5pV7l8DyWKTbzuG33DtD20Zie 2ben8GJucbkBDQRbP5VqAQgAt/NogC7amuAQT6aYul3lnaj7DmiZvLG99QBoTNRaQjJpbKd3 Mvu0pfah+GnQQicxOO3GOuPVWecTVMLBKDFX8L8WWTq2NFhwoZV55MBcVgVsO7a9SHWLUwzr sfKHh9G+77UNqxUldkKTRIjs0GSCivpVXJ222F4nYP0UlYsUQcNo9YS5m8vXwwbGygPRzpWr 5c5Bh6/9VmCH3WZ5O16BRqNietOBbqVKIrjdw5uL9SZFLYW4OksLOX70PvMzn9c0BWIUVSAw MJYGwlkN+xFiRKZkfh1+aLc4CmEZGstt9poqHCZAUUVnhTgjzheXswYgUpHYxtq/XeX2E5vk LK+JDQARAQABiQNyBBgBCgAmAhsCFiEEZTkJovDjfBBvX69UbIhX4Njo8HQFAl0rhokFCQSv eVgBQMB0IAQZAQoAHRYhBO8e4PqUIPgE/e/AJpf97zTauPgrBQJbP5VqAAoJEJf97zTauPgr udoIAIRxBiSbZeou42kj1cLNp0Tbwo9P0GcQm3OjrMt6NhwkSmOZtYznn6+TJoxHVqfGsFwO XgftJK25zKwsUpGV7p4GdwrYRn+rHFKkrsh2XKjiVWtVUD5SD/cGBgM6dMghqQrazLbmB8AV qzemayYX9u9w5NMxMVe4Zuze12dOgAf0wv+RPXVxxn0mVYlxOWjiod6VLn3g24aTv+bN6hmc sjGJRlQpBA0DVsSp9wYxlMCdtaThzCfOSToQOXmYMJmXmd3eSoAJNQRlSARlrP5ysiMbgS08 EukbL/hvs6mayfKA22RO5rjCQqGzN4BUqSw4RMxQQQOz/BO/sKY7RdICRtYJEGyIV+DY6PB0 n9wQAMF4H5qen/oDr3J37Y2N0OKctZxxii7fFqWSNc7GMS2tlZuakWQ7GbBC3vHBAC5j66d2 WXi3Yaf0uM4ydyu7LZ1fKpJ+9aWXjKMTdg+l7d9WV5UWY8fcXDl+nUEjO2biAJHhFfa3dKXL 3/1GwG5Q5vqjDiNhlhVVCqI4DoreuimLzHfs8QVulEm0WInrcPXKPevgYg7slwAax+Y4rXSx JeIeJo2GtgKD8nqaEX2TIEdajg5hS5MV2Wj6tvB9ZiWYy7ybPkNw/j4V5v0mUo5Hh5W+T3h2 FOMNFTJFQ7oC4AYNUwFoajh9tdgWNuKzU/Hdqoftjx387Kn4RtQIv8Clgfqt1zPjeWg1lYdp +RbjRRwV57Jq/LuKTBWAFp8zJ/tv4kVlZDxiBeeJWGoQ9LYQr6+LX7HMFmfXk1yYExwAGAwH w0h1C2Ldf5c2HoZQ7euHpbv5K1Y2MEMOiYkzwYX4XrGqsQFVGrgct0nKc5qD6BzY188sb9g4 RUa8L7MTsJyqOtkrWB1mYtNeclP9a3Eta1K6zHX90HqGjPDWjRXQ4KAhYaE8HPNkEuiI6OTR jGtSyM9iiv7LEo4D9Y8YW38XrRlCXjIhFvblDSZI/5qc+3YPT0nQ/Zb4Hwzi6OPFWwrAN3YY UyLsB+reNqoC57hhy/Q9hByH59vd03om+lfBvdPC Organization: Metacode Message-ID: <91dea21f-0b3e-7e6a-b4df-30bc4433be89@metacode.biz> Date: Sun, 4 Oct 2020 21:50:19 +0200 MIME-Version: 1.0 In-Reply-To: <2814B597-AAB0-4D3E-8DE2-AE6CF2615CE2@icloud.com> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="aQnoNAlyJjWZv99FEMO2nKmZxYNyb1bSl" Archived-At: Subject: Re: [openpgp] Registration of the 'proof' notation X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Oct 2020 19:50:38 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --aQnoNAlyJjWZv99FEMO2nKmZxYNyb1bSl Content-Type: multipart/mixed; boundary="Weopclm1khtqnMfgEls725uDkhw9yWwF1"; protected-headers="v1" From: Wiktor Kwapisiewicz To: Jon Callas Cc: "openpgp@ietf.org" Message-ID: <91dea21f-0b3e-7e6a-b4df-30bc4433be89@metacode.biz> Subject: Re: [openpgp] Registration of the 'proof' notation References: <7500A2C4-A42F-4FD0-8957-86E5593FA05F@icloud.com> <2814B597-AAB0-4D3E-8DE2-AE6CF2615CE2@icloud.com> In-Reply-To: <2814B597-AAB0-4D3E-8DE2-AE6CF2615CE2@icloud.com> --Weopclm1khtqnMfgEls725uDkhw9yWwF1 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable Hi Jon, On 04.10.2020 01:03, Jon Callas wrote: > The definition of a User ID is intentionally that it's just a string an= d is by convention an email address. There's no reason you can't do what = you said or even "twitter:@user" and just have it be a User ID. That's co= mpletely covered by 4880. Thanks for the confirmation. As for "https://twitter.com/user" vs "twitter:@user" I did lean towards the former only due to my standards-paranoia: not to invent URI schemes but to use ones that are already registered [0]. Of course both formats would work just fine. [0]: https://www.iana.org/assignments/uri-schemes/uri-schemes.xhtml > Okay, so that says that it could just be a User ID. Why not? In the latest design I chose notations instead of User IDs out of practical considerations: - while fetching the key over WKD GnuPG will strip them, - they will be stripped with some keyservers like keys.openpgp.org, - I don't want them to be signed by others. The last point may be something that's rather personal than technical but having a User Attribute on my key and seeing people blinding signing it made me think that the social proofs should be only checked against the target social site. In my opinion there is no benefit for others signing Twitter handles but the social proof design doesn't depend on the place where the proof is stored. > Today, there are a lot of ways that one can take standard parts and put= them together in reasonably obvious ways -- like my suggestion of clear = signing a text-based structure, like YAML, JSON, etc. It just works, and = you can write your own document about what the structure means. Yes, clearsigning a document with well-known format is actually a very nice technique I've been considering for other uses (like voting or assigning permissions etc.) > In PGP days, we ended up doing a lot of work where we wanted to have a = complex email with embedded attachments (like pix) be encrypted and signe= d. The OpenPGP/MIME documents are simple, elegant, and allow one to forma= t the MIME in a lot of ways. To get now-modern MUAs to reassemble the mes= sage the right way, dropping the pictures in the text in the right places= , all the parts had to be assembled just the right way. So we documented = what we'd found and used a notation to let a key declare, "if you send me= MIME this way, I can make it look pretty." We thus didn't need to have a= standards discussion, we could just do it. I think you're referring to the "preferred-email-encoding@pgp.com=3Dpgpmime" notation. This was the first= instance of a notation I've seen in the wild and I wondered why notations are so grossly underused :) > There's a lot to be said for innovating in a way that doesn't break oth= er people, and if it becomes popular, *then* standardize it. (And of cour= se, accept the cost of migrating one's things to the standard one inspire= d.) Well said. I'm pondering the feedback loop between the standards and implementors. I've seen it first-hand while developing this little proof-of-concept that the implementation frequently influenced the design= =2E > No problem and please keep us all informed. This is interesting and coo= l and it's nice that you let us know what you're up to. This idea is already being used by other parties to provide something akin to profile page generated purely from the OpenPGP key in the browser= : https://keyoxide.org/9f0048ac0b23301e1f77e994909f6bd6f80f485d What I find especially fascinating is that the OpenPGP key can be used as a root of trust to verify other keys of the user including XMPP OMEMO keys (that is a Signal-like protocol with forward secrecy for XMPP) or things that are not social profiles such as Bitcoin addresses. As all of them are URIs this is still using the same design (of course the verification procedure varies). > It sounds like you're doing some awesome innovative things. Thanks Jon, I appreciate kind words especially if they come from a renown standards expert. Regards, Wiktor --=20 https://metacode.biz/@wiktor --Weopclm1khtqnMfgEls725uDkhw9yWwF1-- --aQnoNAlyJjWZv99FEMO2nKmZxYNyb1bSl Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEWaKd6o03OIxlaGPfuXoe4J20F+wFAl96J4ApGGh0dHBzOi8v bWV0YWNvZGUuYml6L0B3aWt0b3Ivb3BlbnBncC9rZXkACgkQuXoe4J20F+wwJw/7 BZUEbPu8AGVJJIdL3XCea22/w07zWX1F7LZK7r/GWciKyFr4DO7YIaCuHISmqJ1v lmnDRuxqa66IpDps/YSYYgcDIKyaiqvSz2vbBQh+BHHwtjW+eSAfDe3eA6PVZUxV +60RkXF5YWyzc5w2a+djADpciNy669/GjuzALXgs6fm4x18ORQN7YKwX6MR0sz0J BxorA3wk/9/QU4NLGesQWTzFoUSLMLTzbwnPswOoL3VqnCQ5fOrkHKaRaPoT3vGa ED6RNOFdxr5LwxTDYLr3alCAcr5KtSu7GOSb/FX29o2rDmT1fpX2rcrdPJi+FFg7 naY8R66BQ9IgRCE8ZwJL5gOvz6oKRRMYGnLF1wxPuv0No4aUunqjrng//olTCSHS YpFuQKtFz2AIs/qOiKUJEfdIcpj6ZDdhMBk6wKZRJ9p0+AsyyF0gFGy17UwkfluC mY4VYlxcshWbp3gTkGtBmti7xPfw6+6GOHKK+F+PLGsS0rdG6GT0cVc5SZd3bEvt n4h2u2TVjtSubCaPq5KCwx1WC4EpMDMHeWVd7iARbojc1+WhcPPFJKV1OFKu9TSB 5T7xOUwaGjk2rYwX3Tg+IFzFQJp8DoFxp5cB98M2B4ULFDJ41ttJGn/cZkgoXk+L ltzY5lWpoJQgC4gc4+fkWgirLF6lH2sNt5/M48+xztg= =l9MJ -----END PGP SIGNATURE----- --aQnoNAlyJjWZv99FEMO2nKmZxYNyb1bSl-- From nobody Mon Oct 5 22:04:08 2020 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6CFE43A1114 for ; Mon, 5 Oct 2020 22:04:06 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.306 X-Spam-Level: X-Spam-Status: No, score=-1.306 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RDNS_NONE=0.793, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=fifthhorseman.net header.b=r8tReSUr; dkim=pass (2048-bit key) header.d=fifthhorseman.net header.b=HsnxsFwK Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ym5fMLPkFBVo for ; Mon, 5 Oct 2020 22:04:03 -0700 (PDT) Received: from che.mayfirst.org (unknown [162.247.75.117]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C9ABE3A0C9B for ; Mon, 5 Oct 2020 22:04:03 -0700 (PDT) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019; t=1601960642; h=from : to : cc : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=j1tHhUfj9WzQat7W04h64Qv+vuU5yy6QwUOP/Ra8Sq4=; b=r8tReSUrWFaCHEncZFsUO1IotnyBpttTGp8uoelvh9uXDn1S6n9dfgz3wfp+yg9owywhj de9mEkjqEr/aewhBw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019rsa; t=1601960642; h=from : to : cc : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=j1tHhUfj9WzQat7W04h64Qv+vuU5yy6QwUOP/Ra8Sq4=; b=HsnxsFwKDvQ29DEDenFr8WuaPy6/A8i21viTAt6ukP/ufkykk08++0dZGwe22gWprUk+K GLxiLb9VUqaIjmJJEZ/BzC/HxJjKYwT+osS1CPVESFKXUQGyMPlJ7JV194vVro9Rq9wvtvb 2LIanjwAdZjNNp22vheLWZddt31jJ19kMEqiM0s5moRa7kE0Kd29m1BSro/Ph0OdOzmDSvE G8bQD1Gk2QruZs6JUuY2s/Ez7xrCn+6LViqBV9fgcP27VAhKNMqVWaZq7HSN6Rt7EgcgBei vpURnRnI+7CEfTM0XuvI6hrKRDFfY9PoL/cc+JtgtYo6XHoSL9jw0RG0+TTw== Received: from fifthhorseman.net (unknown [108.58.6.98]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id CC4A7F9A5; Tue, 6 Oct 2020 01:04:01 -0400 (EDT) Received: by fifthhorseman.net (Postfix, from userid 1000) id 4A65B2036E; Tue, 6 Oct 2020 01:03:23 -0400 (EDT) From: Daniel Kahn Gillmor To: Werner Koch , Wiktor Kwapisiewicz Cc: "openpgp\@ietf.org" In-Reply-To: <87v9frgohm.fsf@wheatstone.g10code.de> References: <87v9frgohm.fsf@wheatstone.g10code.de> Autocrypt: addr=dkg@fifthhorseman.net; prefer-encrypt=mutual; keydata= mDMEXEK/AhYJKwYBBAHaRw8BAQdAr/gSROcn+6m8ijTN0DV9AahoHGafy52RRkhCZVwxhEe0K0Rh bmllbCBLYWhuIEdpbGxtb3IgPGRrZ0BmaWZ0aGhvcnNlbWFuLm5ldD6ImQQTFggAQQIbAQULCQgH AgYVCgkICwIEFgIDAQIeAQIXgAIZARYhBMS8Lds4zOlkhevpwvIGkReQOOXGBQJd5Hw3BQkFpJWB AAoJEPIGkReQOOXGDYEA/j0ERjPxDleKMZ2LDcWc/3o5cLFwAVzBKQHppu0Be5IWAP0aeTnyEqlp RTE7M8zugwkhYeUYfYu0BjecDUMnYz6iDLgzBF3kewUWCSsGAQQB2kcPAQEHQK1IuW0GZmcrs2mx CYMl8IHse0tMF8cP7eBNXevrlx2ZiPUEGBYIACYCGwIWIQTEvC3bOMzpZIXr6cLyBpEXkDjlxgUC XeR7TwUJAiGl/gCBdiAEGRYIAB0WIQQsv6x2UaqQJzY+dXHEDyVUMvKBDwUCXeR7BQAKCRDEDyVU MvKBD7KmAQCHs+7588C4jto6fMje0Nu97zzoppjJM7lrGF2rVnbHvwD+MgmGUbHzPSUrTWnZBQDi /QM595bxNrBA4N1CiXhs2AMJEPIGkReQOOXGpp0BAM7YeBnt/UNvxJAGm4DidSfHU7RDMWe6Tgux HrH21cDkAQC9leNFXJsQ7F2ZniRPHa8CkictcQEKPL8VCWpfe8LbArg4BF3ke5wSCisGAQQBl1UB BQEBB0Cf+EiAXtntQMf51xpqb6uZ5O0eCLAZtkg0SXHjA1JlEwMBCAeIfgQYFggAJhYhBMS8Lds4 zOlkhevpwvIGkReQOOXGBQJd5HucAhsMBQkCIaVkAAoJEPIGkReQOOXGdYcBANYnW7VyL2CncKH1 iO4Zr0IwfdIv6rai1PUHL98pVi3cAP9tMh85CKGDa0Xi/fptQH41meollLW5tLb/bEWMuUNuBQ== Date: Tue, 06 Oct 2020 01:03:21 -0400 Message-ID: <87k0w4ndye.fsf@fifthhorseman.net> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" Archived-At: Subject: Re: [openpgp] List of "semantic" changes between 4880 and bis X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Oct 2020 05:04:07 -0000 --=-=-= Content-Type: text/plain On Sat 2020-10-03 20:20:53 +0200, Werner Koch wrote: > On Fri, 2 Oct 2020 15:37, Wiktor Kwapisiewicz said: > >>> A piece is an atom possibly followed by '*', '+', or '?'. >> >> bis: >> >>> A piece is an atom possibly followed by '_', '+', or '?'. > > Good catch. That seems to be a bug introduced with the change to the > new Ruby tool. In the soruce it is correct: > > A piece is an atom possibly followed by '*', '+', or '?'. An atom > followed by '*' matches a sequence of 0 or more matches of the > > Has anyone more experience with that new tool? I've posted several minor cleanup edits here: https://gitlab.com/openpgp-wg/rfc4880bis/-/merge_requests/29 I think that commit 756d8b6a9ba6f3f1e20637a2b628b6984697f022 addresses the concern discussed above, but the whole series is probably worth applying. Regards, --dkg --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQQsv6x2UaqQJzY+dXHEDyVUMvKBDwUCX3v6mgAKCRDEDyVUMvKB D99tAQD+KnmsAaSADZuOFvvOo13PuBsQ35BRXEOKK6hkZVm0jwD/a3/SUEwzGbSS JF5wQsn8cx4+sdMxOLU4LZBVIFxRaAA= =3m2L -----END PGP SIGNATURE----- --=-=-=-- From nobody Tue Oct 20 15:00:06 2020 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 40A153A154D for ; Tue, 20 Oct 2020 14:59:59 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.898 X-Spam-Level: X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Hp0QYgb4jyhJ for ; Tue, 20 Oct 2020 14:59:58 -0700 (PDT) Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 204963A1491 for ; Tue, 20 Oct 2020 14:59:35 -0700 (PDT) Received: from kduck.mit.edu ([24.16.140.251]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 09KLxT0b004735 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 20 Oct 2020 17:59:34 -0400 Date: Tue, 20 Oct 2020 14:59:29 -0700 From: Benjamin Kaduk To: openpgp@ietf.org Message-ID: <20201020215929.GR39170@kduck.mit.edu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Archived-At: Subject: [openpgp] heads-up: re-chartering the OPENPGP WG X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Oct 2020 22:00:05 -0000 Hi all, I know there's been occasional mention of it here and there, but I'm about to begin the official rechartering process for the WG, and I wanted to drop a note here first so that the resulting email traffic makes sense. (From memory, we'll get some state-change messages from the datatracker and then any IESG discussion on the charter text will be copied to the WG list.) Please welcome the chairs for the now-in-proposed-state WG, Daniel Kahn Gillmor and Stephen Farrell! Looking forward to many successful RFCs :) -Ben From nobody Tue Oct 20 17:44:35 2020 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 293BB3A0C10 for ; Tue, 20 Oct 2020 17:44:33 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EnvJQOAzN6vS for ; Tue, 20 Oct 2020 17:44:32 -0700 (PDT) Received: from mailer.hiddenmail.net (mailer.hiddenmail.net [199.195.249.9]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E7AA13A0C0F for ; Tue, 20 Oct 2020 17:44:31 -0700 (PDT) Received: from mailer by mailer.hiddenmail.net with local (Exim 4.80) (envelope-from ) id 1kV2Ew-0001xi-Ev for openpgp@ietf.org; Wed, 21 Oct 2020 02:44:30 +0200 Message-ID: <260d532c97cfcf8285f68fa6080c809317646a76.camel@16bits.net> From: =?ISO-8859-1?Q?=C1ngel?= To: openpgp@ietf.org Date: Wed, 21 Oct 2020 02:44:28 +0200 In-Reply-To: <20201020215929.GR39170@kduck.mit.edu> References: <20201020215929.GR39170@kduck.mit.edu> Content-Type: text/plain; charset="ISO-8859-15" Content-Transfer-Encoding: quoted-printable User-Agent: Evolution 3.30.5-1.1 MIME-Version: 1.0 Archived-At: Subject: Re: [openpgp] heads-up: re-chartering the OPENPGP WG X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Oct 2020 00:44:33 -0000 On 2020-10-20 at 14:59 -0700, Benjamin Kaduk wrote: > Please welcome the chairs for the now-in-proposed-state WG, > Daniel Kahn Gillmor and Stephen Farrell! >=20 > Looking forward to many successful RFCs :) >=20 > -Ben Nice to hear! Although I would be happy to see just a few for now :-) From nobody Tue Oct 20 17:55:28 2020 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 68B733A0C82 for ; Tue, 20 Oct 2020 17:55:11 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.099 X-Spam-Level: X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ihtfp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G22bLbQDTu_r for ; Tue, 20 Oct 2020 17:55:09 -0700 (PDT) Received: from mail2.ihtfp.org (MAIL2.IHTFP.ORG [204.107.200.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 702B53A0C88 for ; Tue, 20 Oct 2020 17:55:08 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail2.ihtfp.org (Postfix) with ESMTP id B5226E203F; Tue, 20 Oct 2020 20:55:07 -0400 (EDT) Received: from mail2.ihtfp.org ([127.0.0.1]) by localhost (mail2.ihtfp.org [127.0.0.1]) (amavisd-maia, port 10024) with ESMTP id 25140-06; Tue, 20 Oct 2020 20:55:06 -0400 (EDT) Received: by mail2.ihtfp.org (Postfix, from userid 48) id 9E4EFE2040; Tue, 20 Oct 2020 20:55:06 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ihtfp.com; s=default; t=1603241706; bh=jYg27JRrhAZOJMSFK4cVj9pR2RtOhCWV0fxw30iqiBM=; h=In-Reply-To:References:Date:Subject:From:To:Cc; b=RtIJHLZMXVCqcqmLyhJD9ZjE43pq/6jeJSd439Ec+VOewADUst8o249eLA92fsM2+ gYEibN2mxQhGbaC5bBjLHtmpVaXKIMw8PKGONT6Fm2+EIFWkF6U2ueSkvwTxZZLQMd EYJDETqXpqUGIgoIFkNf6NkqlRbVs/F3bwbtqZEU= Received: from 192.168.248.158 (SquirrelMail authenticated user warlord) by mail2.ihtfp.org with HTTP; Tue, 20 Oct 2020 20:55:06 -0400 Message-ID: <73b6595fad9bd10d2772a5c6842adabc.squirrel@mail2.ihtfp.org> In-Reply-To: <260d532c97cfcf8285f68fa6080c809317646a76.camel@16bits.net> References: <20201020215929.GR39170@kduck.mit.edu> <260d532c97cfcf8285f68fa6080c809317646a76.camel@16bits.net> Date: Tue, 20 Oct 2020 20:55:06 -0400 From: "Derek Atkins" To: "Benjamin Kaduk" Cc: openpgp@ietf.org User-Agent: SquirrelMail/1.4.22-14.fc20 MIME-Version: 1.0 Content-Type: text/plain;charset=utf-8 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-Virus-Scanned: Maia Mailguard 1.0.2a Archived-At: Subject: Re: [openpgp] heads-up: re-chartering the OPENPGP WG X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Oct 2020 00:55:11 -0000 On Tue, October 20, 2020 8:44 pm, Ángel wrote: > On 2020-10-20 at 14:59 -0700, Benjamin Kaduk wrote: >> Please welcome the chairs for the now-in-proposed-state WG, >> Daniel Kahn Gillmor and Stephen Farrell! >> >> Looking forward to many successful RFCs :) >> >> -Ben > > Nice to hear! Although I would be happy to see just a few for now :-) This is complete news to me; I have seen no proposed charter sent to this mailing list. Did I miss it? -derek -- Derek Atkins 617-623-3745 derek@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant From nobody Tue Oct 20 18:00:02 2020 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 76F803A0C96 for ; Tue, 20 Oct 2020 18:00:01 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.101 X-Spam-Level: X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ribose.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EI-25-VGsKHm for ; Tue, 20 Oct 2020 18:00:00 -0700 (PDT) Received: from APC01-HK2-obe.outbound.protection.outlook.com (mail-eopbgr1300083.outbound.protection.outlook.com [40.107.130.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D409D3A0C92 for ; Tue, 20 Oct 2020 17:59:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=HepWJr92V1MVGq6cBkqXZv7fairoZddenJcOyZHUmkjNWKWwbND6Up6QmO05fbeMZBsP65xKt0dFQU4P6ZBIIGtiKYuNXlL2K6Wf9XDkJDCtVpCn2cWa/0/O4mFFcgtD8uamrKByAZjuT3qyjo6bNYbVBsYuHvnlppJ7EwHVnuWgKmlfuOJbhX6T4WGLS8GnrtbO6BVmRy+IKUBRLuxZShWonUI6e8BBHmvuVtn0Ee7wJR/0FdBaqklCrSu6Xo8XEt7QWb/+xztlJjKqxI+uEr+7aMlXXqHLqa5EElLPaByKLNHATtDYt4M0xvZ19d5zfUArNOGouqpvS3T2rBR57Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OACd1/EC14/jO5TAq2dGy8HPPyRgspcrPa1mp3w97gM=; b=OkQ+EowRM61G9K06f7T2E0w7+tOL477hdlSp+FgFgiQWn63/yVeTaJC9XvRfouPALzTMGcJqdO7k8y2fzdCphQRGjpPs/IMxhTVp2ObNPec+fHIK75lrA9cygM7AeyK5fHVw6l3LzirbN6e6mWJ1xrRpU+cArNeLp/ldGyt/xhH6ozkjKOXxYU5bmJ+Wj1i2A6bDJ2u5vealNG44FfT1x72iykl8gkz6t/meI69p1KF50ChIZ7DYbI+SZkzagJvmlx8/NM3tNLz5K6RazBdJ4utwflyWk46ygPUHH0OBiERyN78VKGt/ljYCKKFi+X2QzR2vT3UNiTEBdnYudwKW2A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ribose.com; dmarc=pass action=none header.from=ribose.com; dkim=pass header.d=ribose.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ribose.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OACd1/EC14/jO5TAq2dGy8HPPyRgspcrPa1mp3w97gM=; b=QQZ+I6+fHyHKC8AFEWGzNa9V8cAedOyLbtMf1/vcUENJM5L/PBKKzz/jOgr0SIv7Z4gA39aUJ24vv+jIeJG0mybfe4ESSq35Q3WDK4juhfAQ8K0NY+IeuZnusDu827S2JQ4HnPVZjjuHmmRzBSaN1R1+Y0Eigm1ho9ZJcZ514so= Received: from HK0PR01MB2900.apcprd01.prod.exchangelabs.com (2603:1096:203:98::14) by HK0PR01MB2545.apcprd01.prod.exchangelabs.com (2603:1096:203:a3::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3477.21; Wed, 21 Oct 2020 00:59:50 +0000 Received: from HK0PR01MB2900.apcprd01.prod.exchangelabs.com ([fe80::b8:4b19:ebf4:7724]) by HK0PR01MB2900.apcprd01.prod.exchangelabs.com ([fe80::b8:4b19:ebf4:7724%5]) with mapi id 15.20.3477.029; Wed, 21 Oct 2020 00:59:50 +0000 From: Ronald Tse To: Derek Atkins CC: Benjamin Kaduk , "openpgp@ietf.org" Thread-Topic: [openpgp] heads-up: re-chartering the OPENPGP WG Thread-Index: AQHWpyynDWg5bnc+SU2qR9RgE4Pdx6mhOFAAgAAC+ACAAAFThw== Date: Wed, 21 Oct 2020 00:59:50 +0000 Message-ID: <0FC168CB-4394-4924-82B9-B40A15969FF0@ribose.com> References: <20201020215929.GR39170@kduck.mit.edu> <260d532c97cfcf8285f68fa6080c809317646a76.camel@16bits.net>, <73b6595fad9bd10d2772a5c6842adabc.squirrel@mail2.ihtfp.org> In-Reply-To: <73b6595fad9bd10d2772a5c6842adabc.squirrel@mail2.ihtfp.org> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: mit.edu; dkim=none (message not signed) header.d=none;mit.edu; dmarc=none action=none header.from=ribose.com; x-originating-ip: [203.145.95.246] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 1588f5fd-2a6e-49f5-0b08-08d8755c9d14 x-ms-traffictypediagnostic: HK0PR01MB2545: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:6790; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: o/QNVoFvRo+l7CzIFgcS4WfhAFFIxj3s+kZuLqpZqNGj2YO0DyYS2Ycpi+x5PaHY86SLCG/KhlFqcyIojs1VFa5wM0BasmPvJQO9J2GwVzXscy1tFa4GiK2Y4zflJ/deyeJit0Ssq7Q6+kddoi7W5SOKk8i1IE9C9AVxH5DPoBh1eUcc1VN/cCC4SW5WeCnF5n3BTc3R56RxXQzASMtOeiM3zdCF4gGbQDt6NW5svjqkmudOKOj9QCr89k04JY+zLLnJV/Wzbtd7bZ3OEOfEDWnk5Kc2ZGozP0UMNr8JrbLZ3PtS37ez/+h8vbu6e1USu3cX/emBNAia5GJyisJ8NhJZyWg9dFT7Ng5T3MYbE3QFFJpDgf0kADvewHp2zwnxXqrXsbciEld1nlIQXUwebQ== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HK0PR01MB2900.apcprd01.prod.exchangelabs.com; PTR:; CAT:NONE; SFS:(376002)(136003)(396003)(366004)(346002)(39830400003)(83380400001)(6486002)(4744005)(33656002)(66574015)(6512007)(71200400001)(8936002)(36756003)(86362001)(8676002)(4326008)(5660300002)(2616005)(76116006)(4001150100001)(6916009)(66476007)(64756008)(66556008)(316002)(2906002)(966005)(66446008)(478600001)(54906003)(6506007)(15974865002)(66946007)(186003)(53546011)(26005); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata: aV7FNuJ//iQcI+vvRyi28aaiQByKkoZK8qTCoMcN7yYar2oDY0wsUXSWnwfNp/TEIaSxn/nqJNrczVLDLVo/61N5TJ6K5ySbpCcF+R/cn0dHNWW5ZoFrsoNSAIlWI7AdrsxAV4UCK5ScckoM0dDH+yAgvY8IwSYZMC9fXypecoMcaS+oQdZGkTM2vHU1bVqwrGV6TzA9IXI+gW3N7cfCWRQ/KlfHjLrvVSqLqtH+V9wmEpGKDq26ijU/0neFHi1LcFS1rERcwkdi5z6jfo6BOwuNSPrv0JbeKguRxUFwjnruMFuxGAp20TAalv9aE8vzavFEvCkhaCtjBCFKsgHE/BXoCaVCz8ieu9LH5YxfgcCBEI/OOgVKVbJHMDNEwAvaMIOCM2L5e9Lg146AsuX4iC5IT8ZYvqmiVxIdd/zRCKTlyJiiRQLmNJsqdlvIgo/3OjqHVamV+eb5DL1CeIgO1Kh3dq7QVYx8Uw395mRGcLGcPf9qkFrmWJhnWreWP5cRjTG9l8pIJhY95+9kjp4Usbi5fHSsbxc1UfSL5g+tupJSJrQlO/y1w6B6k77uY3o7IEVot+ylVNvC2Xo5vrKJnecQ/YHhOBGvHfSK5NCARf4sYr5TwMnVNqh4EW2Rnuk2q7oQ46hj8J7ZirCnKBtTXw== x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: ribose.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: HK0PR01MB2900.apcprd01.prod.exchangelabs.com X-MS-Exchange-CrossTenant-Network-Message-Id: 1588f5fd-2a6e-49f5-0b08-08d8755c9d14 X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Oct 2020 00:59:50.3503 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: d98a04ff-ef98-489b-b33c-13c23a2e091a X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: JdL18EkCKbef4n7rEmcowE3ex6mqcCxX+LmD1xOIB739g79/qTPT/i0y/aYPrzMZ X-MS-Exchange-Transport-CrossTenantHeadersStamped: HK0PR01MB2545 Archived-At: Subject: Re: [openpgp] heads-up: re-chartering the OPENPGP WG X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Oct 2020 01:00:02 -0000 SSBzZWNvbmQgRGVyZWvigJlzIG1lc3NhZ2UgaGVyZSwgaGF2ZW7igJl0IHNlZW4gYSBwcm9wb3Nl ZCBjaGFydGVyIGF0IHRoZSBtYWlsaW5nIGxpc3Q/DQoNCl9fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX18NCg0KUm9uYWxkIFRzZQ0KUmlib3NlIEluYy4NCg0KPiBPbiBPY3QgMjEs IDIwMjAsIGF0IDg6NTUgQU0sIERlcmVrIEF0a2lucyA8ZGVyZWtAaWh0ZnAuY29tPiB3cm90ZToN Cj4gDQo+IO+7vw0KPj4gT24gVHVlLCBPY3RvYmVyIDIwLCAyMDIwIDg6NDQgcG0sIMOBbmdlbCB3 cm90ZToNCj4+PiBPbiAyMDIwLTEwLTIwIGF0IDE0OjU5IC0wNzAwLCBCZW5qYW1pbiBLYWR1ayB3 cm90ZToNCj4+PiBQbGVhc2Ugd2VsY29tZSB0aGUgY2hhaXJzIGZvciB0aGUgbm93LWluLXByb3Bv c2VkLXN0YXRlIFdHLA0KPj4+IERhbmllbCBLYWhuIEdpbGxtb3IgYW5kIFN0ZXBoZW4gRmFycmVs bCENCj4+PiANCj4+PiBMb29raW5nIGZvcndhcmQgdG8gbWFueSBzdWNjZXNzZnVsIFJGQ3MgOikN Cj4+PiANCj4+PiAtQmVuDQo+PiANCj4+IE5pY2UgdG8gaGVhciEgQWx0aG91Z2ggSSB3b3VsZCBi ZSBoYXBweSB0byBzZWUganVzdCBhIGZldyBmb3Igbm93IDotKQ0KPiANCj4gVGhpcyBpcyBjb21w bGV0ZSBuZXdzIHRvIG1lOyBJIGhhdmUgc2VlbiBubyBwcm9wb3NlZCBjaGFydGVyIHNlbnQgdG8g dGhpcw0KPiBtYWlsaW5nIGxpc3QuDQo+IERpZCBJIG1pc3MgaXQ/DQo+IA0KPiAtZGVyZWsNCj4g LS0gDQo+ICAgICAgIERlcmVrIEF0a2lucyAgICAgICAgICAgICAgICAgNjE3LTYyMy0zNzQ1DQo+ ICAgICAgIGRlcmVrQGlodGZwLmNvbSAgICAgICAgICAgICB3d3cuaWh0ZnAuY29tDQo+ICAgICAg IENvbXB1dGVyIGFuZCBJbnRlcm5ldCBTZWN1cml0eSBDb25zdWx0YW50DQo+IA0KPiBfX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXw0KPiBvcGVucGdwIG1haWxp bmcgbGlzdA0KPiBvcGVucGdwQGlldGYub3JnDQo+IGh0dHBzOi8vd3d3LmlldGYub3JnL21haWxt YW4vbGlzdGluZm8vb3BlbnBncA0K From nobody Tue Oct 20 18:20:27 2020 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B55D63A07B7 for ; Tue, 20 Oct 2020 18:20:25 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.246 X-Spam-Level: X-Spam-Status: No, score=-2.246 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, NICE_REPLY_A=-0.247, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GyidjYRaXOD2 for ; Tue, 20 Oct 2020 18:20:23 -0700 (PDT) Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 816593A07AE for ; Tue, 20 Oct 2020 18:20:23 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 13A87BE2E; Wed, 21 Oct 2020 02:20:21 +0100 (IST) X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AEtpVHLgPGF2; Wed, 21 Oct 2020 02:20:19 +0100 (IST) Received: from [10.244.2.119] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id A30C5BE20; Wed, 21 Oct 2020 02:20:18 +0100 (IST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1603243218; bh=P98m9Y25TH2SCFV3cBZGQ7uStpRIgYhpu0KJ5DOMxr8=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=VJLMPaMv/pm1bMLS3OYx1zfhdq1bnuV2JgD7s9YEX6G+dgMeuxqmdEEv/ri4kl3Ft TT9ppWkKLl8+pp/aZgd9OGoK9Kc6ThjbrsAgHW+3f4TQoYm4usdVh2d2TDmYk1/QCC JuP5nnQPlctLthsaeOlrHikuXyYyaXm1rG64mpX0= To: Ronald Tse , Derek Atkins Cc: "openpgp@ietf.org" , Benjamin Kaduk References: <20201020215929.GR39170@kduck.mit.edu> <260d532c97cfcf8285f68fa6080c809317646a76.camel@16bits.net> <73b6595fad9bd10d2772a5c6842adabc.squirrel@mail2.ihtfp.org> <0FC168CB-4394-4924-82B9-B40A15969FF0@ribose.com> From: Stephen Farrell Autocrypt: addr=stephen.farrell@cs.tcd.ie; prefer-encrypt=mutual; keydata= mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nemCP5PMvmh 5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kTq0IqYzsEv5HI58S+ QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtEgvw4fVhVWJuyy3w//0F2tzKr EMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy+pAh4EKzS1FE7BOZp9daMu9MUQmDqtZU bUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqO Vz+7L+WiVfxLbeVqBwV+4uL9to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJg b097ZaNyuY1ETghVB5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k 4LyM2lp5FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9tlyWxn5Xi HzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQABtDJTdGVwaGVuIEZh cnJlbGwgKDIwMTcpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPokCQAQTAQgAKgIbAwUJ CZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAUCWj6jdwIZAQAKCRBasvrxexcr6o7QD/9m x9DPJetmW794RXmNTrbTJ44zc/tJbcLdRBh0KBn9OW/EaAqjDmgNJeCMyJTKr1ywaps8HGUN hLEVkc14NUpgi4/Zkrbi3DmTp25OHj6wXBS5qVMyVynTMEIjOfeFFyxG+48od+Xn7qg6LT7G rHeNf+z/r0v9+8eZ1Ip63kshQDGhhpmRMKu4Ws9ZvTW2ACXkkTFaSGYJj3yIP4R6IgwBYGMz DXFX6nS4LA1s3pcPNxOgrvCyb60AiJZTLcOk/rRrpZtXB1XQc23ZZmrlTkl2HaThL6w3YKdi Ti1NbuMeOxZqtXcUshII45sANm4HuWNTiRh93Bn5bN6ddjgsaXEZBKUBuUaPBl7gQiQJcAlS 3MmGgVS4ZoX8+VaPGpXdQVFyBMRFlOKOC5XJESt7wY0RE2C8PFm+5eywSO/P1fkl9whkMgml 3OEuIQiP2ehRt/HVLMHkoM9CPQ7t6UwdrXrvX+vBZykav8x9U9M6KTgfsXytxUl6Vx5lPMLi 2/Jrsz6Mzh/IVZa3xjhq1OLFSI/tT2ji4FkJDQbO+yYUDhcuqfakDmtWLMxecZsY6O58A/95 8Qni6Xeq+Nh7zJ7wNcQOMoDGj+24di2TX1cKLzdDMWFaWzlNP5dB5VMwS9Wqj1Z6TzKjGjru q8soqohwb2CK9B3wzFg0Bs1iBI+2RuFnxLkCDQRaPVAyARAA+g3R0HzGr/Dl34Y07XqGqzq5 SU0nXIu9u8Ynsxj7gR5qb3HgUWYEWrHW2jHOByXnvkffucf5yzwrsvw8Q8iI8CFHiTYHPpey 4yPVn6R0w/FOMcY70eTIu/k6EEFDlDbs09DtKcrsT9bmN0XoRxITlXwWTufYqUnmS+YkAuk+ TLCtUin7OdaS2uU6Ata3PLQSeM2ZsUQMmYmHPwB9rmf+q2I005AJ9Q1SPQ2KNg/8xOGxo13S VuaSqYRQdpV93RuCOzg4vuXtR+gP0KQrus/P2ZCEPvU9cXF/2MIhXgOz207lv3iE2zGyNXld /n8spvWk+0bH5Zqd9Wcba/rGcBhmX9NKKDARZqjkv/zVEP1X97w1HsNYeUFNcg2lk9zQKb4v l1jx/Uz8ukzH2QNhU4R39dbF/4AwWuSVkGW6bTxHJqGs6YimbfdQqxTzmqFwz3JP0OtXX5q/ 6D4pHwcmJwEiDNzsBLl6skPSQ0Xyq3pua/qAP8MVm+YxCxJQITqZ8qjDLzoe7s9X6FLLC/DA L9kxl5saVSfDbuI3usH/emdtn0NA9/M7nfgih92zD92sl1yQXHT6BDa8xW1j+RU4P+E0wyd7 zgB2UeYgrp2IIcfG+xX2uFG5MJQ/nYfBoiALb0+dQHNHDtFnNGY3Oe8z1M9c5aDG3/s29QbJ +w7hEKKo9YMAEQEAAYkCJQQYAQgADwUCWj1QMgIbDAUJCZQmAAAKCRBasvrxexcr6qwvD/9b Rek3kfN8Q+jGrKl8qwY8HC5s4mhdDJZI/JP2FImf5J2+d5/e8UJ4fcsT79E0/FqX3Z9wZr6h sofPqLh1/YzDsYkZDHTYSGrlWGP/I5kXwUmFnBZHzM3WGrL3S7ZmCYMdudhykxXXjq7M6Do1 oxM8JofrXGtwBTLv5wfvvygJouVCVe87Ge7mCeY5vey1eUi4zSSF1zPpR6gg64w2g4TXM5qt SwkZVOv1g475LsGlYWRuJV8TA67yp1zJI7HkNqCo8KyHX0DPOh9c+Sd9ZX4aqKfqH9HIpnCL AYEgj7vofeix7gM3kQQmwynqq32bQGQBrKJEYp2vfeO30VsVx4dzuuiC5lyjUccVmw5D72J0 FlGrfEm0kw6D1qwyBg0SAMqamKN6XDdjhNAtXIaoA2UMZK/vZGGUKbqTgDdk0fnzOyb2zvXK CiPFKqIPAqKaDHg0JHdGI3KpQdRNLLzgx083EqEc6IAwWA6jSz+6lZDV6XDgF0lYqAYIkg3+ 6OUXUv6plMlwSHquiOc/MQXHfgUP5//Ra5JuiuyCj954FD+MBKIj8eWROfnzyEnBplVHGSDI ZLzL3pvV14dcsoajdeIH45i8DxnVm64BvEFHtLNlnliMrLOrk4shfmWyUqNlzilXN2BTFVFH 4MrnagFdcFnWYp1JPh96ZKjiqBwMv/H0kw== Message-ID: <8e5fca53-4a3c-bb64-ef87-3a0f9d4bc11b@cs.tcd.ie> Date: Wed, 21 Oct 2020 02:20:17 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 MIME-Version: 1.0 In-Reply-To: <0FC168CB-4394-4924-82B9-B40A15969FF0@ribose.com> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="deldxpqnstLeHs3aAUw6YW9TN1jvcC0rN" Archived-At: Subject: Re: [openpgp] heads-up: re-chartering the OPENPGP WG X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Oct 2020 01:20:26 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --deldxpqnstLeHs3aAUw6YW9TN1jvcC0rN Content-Type: multipart/mixed; boundary="Mb41sKV6BeQZw5wVEzNV6e17VHF9gaJCn"; protected-headers="v1" From: Stephen Farrell To: Ronald Tse , Derek Atkins Cc: "openpgp@ietf.org" , Benjamin Kaduk Message-ID: <8e5fca53-4a3c-bb64-ef87-3a0f9d4bc11b@cs.tcd.ie> Subject: Re: [openpgp] heads-up: re-chartering the OPENPGP WG References: <20201020215929.GR39170@kduck.mit.edu> <260d532c97cfcf8285f68fa6080c809317646a76.camel@16bits.net> <73b6595fad9bd10d2772a5c6842adabc.squirrel@mail2.ihtfp.org> <0FC168CB-4394-4924-82B9-B40A15969FF0@ribose.com> In-Reply-To: <0FC168CB-4394-4924-82B9-B40A15969FF0@ribose.com> --Mb41sKV6BeQZw5wVEzNV6e17VHF9gaJCn Content-Type: multipart/mixed; boundary="------------D465D73252C688231C7668EC" Content-Language: en-US This is a multi-part message in MIME format. --------------D465D73252C688231C7668EC Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hiya, The draft charter is at [1]. Comments and discussion of that are more than welcome. =46rom my POV, I'm happy to try help out to get a fairly minimal bit of progress progressed (as an RFC) - if we can usefully succeed in that (which isn't a given). FWIW, I do think starting with a very modest goal is likely a good plan for now. A bit of success (in terms of an RFC that is implemented, deployed and more up to date) is already not that easy, but success does breed success so if we got that done, then extending the charter based on success is not so hard. Cheers, S. [1] https://datatracker.ietf.org/doc/charter-ietf-openpgp/ On 21/10/2020 01:59, Ronald Tse wrote: > I second Derek=E2=80=99s message here, haven=E2=80=99t seen a proposed = charter at the mailing list? >=20 > _____________________________________ >=20 > Ronald Tse > Ribose Inc. >=20 >> On Oct 21, 2020, at 8:55 AM, Derek Atkins wrote: >> >> =EF=BB=BF >>> On Tue, October 20, 2020 8:44 pm, =C3=81ngel wrote: >>>> On 2020-10-20 at 14:59 -0700, Benjamin Kaduk wrote: >>>> Please welcome the chairs for the now-in-proposed-state WG, >>>> Daniel Kahn Gillmor and Stephen Farrell! >>>> >>>> Looking forward to many successful RFCs :) >>>> >>>> -Ben >>> >>> Nice to hear! Although I would be happy to see just a few for now :-)= >> >> This is complete news to me; I have seen no proposed charter sent to t= his >> mailing list. >> Did I miss it? >> >> -derek >> --=20 >> Derek Atkins 617-623-3745 >> derek@ihtfp.com www.ihtfp.com >> Computer and Internet Security Consultant >> >> _______________________________________________ >> openpgp mailing list >> openpgp@ietf.org >> https://www.ietf.org/mailman/listinfo/openpgp > _______________________________________________ > openpgp mailing list > openpgp@ietf.org > https://www.ietf.org/mailman/listinfo/openpgp >=20 --------------D465D73252C688231C7668EC Content-Type: application/pgp-keys; name="0x5AB2FAF17B172BEA.asc" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="0x5AB2FAF17B172BEA.asc" -----BEGIN PGP PUBLIC KEY BLOCK----- mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nem CP5PMvmh5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kT q0IqYzsEv5HI58S+QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtE gvw4fVhVWJuyy3w//0F2tzKrEMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy +pAh4EKzS1FE7BOZp9daMu9MUQmDqtZUbUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5 iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqOVz+7L+WiVfxLbeVqBwV+4uL9 to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJgb097ZaNyuY1ETghV B5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k4LyM2lp5 FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9t lyWxn5XiHzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQAB tCFTdGVwaGVuIEZhcnJlbGwgPHN0ZXBoZW5AamVsbC5pZT6JAj0EEwEIACcFAlo9 UYwCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQWrL68XsXK+qG CxAApYHWYgGOIL3G6/OpkejdAkQoCVQAK8LJUSf6vzwost4iVfxIKcKW/3RqKNKk rRl8beJ7j1CWXAz9+VXAOsE9+zNxXIDgGA7HlvJnhffl+qwibVgiHgUcJFhCSbBr sjC+1uULaTU8zYEyET//GOGPLF+X+degkE/sesh4zcEAjF7fGPnlncdCCH3tvPZZ sdTcjwOCRVonKsDgQzBTCMz/RPBfEFX44HZx4g1UQAcCA4xlucY8QkJEyCrSNGpG nvGK8DcGSmnstl1/a9fnlhpdFxieX3oY2phJ1WKkYTn6Advrek3UP71CKxpgtPmk d3iUUz/VZa0Cv6YxQXskspRDVEvdCMYSQBtJPQ4y2+5UxVR9GIQXenwYp9AP2niv Voh+ITsDWWeWnnvYMq07rSDjq0nGdj41MJkNX+Yb2PXVyXItcj5ybE3T2+y3pSBG FEZYJGuaL4NwtBJFMOdOtBmUOPbetS2971EL3Izxb7ibOZWDwexv+8R6SWYfP1wV N3p46RyBQuXqJV8ccE11m6vtZTGSYgnLUUFZMRQYH+0hwuYe0T3AA18xDdSYsa8v ovCCd3l5S4UNzIM2PMChqGrEzKapUpZg7+8ACcxRU3b9Ihd7WYjJ+pQPCoWYKozv tEvenbNpE/govO/ED3B14e+R2yevRPjRrsN7PJzSf15fQLuJARwEEAEIAAYFAlo9 UqAACgkQLzyHNoBfjaLrSwf+MIHbFRQ4O5cmLYR5sIByWelN3SuRN/gW8rpKo9Ok Cz6An8uV/iCXy5tNMLzzi0BFl8f22DwBcC5qy9qnlIAdogWam1qWoTAoAD8veEqm uKhYrqJsCcAyNrKYmK0hP3rpHxx1LySDmKYXmw/8qtBXKHTouMm+5tSsznhykRMT AAr2p7PSaHgo+hIVaW/rKSspHjDhhZS+G9mtOZad1IH29M6G1Q1NCO0Ywe8krKLQ IAQlFxtgvOqpPOZNzeKBa/+KbE8TGgMWrkOhC8OeEM5PVzdDhlhD9kPzB/pCKDF5 DofJ/ZRqnDpbKPQ0bsW38AOig3kOc0A27awiBEw3urqR1YkCMwQQAQgAHRYhBH4X CgRchM9GDit5oBDvedn9g1MSBQJbtyScAAoJEBDvedn9g1MSI/oP/0A9J9nrnBMq Zpm857lfYWw+rshLK+tyeP4OQeOqnDFvs9jePpcyJLG3DF2r6VbVKPQq+AE6Uf5h cJBDEN6BjEhRPSbLcqG3A1cz/nNwm8rPmNp+oKhmaBBQGxwciMLmzgynsDydnjPp MyEs04zvsbsl4vrp2095o105l8KcrrxQrioFjbwveGwHQK9bxJKhx9D+gIk+MouB ur45UDKTZkMZrr9FGrtkyXCGAxvKdcNC5Oa8z9sj1rcUJfG/OpVAMWhArdlZbFUQ yoX6pU2Zb1CR2qpWAVerGSfBhmfCyStjARqaKxlftjO+Bj3Jj73Cr5eqej3qB5+V 4BCsPjr4RLvVbYUCPsRdxWc+nBLlfVYkRURu21g1hFm5KFPjgUkyo1s4vjUOY8Dy I+xLGF7f/IhUBG6l+Vswhpwu7ydalZkeFiPx5xna5NfbEYxvsIf71DvipGvIOaHv X4egWoFgm8n/9c3rcMxJtpwHPSsUt5dgLsyu6VE0IbvOAc3dN7CWJ355DVFJq9Zg 2YVf0izSpyyzJeGsgkfjW6xpmdvZxuT2UcN4BTcm6vYqueASGrb3lfhzC5gpeVsc /MoSjTS65vNWbpzONZWMZuLEFraxWJzC0JrDK3NCd0VN3kstqGkVbUIiYOnUm8Vu 4zoVMLlGWzHLIGoPRG2nRezn1YyNfyb5iQGcBBABCgAGBQJbxcflAAoJEGo7ETk8 pK1gE7QL/ApC5P68W5DrI1787WJVZv1u4t/g39vTr7Xer3UMTVQg10vpa7pmqOGh jIDzDMg3Pe3K3M7fVzfAlUA1qw6ne4RCueVoRKpubeF4AlYbMr0K6hNCPjt5uAxm bBVuejKTc6pru5rv5gKL0nDbr+Snft5xt7juBLSSimw0/41sZnkjCxo9rF/RA/v6 +uWyK171RKmsEYu8fFtw1eqUNt/Xj792TUixE3pxXheNtQtZGk/9P3W83ChhG4Fh 5EQsn0pIh9wZIAbMRLpgRKyW87fWHZC8/YH8h7afarvn9Thl5pFUldCe22mNJj6K LChn2aEHQd+PdY1GBpZEcmNEUPuovwzatM0h64hCzTm41eDqRfihZVBT7TbfXQnv 8rywa42Mk756RGzzEZcQEhwQXZcMQUfxIQQ2VyJo0zG36VdZTQF7TF/4Lz7/3cJ5 6jOIm+dwPXtu+C2wAQuD4USOLt4JWPYpqzDfHYJIND/497P9Z9SuQeahr2ez3DRB g3qsHEjBV7QyU3RlcGhlbiBGYXJyZWxsICgyMDE3KSA8c3RlcGhlbi5mYXJyZWxs QGNzLnRjZC5pZT6JAkAEEwEIACoCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwEC HgECF4AFAlo+o3cCGQEACgkQWrL68XsXK+qO0A//ZsfQzyXrZlu/eEV5jU620yeO M3P7SW3C3UQYdCgZ/TlvxGgKow5oDSXgjMiUyq9csGqbPBxlDYSxFZHNeDVKYIuP 2ZK24tw5k6duTh4+sFwUualTMlcp0zBCIzn3hRcsRvuPKHfl5+6oOi0+xqx3jX/s /69L/fvHmdSKet5LIUAxoYaZkTCruFrPWb01tgAl5JExWkhmCY98iD+EeiIMAWBj Mw1xV+p0uCwNbN6XDzcToK7wsm+tAIiWUy3DpP60a6WbVwdV0HNt2WZq5U5Jdh2k 4S+sN2CnYk4tTW7jHjsWarV3FLISCOObADZuB7ljU4kYfdwZ+WzenXY4LGlxGQSl AblGjwZe4EIkCXAJUtzJhoFUuGaF/PlWjxqV3UFRcgTERZTijguVyREre8GNERNg vDxZvuXssEjvz9X5JfcIZDIJpdzhLiEIj9noUbfx1SzB5KDPQj0O7elMHa1671/r wWcpGr/MfVPTOik4H7F8rcVJelceZTzC4tvya7M+jM4fyFWWt8Y4atTixUiP7U9o 4uBZCQ0GzvsmFA4XLqn2pA5rVizMXnGbGOjufAP/efEJ4ul3qvjYe8ye8DXEDjKA xo/tuHYtk19XCi83QzFhWls5TT+XQeVTMEvVqo9Wek8yoxo67qvLKKqIcG9givQd 8MxYNAbNYgSPtkbhZ8SJARwEEAEIAAYFAlo9UqAACgkQLzyHNoBfjaLzHAgAlWT6 NXEGtw/r1miKNGcopzvzILQ9oB8rKI9U9EL6tOf/y2V5oYee/GyQDb3ZdoPxxYYc Jf+RyiH1nMoqUIZiZJaf3bJXinDZ5+AdfE++UR2NBvqaNyC6u3r24jo1B/sagKbY tWgsYtRqHLD4IWi37MZrVyjBuF7u14Q07+uhjq6mX2O/tHpCYw/Q82tbeTRPyUf1 WQOAfD1kfBpW9PvAva5Iw9FWeXpCXRzwxnCZhYfGfqtuSw6CPBYLdbikqML6FZ7E DuTBb/8um1wK7Y9bgeIQC+CYjhYB5RXa1tDJRab2Js4luCvSR0w/CgHw26293tlv e2Q6UTrmHxP5U22DlokCPQQTAQgAJwUCWj1QMgIbAwUJCZQmAAULCQgHAgYVCAkK CwIEFgIDAQIeAQIXgAAKCRBasvrxexcr6tJpD/4rrILH+meP07vrx8wW5eYuqCiP GYnh/CXxIF8eLrfbe5d4QRgtq+w6UeQPMyzKRIRiCoBXB2oJLBZHyxBPxZlg33dT MrEGn8QWKx2iNuz9rZMXyOSWFetuO01d/aUPd5BnbLbIyK5of8xCQlXM6KH8bc+9 gQ7edR9mfLTdvBf2FR522hg8BRBM1imKc3vO8v39+qIHHRjuiwxBBCAOhHtHRsZX ripS0uFA07dM46Oi/E8osjx6fQt/lH5z/PN+2adxYSrLSAXfr1oD3RxYNhuWgyGF L64/VCQb1YGjf0Z5MBPnWm9jgUoOY5K9eNSS0L83WeJjlF5+Q/WOgB+rb49Prm2D Feo9+S9f2V53Llz1WIspXJg6f+n9lmHE94MfQj1GAHCzI0FeL19lvM+LhD8jJSCb hrC3+yobyy/AUOs5Z3E+njjX1FF/VCVAs6iOa6i+XG+Y1hh3ir2y1kckJ5auT10M SU8GEZu9ayU4M3o3N9yxOjaoP0NuQ4MMLL/n/u4u94AeZaHPNBXn/hVfVRRmpRXt GKvJtFAEppGEYezB+bLKIm6XlpPkhnwYzleLZ7AMEco2C6QM8QPB3g3JpS3sqRhA 5rEP4lL16BmijmF+CHoPE/zwgKZbKpyVDqvIW5IDgvfIC2X4pbZDRvGIUKaGSB4+ ksZgUUnNyvfQr2p7jokCMwQQAQgAHRYhBH4XCgRchM9GDit5oBDvedn9g1MSBQJb tySbAAoJEBDvedn9g1MSeKkQAJm44jt1kwHgQgeDBKdjdvl0AjE0xVEQxriZ6lP/ l//34YT0auFfzsYIrChSpQXAEtobBAr4Ohw1Us+BZe+H5P8vm6LRuPwozC3SjwfX 4Iec8+9ot6tIVg4sbedDSgb/CCFVjsmIGcQ1P73JLJTBJ6mxYCV/gn3QC6bwDOFo 7kD9FDHCjRN8XfhHQ4Q9cYyt06uF31qG/aumgWYC9geCGgAwiHgwxNYb9GoJ0iZj CROwbYvLTcQgsVUW2bTmsVR13UVKDsdl02sRV7qcVYW6R0a3Ra8KudX+nt25H5DR Gd382KZ5W8pydsy/viTvD9z6v0ulChBYxAedIvGIClrhbxlLEPmIg4ImVOLGqsUg Vm32J95WOjEkk4PEZ12xSDBtwhSJqmJNboWlfmw43KdIbY8zNhffIO3N6O7FsdGx mqyHeLoTpqY+ySVUPpbuyW8ujnI/J//+6hdTZ9dQsEJQlWngKuWOQ5ma58MPSN88 zllsqhZAFQjNxqnkSzL6ZQ+v/jvuRRe16B80AeO55DsmbWsMv/YLLD1mSi7+Khy2 EtMBhgojWwrGMvdLN6X3mnzNJEscYyLxM9tSk+iySP2sLthK0BVgpAzBSdaf/ezI z60P+neHDzteNFf8Mn7lmgYk1amvZoJ29s5+n2HwxyRL5dVMyMdyQmntubbctfqr Z0tIiQGcBBABCgAGBQJbxcflAAoJEGo7ETk8pK1gnCYMAJY4FeIYjlIXGghFWzsB 4fYwK1+iaFpU3fSto5qcrqVtVPjXpwqczqBWeXGyQxiB0kan4OVAXydIeaP8EAuF CA7paP3s9STLJBO3KurkwyRkPW5zo0X7xVqaVToRsX2Ul98KVJoHYQD1KdezEtwl vpNwiiBr42AYR751Vm6JBVAbQXuFpB3c8bUV0OkkRxNFtL8/2PieHar58n5dntGk bPlPkztahsFqktgacIgXHX5vaT+7YeeZ1DWLOYjGO0wNhkOSeroCmxwJUikU7joB p823L7r5KfpqWTPpSCzVstQKZUGmmoE1qCswY/Ud5wvp9SccpIILkRXj0rZRtfnE 5MpL3hjmtNzfDd9qIsJtBJlSB2hZwAsVm1l+EWN9hG3tqyA43niUMy2n6q690of3 berSiQ+kvY/aC9Hx8I+bKzOV9/J2VUTqfaPZa4Uy2rVX5Q2p69n/PMj7mEer0rCL 3j9V16J9c+s0BSkXoKdtYdB0TWVhBgUybd9qtYcwHWvhP7QuU3RlcGhlbiBGYXJy ZWxsIDxzdGVwaGVuQHRvbGVyYW50bmV0d29ya3MuY29tPokCPQQTAQgAJwUCWj1R WgIbAwUJCZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBasvrxexcr6jsc EADEcB0WQEZn2AkrzDs1RhL0Lp6cZi0BigofkbcGfdhJyMSs19C0dhvncrAFClVI 6/Udw3yFtDyYtOCf2W3M3A1K6/RfEizCLzTsdFIhni9gOJLlUpXViQtgrlstjk7h qVV3Ooz4BlCqS4cG7rfqf4LQQPpTAuFUEV9I28FBUB2irqC+v4gTysIgpMw0bA1y BU9sX5jE/tRkzqnuzZrkwiobDtRFJ9qp+7O2JtcY4EsVtLAsaodJKc5cF8R4OvB1 n66vxxcgg9Eh4JNWZ47xsaCmAGo1Bcb2jIY35OtgAL7gCGLRSMKTtAaPy1/fEgIq hCljJ9x40Fkn/3r2BX21WC9HFSPFTBz2RluLRzxdgxOrkYK8EiHUPoE5b1AEzZKw 2AbeXfr57f5zYsN3IqfbQLUjMYtUN1wK3Pjb+idD972wyXMWt8uOzlI7b9Ocu+nY m2whBfJv9Pmp3QYTmPz+LB9lH65VNVUSxSXVr5iWXO3qx1HtEiGEqkporMQCTh3T 5Ud3PvMSRBFFKNs9WhJ/Lxz+SV30WLwG6dr5mQqlzAhb4Phc/zekZyXRdS/oDKrB LUucS36O//49JeyRi1QvOfxnfmIqRIAf/k3PoYJmTo5E82//r5Qj3YGlRu78ba0H Arxs+ACD6AnEHHcbswpbtVEKYzlSu0Ar0Dc7vRWM/IyQdIkBHAQQAQgABgUCWj1S oAAKCRAvPIc2gF+NosIsB/9f/29FNla3BJfGIEIDnhrqGD0i9bSa89SqBd++uG06 TQgW5wsqtNcrwn81yZTq6XE6i9VtD4GKfqC0d4KZJr9bnbeD81cI64VOdL8zJWJs 0vj5EIXCobKyX74Kb4uePUyZqwT2Q74I116u/HwA9/FXsPo5isbh4ZqD4t0VHpWk mfq1FPT9a/JPyX46qKqB2Fce/7Qy+SQP1NfkuUlbhUH/JG9aSSYvk3lznNiH41x9 M+FDlL106itXOubrl3oi2fT3fsSedq7uzt+IV0DQEeNaoQAUuwEhdB8IWOMqN2wo DjGVKJftfsSWY9ilZrnDBNDrp0vRqcx33LUMkIw4d7iBiQIzBBABCAAdFiEEfhcK BFyEz0YOK3mgEO952f2DUxIFAlu3JJwACgkQEO952f2DUxJjuw/6ApHSsVTWD4a0 H6FJ23A9Ftpy+aXZ4vYlzkSrfsn2ECrEfK3lXQh/uzwjJUDYZeB1/BQsFZtcYNQO JSSHbQ49BFRLwb1J/wBZG4bbmrkLxnNbKDKQvzxEpclkMW0Dj0J6o7kGrmzIGGrh B+JJN99AcineHRug8ZSFIERRCmigxdhAKU0BFD7P+5HNHltSL3DF1c2fFOf2JrgB KVoE+9RhMZjWNbYetFFLCkjXb5Rpay9zeMm1DxfSTGAnuOwUXW6qq4hnl5+VC/48 ceDZElLLfu7RQUZv44pkSTOWZs+iQoJiHMFHk9wPqyB2Vok1yJ2a2j27WhXrJlPw nZbgJO5RyWDG3p/eVmpl5Uuc2dsfIpR17KnAuWpghK6V+cyFncDoGCl/YG2Mvool sW08FiZh3Ej4dnJjj25TZkeFG74JJDXLvMYpJfSBGnmETv4Dhcm2xPqVMuFuL1qJ lMbVLrMo2GXeo03OzNyvbs+u8WLIaGm5hC7N1CXY8wZs4jo6OJ/expvnc07dEuws 4zT3AiWv3nIouWReRStZy9QkavDocqbyPmilcdPCYk4BsOlzpwwO74hNG7iyl0Kd AlwTxGQ7y0rJou6HYa1TmRhIEr3vKvlW+JfUUrqtjXgsuacTXo4+Ira2JUErL2cY zQMq1j4r1ZyhFnuz93s7Rsx/Nw0+0YuJAZwEEAEKAAYFAlvFx+UACgkQajsROTyk rWCJqwv+NLVPE4sD4sDA2/6Ek7UsRIUkg+S39fhqWsLc4rtw/mDunv8Un61I3K04 fZ2Ry4nF9hZM0a710UvXFbStvrzRJO3EAAcdJR9LTCd19e8UeruQbIee3YT91U4N kC9JMpecfq62/teOAU2e5P3fWYaLs5ZX7zCLwWuBcW2l3SyoljQczM85HhJ3XHm+ FnwQ6D9xRle+lvWTcuC9d1yAyUb8IOospcL2lJTmy8e3r79R24hPlSB4LDe0wEN8 AXbagrcAQZjwyaHyWxjJbTwZ0b43WGdfIqZ1ElOeoffbketPGRmWvx5xUvb2ALFB BdETzV270gs5XDJgJ1SIIKOyDADxwvroTe2jD8C/841eEql5QSow3s/U3zRqk3mt tto8Qw/DN71aeh6dmYSsvd2UjsHw/vofOPRBGxZLEkKTEvMnhmMW9hiKPkPia+Qg evYE020qpKSxLEdWA8nprHwxmGiDNesCfXSC6vm1qfyj5g8HzxSckq9ZaMhKMCo7 vxflUEDuuQINBFo9UDIBEAD6DdHQfMav8OXfhjTteoarOrlJTSdci727xiezGPuB HmpvceBRZgRasdbaMc4HJee+R9+5x/nLPCuy/DxDyIjwIUeJNgc+l7LjI9WfpHTD 8U4xxjvR5Mi7+ToQQUOUNuzT0O0pyuxP1uY3RehHEhOVfBZO59ipSeZL5iQC6T5M sK1SKfs51pLa5ToC1rc8tBJ4zZmxRAyZiYc/AH2uZ/6rYjTTkAn1DVI9DYo2D/zE 4bGjXdJW5pKphFB2lX3dG4I7ODi+5e1H6A/QpCu6z8/ZkIQ+9T1xcX/YwiFeA7Pb TuW/eITbMbI1eV3+fyym9aT7Rsflmp31Zxtr+sZwGGZf00ooMBFmqOS//NUQ/Vf3 vDUew1h5QU1yDaWT3NApvi+XWPH9TPy6TMfZA2FThHf11sX/gDBa5JWQZbptPEcm oazpiKZt91CrFPOaoXDPck/Q61dfmr/oPikfByYnASIM3OwEuXqyQ9JDRfKrem5r +oA/wxWb5jELElAhOpnyqMMvOh7uz1foUssL8MAv2TGXmxpVJ8Nu4je6wf96Z22f Q0D38zud+CKH3bMP3ayXXJBcdPoENrzFbWP5FTg/4TTDJ3vOAHZR5iCunYghx8b7 Ffa4UbkwlD+dh8GiIAtvT51Ac0cO0Wc0Zjc57zPUz1zloMbf+zb1Bsn7DuEQoqj1 gwARAQABiQIlBBgBCAAPBQJaPVAyAhsMBQkJlCYAAAoJEFqy+vF7FyvqrC8P/1tF 6TeR83xD6MasqXyrBjwcLmziaF0Mlkj8k/YUiZ/knb53n97xQnh9yxPv0TT8Wpfd n3BmvqGyh8+ouHX9jMOxiRkMdNhIauVYY/8jmRfBSYWcFkfMzdYasvdLtmYJgx25 2HKTFdeOrszoOjWjEzwmh+tca3AFMu/nB++/KAmi5UJV7zsZ7uYJ5jm97LV5SLjN JIXXM+lHqCDrjDaDhNczmq1LCRlU6/WDjvkuwaVhZG4lXxMDrvKnXMkjseQ2oKjw rIdfQM86H1z5J31lfhqop+of0cimcIsBgSCPu+h96LHuAzeRBCbDKeqrfZtAZAGs okRina9947fRWxXHh3O66ILmXKNRxxWbDkPvYnQWUat8SbSTDoPWrDIGDRIAypqY o3pcN2OE0C1chqgDZQxkr+9kYZQpupOAN2TR+fM7JvbO9coKI8Uqog8CopoMeDQk d0YjcqlB1E0svODHTzcSoRzogDBYDqNLP7qVkNXpcOAXSVioBgiSDf7o5RdS/qmU yXBIeq6I5z8xBcd+BQ/n/9Frkm6K7IKP3ngUP4wEoiPx5ZE5+fPIScGmVUcZIMhk vMvem9XXh1yyhqN14gfjmLwPGdWbrgG8QUe0s2WeWIyss6uTiyF+ZbJSo2XOKVc3 YFMVUUfgyudqAV1wWdZinUk+H3pkqOKoHAy/8fST =3DYzQY -----END PGP PUBLIC KEY BLOCK----- --------------D465D73252C688231C7668EC-- --Mb41sKV6BeQZw5wVEzNV6e17VHF9gaJCn-- --deldxpqnstLeHs3aAUw6YW9TN1jvcC0rN Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEW7Wm6ldl0sWGPK4nWrL68XsXK+oFAl+PjNEACgkQWrL68XsX K+o3xA/9HPE/uqR/pESFAixy2vRS43kHo5shiqMvAMyKVo64oCz+uTqyzXW2JylX zZMcRyD0TIlnABtGZb61y9rlRhtc5CAz0+nTGTwCtboXGWcWmH+cQhCXpCeeo3Sp AFu4/KfZGFgGtTi1X4Y47UNb2DtRkRbSu/Zgq3HK6oRvNKxr/QlVsdoaJ9HRptOK fr3lV+qXxh8SFHZ9vR0mOXSeP4z9+lr3dvQth70MBIVmQ5VPpfztysLm66FQ86VF y0YYJTHOQr9w7LOcRiSrMcrOk4/qH8WrLiEUMbT93eB8y6hJLL6BztE0002RKVYb pwHTNA5fJhKXis0mzh05N5hpETDa4oVEBEIMQSn68dUwpObHxhl46udroQ+bqrfZ Mw0TH7vrrmdTrMEIxPdOeUCWkigbuiEM1kKpAuqOI9ZiAywNIjCOz1epYyVMFaQL lM8eLw9jYbOpljZL46LLw3CHhdUhRK4uFpodSP3HIrWjSgcedAwYrvneohim3Bj2 xrBEZgpwNeEdDEoTVh+vBuTDF/OLGq3Nn5Sz4dMcrBZ21InzMQ4IUiG+ys71mkHp 4EHvDk1uNZqMGpQxnxFPVprDmU+AHVtFc040XGdLljikAfHFD6UiUTHZ4a5mRW1o FbTJ0f04rhZayz5P5ET1ZfHNh1/idpBYvSp9DpCbwykNQMgRUlk= =pW1j -----END PGP SIGNATURE----- --deldxpqnstLeHs3aAUw6YW9TN1jvcC0rN-- From nobody Tue Oct 20 18:29:57 2020 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 024113A08C6 for ; Tue, 20 Oct 2020 18:29:56 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.097 X-Spam-Level: X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XsLNF8eyZECD for ; Tue, 20 Oct 2020 18:29:53 -0700 (PDT) Received: from mx.nohats.ca (mx.nohats.ca [IPv6:2a03:6000:1004:1::68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1297E3A08C1 for ; Tue, 20 Oct 2020 18:29:52 -0700 (PDT) Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 4CGCbL4dyPzKGF; Wed, 21 Oct 2020 03:29:50 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1603243790; bh=8Z7sDfeGAJL4m0aN3i5CeHXIleScJUBzhZNBqDQjzxw=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=ixssC+fyGv2UN+RfjqT9WWlx6GWcFPd1phoMw2RthOshhDpVIg6ITAInJT6SVDg1P s3qrZ2kZ/nTceE+MAtLSfiVVLIgxjUbMogaAvu+Pf9DjQvZy2MatfG50HBsukOgjib fAMJYy7x6XovxViefTAenP2ov6V13gb0uaTYk17M= X-Virus-Scanned: amavisd-new at mx.nohats.ca Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id sJTecjFEoaEB; Wed, 21 Oct 2020 03:29:49 +0200 (CEST) Received: from bofh.nohats.ca (bofh.nohats.ca [193.110.157.194]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Wed, 21 Oct 2020 03:29:49 +0200 (CEST) Received: by bofh.nohats.ca (Postfix, from userid 1000) id 756686020F5D; Tue, 20 Oct 2020 21:29:48 -0400 (EDT) Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 6CDCD669F1; Tue, 20 Oct 2020 21:29:48 -0400 (EDT) Date: Tue, 20 Oct 2020 21:29:48 -0400 (EDT) From: Paul Wouters To: Stephen Farrell cc: Ronald Tse , Derek Atkins , "openpgp@ietf.org" , Benjamin Kaduk In-Reply-To: <8e5fca53-4a3c-bb64-ef87-3a0f9d4bc11b@cs.tcd.ie> Message-ID: References: <20201020215929.GR39170@kduck.mit.edu> <260d532c97cfcf8285f68fa6080c809317646a76.camel@16bits.net> <73b6595fad9bd10d2772a5c6842adabc.squirrel@mail2.ihtfp.org> <0FC168CB-4394-4924-82B9-B40A15969FF0@ribose.com> <8e5fca53-4a3c-bb64-ef87-3a0f9d4bc11b@cs.tcd.ie> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Archived-At: Subject: Re: [openpgp] heads-up: re-chartering the OPENPGP WG X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Oct 2020 01:29:56 -0000 On Wed, 21 Oct 2020, Stephen Farrell wrote: > The draft charter is at [1]. I would remove the "Other work related to OpenPGP" section. One of the issues in this group has been sudden new items appearing and being worked on without consensus. Modify the charter after 4880bis is done to do "other work" > From my POV, I'm happy to try help out to get a fairly > minimal bit of progress progressed (as an RFC) - if we can > usefully succeed in that (which isn't a given). I would say adding at least one more Author/Editor to the bis document is required to ensure timely and coordinated updates of the draft based on WG consensus. As part of the last round of openpgp WG not working seemed to center around a (perceived or real I have no opinion) disconnect between WG members and draft author. Paul From nobody Tue Oct 20 18:42:05 2020 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 545AC3A096B for ; Tue, 20 Oct 2020 18:42:03 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.898 X-Spam-Level: X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k5x5nhLsvI5b for ; Tue, 20 Oct 2020 18:42:01 -0700 (PDT) Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 920763A095F for ; Tue, 20 Oct 2020 18:42:01 -0700 (PDT) Received: from kduck.mit.edu ([24.16.140.251]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 09L1fuVQ006292 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 20 Oct 2020 21:41:59 -0400 Date: Tue, 20 Oct 2020 18:41:55 -0700 From: Benjamin Kaduk To: Derek Atkins Cc: openpgp@ietf.org Message-ID: <20201021014127.GS39170@kduck.mit.edu> References: <20201020215929.GR39170@kduck.mit.edu> <260d532c97cfcf8285f68fa6080c809317646a76.camel@16bits.net> <73b6595fad9bd10d2772a5c6842adabc.squirrel@mail2.ihtfp.org> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <73b6595fad9bd10d2772a5c6842adabc.squirrel@mail2.ihtfp.org> Archived-At: Subject: Re: [openpgp] heads-up: re-chartering the OPENPGP WG X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Oct 2020 01:42:03 -0000 Hi Derek, On Tue, Oct 20, 2020 at 08:55:06PM -0400, Derek Atkins wrote: > > On Tue, October 20, 2020 8:44 pm, ngel wrote: > > On 2020-10-20 at 14:59 -0700, Benjamin Kaduk wrote: > >> Please welcome the chairs for the now-in-proposed-state WG, > >> Daniel Kahn Gillmor and Stephen Farrell! > >> > >> Looking forward to many successful RFCs :) > >> > >> -Ben > > > > Nice to hear! Although I would be happy to see just a few for now :-) > > This is complete news to me; I have seen no proposed charter sent to this > mailing list. > Did I miss it? To be honest, I'm not sure -- I've had a todo item to get this started for far longer than I care to admit, and have forgotten where I have (or haven't) been talking about it. My apologies if I ended up starting off on the wrong foot as a result! In any case, Stephen has already linked to the draft charter text (which bears a striking resemblance to the charter from the previous iteration of the WG). It feels quite natural to me to attempt to recharter as a WG, since we have seen renewed interest and implementation, and there is this not-a-WG-draft-but-looks-like-one document that's been getting edits. The best end-state for that document is going to be as a published RFC, and I (and I believe Roman as well) would be most comfortable with it coming through a WG process. -Ben From nobody Tue Oct 20 18:42:22 2020 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 782C93A09DE for ; Tue, 20 Oct 2020 18:42:15 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.246 X-Spam-Level: X-Spam-Status: No, score=-2.246 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, NICE_REPLY_A=-0.247, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Im3FROIG4i-m for ; Tue, 20 Oct 2020 18:42:12 -0700 (PDT) Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 36E463A09F1 for ; Tue, 20 Oct 2020 18:42:12 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 6CA5ABE3E; Wed, 21 Oct 2020 02:42:10 +0100 (IST) X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yfju5j0W38mo; Wed, 21 Oct 2020 02:42:03 +0100 (IST) Received: from [10.244.2.119] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 48151BE20; Wed, 21 Oct 2020 02:42:03 +0100 (IST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1603244523; bh=+kOuoLQ/041j+1XMpiN6fwYTT5MKPbOCGvt9RfiwFbY=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=SOJ76/MNuwNZn8yj36pCVU/jFqVYh5BtApbEqDES2pj2rwnLkLxEVr3JwtgnRLjQU d6Gzy4furd+UBwEMCx2tECsRWofRMHtSsTpYhbKGHfWVG9AlGXos5rj7zTGu7qiZKm MBhpxI0ERS/IlZth+Gc0iEsWAuIqAGbgdzX64Mho= To: Paul Wouters Cc: Ronald Tse , "openpgp@ietf.org" , Derek Atkins , Benjamin Kaduk References: <20201020215929.GR39170@kduck.mit.edu> <260d532c97cfcf8285f68fa6080c809317646a76.camel@16bits.net> <73b6595fad9bd10d2772a5c6842adabc.squirrel@mail2.ihtfp.org> <0FC168CB-4394-4924-82B9-B40A15969FF0@ribose.com> <8e5fca53-4a3c-bb64-ef87-3a0f9d4bc11b@cs.tcd.ie> From: Stephen Farrell Autocrypt: addr=stephen.farrell@cs.tcd.ie; prefer-encrypt=mutual; keydata= mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nemCP5PMvmh 5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kTq0IqYzsEv5HI58S+ QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtEgvw4fVhVWJuyy3w//0F2tzKr EMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy+pAh4EKzS1FE7BOZp9daMu9MUQmDqtZU bUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqO Vz+7L+WiVfxLbeVqBwV+4uL9to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJg b097ZaNyuY1ETghVB5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k 4LyM2lp5FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9tlyWxn5Xi HzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQABtDJTdGVwaGVuIEZh cnJlbGwgKDIwMTcpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPokCQAQTAQgAKgIbAwUJ CZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAUCWj6jdwIZAQAKCRBasvrxexcr6o7QD/9m x9DPJetmW794RXmNTrbTJ44zc/tJbcLdRBh0KBn9OW/EaAqjDmgNJeCMyJTKr1ywaps8HGUN hLEVkc14NUpgi4/Zkrbi3DmTp25OHj6wXBS5qVMyVynTMEIjOfeFFyxG+48od+Xn7qg6LT7G rHeNf+z/r0v9+8eZ1Ip63kshQDGhhpmRMKu4Ws9ZvTW2ACXkkTFaSGYJj3yIP4R6IgwBYGMz DXFX6nS4LA1s3pcPNxOgrvCyb60AiJZTLcOk/rRrpZtXB1XQc23ZZmrlTkl2HaThL6w3YKdi Ti1NbuMeOxZqtXcUshII45sANm4HuWNTiRh93Bn5bN6ddjgsaXEZBKUBuUaPBl7gQiQJcAlS 3MmGgVS4ZoX8+VaPGpXdQVFyBMRFlOKOC5XJESt7wY0RE2C8PFm+5eywSO/P1fkl9whkMgml 3OEuIQiP2ehRt/HVLMHkoM9CPQ7t6UwdrXrvX+vBZykav8x9U9M6KTgfsXytxUl6Vx5lPMLi 2/Jrsz6Mzh/IVZa3xjhq1OLFSI/tT2ji4FkJDQbO+yYUDhcuqfakDmtWLMxecZsY6O58A/95 8Qni6Xeq+Nh7zJ7wNcQOMoDGj+24di2TX1cKLzdDMWFaWzlNP5dB5VMwS9Wqj1Z6TzKjGjru q8soqohwb2CK9B3wzFg0Bs1iBI+2RuFnxLkCDQRaPVAyARAA+g3R0HzGr/Dl34Y07XqGqzq5 SU0nXIu9u8Ynsxj7gR5qb3HgUWYEWrHW2jHOByXnvkffucf5yzwrsvw8Q8iI8CFHiTYHPpey 4yPVn6R0w/FOMcY70eTIu/k6EEFDlDbs09DtKcrsT9bmN0XoRxITlXwWTufYqUnmS+YkAuk+ TLCtUin7OdaS2uU6Ata3PLQSeM2ZsUQMmYmHPwB9rmf+q2I005AJ9Q1SPQ2KNg/8xOGxo13S VuaSqYRQdpV93RuCOzg4vuXtR+gP0KQrus/P2ZCEPvU9cXF/2MIhXgOz207lv3iE2zGyNXld /n8spvWk+0bH5Zqd9Wcba/rGcBhmX9NKKDARZqjkv/zVEP1X97w1HsNYeUFNcg2lk9zQKb4v l1jx/Uz8ukzH2QNhU4R39dbF/4AwWuSVkGW6bTxHJqGs6YimbfdQqxTzmqFwz3JP0OtXX5q/ 6D4pHwcmJwEiDNzsBLl6skPSQ0Xyq3pua/qAP8MVm+YxCxJQITqZ8qjDLzoe7s9X6FLLC/DA L9kxl5saVSfDbuI3usH/emdtn0NA9/M7nfgih92zD92sl1yQXHT6BDa8xW1j+RU4P+E0wyd7 zgB2UeYgrp2IIcfG+xX2uFG5MJQ/nYfBoiALb0+dQHNHDtFnNGY3Oe8z1M9c5aDG3/s29QbJ +w7hEKKo9YMAEQEAAYkCJQQYAQgADwUCWj1QMgIbDAUJCZQmAAAKCRBasvrxexcr6qwvD/9b Rek3kfN8Q+jGrKl8qwY8HC5s4mhdDJZI/JP2FImf5J2+d5/e8UJ4fcsT79E0/FqX3Z9wZr6h sofPqLh1/YzDsYkZDHTYSGrlWGP/I5kXwUmFnBZHzM3WGrL3S7ZmCYMdudhykxXXjq7M6Do1 oxM8JofrXGtwBTLv5wfvvygJouVCVe87Ge7mCeY5vey1eUi4zSSF1zPpR6gg64w2g4TXM5qt SwkZVOv1g475LsGlYWRuJV8TA67yp1zJI7HkNqCo8KyHX0DPOh9c+Sd9ZX4aqKfqH9HIpnCL AYEgj7vofeix7gM3kQQmwynqq32bQGQBrKJEYp2vfeO30VsVx4dzuuiC5lyjUccVmw5D72J0 FlGrfEm0kw6D1qwyBg0SAMqamKN6XDdjhNAtXIaoA2UMZK/vZGGUKbqTgDdk0fnzOyb2zvXK CiPFKqIPAqKaDHg0JHdGI3KpQdRNLLzgx083EqEc6IAwWA6jSz+6lZDV6XDgF0lYqAYIkg3+ 6OUXUv6plMlwSHquiOc/MQXHfgUP5//Ra5JuiuyCj954FD+MBKIj8eWROfnzyEnBplVHGSDI ZLzL3pvV14dcsoajdeIH45i8DxnVm64BvEFHtLNlnliMrLOrk4shfmWyUqNlzilXN2BTFVFH 4MrnagFdcFnWYp1JPh96ZKjiqBwMv/H0kw== Message-ID: <5a5dc71e-4f0e-0aef-e9c9-9dabc99e95f8@cs.tcd.ie> Date: Wed, 21 Oct 2020 02:42:01 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="fQpT0KoSm9Cc6cvRD2swnZSmX7trJviY1" Archived-At: Subject: Re: [openpgp] heads-up: re-chartering the OPENPGP WG X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Oct 2020 01:42:21 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --fQpT0KoSm9Cc6cvRD2swnZSmX7trJviY1 Content-Type: multipart/mixed; boundary="3oTsvq2y3Ur1KYCU5kcDkcL9TaVlrTJYp"; protected-headers="v1" From: Stephen Farrell To: Paul Wouters Cc: Ronald Tse , "openpgp@ietf.org" , Derek Atkins , Benjamin Kaduk Message-ID: <5a5dc71e-4f0e-0aef-e9c9-9dabc99e95f8@cs.tcd.ie> Subject: Re: [openpgp] heads-up: re-chartering the OPENPGP WG References: <20201020215929.GR39170@kduck.mit.edu> <260d532c97cfcf8285f68fa6080c809317646a76.camel@16bits.net> <73b6595fad9bd10d2772a5c6842adabc.squirrel@mail2.ihtfp.org> <0FC168CB-4394-4924-82B9-B40A15969FF0@ribose.com> <8e5fca53-4a3c-bb64-ef87-3a0f9d4bc11b@cs.tcd.ie> In-Reply-To: --3oTsvq2y3Ur1KYCU5kcDkcL9TaVlrTJYp Content-Type: multipart/mixed; boundary="------------D581F55D8EA2C33C2C1AF998" Content-Language: en-US This is a multi-part message in MIME format. --------------D581F55D8EA2C33C2C1AF998 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hiya, On 21/10/2020 02:29, Paul Wouters wrote: > On Wed, 21 Oct 2020, Stephen Farrell wrote: >=20 >> The draft charter is at [1]. >=20 > I would remove the "Other work related to OpenPGP" section. One of the > issues in this group has been sudden new items appearing and being > worked on without consensus. Modify the charter after 4880bis is done > to do "other work" Fair point. Be interested if others think similarly. >> From my POV, I'm happy to try help out to get a fairly >> minimal bit of progress progressed (as an RFC) - if we can >> usefully succeed in that (which isn't a given). >=20 > I would say adding at least one more Author/Editor to the bis document > is required to ensure timely and coordinated updates of the draft based= > on WG consensus. As part of the last round of openpgp WG not working > seemed to center around a (perceived or real I have no opinion) disconn= ect > between WG members and draft author. That's probably getting a bit ahead of ourselves but it's clearly a topic for WG chairs to consider if/when this becomes a WG again. I can say it's not a surprise that that be raised, and dealing with it without messing up too badly will be an important early thing for your putative WG-chairs to handle;-) Cheers, S. >=20 > Paul >=20 > _______________________________________________ > openpgp mailing list > openpgp@ietf.org > https://www.ietf.org/mailman/listinfo/openpgp --------------D581F55D8EA2C33C2C1AF998 Content-Type: application/pgp-keys; name="0x5AB2FAF17B172BEA.asc" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="0x5AB2FAF17B172BEA.asc" -----BEGIN PGP PUBLIC KEY BLOCK----- mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nem CP5PMvmh5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kT q0IqYzsEv5HI58S+QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtE gvw4fVhVWJuyy3w//0F2tzKrEMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy +pAh4EKzS1FE7BOZp9daMu9MUQmDqtZUbUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5 iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqOVz+7L+WiVfxLbeVqBwV+4uL9 to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJgb097ZaNyuY1ETghV B5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k4LyM2lp5 FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9t lyWxn5XiHzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQAB tCFTdGVwaGVuIEZhcnJlbGwgPHN0ZXBoZW5AamVsbC5pZT6JAj0EEwEIACcFAlo9 UYwCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQWrL68XsXK+qG CxAApYHWYgGOIL3G6/OpkejdAkQoCVQAK8LJUSf6vzwost4iVfxIKcKW/3RqKNKk rRl8beJ7j1CWXAz9+VXAOsE9+zNxXIDgGA7HlvJnhffl+qwibVgiHgUcJFhCSbBr sjC+1uULaTU8zYEyET//GOGPLF+X+degkE/sesh4zcEAjF7fGPnlncdCCH3tvPZZ sdTcjwOCRVonKsDgQzBTCMz/RPBfEFX44HZx4g1UQAcCA4xlucY8QkJEyCrSNGpG nvGK8DcGSmnstl1/a9fnlhpdFxieX3oY2phJ1WKkYTn6Advrek3UP71CKxpgtPmk d3iUUz/VZa0Cv6YxQXskspRDVEvdCMYSQBtJPQ4y2+5UxVR9GIQXenwYp9AP2niv Voh+ITsDWWeWnnvYMq07rSDjq0nGdj41MJkNX+Yb2PXVyXItcj5ybE3T2+y3pSBG FEZYJGuaL4NwtBJFMOdOtBmUOPbetS2971EL3Izxb7ibOZWDwexv+8R6SWYfP1wV N3p46RyBQuXqJV8ccE11m6vtZTGSYgnLUUFZMRQYH+0hwuYe0T3AA18xDdSYsa8v ovCCd3l5S4UNzIM2PMChqGrEzKapUpZg7+8ACcxRU3b9Ihd7WYjJ+pQPCoWYKozv tEvenbNpE/govO/ED3B14e+R2yevRPjRrsN7PJzSf15fQLuJARwEEAEIAAYFAlo9 UqAACgkQLzyHNoBfjaLrSwf+MIHbFRQ4O5cmLYR5sIByWelN3SuRN/gW8rpKo9Ok Cz6An8uV/iCXy5tNMLzzi0BFl8f22DwBcC5qy9qnlIAdogWam1qWoTAoAD8veEqm uKhYrqJsCcAyNrKYmK0hP3rpHxx1LySDmKYXmw/8qtBXKHTouMm+5tSsznhykRMT AAr2p7PSaHgo+hIVaW/rKSspHjDhhZS+G9mtOZad1IH29M6G1Q1NCO0Ywe8krKLQ IAQlFxtgvOqpPOZNzeKBa/+KbE8TGgMWrkOhC8OeEM5PVzdDhlhD9kPzB/pCKDF5 DofJ/ZRqnDpbKPQ0bsW38AOig3kOc0A27awiBEw3urqR1YkCMwQQAQgAHRYhBH4X CgRchM9GDit5oBDvedn9g1MSBQJbtyScAAoJEBDvedn9g1MSI/oP/0A9J9nrnBMq Zpm857lfYWw+rshLK+tyeP4OQeOqnDFvs9jePpcyJLG3DF2r6VbVKPQq+AE6Uf5h cJBDEN6BjEhRPSbLcqG3A1cz/nNwm8rPmNp+oKhmaBBQGxwciMLmzgynsDydnjPp MyEs04zvsbsl4vrp2095o105l8KcrrxQrioFjbwveGwHQK9bxJKhx9D+gIk+MouB ur45UDKTZkMZrr9FGrtkyXCGAxvKdcNC5Oa8z9sj1rcUJfG/OpVAMWhArdlZbFUQ yoX6pU2Zb1CR2qpWAVerGSfBhmfCyStjARqaKxlftjO+Bj3Jj73Cr5eqej3qB5+V 4BCsPjr4RLvVbYUCPsRdxWc+nBLlfVYkRURu21g1hFm5KFPjgUkyo1s4vjUOY8Dy I+xLGF7f/IhUBG6l+Vswhpwu7ydalZkeFiPx5xna5NfbEYxvsIf71DvipGvIOaHv X4egWoFgm8n/9c3rcMxJtpwHPSsUt5dgLsyu6VE0IbvOAc3dN7CWJ355DVFJq9Zg 2YVf0izSpyyzJeGsgkfjW6xpmdvZxuT2UcN4BTcm6vYqueASGrb3lfhzC5gpeVsc /MoSjTS65vNWbpzONZWMZuLEFraxWJzC0JrDK3NCd0VN3kstqGkVbUIiYOnUm8Vu 4zoVMLlGWzHLIGoPRG2nRezn1YyNfyb5iQGcBBABCgAGBQJbxcflAAoJEGo7ETk8 pK1gE7QL/ApC5P68W5DrI1787WJVZv1u4t/g39vTr7Xer3UMTVQg10vpa7pmqOGh jIDzDMg3Pe3K3M7fVzfAlUA1qw6ne4RCueVoRKpubeF4AlYbMr0K6hNCPjt5uAxm bBVuejKTc6pru5rv5gKL0nDbr+Snft5xt7juBLSSimw0/41sZnkjCxo9rF/RA/v6 +uWyK171RKmsEYu8fFtw1eqUNt/Xj792TUixE3pxXheNtQtZGk/9P3W83ChhG4Fh 5EQsn0pIh9wZIAbMRLpgRKyW87fWHZC8/YH8h7afarvn9Thl5pFUldCe22mNJj6K LChn2aEHQd+PdY1GBpZEcmNEUPuovwzatM0h64hCzTm41eDqRfihZVBT7TbfXQnv 8rywa42Mk756RGzzEZcQEhwQXZcMQUfxIQQ2VyJo0zG36VdZTQF7TF/4Lz7/3cJ5 6jOIm+dwPXtu+C2wAQuD4USOLt4JWPYpqzDfHYJIND/497P9Z9SuQeahr2ez3DRB g3qsHEjBV7QyU3RlcGhlbiBGYXJyZWxsICgyMDE3KSA8c3RlcGhlbi5mYXJyZWxs QGNzLnRjZC5pZT6JAkAEEwEIACoCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwEC HgECF4AFAlo+o3cCGQEACgkQWrL68XsXK+qO0A//ZsfQzyXrZlu/eEV5jU620yeO M3P7SW3C3UQYdCgZ/TlvxGgKow5oDSXgjMiUyq9csGqbPBxlDYSxFZHNeDVKYIuP 2ZK24tw5k6duTh4+sFwUualTMlcp0zBCIzn3hRcsRvuPKHfl5+6oOi0+xqx3jX/s /69L/fvHmdSKet5LIUAxoYaZkTCruFrPWb01tgAl5JExWkhmCY98iD+EeiIMAWBj Mw1xV+p0uCwNbN6XDzcToK7wsm+tAIiWUy3DpP60a6WbVwdV0HNt2WZq5U5Jdh2k 4S+sN2CnYk4tTW7jHjsWarV3FLISCOObADZuB7ljU4kYfdwZ+WzenXY4LGlxGQSl AblGjwZe4EIkCXAJUtzJhoFUuGaF/PlWjxqV3UFRcgTERZTijguVyREre8GNERNg vDxZvuXssEjvz9X5JfcIZDIJpdzhLiEIj9noUbfx1SzB5KDPQj0O7elMHa1671/r wWcpGr/MfVPTOik4H7F8rcVJelceZTzC4tvya7M+jM4fyFWWt8Y4atTixUiP7U9o 4uBZCQ0GzvsmFA4XLqn2pA5rVizMXnGbGOjufAP/efEJ4ul3qvjYe8ye8DXEDjKA xo/tuHYtk19XCi83QzFhWls5TT+XQeVTMEvVqo9Wek8yoxo67qvLKKqIcG9givQd 8MxYNAbNYgSPtkbhZ8SJARwEEAEIAAYFAlo9UqAACgkQLzyHNoBfjaLzHAgAlWT6 NXEGtw/r1miKNGcopzvzILQ9oB8rKI9U9EL6tOf/y2V5oYee/GyQDb3ZdoPxxYYc Jf+RyiH1nMoqUIZiZJaf3bJXinDZ5+AdfE++UR2NBvqaNyC6u3r24jo1B/sagKbY tWgsYtRqHLD4IWi37MZrVyjBuF7u14Q07+uhjq6mX2O/tHpCYw/Q82tbeTRPyUf1 WQOAfD1kfBpW9PvAva5Iw9FWeXpCXRzwxnCZhYfGfqtuSw6CPBYLdbikqML6FZ7E DuTBb/8um1wK7Y9bgeIQC+CYjhYB5RXa1tDJRab2Js4luCvSR0w/CgHw26293tlv e2Q6UTrmHxP5U22DlokCPQQTAQgAJwUCWj1QMgIbAwUJCZQmAAULCQgHAgYVCAkK CwIEFgIDAQIeAQIXgAAKCRBasvrxexcr6tJpD/4rrILH+meP07vrx8wW5eYuqCiP GYnh/CXxIF8eLrfbe5d4QRgtq+w6UeQPMyzKRIRiCoBXB2oJLBZHyxBPxZlg33dT MrEGn8QWKx2iNuz9rZMXyOSWFetuO01d/aUPd5BnbLbIyK5of8xCQlXM6KH8bc+9 gQ7edR9mfLTdvBf2FR522hg8BRBM1imKc3vO8v39+qIHHRjuiwxBBCAOhHtHRsZX ripS0uFA07dM46Oi/E8osjx6fQt/lH5z/PN+2adxYSrLSAXfr1oD3RxYNhuWgyGF L64/VCQb1YGjf0Z5MBPnWm9jgUoOY5K9eNSS0L83WeJjlF5+Q/WOgB+rb49Prm2D Feo9+S9f2V53Llz1WIspXJg6f+n9lmHE94MfQj1GAHCzI0FeL19lvM+LhD8jJSCb hrC3+yobyy/AUOs5Z3E+njjX1FF/VCVAs6iOa6i+XG+Y1hh3ir2y1kckJ5auT10M SU8GEZu9ayU4M3o3N9yxOjaoP0NuQ4MMLL/n/u4u94AeZaHPNBXn/hVfVRRmpRXt GKvJtFAEppGEYezB+bLKIm6XlpPkhnwYzleLZ7AMEco2C6QM8QPB3g3JpS3sqRhA 5rEP4lL16BmijmF+CHoPE/zwgKZbKpyVDqvIW5IDgvfIC2X4pbZDRvGIUKaGSB4+ ksZgUUnNyvfQr2p7jokCMwQQAQgAHRYhBH4XCgRchM9GDit5oBDvedn9g1MSBQJb tySbAAoJEBDvedn9g1MSeKkQAJm44jt1kwHgQgeDBKdjdvl0AjE0xVEQxriZ6lP/ l//34YT0auFfzsYIrChSpQXAEtobBAr4Ohw1Us+BZe+H5P8vm6LRuPwozC3SjwfX 4Iec8+9ot6tIVg4sbedDSgb/CCFVjsmIGcQ1P73JLJTBJ6mxYCV/gn3QC6bwDOFo 7kD9FDHCjRN8XfhHQ4Q9cYyt06uF31qG/aumgWYC9geCGgAwiHgwxNYb9GoJ0iZj CROwbYvLTcQgsVUW2bTmsVR13UVKDsdl02sRV7qcVYW6R0a3Ra8KudX+nt25H5DR Gd382KZ5W8pydsy/viTvD9z6v0ulChBYxAedIvGIClrhbxlLEPmIg4ImVOLGqsUg Vm32J95WOjEkk4PEZ12xSDBtwhSJqmJNboWlfmw43KdIbY8zNhffIO3N6O7FsdGx mqyHeLoTpqY+ySVUPpbuyW8ujnI/J//+6hdTZ9dQsEJQlWngKuWOQ5ma58MPSN88 zllsqhZAFQjNxqnkSzL6ZQ+v/jvuRRe16B80AeO55DsmbWsMv/YLLD1mSi7+Khy2 EtMBhgojWwrGMvdLN6X3mnzNJEscYyLxM9tSk+iySP2sLthK0BVgpAzBSdaf/ezI z60P+neHDzteNFf8Mn7lmgYk1amvZoJ29s5+n2HwxyRL5dVMyMdyQmntubbctfqr Z0tIiQGcBBABCgAGBQJbxcflAAoJEGo7ETk8pK1gnCYMAJY4FeIYjlIXGghFWzsB 4fYwK1+iaFpU3fSto5qcrqVtVPjXpwqczqBWeXGyQxiB0kan4OVAXydIeaP8EAuF CA7paP3s9STLJBO3KurkwyRkPW5zo0X7xVqaVToRsX2Ul98KVJoHYQD1KdezEtwl vpNwiiBr42AYR751Vm6JBVAbQXuFpB3c8bUV0OkkRxNFtL8/2PieHar58n5dntGk bPlPkztahsFqktgacIgXHX5vaT+7YeeZ1DWLOYjGO0wNhkOSeroCmxwJUikU7joB p823L7r5KfpqWTPpSCzVstQKZUGmmoE1qCswY/Ud5wvp9SccpIILkRXj0rZRtfnE 5MpL3hjmtNzfDd9qIsJtBJlSB2hZwAsVm1l+EWN9hG3tqyA43niUMy2n6q690of3 berSiQ+kvY/aC9Hx8I+bKzOV9/J2VUTqfaPZa4Uy2rVX5Q2p69n/PMj7mEer0rCL 3j9V16J9c+s0BSkXoKdtYdB0TWVhBgUybd9qtYcwHWvhP7QuU3RlcGhlbiBGYXJy ZWxsIDxzdGVwaGVuQHRvbGVyYW50bmV0d29ya3MuY29tPokCPQQTAQgAJwUCWj1R WgIbAwUJCZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBasvrxexcr6jsc EADEcB0WQEZn2AkrzDs1RhL0Lp6cZi0BigofkbcGfdhJyMSs19C0dhvncrAFClVI 6/Udw3yFtDyYtOCf2W3M3A1K6/RfEizCLzTsdFIhni9gOJLlUpXViQtgrlstjk7h qVV3Ooz4BlCqS4cG7rfqf4LQQPpTAuFUEV9I28FBUB2irqC+v4gTysIgpMw0bA1y BU9sX5jE/tRkzqnuzZrkwiobDtRFJ9qp+7O2JtcY4EsVtLAsaodJKc5cF8R4OvB1 n66vxxcgg9Eh4JNWZ47xsaCmAGo1Bcb2jIY35OtgAL7gCGLRSMKTtAaPy1/fEgIq hCljJ9x40Fkn/3r2BX21WC9HFSPFTBz2RluLRzxdgxOrkYK8EiHUPoE5b1AEzZKw 2AbeXfr57f5zYsN3IqfbQLUjMYtUN1wK3Pjb+idD972wyXMWt8uOzlI7b9Ocu+nY m2whBfJv9Pmp3QYTmPz+LB9lH65VNVUSxSXVr5iWXO3qx1HtEiGEqkporMQCTh3T 5Ud3PvMSRBFFKNs9WhJ/Lxz+SV30WLwG6dr5mQqlzAhb4Phc/zekZyXRdS/oDKrB LUucS36O//49JeyRi1QvOfxnfmIqRIAf/k3PoYJmTo5E82//r5Qj3YGlRu78ba0H Arxs+ACD6AnEHHcbswpbtVEKYzlSu0Ar0Dc7vRWM/IyQdIkBHAQQAQgABgUCWj1S oAAKCRAvPIc2gF+NosIsB/9f/29FNla3BJfGIEIDnhrqGD0i9bSa89SqBd++uG06 TQgW5wsqtNcrwn81yZTq6XE6i9VtD4GKfqC0d4KZJr9bnbeD81cI64VOdL8zJWJs 0vj5EIXCobKyX74Kb4uePUyZqwT2Q74I116u/HwA9/FXsPo5isbh4ZqD4t0VHpWk mfq1FPT9a/JPyX46qKqB2Fce/7Qy+SQP1NfkuUlbhUH/JG9aSSYvk3lznNiH41x9 M+FDlL106itXOubrl3oi2fT3fsSedq7uzt+IV0DQEeNaoQAUuwEhdB8IWOMqN2wo DjGVKJftfsSWY9ilZrnDBNDrp0vRqcx33LUMkIw4d7iBiQIzBBABCAAdFiEEfhcK BFyEz0YOK3mgEO952f2DUxIFAlu3JJwACgkQEO952f2DUxJjuw/6ApHSsVTWD4a0 H6FJ23A9Ftpy+aXZ4vYlzkSrfsn2ECrEfK3lXQh/uzwjJUDYZeB1/BQsFZtcYNQO JSSHbQ49BFRLwb1J/wBZG4bbmrkLxnNbKDKQvzxEpclkMW0Dj0J6o7kGrmzIGGrh B+JJN99AcineHRug8ZSFIERRCmigxdhAKU0BFD7P+5HNHltSL3DF1c2fFOf2JrgB KVoE+9RhMZjWNbYetFFLCkjXb5Rpay9zeMm1DxfSTGAnuOwUXW6qq4hnl5+VC/48 ceDZElLLfu7RQUZv44pkSTOWZs+iQoJiHMFHk9wPqyB2Vok1yJ2a2j27WhXrJlPw nZbgJO5RyWDG3p/eVmpl5Uuc2dsfIpR17KnAuWpghK6V+cyFncDoGCl/YG2Mvool sW08FiZh3Ej4dnJjj25TZkeFG74JJDXLvMYpJfSBGnmETv4Dhcm2xPqVMuFuL1qJ lMbVLrMo2GXeo03OzNyvbs+u8WLIaGm5hC7N1CXY8wZs4jo6OJ/expvnc07dEuws 4zT3AiWv3nIouWReRStZy9QkavDocqbyPmilcdPCYk4BsOlzpwwO74hNG7iyl0Kd AlwTxGQ7y0rJou6HYa1TmRhIEr3vKvlW+JfUUrqtjXgsuacTXo4+Ira2JUErL2cY zQMq1j4r1ZyhFnuz93s7Rsx/Nw0+0YuJAZwEEAEKAAYFAlvFx+UACgkQajsROTyk rWCJqwv+NLVPE4sD4sDA2/6Ek7UsRIUkg+S39fhqWsLc4rtw/mDunv8Un61I3K04 fZ2Ry4nF9hZM0a710UvXFbStvrzRJO3EAAcdJR9LTCd19e8UeruQbIee3YT91U4N kC9JMpecfq62/teOAU2e5P3fWYaLs5ZX7zCLwWuBcW2l3SyoljQczM85HhJ3XHm+ FnwQ6D9xRle+lvWTcuC9d1yAyUb8IOospcL2lJTmy8e3r79R24hPlSB4LDe0wEN8 AXbagrcAQZjwyaHyWxjJbTwZ0b43WGdfIqZ1ElOeoffbketPGRmWvx5xUvb2ALFB BdETzV270gs5XDJgJ1SIIKOyDADxwvroTe2jD8C/841eEql5QSow3s/U3zRqk3mt tto8Qw/DN71aeh6dmYSsvd2UjsHw/vofOPRBGxZLEkKTEvMnhmMW9hiKPkPia+Qg evYE020qpKSxLEdWA8nprHwxmGiDNesCfXSC6vm1qfyj5g8HzxSckq9ZaMhKMCo7 vxflUEDuuQINBFo9UDIBEAD6DdHQfMav8OXfhjTteoarOrlJTSdci727xiezGPuB HmpvceBRZgRasdbaMc4HJee+R9+5x/nLPCuy/DxDyIjwIUeJNgc+l7LjI9WfpHTD 8U4xxjvR5Mi7+ToQQUOUNuzT0O0pyuxP1uY3RehHEhOVfBZO59ipSeZL5iQC6T5M sK1SKfs51pLa5ToC1rc8tBJ4zZmxRAyZiYc/AH2uZ/6rYjTTkAn1DVI9DYo2D/zE 4bGjXdJW5pKphFB2lX3dG4I7ODi+5e1H6A/QpCu6z8/ZkIQ+9T1xcX/YwiFeA7Pb TuW/eITbMbI1eV3+fyym9aT7Rsflmp31Zxtr+sZwGGZf00ooMBFmqOS//NUQ/Vf3 vDUew1h5QU1yDaWT3NApvi+XWPH9TPy6TMfZA2FThHf11sX/gDBa5JWQZbptPEcm oazpiKZt91CrFPOaoXDPck/Q61dfmr/oPikfByYnASIM3OwEuXqyQ9JDRfKrem5r +oA/wxWb5jELElAhOpnyqMMvOh7uz1foUssL8MAv2TGXmxpVJ8Nu4je6wf96Z22f Q0D38zud+CKH3bMP3ayXXJBcdPoENrzFbWP5FTg/4TTDJ3vOAHZR5iCunYghx8b7 Ffa4UbkwlD+dh8GiIAtvT51Ac0cO0Wc0Zjc57zPUz1zloMbf+zb1Bsn7DuEQoqj1 gwARAQABiQIlBBgBCAAPBQJaPVAyAhsMBQkJlCYAAAoJEFqy+vF7FyvqrC8P/1tF 6TeR83xD6MasqXyrBjwcLmziaF0Mlkj8k/YUiZ/knb53n97xQnh9yxPv0TT8Wpfd n3BmvqGyh8+ouHX9jMOxiRkMdNhIauVYY/8jmRfBSYWcFkfMzdYasvdLtmYJgx25 2HKTFdeOrszoOjWjEzwmh+tca3AFMu/nB++/KAmi5UJV7zsZ7uYJ5jm97LV5SLjN JIXXM+lHqCDrjDaDhNczmq1LCRlU6/WDjvkuwaVhZG4lXxMDrvKnXMkjseQ2oKjw rIdfQM86H1z5J31lfhqop+of0cimcIsBgSCPu+h96LHuAzeRBCbDKeqrfZtAZAGs okRina9947fRWxXHh3O66ILmXKNRxxWbDkPvYnQWUat8SbSTDoPWrDIGDRIAypqY o3pcN2OE0C1chqgDZQxkr+9kYZQpupOAN2TR+fM7JvbO9coKI8Uqog8CopoMeDQk d0YjcqlB1E0svODHTzcSoRzogDBYDqNLP7qVkNXpcOAXSVioBgiSDf7o5RdS/qmU yXBIeq6I5z8xBcd+BQ/n/9Frkm6K7IKP3ngUP4wEoiPx5ZE5+fPIScGmVUcZIMhk vMvem9XXh1yyhqN14gfjmLwPGdWbrgG8QUe0s2WeWIyss6uTiyF+ZbJSo2XOKVc3 YFMVUUfgyudqAV1wWdZinUk+H3pkqOKoHAy/8fST =3DYzQY -----END PGP PUBLIC KEY BLOCK----- --------------D581F55D8EA2C33C2C1AF998-- --3oTsvq2y3Ur1KYCU5kcDkcL9TaVlrTJYp-- --fQpT0KoSm9Cc6cvRD2swnZSmX7trJviY1 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEW7Wm6ldl0sWGPK4nWrL68XsXK+oFAl+PkekACgkQWrL68XsX K+rqYRAAsoFmAG4aZzGMPI+/76EaS2uWWZCSE83/RJUCrrBFzm3jV9O4rDRQAspP 8DA1ZG9cw8/5oREYF7p8yKN3R6pYpLBtqvALYrKA5MVurfRPsEku5ids6gB+wfvs REm5KGPcBL2zGSgl0xPGm7cVzegHYTviF3PKucuf3LSpy7LKd/QE6m6f+/ia9944 +t6VofIKo9/U643oWegj9bVZauHufGbLa2D9K4zPnGokhlp5UN+FmEAbFnCdx251 Of9E/p0jVW1q3wvfp4MDqCj2TgY+jnlZSa7QTPFbQUqETpZWhmmM7zvTJYXEHyA0 Es2le32CLfCrSSwLQD1CKhSi5iKNCw0AVABDIvTsMqapgNeiUpqA7lONSeJszIDf H0jz+UMHSletn61mBSzCIcjPUQ1lGMowRhNLsk1zaLRnsWu+UCmvci5hcYJLi7A5 UAHdapCGwV3Z3BVIuPTJDfkWN0jNTW0aGMXxBBKTAbOX1OCWGR6+mj10Tma8xGXc nrWrED4DJk2TWr9jbmzQ09F8EbpBcC2O78oYWa9Ec9/LVnO8o6Q30t5Pd1zwnvRi hs/l4W/R/pcFzKuHkQErQvqMLlNE4lRs1LnCLHn0BPdEmfncX8QuIp2BkX4xsxMF 7x6wzf/xDbZSRP0NnoQQXPx7yVuy+6DzLBMJ/G7G5Z1d6Yau9uc= =zdew -----END PGP SIGNATURE----- --fQpT0KoSm9Cc6cvRD2swnZSmX7trJviY1-- From nobody Tue Oct 20 19:00:08 2020 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A099E3A09C5 for ; Tue, 20 Oct 2020 19:00:07 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.1 X-Spam-Level: X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ribose.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gsVmSPAatPBo for ; Tue, 20 Oct 2020 19:00:05 -0700 (PDT) Received: from APC01-SG2-obe.outbound.protection.outlook.com (mail-eopbgr1310088.outbound.protection.outlook.com [40.107.131.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7D67A3A09C4 for ; Tue, 20 Oct 2020 19:00:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Ye36scobzAXVpbE6WcZfU/8XrlGCAfq3b3SfUYkskZrGwRItil4sf854tQG+cWbz1nmfo1hfIqtPCWce3YMn2xl8ysqdVmcOTa4Bxau96QpEq72x9gB4xwcEOdVJeQi8wGPSQURfVAA/BkfFb4hFnGmDbOT/OBpzrtEMx3lddaqWdpG45/IvTN81QK9yLK43fOOBW2UleZ5GNU/W/I0flhPxln/i4msFEWtzLCcqZHlnOw2b7/RR95CmIt8zFuA36VsKUHQo7qQp8dZ488szZsSjLHWmxZqd+nXA1OyYDhH/GcRd8X14sHJsMji5KlRN82VkKoyzhy963O4sy9+l/g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=H0sFgGOV7EwaTPMsEhbzBLYDZtmfdkUEMivWjyKqnuQ=; b=X+hw5oIMdVT5fN4psOD6Bmg3bAjeXp+fIPEBknYQkErR7DT2G/hpNT77+7iGOHaxoRgls6drJ7AlVUdH/sPJQJCZDBL7YZHUepfzzZ6xAXdwkTwiInR0l9C+oumMGJBycKsp4y84AGiOFyZRUomw1S9u4ribPMGJq355grUR+S4wJx/izkMFdspg1bVHIPqBx42Bw1lmMG9ju9WewzSDgzLfCW/5gM3drzfVjDXZRip1qqrQh6rw48lC4TrDY8RerR3AwkS4dN7bizfAE86r9sa8jFWTGlAYRTgMcIAE3vPOI1qh+2vu5cHxSemnvsaP1e6ewVUrB7DWM06bFaWROA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ribose.com; dmarc=pass action=none header.from=ribose.com; dkim=pass header.d=ribose.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ribose.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=H0sFgGOV7EwaTPMsEhbzBLYDZtmfdkUEMivWjyKqnuQ=; b=b2T0kp+a2Rwp2rOShzdbrBD4AihS49HVJGXQlevgUHGBhFnIGBahkK7L75fMOyOGmU7Dkir7wu10sPBALut6nwBUL+8NXS/YbzS1aYuFiBaYi3JaZuRXgZpoe0CCGaiO+DUHSkk1OZPZE6wdc1Gb/1/X/xZYcZD/Sil77xq15FU= Received: from SG2PR01MB2901.apcprd01.prod.exchangelabs.com (2603:1096:4:31::14) by SG2PR01MB3438.apcprd01.prod.exchangelabs.com (2603:1096:4:da::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3477.25; Wed, 21 Oct 2020 01:59:59 +0000 Received: from SG2PR01MB2901.apcprd01.prod.exchangelabs.com ([fe80::ce2:c58a:53b0:7414]) by SG2PR01MB2901.apcprd01.prod.exchangelabs.com ([fe80::ce2:c58a:53b0:7414%3]) with mapi id 15.20.3477.029; Wed, 21 Oct 2020 01:59:59 +0000 From: Ronald Tse To: Stephen Farrell , Paul Wouters , Derek Atkins , Benjamin Kaduk CC: "openpgp@ietf.org" Thread-Topic: [openpgp] heads-up: re-chartering the OPENPGP WG Thread-Index: AQHWpyynDWg5bnc+SU2qR9RgE4Pdx6mhOFAAgAAC+ACAAAFTh4AABbaAgAACqQCAAAhuAA== Date: Wed, 21 Oct 2020 01:59:59 +0000 Message-ID: References: <20201020215929.GR39170@kduck.mit.edu> <260d532c97cfcf8285f68fa6080c809317646a76.camel@16bits.net> <73b6595fad9bd10d2772a5c6842adabc.squirrel@mail2.ihtfp.org> <0FC168CB-4394-4924-82B9-B40A15969FF0@ribose.com> <8e5fca53-4a3c-bb64-ef87-3a0f9d4bc11b@cs.tcd.ie> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: Apple Mail (2.3608.120.23.2.1) authentication-results: cs.tcd.ie; dkim=none (message not signed) header.d=none;cs.tcd.ie; dmarc=none action=none header.from=ribose.com; x-originating-ip: [118.140.121.70] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 1755af9a-0f69-4a92-29b0-08d875650444 x-ms-traffictypediagnostic: SG2PR01MB3438: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: hJSuAWAGzTenW0lM6anDSZnJ/LpTeemzY0zmyLsjrEm4Efp8kRiRBGQcO51JvdWr3OnglSQDX6FhvaIwB4WGQX/+D9S9+pgrFPYILfydcBLjVIaJ8+JugD0rY3dQd5Ob6BGVmVIZ95KIwutCEBCT2cvzjNwI1XBPsiz54Ek/HrbBVvQmWp4JL+axwMMtdwDbFWu/O7FzSmYOFzlONil5wSXLDexR3LsqNT8nvp4P6KE4o0+yE5AMY2kFyv7yJzXW2rA0ZmMTGGk8yyARyqtwCGi3NC+7nGRLcPqJw+ZsQZSSnLmvaRqX7B/sF9JwlDM68LnYOleMH6uAY7RsDxGGkg== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SG2PR01MB2901.apcprd01.prod.exchangelabs.com; PTR:; CAT:NONE; SFS:(39830400003)(346002)(366004)(376002)(396003)(136003)(66556008)(66476007)(64756008)(66446008)(8936002)(6506007)(8676002)(36756003)(186003)(66946007)(76116006)(71200400001)(2906002)(26005)(53546011)(478600001)(296002)(5660300002)(316002)(83380400001)(2616005)(33656002)(6512007)(110136005)(86362001)(4326008)(6486002); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata: VYhuwgRMHEn3JjG8dzjAZ3rOaB2TNBb5wptSox8YQ9F2d7Ik77SYcEFMNyBq+7dhLCSNYcivxKXurky344bK108npt0JZcP14/+BLUNhsow4tHs2EbLk1I7CF2nJeCTdnLUEDeoGP/ZtzUh+xax0Ux8LG7ECBx3x6ECwPQS/Q0Mku5TxTvFWKJzyfg0Dcr5xWfvK7Lr4mpSwrgAlCTZEAUSuQIdXNxnMaO4ryzdONenJ/m716cAuI9ywhr0vqPAcReb3tmzBIDt30bsgchDPIhUBgM6oAipB35DDLx45+NOiCCUvMLwPBxYxsvUSrIdbzV8eDZL8Vg9dlvbO7boT8MZ/RDy6acnWJtOmqT43KY5lI+yv+v/p/rMHG2Xr9tYChXsmBH0ouH8TNKyP+qTU9xWpBvgm0+ue06vrROrCUPM7FEnihOaPJ33EBmtEV6quYGdPn1Sxq0AuUgSmkou2s/VOF6CuZ7FSxbP+PEECGJmbZLIclTHrsbPNoRZg/2xu/NSN0EI65eIQ3SIxckIkYI1zayNS1Ypw7xsfWxEJ7mc06Cqbtm5pM56umIe7rb0PLOgT7WQnFWhEowCaKqqg4f5OoVyejru3cgiTRH5rMckEIRJLJpCUYyMEzNBfdsXnQ/S1rW112Ff0sSIXobYbRA== x-ms-exchange-transport-forked: True Content-Type: multipart/alternative; boundary="_000_DF56BF7AFAB347C38D8EEAF2BD12E970ribosecom_" MIME-Version: 1.0 X-OriginatorOrg: ribose.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: SG2PR01MB2901.apcprd01.prod.exchangelabs.com X-MS-Exchange-CrossTenant-Network-Message-Id: 1755af9a-0f69-4a92-29b0-08d875650444 X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Oct 2020 01:59:59.4618 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: d98a04ff-ef98-489b-b33c-13c23a2e091a X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 8bwW5qL8thHB4wj+77m7L+I6HQvIdbeym3T2TruzXLphU5cqEYHut9XzHm9aTbze X-MS-Exchange-Transport-CrossTenantHeadersStamped: SG2PR01MB3438 Archived-At: Subject: Re: [openpgp] heads-up: re-chartering the OPENPGP WG X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Oct 2020 02:00:08 -0000 --_000_DF56BF7AFAB347C38D8EEAF2BD12E970ribosecom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 VGhhbmtzIFN0ZXBoZW4gZm9yIHNoYXJpbmcgdGhlIGRyYWZ0IGNoYXJ0ZXIuDQoNClJlZ2FyZGlu ZyB0aGUg4oCcbWluaW1hbCBiaXQgb2YgcHJvZ3Jlc3PigJ0gbWVudGlvbmVkIGJ5IFN0ZXBoZW46 DQoNCkZyb20gbXkgUE9WLCBJJ20gaGFwcHkgdG8gdHJ5IGhlbHAgb3V0IHRvIGdldCBhIGZhaXJs eQ0KbWluaW1hbCBiaXQgb2YgcHJvZ3Jlc3MgcHJvZ3Jlc3NlZCAoYXMgYW4gUkZDKSAtIGlmIHdl IGNhbg0KdXNlZnVsbHkgc3VjY2VlZCBpbiB0aGF0ICh3aGljaCBpc24ndCBhIGdpdmVuKS4NCg0K U2luY2UgNDg4MGJpcyBpcyBhbHJlYWR5IGluIHByb2dyZXNzIGFuZCBhZGRyZXNzZXMgc2V2ZXJh bCBjb25jZXJucyBsaXN0ZWQgaW4gdGhlIGRyYWZ0IGNoYXJ0ZXIsIHdpdGggaW5kaXZpZHVhbCBj aGFuZ2VzIGZyb20gNDg4MCBkaXNjdXNzZWQgYW5kIGRvY3VtZW50ZWQgd2l0aCBjb25zZW5zdXMg aW4gdGhpcyBtYWlsaW5nIGxpc3QsIEkgYXNzdW1lIHRoZSBiZXN0IHdheSBpcyB0byBhZG9wdCB0 aGUgNDg4MGJpcyBhbmQgc2hlcGhlcmQgaXQgdG93YXJkcyBwdWJsaWNhdGlvbiBhcyB0aGUgZmly c3QgZGVsaXZlcmFibGUgb2YgdGhlIE9wZW5QR1Agd29ya2luZyBncm91cC4NCg0KSSB3b3VsZCBz YXkgYWRkaW5nIGF0IGxlYXN0IG9uZSBtb3JlIEF1dGhvci9FZGl0b3IgdG8gdGhlIGJpcyBkb2N1 bWVudA0KaXMgcmVxdWlyZWQgdG8gZW5zdXJlIHRpbWVseSBhbmQgY29vcmRpbmF0ZWQgdXBkYXRl cyBvZiB0aGUgZHJhZnQgYmFzZWQNCm9uIFdHIGNvbnNlbnN1cy4NCg0KVGhlIGN1cnJlbnQgYmlz IGRvY3VtZW50IGFscmVhZHkgY29udGFpbnMgNSBlZGl0b3JzLCBhbGwgb2Ygd2hvbSBhcmUgYWN0 aXZlIGhlcmUsIHJlcHJlc2VudGluZyB2YXJpb3VzIGltcGxlbWVudGF0aW9ucy4gSeKAmW0gbm90 IHN1cmUgaWYgYWRkaW5nIG1vcmUgYXV0aG9ycy9lZGl0b3JzIHdpbGwgZmFjaWxpdGF0ZSAiV0cg Y29uc2Vuc3Vz4oCdLiBDb25zZW5zdXMgaXMgbm90IG5lY2Vzc2FyaWx5IHVuaXZlcnNhbCBhZ3Jl ZW1lbnQsIGFzIGRlc2NyaWJlZCBpbiBSRkMgNzI4Mi4NCg0KS2luZCByZWdhcmRzLA0KUm9uDQoN Cl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18NCg0KUm9uYWxkIFRzZQ0KUmli b3NlIEluYy4NCg0KT24gT2N0IDIxLCAyMDIwLCBhdCA5OjI5IEFNLCBQYXVsIFdvdXRlcnMgPHBh dWxAbm9oYXRzLmNhPG1haWx0bzpwYXVsQG5vaGF0cy5jYT4+IHdyb3RlOg0KDQpPbiBXZWQsIDIx IE9jdCAyMDIwLCBTdGVwaGVuIEZhcnJlbGwgd3JvdGU6DQoNClRoZSBkcmFmdCBjaGFydGVyIGlz IGF0IFsxXS4NCg0KSSB3b3VsZCByZW1vdmUgdGhlICJPdGhlciB3b3JrIHJlbGF0ZWQgdG8gT3Bl blBHUCIgc2VjdGlvbi4gT25lIG9mIHRoZQ0KaXNzdWVzIGluIHRoaXMgZ3JvdXAgaGFzIGJlZW4g c3VkZGVuIG5ldyBpdGVtcyBhcHBlYXJpbmcgYW5kIGJlaW5nDQp3b3JrZWQgb24gd2l0aG91dCBj b25zZW5zdXMuIE1vZGlmeSB0aGUgY2hhcnRlciBhZnRlciA0ODgwYmlzIGlzIGRvbmUNCnRvIGRv ICJvdGhlciB3b3JrIg0KDQoNCkkgd291bGQgc2F5IGFkZGluZyBhdCBsZWFzdCBvbmUgbW9yZSBB dXRob3IvRWRpdG9yIHRvIHRoZSBiaXMgZG9jdW1lbnQNCmlzIHJlcXVpcmVkIHRvIGVuc3VyZSB0 aW1lbHkgYW5kIGNvb3JkaW5hdGVkIHVwZGF0ZXMgb2YgdGhlIGRyYWZ0IGJhc2VkDQpvbiBXRyBj b25zZW5zdXMuIEFzIHBhcnQgb2YgdGhlIGxhc3Qgcm91bmQgb2Ygb3BlbnBncCBXRyBub3Qgd29y a2luZw0Kc2VlbWVkIHRvIGNlbnRlciBhcm91bmQgYSAocGVyY2VpdmVkIG9yIHJlYWwgSSBoYXZl IG5vIG9waW5pb24pIGRpc2Nvbm5lY3QNCmJldHdlZW4gV0cgbWVtYmVycyBhbmQgZHJhZnQgYXV0 aG9yLg0KDQpQYXVsDQoNCg== --_000_DF56BF7AFAB347C38D8EEAF2BD12E970ribosecom_ Content-Type: text/html; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 PGh0bWw+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0i dGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjwvaGVhZD4NCjxib2R5IHN0eWxlPSJ3b3JkLXdy YXA6IGJyZWFrLXdvcmQ7IC13ZWJraXQtbmJzcC1tb2RlOiBzcGFjZTsgbGluZS1icmVhazogYWZ0 ZXItd2hpdGUtc3BhY2U7IiBjbGFzcz0iIj4NClRoYW5rcyBTdGVwaGVuIGZvciBzaGFyaW5nIHRo ZSBkcmFmdCBjaGFydGVyLiZuYnNwOw0KPGRpdiBjbGFzcz0iIj48YnIgY2xhc3M9IiI+DQo8L2Rp dj4NCjxkaXYgY2xhc3M9IiI+UmVnYXJkaW5nIHRoZSDigJxtaW5pbWFsIGJpdCBvZiBwcm9ncmVz c+KAnSBtZW50aW9uZWQgYnkgU3RlcGhlbjo8L2Rpdj4NCjxkaXYgY2xhc3M9IiI+PGJyIGNsYXNz PSIiPg0KPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPg0KPGJsb2NrcXVvdGUgdHlwZT0iY2l0ZSIgY2xh c3M9IiI+DQo8YmxvY2txdW90ZSB0eXBlPSJjaXRlIiBjbGFzcz0iIj5Gcm9tIG15IFBPViwgSSdt IGhhcHB5IHRvIHRyeSBoZWxwIG91dCB0byBnZXQgYSBmYWlybHk8YnIgY2xhc3M9IiI+DQptaW5p bWFsIGJpdCBvZiBwcm9ncmVzcyBwcm9ncmVzc2VkIChhcyBhbiBSRkMpIC0gaWYgd2UgY2FuPGJy IGNsYXNzPSIiPg0KdXNlZnVsbHkgc3VjY2VlZCBpbiB0aGF0ICh3aGljaCBpc24ndCBhIGdpdmVu KS48L2Jsb2NrcXVvdGU+DQo8L2Jsb2NrcXVvdGU+DQo8ZGl2IGNsYXNzPSIiPjxiciBjbGFzcz0i Ij4NCjwvZGl2Pg0KU2luY2UgNDg4MGJpcyBpcyBhbHJlYWR5IGluIHByb2dyZXNzIGFuZCBhZGRy ZXNzZXMgc2V2ZXJhbCBjb25jZXJucyBsaXN0ZWQgaW4gdGhlIGRyYWZ0IGNoYXJ0ZXIsIHdpdGgg aW5kaXZpZHVhbCBjaGFuZ2VzIGZyb20gNDg4MCBkaXNjdXNzZWQgYW5kIGRvY3VtZW50ZWQgd2l0 aCBjb25zZW5zdXMgaW4gdGhpcyBtYWlsaW5nIGxpc3QsIEkgYXNzdW1lIHRoZSBiZXN0IHdheSBp cyB0byBhZG9wdCB0aGUgNDg4MGJpcyBhbmQgc2hlcGhlcmQgaXQgdG93YXJkcw0KIHB1YmxpY2F0 aW9uIGFzIHRoZSBmaXJzdCBkZWxpdmVyYWJsZSBvZiB0aGUgT3BlblBHUCB3b3JraW5nIGdyb3Vw LjwvZGl2Pg0KPGRpdiBjbGFzcz0iIj48YnIgY2xhc3M9IiI+DQo8L2Rpdj4NCjxkaXYgY2xhc3M9 IiI+DQo8YmxvY2txdW90ZSB0eXBlPSJjaXRlIiBjbGFzcz0iIj5JIHdvdWxkIHNheSBhZGRpbmcg YXQgbGVhc3Qgb25lIG1vcmUgQXV0aG9yL0VkaXRvciB0byB0aGUgYmlzIGRvY3VtZW50PGJyIGNs YXNzPSIiPg0KaXMgcmVxdWlyZWQgdG8gZW5zdXJlIHRpbWVseSBhbmQgY29vcmRpbmF0ZWQgdXBk YXRlcyBvZiB0aGUgZHJhZnQgYmFzZWQ8YnIgY2xhc3M9IiI+DQpvbiBXRyBjb25zZW5zdXMuJm5i c3A7PGJyIGNsYXNzPSIiPg0KPGRpdiBjbGFzcz0iIj48L2Rpdj4NCjwvYmxvY2txdW90ZT4NCjxk aXYgY2xhc3M9IiI+PGJyIGNsYXNzPSIiPg0KPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPlRoZSBjdXJy ZW50IGJpcyBkb2N1bWVudCBhbHJlYWR5IGNvbnRhaW5zIDUgZWRpdG9ycywgYWxsIG9mIHdob20g YXJlIGFjdGl2ZSBoZXJlLCByZXByZXNlbnRpbmcgdmFyaW91cyBpbXBsZW1lbnRhdGlvbnMuIEni gJltIG5vdCBzdXJlIGlmIGFkZGluZyBtb3JlIGF1dGhvcnMvZWRpdG9ycyB3aWxsIGZhY2lsaXRh dGUgJnF1b3Q7V0cgY29uc2Vuc3Vz4oCdLiBDb25zZW5zdXMgaXMgbm90IG5lY2Vzc2FyaWx5IHVu aXZlcnNhbCBhZ3JlZW1lbnQsDQogYXMgZGVzY3JpYmVkIGluIFJGQyA3MjgyLjwvZGl2Pg0KPGRp diBjbGFzcz0iIj48YnIgY2xhc3M9IiI+DQo8L2Rpdj4NCjxkaXYgY2xhc3M9IiI+S2luZCByZWdh cmRzLDwvZGl2Pg0KPGRpdiBjbGFzcz0iIj5Sb248L2Rpdj4NCjxkaXYgY2xhc3M9IiI+PGJyIGNs YXNzPSIiPg0KPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPg0KPGRpdiBzdHlsZT0iY29sb3I6IHJnYigw LCAwLCAwKTsgbGV0dGVyLXNwYWNpbmc6IG5vcm1hbDsgb3JwaGFuczogYXV0bzsgdGV4dC1hbGln bjogc3RhcnQ7IHRleHQtaW5kZW50OiAwcHg7IHRleHQtdHJhbnNmb3JtOiBub25lOyB3aGl0ZS1z cGFjZTogbm9ybWFsOyB3aWRvd3M6IGF1dG87IHdvcmQtc3BhY2luZzogMHB4OyAtd2Via2l0LXRl eHQtc3Ryb2tlLXdpZHRoOiAwcHg7IHdvcmQtd3JhcDogYnJlYWstd29yZDsgLXdlYmtpdC1uYnNw LW1vZGU6IHNwYWNlOyAtd2Via2l0LWxpbmUtYnJlYWs6IGFmdGVyLXdoaXRlLXNwYWNlOyIgY2xh c3M9IiI+DQpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fPGJyIGNsYXNzPSIi Pg0KPGJyIGNsYXNzPSIiPg0KUm9uYWxkIFRzZTxiciBjbGFzcz0iIj4NClJpYm9zZSBJbmMuPGJy IGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KPC9kaXY+DQo8L2Rpdj4NCjxkaXY+DQo8YmxvY2tx dW90ZSB0eXBlPSJjaXRlIiBjbGFzcz0iIj4NCjxkaXYgY2xhc3M9IiI+T24gT2N0IDIxLCAyMDIw LCBhdCA5OjI5IEFNLCBQYXVsIFdvdXRlcnMgJmx0OzxhIGhyZWY9Im1haWx0bzpwYXVsQG5vaGF0 cy5jYSIgY2xhc3M9IiI+cGF1bEBub2hhdHMuY2E8L2E+Jmd0OyB3cm90ZTo8L2Rpdj4NCjxiciBj bGFzcz0iQXBwbGUtaW50ZXJjaGFuZ2UtbmV3bGluZSI+DQo8ZGl2IGNsYXNzPSIiPg0KPGRpdiBj bGFzcz0iIj5PbiBXZWQsIDIxIE9jdCAyMDIwLCBTdGVwaGVuIEZhcnJlbGwgd3JvdGU6PGJyIGNs YXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KPGJsb2NrcXVvdGUgdHlwZT0iY2l0ZSIgY2xhc3M9IiI+ VGhlIGRyYWZ0IGNoYXJ0ZXIgaXMgYXQgWzFdLjxiciBjbGFzcz0iIj4NCjwvYmxvY2txdW90ZT4N CjxiciBjbGFzcz0iIj4NCkkgd291bGQgcmVtb3ZlIHRoZSAmcXVvdDtPdGhlciB3b3JrIHJlbGF0 ZWQgdG8gT3BlblBHUCZxdW90OyBzZWN0aW9uLiBPbmUgb2YgdGhlPGJyIGNsYXNzPSIiPg0KaXNz dWVzIGluIHRoaXMgZ3JvdXAgaGFzIGJlZW4gc3VkZGVuIG5ldyBpdGVtcyBhcHBlYXJpbmcgYW5k IGJlaW5nPGJyIGNsYXNzPSIiPg0Kd29ya2VkIG9uIHdpdGhvdXQgY29uc2Vuc3VzLiBNb2RpZnkg dGhlIGNoYXJ0ZXIgYWZ0ZXIgNDg4MGJpcyBpcyBkb25lPGJyIGNsYXNzPSIiPg0KdG8gZG8gJnF1 b3Q7b3RoZXIgd29yayZxdW90OzxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCjxiciBjbGFz cz0iIj4NCkkgd291bGQgc2F5IGFkZGluZyBhdCBsZWFzdCBvbmUgbW9yZSBBdXRob3IvRWRpdG9y IHRvIHRoZSBiaXMgZG9jdW1lbnQ8YnIgY2xhc3M9IiI+DQppcyByZXF1aXJlZCB0byBlbnN1cmUg dGltZWx5IGFuZCBjb29yZGluYXRlZCB1cGRhdGVzIG9mIHRoZSBkcmFmdCBiYXNlZDxiciBjbGFz cz0iIj4NCm9uIFdHIGNvbnNlbnN1cy4gQXMgcGFydCBvZiB0aGUgbGFzdCByb3VuZCBvZiBvcGVu cGdwIFdHIG5vdCB3b3JraW5nPGJyIGNsYXNzPSIiPg0Kc2VlbWVkIHRvIGNlbnRlciBhcm91bmQg YSAocGVyY2VpdmVkIG9yIHJlYWwgSSBoYXZlIG5vIG9waW5pb24pIGRpc2Nvbm5lY3Q8YnIgY2xh c3M9IiI+DQpiZXR3ZWVuIFdHIG1lbWJlcnMgYW5kIGRyYWZ0IGF1dGhvci48YnIgY2xhc3M9IiI+ DQo8YnIgY2xhc3M9IiI+DQpQYXVsPGJyIGNsYXNzPSIiPg0KPC9kaXY+DQo8L2Rpdj4NCjwvYmxv Y2txdW90ZT4NCjwvZGl2Pg0KPGJyIGNsYXNzPSIiPg0KPC9kaXY+DQo8L2JvZHk+DQo8L2h0bWw+ DQo= --_000_DF56BF7AFAB347C38D8EEAF2BD12E970ribosecom_-- From nobody Tue Oct 20 19:08:04 2020 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 06E693A09F4 for ; Tue, 20 Oct 2020 19:08:03 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id POAmNAXTjBSm for ; Tue, 20 Oct 2020 19:08:01 -0700 (PDT) Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4715E3A09EE for ; Tue, 20 Oct 2020 19:07:59 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 4D4433899F; Tue, 20 Oct 2020 22:14:12 -0400 (EDT) Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id ljPWpTG1Ux-T; Tue, 20 Oct 2020 22:14:11 -0400 (EDT) Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id CC3DF3899D; Tue, 20 Oct 2020 22:14:11 -0400 (EDT) Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id DF36C212; Tue, 20 Oct 2020 22:07:57 -0400 (EDT) From: Michael Richardson To: Stephen Farrell , "openpgp\@ietf.org" In-Reply-To: <8e5fca53-4a3c-bb64-ef87-3a0f9d4bc11b@cs.tcd.ie> References: <20201020215929.GR39170@kduck.mit.edu> <260d532c97cfcf8285f68fa6080c809317646a76.camel@16bits.net> <73b6595fad9bd10d2772a5c6842adabc.squirrel@mail2.ihtfp.org> <0FC168CB-4394-4924-82B9-B40A15969FF0@ribose.com> <8e5fca53-4a3c-bb64-ef87-3a0f9d4bc11b@cs.tcd.ie> X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Subject: Re: [openpgp] heads-up: re-chartering the OPENPGP WG X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Oct 2020 02:08:03 -0000 --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Stephen Farrell wrote: > The draft charter is at [1]. > Comments and discussion of that are more than welcome. Thank you. > From my POV, I'm happy to try help out to get a fairly > minimal bit of progress progressed (as an RFC) - if we can > usefully succeed in that (which isn't a given). > FWIW, I do think starting with a very modest goal is > likely a good plan for now. A bit of success (in terms > of an RFC that is implemented, deployed and more up to > date) is already not that easy, but success does > breed success so if we got that done, then extending > the charter based on success is not so hard. I'm not opposed to any of the work described. It's all good. Asynchronously to it, under the auspices of: } 1. The work will not unduly delay the closure of the working group after } the revision is finished (unless the working group is rechartered). It seems that the key distributions servers suffer from a variety of ailments. DDOS attacks, and other privacy issues. We also have draft-koch-openpgp-webkey-service in the DT, which sure sounds like webfinger/rfc7033, yet isn't. I think that there is some spec somewhere (maybe PHB's MMM) about asking for keys via MIME. =2D- Michael Richardson . o O ( IPv6 I=C3=B8T consulti= ng ) Sandelman Software Works Inc, Ottawa and Worldwide --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAl+Pl/0ACgkQgItw+93Q 3WURUgf+Izj5GkuqYalzDpD32q16Aq4qwy9sWBj7x1gZUvyjvsVP/EIGJhTyYNIt l09gp1hMzsma81ArqNyRymdW2kTuzzSBWRuzop7A1JQElQfPyR4XYcICdEMWphvS dFz3uzNVMK6r/0H/9xBuGfCa9Rf0r57qf+GY9kSnw2msp4fDeDjslaTdYC1gPYBY OQ4G9B3T3stEDuQ4lBY6VQQ6VgylwYDjHyVzEJCGcN8Iu8lNL2+Hf6GabcEJQU6A tZJd86MQjo3jLo6MsZLKu3T8WFSfzwajdZSFP/MQpuAsEoCHOfvGePGes9xXsB0L 1DSjvQrfObIS0MQbvea2vig0iMIWrQ== =sKBF -----END PGP SIGNATURE----- --=-=-=-- From nobody Tue Oct 20 19:52:08 2020 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 325CD3A0AE0 for ; Tue, 20 Oct 2020 19:52:07 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.098 X-Spam-Level: X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ihtfp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JOcRyiX71BRc for ; Tue, 20 Oct 2020 19:52:04 -0700 (PDT) Received: from mail2.ihtfp.org (MAIL2.IHTFP.ORG [204.107.200.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0A2C63A0AF1 for ; Tue, 20 Oct 2020 19:50:59 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail2.ihtfp.org (Postfix) with ESMTP id 8DC4AE2040; Tue, 20 Oct 2020 22:50:57 -0400 (EDT) Received: from mail2.ihtfp.org ([127.0.0.1]) by localhost (mail2.ihtfp.org [127.0.0.1]) (amavisd-maia, port 10024) with ESMTP id 28455-06; Tue, 20 Oct 2020 22:50:55 -0400 (EDT) Received: from [192.168.248.147] (IHTFP-DHCP-147.IHTFP.ORG [192.168.248.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by mail2.ihtfp.org (Postfix) with ESMTPSA id AB18FE203F; Tue, 20 Oct 2020 22:50:55 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ihtfp.com; s=default; t=1603248655; bh=2+Yen2Vy0f70cCbXUli3hDRnBnT3RW3QwnWSp7fsJo0=; h=From:To:CC:Date:In-Reply-To:References:Subject; b=lREM3aFsMVCeUX/+8SPQeLHnAGmZ0KscVyEtJYqcR2IP82MOw+6sAElMUOXIdfiWc 4BKOZd33vEzKR3bxUdmInxRF/iZBsmFAgbrYyVHfwY7xrXBWH11TB2iP/C8r5v6tGx uxQ3qbbEuOdyFd9oltgkm2WZUJITpIVlcc0uWREw= From: Derek Atkins To: Benjamin Kaduk CC: Date: Tue, 20 Oct 2020 22:50:55 -0400 Message-ID: <17549110a98.27ea.ee0929d4f8247208f860e07266211506@ihtfp.com> In-Reply-To: <20201021014127.GS39170@kduck.mit.edu> References: <20201020215929.GR39170@kduck.mit.edu> <260d532c97cfcf8285f68fa6080c809317646a76.camel@16bits.net> <73b6595fad9bd10d2772a5c6842adabc.squirrel@mail2.ihtfp.org> <20201021014127.GS39170@kduck.mit.edu> User-Agent: AquaMail/1.26.0-1689 (build: 102600004) MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----------17549110ce264a727ea9feab9" X-Virus-Scanned: Maia Mailguard 1.0.2a Archived-At: Subject: Re: [openpgp] heads-up: re-chartering the OPENPGP WG X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Oct 2020 02:52:07 -0000 This is a multi-part message in MIME format. ------------17549110ce264a727ea9feab9 Content-Type: text/plain; format=flowed; charset="UTF-8" Content-Transfer-Encoding: 8bit Thank you. I will take a closer look in the morning. I need to talk with management, but if they approve I am happy to throw my hat in the ring as a secondary editor. -derek Sent using my mobile device. Please excuse any typos. On October 20, 2020 9:42:04 PM Benjamin Kaduk wrote: > Hi Derek, > > On Tue, Oct 20, 2020 at 08:55:06PM -0400, Derek Atkins wrote: >> >> On Tue, October 20, 2020 8:44 pm, Ángel wrote: >> > On 2020-10-20 at 14:59 -0700, Benjamin Kaduk wrote: >> >> Please welcome the chairs for the now-in-proposed-state WG, >> >> Daniel Kahn Gillmor and Stephen Farrell! >> >> >> >> Looking forward to many successful RFCs :) >> >> >> >> -Ben >> > >> > Nice to hear! Although I would be happy to see just a few for now :-) >> >> This is complete news to me; I have seen no proposed charter sent to this >> mailing list. >> Did I miss it? > > To be honest, I'm not sure -- I've had a todo item to get this started for > far longer than I care to admit, and have forgotten where I have (or > haven't) been talking about it. My apologies if I ended up starting off on > the wrong foot as a result! > > In any case, Stephen has already linked to the draft charter text (which > bears a striking resemblance to the charter from the previous iteration of > the WG). It feels quite natural to me to attempt to recharter as a WG, > since we have seen renewed interest and implementation, and there is this > not-a-WG-draft-but-looks-like-one document that's been getting edits. The > best end-state for that document is going to be as a published RFC, and I > (and I believe Roman as well) would be most comfortable with it coming > through a WG process. > > -Ben ------------17549110ce264a727ea9feab9 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Thank you. 
I will take a clo= ser look in the morning. 

I need to talk with management, but if they approve I am happy to th= row my hat in the ring as a secondary editor. 

-derek
Sent using my mobile device. = Please excuse any typos. 

On October 20, 2020 9:42:04 PM Benjamin Kaduk <kaduk@m= it.edu> wrote:

Hi Derek,

On Tue, Oct 20, 2020 at 08:55:06PM -0400, Derek Atkins wr= ote:

On Tue, October 20, 2020 8:44 pm, =C3=81ngel wrote:
On 2020-10-20 at 14:59 -0700, Benjamin Kaduk wrote:
Please welcome the chairs for the now-in-proposed-state W= G,
Daniel Kahn Gillmor and Stephen Farrell!

Looking forward to many successful RFCs :)

-Ben

Nice to hear! Although I would be happy to see just a few= for now :-)

This is complete news to me; I have seen no proposed char= ter sent to this
mailing list.
Did I miss it?

To be honest, I'm not sure -- I've had a todo item to get= this started for
far longer than I care to admit, and have forgotten where= I have (or
haven't) been talking about it.  My apologies if I e= nded up starting off on
the wrong foot as a result!

In any case, Stephen has already linked to the draft char= ter text (which
bears a striking resemblance to the charter from the prev= ious iteration of
the WG).  It feels quite natural to me to attempt to= recharter as a WG,
since we have seen renewed interest and implementation, a= nd there is this
not-a-WG-draft-but-looks-like-one document that's been ge= tting edits.  The
best end-state for that document is going to be as a publ= ished RFC, and I
(and I believe Roman as well) would be most comfortable w= ith it coming
through a WG process.

-Ben

------------17549110ce264a727ea9feab9-- From nobody Wed Oct 21 05:01:53 2020 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AE5EF3A03F1 for ; Wed, 21 Oct 2020 05:01:51 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.099 X-Spam-Level: X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ihtfp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I-nvX36wGyTV for ; Wed, 21 Oct 2020 05:01:50 -0700 (PDT) Received: from mail2.ihtfp.org (MAIL2.IHTFP.ORG [204.107.200.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EDD483A03EE for ; Wed, 21 Oct 2020 05:01:49 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail2.ihtfp.org (Postfix) with ESMTP id 66738E203F; Wed, 21 Oct 2020 08:01:48 -0400 (EDT) Received: from mail2.ihtfp.org ([127.0.0.1]) by localhost (mail2.ihtfp.org [127.0.0.1]) (amavisd-maia, port 10024) with ESMTP id 09432-01; Wed, 21 Oct 2020 08:01:46 -0400 (EDT) Received: by mail2.ihtfp.org (Postfix, from userid 48) id D418DE2040; Wed, 21 Oct 2020 08:01:46 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ihtfp.com; s=default; t=1603281706; bh=Bkadq6KDLRvPbFT/22gkZslUleRVLvH+2DMXSWk0XkE=; h=In-Reply-To:References:Date:Subject:From:To:Cc; b=gEnFZDUX3F8DrX2LEgreLOK31IqZ77wrhragj5Sju05/q7Lv1ThpUOoMov20ihWTZ QI1tsqpu91j1JIFhMFwNrM6Wv3aO/4ub/cIYn4xqROROrjz3K1h62I6XNITPBo0IRR RDmc+6QjJTiLD/fa83HKZOUvPrnbaHZXB9IrMtZU= Received: from 192.168.248.158 (SquirrelMail authenticated user warlord) by mail2.ihtfp.org with HTTP; Wed, 21 Oct 2020 08:01:46 -0400 Message-ID: In-Reply-To: <8e5fca53-4a3c-bb64-ef87-3a0f9d4bc11b@cs.tcd.ie> References: <20201020215929.GR39170@kduck.mit.edu> <260d532c97cfcf8285f68fa6080c809317646a76.camel@16bits.net> <73b6595fad9bd10d2772a5c6842adabc.squirrel@mail2.ihtfp.org> <0FC168CB-4394-4924-82B9-B40A15969FF0@ribose.com> <8e5fca53-4a3c-bb64-ef87-3a0f9d4bc11b@cs.tcd.ie> Date: Wed, 21 Oct 2020 08:01:46 -0400 From: "Derek Atkins" To: "Stephen Farrell" Cc: "Ronald Tse" , "Derek Atkins" , "openpgp@ietf.org" , "Benjamin Kaduk" User-Agent: SquirrelMail/1.4.22-14.fc20 MIME-Version: 1.0 Content-Type: text/plain;charset=utf-8 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-Virus-Scanned: Maia Mailguard 1.0.2a Archived-At: Subject: Re: [openpgp] heads-up: re-chartering the OPENPGP WG X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Oct 2020 12:01:52 -0000 So... IF I read this right, the plan is to start from RFC4880 and then re-hash all the discussions we've had in the past decade+ to re-introduce changes to it? Or is the plan to start from the current rfc4880bis draft and work from there to get it across the finish line? The current wording in the charter leads me to the former and not the latter process. Can you please confirm? Thanks, -derek On Tue, October 20, 2020 9:20 pm, Stephen Farrell wrote: > > Hiya, > > The draft charter is at [1]. > > Comments and discussion of that are more than welcome. > > From my POV, I'm happy to try help out to get a fairly > minimal bit of progress progressed (as an RFC) - if we can > usefully succeed in that (which isn't a given). > > FWIW, I do think starting with a very modest goal is > likely a good plan for now. A bit of success (in terms > of an RFC that is implemented, deployed and more up to > date) is already not that easy, but success does > breed success so if we got that done, then extending > the charter based on success is not so hard. > > Cheers, > S. > > [1] https://datatracker.ietf.org/doc/charter-ietf-openpgp/ > > On 21/10/2020 01:59, Ronald Tse wrote: >> I second Derek’s message here, haven’t seen a proposed charter at the >> mailing list? >> >> _____________________________________ >> >> Ronald Tse >> Ribose Inc. >> >>> On Oct 21, 2020, at 8:55 AM, Derek Atkins wrote: >>> >>>  >>>> On Tue, October 20, 2020 8:44 pm, Ángel wrote: >>>>> On 2020-10-20 at 14:59 -0700, Benjamin Kaduk wrote: >>>>> Please welcome the chairs for the now-in-proposed-state WG, >>>>> Daniel Kahn Gillmor and Stephen Farrell! >>>>> >>>>> Looking forward to many successful RFCs :) >>>>> >>>>> -Ben >>>> >>>> Nice to hear! Although I would be happy to see just a few for now :-) >>> >>> This is complete news to me; I have seen no proposed charter sent to >>> this >>> mailing list. >>> Did I miss it? >>> >>> -derek >>> -- >>> Derek Atkins 617-623-3745 >>> derek@ihtfp.com www.ihtfp.com >>> Computer and Internet Security Consultant >>> >>> _______________________________________________ >>> openpgp mailing list >>> openpgp@ietf.org >>> https://www.ietf.org/mailman/listinfo/openpgp >> _______________________________________________ >> openpgp mailing list >> openpgp@ietf.org >> https://www.ietf.org/mailman/listinfo/openpgp >> > _______________________________________________ > openpgp mailing list > openpgp@ietf.org > https://www.ietf.org/mailman/listinfo/openpgp > -- Derek Atkins 617-623-3745 derek@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant From nobody Wed Oct 21 05:33:17 2020 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 382133A0C0F for ; Wed, 21 Oct 2020 05:33:15 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.246 X-Spam-Level: X-Spam-Status: No, score=-2.246 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, NICE_REPLY_A=-0.247, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MmCY20M4S_hQ for ; Wed, 21 Oct 2020 05:33:12 -0700 (PDT) Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 891443A0B89 for ; Wed, 21 Oct 2020 05:33:12 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id B7D1EBE79; Wed, 21 Oct 2020 13:33:09 +0100 (IST) X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Vh7mITzgVhkD; Wed, 21 Oct 2020 13:33:07 +0100 (IST) Received: from [10.244.2.119] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 57F72BE6F; Wed, 21 Oct 2020 13:33:07 +0100 (IST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1603283587; bh=2KMagnPB9TvZrbgzPdDfpzomI5ufBtitEwmGcAou2CE=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=aN0CQVTz5lAnujigTM6gkNsoCvqfJG7O/+p1dyUNw58CjImGRPQpUknxza6N7uvGO qyLKYjWQzaUBOlTZqnv2moxfxE1kiowFxY88YZsaHxaKdnXxu5zsDi+EOVgEAnxOWL 7BWO3W/tdlxnu5+XfQnBUNQwGFGtanJ5uXAUSSeQ= To: Derek Atkins Cc: Ronald Tse , "openpgp@ietf.org" , Benjamin Kaduk References: <20201020215929.GR39170@kduck.mit.edu> <260d532c97cfcf8285f68fa6080c809317646a76.camel@16bits.net> <73b6595fad9bd10d2772a5c6842adabc.squirrel@mail2.ihtfp.org> <0FC168CB-4394-4924-82B9-B40A15969FF0@ribose.com> <8e5fca53-4a3c-bb64-ef87-3a0f9d4bc11b@cs.tcd.ie> From: Stephen Farrell Autocrypt: addr=stephen.farrell@cs.tcd.ie; prefer-encrypt=mutual; keydata= mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nemCP5PMvmh 5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kTq0IqYzsEv5HI58S+ QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtEgvw4fVhVWJuyy3w//0F2tzKr EMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy+pAh4EKzS1FE7BOZp9daMu9MUQmDqtZU bUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqO Vz+7L+WiVfxLbeVqBwV+4uL9to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJg b097ZaNyuY1ETghVB5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k 4LyM2lp5FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9tlyWxn5Xi HzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQABtDJTdGVwaGVuIEZh cnJlbGwgKDIwMTcpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPokCQAQTAQgAKgIbAwUJ CZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAUCWj6jdwIZAQAKCRBasvrxexcr6o7QD/9m x9DPJetmW794RXmNTrbTJ44zc/tJbcLdRBh0KBn9OW/EaAqjDmgNJeCMyJTKr1ywaps8HGUN hLEVkc14NUpgi4/Zkrbi3DmTp25OHj6wXBS5qVMyVynTMEIjOfeFFyxG+48od+Xn7qg6LT7G rHeNf+z/r0v9+8eZ1Ip63kshQDGhhpmRMKu4Ws9ZvTW2ACXkkTFaSGYJj3yIP4R6IgwBYGMz DXFX6nS4LA1s3pcPNxOgrvCyb60AiJZTLcOk/rRrpZtXB1XQc23ZZmrlTkl2HaThL6w3YKdi Ti1NbuMeOxZqtXcUshII45sANm4HuWNTiRh93Bn5bN6ddjgsaXEZBKUBuUaPBl7gQiQJcAlS 3MmGgVS4ZoX8+VaPGpXdQVFyBMRFlOKOC5XJESt7wY0RE2C8PFm+5eywSO/P1fkl9whkMgml 3OEuIQiP2ehRt/HVLMHkoM9CPQ7t6UwdrXrvX+vBZykav8x9U9M6KTgfsXytxUl6Vx5lPMLi 2/Jrsz6Mzh/IVZa3xjhq1OLFSI/tT2ji4FkJDQbO+yYUDhcuqfakDmtWLMxecZsY6O58A/95 8Qni6Xeq+Nh7zJ7wNcQOMoDGj+24di2TX1cKLzdDMWFaWzlNP5dB5VMwS9Wqj1Z6TzKjGjru q8soqohwb2CK9B3wzFg0Bs1iBI+2RuFnxLkCDQRaPVAyARAA+g3R0HzGr/Dl34Y07XqGqzq5 SU0nXIu9u8Ynsxj7gR5qb3HgUWYEWrHW2jHOByXnvkffucf5yzwrsvw8Q8iI8CFHiTYHPpey 4yPVn6R0w/FOMcY70eTIu/k6EEFDlDbs09DtKcrsT9bmN0XoRxITlXwWTufYqUnmS+YkAuk+ TLCtUin7OdaS2uU6Ata3PLQSeM2ZsUQMmYmHPwB9rmf+q2I005AJ9Q1SPQ2KNg/8xOGxo13S VuaSqYRQdpV93RuCOzg4vuXtR+gP0KQrus/P2ZCEPvU9cXF/2MIhXgOz207lv3iE2zGyNXld /n8spvWk+0bH5Zqd9Wcba/rGcBhmX9NKKDARZqjkv/zVEP1X97w1HsNYeUFNcg2lk9zQKb4v l1jx/Uz8ukzH2QNhU4R39dbF/4AwWuSVkGW6bTxHJqGs6YimbfdQqxTzmqFwz3JP0OtXX5q/ 6D4pHwcmJwEiDNzsBLl6skPSQ0Xyq3pua/qAP8MVm+YxCxJQITqZ8qjDLzoe7s9X6FLLC/DA L9kxl5saVSfDbuI3usH/emdtn0NA9/M7nfgih92zD92sl1yQXHT6BDa8xW1j+RU4P+E0wyd7 zgB2UeYgrp2IIcfG+xX2uFG5MJQ/nYfBoiALb0+dQHNHDtFnNGY3Oe8z1M9c5aDG3/s29QbJ +w7hEKKo9YMAEQEAAYkCJQQYAQgADwUCWj1QMgIbDAUJCZQmAAAKCRBasvrxexcr6qwvD/9b Rek3kfN8Q+jGrKl8qwY8HC5s4mhdDJZI/JP2FImf5J2+d5/e8UJ4fcsT79E0/FqX3Z9wZr6h sofPqLh1/YzDsYkZDHTYSGrlWGP/I5kXwUmFnBZHzM3WGrL3S7ZmCYMdudhykxXXjq7M6Do1 oxM8JofrXGtwBTLv5wfvvygJouVCVe87Ge7mCeY5vey1eUi4zSSF1zPpR6gg64w2g4TXM5qt SwkZVOv1g475LsGlYWRuJV8TA67yp1zJI7HkNqCo8KyHX0DPOh9c+Sd9ZX4aqKfqH9HIpnCL AYEgj7vofeix7gM3kQQmwynqq32bQGQBrKJEYp2vfeO30VsVx4dzuuiC5lyjUccVmw5D72J0 FlGrfEm0kw6D1qwyBg0SAMqamKN6XDdjhNAtXIaoA2UMZK/vZGGUKbqTgDdk0fnzOyb2zvXK CiPFKqIPAqKaDHg0JHdGI3KpQdRNLLzgx083EqEc6IAwWA6jSz+6lZDV6XDgF0lYqAYIkg3+ 6OUXUv6plMlwSHquiOc/MQXHfgUP5//Ra5JuiuyCj954FD+MBKIj8eWROfnzyEnBplVHGSDI ZLzL3pvV14dcsoajdeIH45i8DxnVm64BvEFHtLNlnliMrLOrk4shfmWyUqNlzilXN2BTFVFH 4MrnagFdcFnWYp1JPh96ZKjiqBwMv/H0kw== Message-ID: Date: Wed, 21 Oct 2020 13:33:06 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="G9c0Arj72egLzGSzqyKQYZmFiC6n7XowV" Archived-At: Subject: Re: [openpgp] heads-up: re-chartering the OPENPGP WG X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Oct 2020 12:33:15 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --G9c0Arj72egLzGSzqyKQYZmFiC6n7XowV Content-Type: multipart/mixed; boundary="zXaE7Y0mEkKWZ6Iv5SzgNKFcVZaEMxtat"; protected-headers="v1" From: Stephen Farrell To: Derek Atkins Cc: Ronald Tse , "openpgp@ietf.org" , Benjamin Kaduk Message-ID: Subject: Re: [openpgp] heads-up: re-chartering the OPENPGP WG References: <20201020215929.GR39170@kduck.mit.edu> <260d532c97cfcf8285f68fa6080c809317646a76.camel@16bits.net> <73b6595fad9bd10d2772a5c6842adabc.squirrel@mail2.ihtfp.org> <0FC168CB-4394-4924-82B9-B40A15969FF0@ribose.com> <8e5fca53-4a3c-bb64-ef87-3a0f9d4bc11b@cs.tcd.ie> In-Reply-To: --zXaE7Y0mEkKWZ6Iv5SzgNKFcVZaEMxtat Content-Type: multipart/mixed; boundary="------------C5D80BA37E11E5A02739C3CA" Content-Language: en-US This is a multi-part message in MIME format. --------------C5D80BA37E11E5A02739C3CA Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hiya, On 21/10/2020 13:01, Derek Atkins wrote: > So... IF I read this right, the plan is to start from RFC4880 and then > re-hash all the discussions we've had in the past decade+ to re-introdu= ce > changes to it? Urgh, no:-) >=20 > Or is the plan to start from the current rfc4880bis draft and work from= > there to get it across the finish line? More or less. There will of course need to be a discussion about WG adoption of a draft but IIUC the goal will be for that to basically start from the current bis draft. What I don't know is whether or not there are parts in the current draft that a WG would rather not have and how that might affect people's opinions on adoption. I do believe a WG would want almost all of the bis text so starting from testing that (via a WG adoption discussion) seems like a plan to me. But again, that's getting a bit ahead of ourselves. > The current wording in the charter leads me to the former and not the > latter process. Can you please confirm? Feel free to suggest some words pointing out it's the latter. (Or I can try later on, if that's better.) Cheers, S. >=20 > Thanks, >=20 > -derek >=20 > On Tue, October 20, 2020 9:20 pm, Stephen Farrell wrote: >> >> Hiya, >> >> The draft charter is at [1]. >> >> Comments and discussion of that are more than welcome. >> >> From my POV, I'm happy to try help out to get a fairly >> minimal bit of progress progressed (as an RFC) - if we can >> usefully succeed in that (which isn't a given). >> >> FWIW, I do think starting with a very modest goal is >> likely a good plan for now. A bit of success (in terms >> of an RFC that is implemented, deployed and more up to >> date) is already not that easy, but success does >> breed success so if we got that done, then extending >> the charter based on success is not so hard. >> >> Cheers, >> S. >> >> [1] https://datatracker.ietf.org/doc/charter-ietf-openpgp/ >> >> On 21/10/2020 01:59, Ronald Tse wrote: >>> I second Derek=E2=80=99s message here, haven=E2=80=99t seen a propose= d charter at the >>> mailing list? >>> >>> _____________________________________ >>> >>> Ronald Tse >>> Ribose Inc. >>> >>>> On Oct 21, 2020, at 8:55 AM, Derek Atkins wrote: >>>> >>>> =EF=BB=BF >>>>> On Tue, October 20, 2020 8:44 pm, =C3=81ngel wrote: >>>>>> On 2020-10-20 at 14:59 -0700, Benjamin Kaduk wrote: >>>>>> Please welcome the chairs for the now-in-proposed-state WG, >>>>>> Daniel Kahn Gillmor and Stephen Farrell! >>>>>> >>>>>> Looking forward to many successful RFCs :) >>>>>> >>>>>> -Ben >>>>> >>>>> Nice to hear! Although I would be happy to see just a few for now := -) >>>> >>>> This is complete news to me; I have seen no proposed charter sent to= >>>> this >>>> mailing list. >>>> Did I miss it? >>>> >>>> -derek >>>> -- >>>> Derek Atkins 617-623-3745 >>>> derek@ihtfp.com www.ihtfp.com >>>> Computer and Internet Security Consultant >>>> >>>> _______________________________________________ >>>> openpgp mailing list >>>> openpgp@ietf.org >>>> https://www.ietf.org/mailman/listinfo/openpgp >>> _______________________________________________ >>> openpgp mailing list >>> openpgp@ietf.org >>> https://www.ietf.org/mailman/listinfo/openpgp >>> >> _______________________________________________ >> openpgp mailing list >> openpgp@ietf.org >> https://www.ietf.org/mailman/listinfo/openpgp >> >=20 >=20 --------------C5D80BA37E11E5A02739C3CA Content-Type: application/pgp-keys; name="0x5AB2FAF17B172BEA.asc" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="0x5AB2FAF17B172BEA.asc" -----BEGIN PGP PUBLIC KEY BLOCK----- mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nem CP5PMvmh5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kT q0IqYzsEv5HI58S+QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtE gvw4fVhVWJuyy3w//0F2tzKrEMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy +pAh4EKzS1FE7BOZp9daMu9MUQmDqtZUbUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5 iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqOVz+7L+WiVfxLbeVqBwV+4uL9 to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJgb097ZaNyuY1ETghV B5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k4LyM2lp5 FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9t lyWxn5XiHzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQAB tCFTdGVwaGVuIEZhcnJlbGwgPHN0ZXBoZW5AamVsbC5pZT6JAj0EEwEIACcFAlo9 UYwCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQWrL68XsXK+qG CxAApYHWYgGOIL3G6/OpkejdAkQoCVQAK8LJUSf6vzwost4iVfxIKcKW/3RqKNKk rRl8beJ7j1CWXAz9+VXAOsE9+zNxXIDgGA7HlvJnhffl+qwibVgiHgUcJFhCSbBr sjC+1uULaTU8zYEyET//GOGPLF+X+degkE/sesh4zcEAjF7fGPnlncdCCH3tvPZZ sdTcjwOCRVonKsDgQzBTCMz/RPBfEFX44HZx4g1UQAcCA4xlucY8QkJEyCrSNGpG nvGK8DcGSmnstl1/a9fnlhpdFxieX3oY2phJ1WKkYTn6Advrek3UP71CKxpgtPmk d3iUUz/VZa0Cv6YxQXskspRDVEvdCMYSQBtJPQ4y2+5UxVR9GIQXenwYp9AP2niv Voh+ITsDWWeWnnvYMq07rSDjq0nGdj41MJkNX+Yb2PXVyXItcj5ybE3T2+y3pSBG FEZYJGuaL4NwtBJFMOdOtBmUOPbetS2971EL3Izxb7ibOZWDwexv+8R6SWYfP1wV N3p46RyBQuXqJV8ccE11m6vtZTGSYgnLUUFZMRQYH+0hwuYe0T3AA18xDdSYsa8v ovCCd3l5S4UNzIM2PMChqGrEzKapUpZg7+8ACcxRU3b9Ihd7WYjJ+pQPCoWYKozv tEvenbNpE/govO/ED3B14e+R2yevRPjRrsN7PJzSf15fQLuJARwEEAEIAAYFAlo9 UqAACgkQLzyHNoBfjaLrSwf+MIHbFRQ4O5cmLYR5sIByWelN3SuRN/gW8rpKo9Ok Cz6An8uV/iCXy5tNMLzzi0BFl8f22DwBcC5qy9qnlIAdogWam1qWoTAoAD8veEqm uKhYrqJsCcAyNrKYmK0hP3rpHxx1LySDmKYXmw/8qtBXKHTouMm+5tSsznhykRMT AAr2p7PSaHgo+hIVaW/rKSspHjDhhZS+G9mtOZad1IH29M6G1Q1NCO0Ywe8krKLQ IAQlFxtgvOqpPOZNzeKBa/+KbE8TGgMWrkOhC8OeEM5PVzdDhlhD9kPzB/pCKDF5 DofJ/ZRqnDpbKPQ0bsW38AOig3kOc0A27awiBEw3urqR1YkCMwQQAQgAHRYhBH4X CgRchM9GDit5oBDvedn9g1MSBQJbtyScAAoJEBDvedn9g1MSI/oP/0A9J9nrnBMq Zpm857lfYWw+rshLK+tyeP4OQeOqnDFvs9jePpcyJLG3DF2r6VbVKPQq+AE6Uf5h cJBDEN6BjEhRPSbLcqG3A1cz/nNwm8rPmNp+oKhmaBBQGxwciMLmzgynsDydnjPp MyEs04zvsbsl4vrp2095o105l8KcrrxQrioFjbwveGwHQK9bxJKhx9D+gIk+MouB ur45UDKTZkMZrr9FGrtkyXCGAxvKdcNC5Oa8z9sj1rcUJfG/OpVAMWhArdlZbFUQ yoX6pU2Zb1CR2qpWAVerGSfBhmfCyStjARqaKxlftjO+Bj3Jj73Cr5eqej3qB5+V 4BCsPjr4RLvVbYUCPsRdxWc+nBLlfVYkRURu21g1hFm5KFPjgUkyo1s4vjUOY8Dy I+xLGF7f/IhUBG6l+Vswhpwu7ydalZkeFiPx5xna5NfbEYxvsIf71DvipGvIOaHv X4egWoFgm8n/9c3rcMxJtpwHPSsUt5dgLsyu6VE0IbvOAc3dN7CWJ355DVFJq9Zg 2YVf0izSpyyzJeGsgkfjW6xpmdvZxuT2UcN4BTcm6vYqueASGrb3lfhzC5gpeVsc /MoSjTS65vNWbpzONZWMZuLEFraxWJzC0JrDK3NCd0VN3kstqGkVbUIiYOnUm8Vu 4zoVMLlGWzHLIGoPRG2nRezn1YyNfyb5iQGcBBABCgAGBQJbxcflAAoJEGo7ETk8 pK1gE7QL/ApC5P68W5DrI1787WJVZv1u4t/g39vTr7Xer3UMTVQg10vpa7pmqOGh jIDzDMg3Pe3K3M7fVzfAlUA1qw6ne4RCueVoRKpubeF4AlYbMr0K6hNCPjt5uAxm bBVuejKTc6pru5rv5gKL0nDbr+Snft5xt7juBLSSimw0/41sZnkjCxo9rF/RA/v6 +uWyK171RKmsEYu8fFtw1eqUNt/Xj792TUixE3pxXheNtQtZGk/9P3W83ChhG4Fh 5EQsn0pIh9wZIAbMRLpgRKyW87fWHZC8/YH8h7afarvn9Thl5pFUldCe22mNJj6K LChn2aEHQd+PdY1GBpZEcmNEUPuovwzatM0h64hCzTm41eDqRfihZVBT7TbfXQnv 8rywa42Mk756RGzzEZcQEhwQXZcMQUfxIQQ2VyJo0zG36VdZTQF7TF/4Lz7/3cJ5 6jOIm+dwPXtu+C2wAQuD4USOLt4JWPYpqzDfHYJIND/497P9Z9SuQeahr2ez3DRB g3qsHEjBV7QyU3RlcGhlbiBGYXJyZWxsICgyMDE3KSA8c3RlcGhlbi5mYXJyZWxs QGNzLnRjZC5pZT6JAkAEEwEIACoCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwEC HgECF4AFAlo+o3cCGQEACgkQWrL68XsXK+qO0A//ZsfQzyXrZlu/eEV5jU620yeO M3P7SW3C3UQYdCgZ/TlvxGgKow5oDSXgjMiUyq9csGqbPBxlDYSxFZHNeDVKYIuP 2ZK24tw5k6duTh4+sFwUualTMlcp0zBCIzn3hRcsRvuPKHfl5+6oOi0+xqx3jX/s /69L/fvHmdSKet5LIUAxoYaZkTCruFrPWb01tgAl5JExWkhmCY98iD+EeiIMAWBj Mw1xV+p0uCwNbN6XDzcToK7wsm+tAIiWUy3DpP60a6WbVwdV0HNt2WZq5U5Jdh2k 4S+sN2CnYk4tTW7jHjsWarV3FLISCOObADZuB7ljU4kYfdwZ+WzenXY4LGlxGQSl AblGjwZe4EIkCXAJUtzJhoFUuGaF/PlWjxqV3UFRcgTERZTijguVyREre8GNERNg vDxZvuXssEjvz9X5JfcIZDIJpdzhLiEIj9noUbfx1SzB5KDPQj0O7elMHa1671/r wWcpGr/MfVPTOik4H7F8rcVJelceZTzC4tvya7M+jM4fyFWWt8Y4atTixUiP7U9o 4uBZCQ0GzvsmFA4XLqn2pA5rVizMXnGbGOjufAP/efEJ4ul3qvjYe8ye8DXEDjKA xo/tuHYtk19XCi83QzFhWls5TT+XQeVTMEvVqo9Wek8yoxo67qvLKKqIcG9givQd 8MxYNAbNYgSPtkbhZ8SJARwEEAEIAAYFAlo9UqAACgkQLzyHNoBfjaLzHAgAlWT6 NXEGtw/r1miKNGcopzvzILQ9oB8rKI9U9EL6tOf/y2V5oYee/GyQDb3ZdoPxxYYc Jf+RyiH1nMoqUIZiZJaf3bJXinDZ5+AdfE++UR2NBvqaNyC6u3r24jo1B/sagKbY tWgsYtRqHLD4IWi37MZrVyjBuF7u14Q07+uhjq6mX2O/tHpCYw/Q82tbeTRPyUf1 WQOAfD1kfBpW9PvAva5Iw9FWeXpCXRzwxnCZhYfGfqtuSw6CPBYLdbikqML6FZ7E DuTBb/8um1wK7Y9bgeIQC+CYjhYB5RXa1tDJRab2Js4luCvSR0w/CgHw26293tlv e2Q6UTrmHxP5U22DlokCPQQTAQgAJwUCWj1QMgIbAwUJCZQmAAULCQgHAgYVCAkK CwIEFgIDAQIeAQIXgAAKCRBasvrxexcr6tJpD/4rrILH+meP07vrx8wW5eYuqCiP GYnh/CXxIF8eLrfbe5d4QRgtq+w6UeQPMyzKRIRiCoBXB2oJLBZHyxBPxZlg33dT MrEGn8QWKx2iNuz9rZMXyOSWFetuO01d/aUPd5BnbLbIyK5of8xCQlXM6KH8bc+9 gQ7edR9mfLTdvBf2FR522hg8BRBM1imKc3vO8v39+qIHHRjuiwxBBCAOhHtHRsZX ripS0uFA07dM46Oi/E8osjx6fQt/lH5z/PN+2adxYSrLSAXfr1oD3RxYNhuWgyGF L64/VCQb1YGjf0Z5MBPnWm9jgUoOY5K9eNSS0L83WeJjlF5+Q/WOgB+rb49Prm2D Feo9+S9f2V53Llz1WIspXJg6f+n9lmHE94MfQj1GAHCzI0FeL19lvM+LhD8jJSCb hrC3+yobyy/AUOs5Z3E+njjX1FF/VCVAs6iOa6i+XG+Y1hh3ir2y1kckJ5auT10M SU8GEZu9ayU4M3o3N9yxOjaoP0NuQ4MMLL/n/u4u94AeZaHPNBXn/hVfVRRmpRXt GKvJtFAEppGEYezB+bLKIm6XlpPkhnwYzleLZ7AMEco2C6QM8QPB3g3JpS3sqRhA 5rEP4lL16BmijmF+CHoPE/zwgKZbKpyVDqvIW5IDgvfIC2X4pbZDRvGIUKaGSB4+ ksZgUUnNyvfQr2p7jokCMwQQAQgAHRYhBH4XCgRchM9GDit5oBDvedn9g1MSBQJb tySbAAoJEBDvedn9g1MSeKkQAJm44jt1kwHgQgeDBKdjdvl0AjE0xVEQxriZ6lP/ l//34YT0auFfzsYIrChSpQXAEtobBAr4Ohw1Us+BZe+H5P8vm6LRuPwozC3SjwfX 4Iec8+9ot6tIVg4sbedDSgb/CCFVjsmIGcQ1P73JLJTBJ6mxYCV/gn3QC6bwDOFo 7kD9FDHCjRN8XfhHQ4Q9cYyt06uF31qG/aumgWYC9geCGgAwiHgwxNYb9GoJ0iZj CROwbYvLTcQgsVUW2bTmsVR13UVKDsdl02sRV7qcVYW6R0a3Ra8KudX+nt25H5DR Gd382KZ5W8pydsy/viTvD9z6v0ulChBYxAedIvGIClrhbxlLEPmIg4ImVOLGqsUg Vm32J95WOjEkk4PEZ12xSDBtwhSJqmJNboWlfmw43KdIbY8zNhffIO3N6O7FsdGx mqyHeLoTpqY+ySVUPpbuyW8ujnI/J//+6hdTZ9dQsEJQlWngKuWOQ5ma58MPSN88 zllsqhZAFQjNxqnkSzL6ZQ+v/jvuRRe16B80AeO55DsmbWsMv/YLLD1mSi7+Khy2 EtMBhgojWwrGMvdLN6X3mnzNJEscYyLxM9tSk+iySP2sLthK0BVgpAzBSdaf/ezI z60P+neHDzteNFf8Mn7lmgYk1amvZoJ29s5+n2HwxyRL5dVMyMdyQmntubbctfqr Z0tIiQGcBBABCgAGBQJbxcflAAoJEGo7ETk8pK1gnCYMAJY4FeIYjlIXGghFWzsB 4fYwK1+iaFpU3fSto5qcrqVtVPjXpwqczqBWeXGyQxiB0kan4OVAXydIeaP8EAuF CA7paP3s9STLJBO3KurkwyRkPW5zo0X7xVqaVToRsX2Ul98KVJoHYQD1KdezEtwl vpNwiiBr42AYR751Vm6JBVAbQXuFpB3c8bUV0OkkRxNFtL8/2PieHar58n5dntGk bPlPkztahsFqktgacIgXHX5vaT+7YeeZ1DWLOYjGO0wNhkOSeroCmxwJUikU7joB p823L7r5KfpqWTPpSCzVstQKZUGmmoE1qCswY/Ud5wvp9SccpIILkRXj0rZRtfnE 5MpL3hjmtNzfDd9qIsJtBJlSB2hZwAsVm1l+EWN9hG3tqyA43niUMy2n6q690of3 berSiQ+kvY/aC9Hx8I+bKzOV9/J2VUTqfaPZa4Uy2rVX5Q2p69n/PMj7mEer0rCL 3j9V16J9c+s0BSkXoKdtYdB0TWVhBgUybd9qtYcwHWvhP7QuU3RlcGhlbiBGYXJy ZWxsIDxzdGVwaGVuQHRvbGVyYW50bmV0d29ya3MuY29tPokCPQQTAQgAJwUCWj1R WgIbAwUJCZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBasvrxexcr6jsc EADEcB0WQEZn2AkrzDs1RhL0Lp6cZi0BigofkbcGfdhJyMSs19C0dhvncrAFClVI 6/Udw3yFtDyYtOCf2W3M3A1K6/RfEizCLzTsdFIhni9gOJLlUpXViQtgrlstjk7h qVV3Ooz4BlCqS4cG7rfqf4LQQPpTAuFUEV9I28FBUB2irqC+v4gTysIgpMw0bA1y BU9sX5jE/tRkzqnuzZrkwiobDtRFJ9qp+7O2JtcY4EsVtLAsaodJKc5cF8R4OvB1 n66vxxcgg9Eh4JNWZ47xsaCmAGo1Bcb2jIY35OtgAL7gCGLRSMKTtAaPy1/fEgIq hCljJ9x40Fkn/3r2BX21WC9HFSPFTBz2RluLRzxdgxOrkYK8EiHUPoE5b1AEzZKw 2AbeXfr57f5zYsN3IqfbQLUjMYtUN1wK3Pjb+idD972wyXMWt8uOzlI7b9Ocu+nY m2whBfJv9Pmp3QYTmPz+LB9lH65VNVUSxSXVr5iWXO3qx1HtEiGEqkporMQCTh3T 5Ud3PvMSRBFFKNs9WhJ/Lxz+SV30WLwG6dr5mQqlzAhb4Phc/zekZyXRdS/oDKrB LUucS36O//49JeyRi1QvOfxnfmIqRIAf/k3PoYJmTo5E82//r5Qj3YGlRu78ba0H Arxs+ACD6AnEHHcbswpbtVEKYzlSu0Ar0Dc7vRWM/IyQdIkBHAQQAQgABgUCWj1S oAAKCRAvPIc2gF+NosIsB/9f/29FNla3BJfGIEIDnhrqGD0i9bSa89SqBd++uG06 TQgW5wsqtNcrwn81yZTq6XE6i9VtD4GKfqC0d4KZJr9bnbeD81cI64VOdL8zJWJs 0vj5EIXCobKyX74Kb4uePUyZqwT2Q74I116u/HwA9/FXsPo5isbh4ZqD4t0VHpWk mfq1FPT9a/JPyX46qKqB2Fce/7Qy+SQP1NfkuUlbhUH/JG9aSSYvk3lznNiH41x9 M+FDlL106itXOubrl3oi2fT3fsSedq7uzt+IV0DQEeNaoQAUuwEhdB8IWOMqN2wo DjGVKJftfsSWY9ilZrnDBNDrp0vRqcx33LUMkIw4d7iBiQIzBBABCAAdFiEEfhcK BFyEz0YOK3mgEO952f2DUxIFAlu3JJwACgkQEO952f2DUxJjuw/6ApHSsVTWD4a0 H6FJ23A9Ftpy+aXZ4vYlzkSrfsn2ECrEfK3lXQh/uzwjJUDYZeB1/BQsFZtcYNQO JSSHbQ49BFRLwb1J/wBZG4bbmrkLxnNbKDKQvzxEpclkMW0Dj0J6o7kGrmzIGGrh B+JJN99AcineHRug8ZSFIERRCmigxdhAKU0BFD7P+5HNHltSL3DF1c2fFOf2JrgB KVoE+9RhMZjWNbYetFFLCkjXb5Rpay9zeMm1DxfSTGAnuOwUXW6qq4hnl5+VC/48 ceDZElLLfu7RQUZv44pkSTOWZs+iQoJiHMFHk9wPqyB2Vok1yJ2a2j27WhXrJlPw nZbgJO5RyWDG3p/eVmpl5Uuc2dsfIpR17KnAuWpghK6V+cyFncDoGCl/YG2Mvool sW08FiZh3Ej4dnJjj25TZkeFG74JJDXLvMYpJfSBGnmETv4Dhcm2xPqVMuFuL1qJ lMbVLrMo2GXeo03OzNyvbs+u8WLIaGm5hC7N1CXY8wZs4jo6OJ/expvnc07dEuws 4zT3AiWv3nIouWReRStZy9QkavDocqbyPmilcdPCYk4BsOlzpwwO74hNG7iyl0Kd AlwTxGQ7y0rJou6HYa1TmRhIEr3vKvlW+JfUUrqtjXgsuacTXo4+Ira2JUErL2cY zQMq1j4r1ZyhFnuz93s7Rsx/Nw0+0YuJAZwEEAEKAAYFAlvFx+UACgkQajsROTyk rWCJqwv+NLVPE4sD4sDA2/6Ek7UsRIUkg+S39fhqWsLc4rtw/mDunv8Un61I3K04 fZ2Ry4nF9hZM0a710UvXFbStvrzRJO3EAAcdJR9LTCd19e8UeruQbIee3YT91U4N kC9JMpecfq62/teOAU2e5P3fWYaLs5ZX7zCLwWuBcW2l3SyoljQczM85HhJ3XHm+ FnwQ6D9xRle+lvWTcuC9d1yAyUb8IOospcL2lJTmy8e3r79R24hPlSB4LDe0wEN8 AXbagrcAQZjwyaHyWxjJbTwZ0b43WGdfIqZ1ElOeoffbketPGRmWvx5xUvb2ALFB BdETzV270gs5XDJgJ1SIIKOyDADxwvroTe2jD8C/841eEql5QSow3s/U3zRqk3mt tto8Qw/DN71aeh6dmYSsvd2UjsHw/vofOPRBGxZLEkKTEvMnhmMW9hiKPkPia+Qg evYE020qpKSxLEdWA8nprHwxmGiDNesCfXSC6vm1qfyj5g8HzxSckq9ZaMhKMCo7 vxflUEDuuQINBFo9UDIBEAD6DdHQfMav8OXfhjTteoarOrlJTSdci727xiezGPuB HmpvceBRZgRasdbaMc4HJee+R9+5x/nLPCuy/DxDyIjwIUeJNgc+l7LjI9WfpHTD 8U4xxjvR5Mi7+ToQQUOUNuzT0O0pyuxP1uY3RehHEhOVfBZO59ipSeZL5iQC6T5M sK1SKfs51pLa5ToC1rc8tBJ4zZmxRAyZiYc/AH2uZ/6rYjTTkAn1DVI9DYo2D/zE 4bGjXdJW5pKphFB2lX3dG4I7ODi+5e1H6A/QpCu6z8/ZkIQ+9T1xcX/YwiFeA7Pb TuW/eITbMbI1eV3+fyym9aT7Rsflmp31Zxtr+sZwGGZf00ooMBFmqOS//NUQ/Vf3 vDUew1h5QU1yDaWT3NApvi+XWPH9TPy6TMfZA2FThHf11sX/gDBa5JWQZbptPEcm oazpiKZt91CrFPOaoXDPck/Q61dfmr/oPikfByYnASIM3OwEuXqyQ9JDRfKrem5r +oA/wxWb5jELElAhOpnyqMMvOh7uz1foUssL8MAv2TGXmxpVJ8Nu4je6wf96Z22f Q0D38zud+CKH3bMP3ayXXJBcdPoENrzFbWP5FTg/4TTDJ3vOAHZR5iCunYghx8b7 Ffa4UbkwlD+dh8GiIAtvT51Ac0cO0Wc0Zjc57zPUz1zloMbf+zb1Bsn7DuEQoqj1 gwARAQABiQIlBBgBCAAPBQJaPVAyAhsMBQkJlCYAAAoJEFqy+vF7FyvqrC8P/1tF 6TeR83xD6MasqXyrBjwcLmziaF0Mlkj8k/YUiZ/knb53n97xQnh9yxPv0TT8Wpfd n3BmvqGyh8+ouHX9jMOxiRkMdNhIauVYY/8jmRfBSYWcFkfMzdYasvdLtmYJgx25 2HKTFdeOrszoOjWjEzwmh+tca3AFMu/nB++/KAmi5UJV7zsZ7uYJ5jm97LV5SLjN JIXXM+lHqCDrjDaDhNczmq1LCRlU6/WDjvkuwaVhZG4lXxMDrvKnXMkjseQ2oKjw rIdfQM86H1z5J31lfhqop+of0cimcIsBgSCPu+h96LHuAzeRBCbDKeqrfZtAZAGs okRina9947fRWxXHh3O66ILmXKNRxxWbDkPvYnQWUat8SbSTDoPWrDIGDRIAypqY o3pcN2OE0C1chqgDZQxkr+9kYZQpupOAN2TR+fM7JvbO9coKI8Uqog8CopoMeDQk d0YjcqlB1E0svODHTzcSoRzogDBYDqNLP7qVkNXpcOAXSVioBgiSDf7o5RdS/qmU yXBIeq6I5z8xBcd+BQ/n/9Frkm6K7IKP3ngUP4wEoiPx5ZE5+fPIScGmVUcZIMhk vMvem9XXh1yyhqN14gfjmLwPGdWbrgG8QUe0s2WeWIyss6uTiyF+ZbJSo2XOKVc3 YFMVUUfgyudqAV1wWdZinUk+H3pkqOKoHAy/8fST =3DYzQY -----END PGP PUBLIC KEY BLOCK----- --------------C5D80BA37E11E5A02739C3CA-- --zXaE7Y0mEkKWZ6Iv5SzgNKFcVZaEMxtat-- --G9c0Arj72egLzGSzqyKQYZmFiC6n7XowV Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEW7Wm6ldl0sWGPK4nWrL68XsXK+oFAl+QKoIACgkQWrL68XsX K+roYhAAg6YXcjpl5CdLkR3tVngQXQWkcxYpDKj6ZLE3SJ1SVF97rfsSbP9CUn2g JKrJqayn1phSvoXYSY2TCNTQM7x/TWCoEDEnpbyUlSN7oS+jnk6xx3ZeIVGa99kY w+WcHDDfd5BzqbkNdU/csqQer2a5A7x/cJ5WdlmF33XHDIv8guZFLK8ffC+RwldX 1LDUIJvO42zkPb/MyVXwnyxkyiYvgeDkTpF5tAMiUwflYCsExoeNCALM/oQae1Hb SHvD1yJhJyDWdIAkBlm0PcWHpyOq8f6Zi4pXGtNDg2o7+NJB+HUnEJgkAobSSzxT 8VvZl5y8DRof6Iv0nT31HTyXJKKLv3TPmSip0s35+qsCsVFSrNyckMwWDY1JHBTq GQROgbpvIdNR+3VZYVgQIhQy4UKdU+A0PxA9xpnruq6CuG8MNwi2kM+uYrwCPLPb jxxTd5i02ZNsvJWafCT5XsTzfe6++nrrcxJeV/Ue6z5Bvm5Z4jkKkspG7MgafIR9 95LyfzHNDMNZvrw0XdMVO2njXKNthxXXCWl36Lb1C8HDIWUJeXMnvS9ZmiRdYNQ8 zQwY9f1eZ7HK/ag2rxv3DiIOXC3tu0OJ/Pqjl8zVS7RC97TAuAsnVicu0v+fJlmW qQACDDwUpOUcw5EV+Xzm00lkVcJ/7yyURczh1pfU6p7rwJsI1lw= =rwCy -----END PGP SIGNATURE----- --G9c0Arj72egLzGSzqyKQYZmFiC6n7XowV-- From nobody Wed Oct 21 05:36:32 2020 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B504B3A0CD8 for ; Wed, 21 Oct 2020 05:36:30 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.099 X-Spam-Level: X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ihtfp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f_nL9yXrJyfZ for ; Wed, 21 Oct 2020 05:36:29 -0700 (PDT) Received: from mail2.ihtfp.org (MAIL2.IHTFP.ORG [204.107.200.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F1CA73A0CD6 for ; Wed, 21 Oct 2020 05:36:28 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail2.ihtfp.org (Postfix) with ESMTP id 3EC2EE203F; Wed, 21 Oct 2020 08:36:27 -0400 (EDT) Received: from mail2.ihtfp.org ([127.0.0.1]) by localhost (mail2.ihtfp.org [127.0.0.1]) (amavisd-maia, port 10024) with ESMTP id 10423-01; Wed, 21 Oct 2020 08:36:25 -0400 (EDT) Received: by mail2.ihtfp.org (Postfix, from userid 48) id A74ACE2045; Wed, 21 Oct 2020 08:36:25 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ihtfp.com; s=default; t=1603283785; bh=vm4bsQZPP5Q8+bfVucmLLZVnOmfDTNXJ/EO468u0sdE=; h=In-Reply-To:References:Date:Subject:From:To:Cc; b=IGRf5rQbPOmS3zRvp94wBaE+9Ww3ppEKGAJPS0H8FrX9nqjFgaiMI6TvWW6XSbJvF O9S5IHYIDt5tbL/IieWkt2ySJV2kNtv57yQ+melRbWfsfru4ecvAh5L9bRHlnvkMRO 7SdawywV63iuKzs/0YxfyJ1QOh8Sx5BlYwQLNJCg= Received: from 192.168.248.158 (SquirrelMail authenticated user warlord) by mail2.ihtfp.org with HTTP; Wed, 21 Oct 2020 08:36:25 -0400 Message-ID: <58d51c58b524765c9952a3502f70dbcb.squirrel@mail2.ihtfp.org> In-Reply-To: References: <20201020215929.GR39170@kduck.mit.edu> <260d532c97cfcf8285f68fa6080c809317646a76.camel@16bits.net> <73b6595fad9bd10d2772a5c6842adabc.squirrel@mail2.ihtfp.org> <0FC168CB-4394-4924-82B9-B40A15969FF0@ribose.com> <8e5fca53-4a3c-bb64-ef87-3a0f9d4bc11b@cs.tcd.ie> Date: Wed, 21 Oct 2020 08:36:25 -0400 From: "Derek Atkins" To: "Stephen Farrell" Cc: "Derek Atkins" , "Ronald Tse" , "openpgp@ietf.org" , "Benjamin Kaduk" User-Agent: SquirrelMail/1.4.22-14.fc20 MIME-Version: 1.0 Content-Type: text/plain;charset=utf-8 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-Virus-Scanned: Maia Mailguard 1.0.2a Archived-At: Subject: Re: [openpgp] heads-up: re-chartering the OPENPGP WG X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Oct 2020 12:36:31 -0000 HI, On Wed, October 21, 2020 8:33 am, Stephen Farrell wrote: > > Hiya, > > On 21/10/2020 13:01, Derek Atkins wrote: >> So... IF I read this right, the plan is to start from RFC4880 and then >> re-hash all the discussions we've had in the past decade+ to >> re-introduce >> changes to it? > > Urgh, no:-) Good to hear. >> >> Or is the plan to start from the current rfc4880bis draft and work from >> there to get it across the finish line? > > More or less. > > There will of course need to be a discussion about WG > adoption of a draft but IIUC the goal will be for that to > basically start from the current bis draft. What I don't > know is whether or not there are parts in the current draft > that a WG would rather not have and how that might affect > people's opinions on adoption. I do believe a WG would want > almost all of the bis text so starting from testing that > (via a WG adoption discussion) seems like a plan to me. > But again, that's getting a bit ahead of ourselves. > >> The current wording in the charter leads me to the former and not the >> latter process. Can you please confirm? > > Feel free to suggest some words pointing out it's the > latter. (Or I can try later on, if that's better.) Maybe the simplest way would be to change: The Working Group will perform the following work: - Revise RFC4880 to read: - Revise RFC4880. The intent is to start from the current rfc4880bis draft. > Cheers, > S. -derek > >> >> Thanks, >> >> -derek >> >> On Tue, October 20, 2020 9:20 pm, Stephen Farrell wrote: >>> >>> Hiya, >>> >>> The draft charter is at [1]. >>> >>> Comments and discussion of that are more than welcome. >>> >>> From my POV, I'm happy to try help out to get a fairly >>> minimal bit of progress progressed (as an RFC) - if we can >>> usefully succeed in that (which isn't a given). >>> >>> FWIW, I do think starting with a very modest goal is >>> likely a good plan for now. A bit of success (in terms >>> of an RFC that is implemented, deployed and more up to >>> date) is already not that easy, but success does >>> breed success so if we got that done, then extending >>> the charter based on success is not so hard. >>> >>> Cheers, >>> S. >>> >>> [1] https://datatracker.ietf.org/doc/charter-ietf-openpgp/ >>> >>> On 21/10/2020 01:59, Ronald Tse wrote: >>>> I second Derek’s message here, haven’t seen a proposed charter at the >>>> mailing list? >>>> >>>> _____________________________________ >>>> >>>> Ronald Tse >>>> Ribose Inc. >>>> >>>>> On Oct 21, 2020, at 8:55 AM, Derek Atkins wrote: >>>>> >>>>>  >>>>>> On Tue, October 20, 2020 8:44 pm, Ángel wrote: >>>>>>> On 2020-10-20 at 14:59 -0700, Benjamin Kaduk wrote: >>>>>>> Please welcome the chairs for the now-in-proposed-state WG, >>>>>>> Daniel Kahn Gillmor and Stephen Farrell! >>>>>>> >>>>>>> Looking forward to many successful RFCs :) >>>>>>> >>>>>>> -Ben >>>>>> >>>>>> Nice to hear! Although I would be happy to see just a few for now >>>>>> :-) >>>>> >>>>> This is complete news to me; I have seen no proposed charter sent to >>>>> this >>>>> mailing list. >>>>> Did I miss it? >>>>> >>>>> -derek >>>>> -- >>>>> Derek Atkins 617-623-3745 >>>>> derek@ihtfp.com www.ihtfp.com >>>>> Computer and Internet Security Consultant >>>>> >>>>> _______________________________________________ >>>>> openpgp mailing list >>>>> openpgp@ietf.org >>>>> https://www.ietf.org/mailman/listinfo/openpgp >>>> _______________________________________________ >>>> openpgp mailing list >>>> openpgp@ietf.org >>>> https://www.ietf.org/mailman/listinfo/openpgp >>>> >>> _______________________________________________ >>> openpgp mailing list >>> openpgp@ietf.org >>> https://www.ietf.org/mailman/listinfo/openpgp >>> >> >> > -- Derek Atkins 617-623-3745 derek@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant From nobody Wed Oct 21 07:24:28 2020 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EEA8B3A0BE5 for ; Wed, 21 Oct 2020 07:24:22 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.099 X-Spam-Level: X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=metacode.biz Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CYa1NGQMbvS6 for ; Wed, 21 Oct 2020 07:24:19 -0700 (PDT) Received: from mail-ej1-x62f.google.com (mail-ej1-x62f.google.com [IPv6:2a00:1450:4864:20::62f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3D5D83A0B76 for ; Wed, 21 Oct 2020 07:23:28 -0700 (PDT) Received: by mail-ej1-x62f.google.com with SMTP id qp15so3527409ejb.3 for ; Wed, 21 Oct 2020 07:23:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=metacode.biz; s=2017; h=subject:to:references:cc:from:autocrypt:organization:message-id :date:mime-version:in-reply-to; bh=pcmT6p1WahiT3Vjt44seY/OftvFxFuvyHWjbL2j1Hxs=; b=Y/1NeblEedxvStNaiKuggtbV0/9mjq3ZH62p8PsIdJlUQXMUf3UluwlCqnF7O0Iuji /4ie2ZCBPGu4ZyeJ/jU1bL/1yCSmBt2PPkZToNVC9Sb89NnC5fkLDPeBZewocOZ8Kd+W 6uzITqj7cxio91oSMF+2G/dpB2wRz3lp5R5h6vYLuvfKi/xd8CE9l8yTUDATBXLj0MGC Q+icxV8eZwuaT4P0DYdFFjpE8GhKIT9kU904FMXsufsEVXaGlM17gEO64kHHMAPw8VzW gtl8s3M22636ArXdLhLxxnnGnfSv5j+scjmiekTYiSCtWC2X9fV1DV9L7H4IcwS8QoJ9 Ki1g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:cc:from:autocrypt :organization:message-id:date:mime-version:in-reply-to; bh=pcmT6p1WahiT3Vjt44seY/OftvFxFuvyHWjbL2j1Hxs=; b=sw4/RkzZxrGITz+M1XYhJMSu++qolKBYe8IiACF53jCJ5Cd5NiSEQZkZcGmYQYEOK8 HS5YogFqBrcQa9J/BFo9D39Z+FCNyTCTNJtE+JuHO51R2d8RK6KKeNeyqgEZOW7VFJK7 mHZFFRmiF93nDadGM9hmmIq6DRm9AY01ay4zsKw79KTZBLXcqbMKAd+KV4rJOZXbA2Gu r4/vw6+h+AhdngYshpTo/phknjHkmqzG25udCMqaaLBOW7/Q96mVh2J+SzGhXBPLY6N1 d4TYbNM1HQs547uLpty+3Eu1nktl4ymRyzrqdJCH6yZjSlFmlM/mUcEgiFF2yXZ4tRVw ixkw== X-Gm-Message-State: AOAM533jsmeaOOaFSOiiU5eMI04jkGQaUMc9nCQcSEDvWpUalNWi3zxu oCRp855gt4IKy1XOEg5SRyDP7EUoT7p4DQ== X-Google-Smtp-Source: ABdhPJw30bJXFdlXz/qyklLi7UMxakh/URp0ndB9CPieATxaMV7KGvI4J6Pa7S1eOfc3Gbn2lTolqQ== X-Received: by 2002:a17:906:804:: with SMTP id e4mr3623012ejd.379.1603290206600; Wed, 21 Oct 2020 07:23:26 -0700 (PDT) Received: from [192.168.2.69] (aehh162.neoplus.adsl.tpnet.pl. [79.186.189.162]) by smtp.googlemail.com with ESMTPSA id p24sm2137431edq.35.2020.10.21.07.23.24 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 21 Oct 2020 07:23:25 -0700 (PDT) To: Michael Richardson References: <20201020215929.GR39170@kduck.mit.edu> <260d532c97cfcf8285f68fa6080c809317646a76.camel@16bits.net> <73b6595fad9bd10d2772a5c6842adabc.squirrel@mail2.ihtfp.org> <0FC168CB-4394-4924-82B9-B40A15969FF0@ribose.com> <8e5fca53-4a3c-bb64-ef87-3a0f9d4bc11b@cs.tcd.ie> <3254.1603246077@localhost> Cc: "openpgp@ietf.org" From: Wiktor Kwapisiewicz Autocrypt: addr=wiktor@metacode.biz; prefer-encrypt=mutual; keydata= mQINBFhoYHoBEADzmg9UuwDrtvyejU01gDY1J1iJiCi4XGJ4lCfYeLC2jSagIxU/5Lu0lRft 0Loi2tsjpo0c8docP7HFxafEEvnnt/iabd6I536llMuw0uno4PgnD3ljcCMZLT+vn+amIDta lzVoMnSqzoNUotMNMtjIFuAaQ/wr4/Mp9CIgJdviGUc3PscqUiiUVVtk6uF0x657NULZgSIT /Mrqlr2i4RuyPwXe2Qt0uEA3KWWjF0l2NpAMVrqz+nHsLoNOaAsfdx94bzKQrrSeSQqEO2f+ /eO/hbUAFAmEhrotmUO8wJNygo8TgkdlzFI+UE4p8/KW0aCgGGgR8YkCvHq2OQhAAYFNJoNz Hqw0FGxdsY8qWFkYpoSB8zKspNy8KliofCamMYXoPF7eVIxIiKvxrAykGP4jNnzSoV0cn+bY fXnox1IhnqbnoJIT7kTmXv4JmWoYm8ThHqpEgcQOUUQzSRXb9OiNwiXT71ijeO1qswMRpsgk 6AGKSZGWxa3c4ive/p8z1Ax27BFZSh2FceIcMCcGLrDjnQYgeFsAJ1jSxZQXkGuJFHfb4nff Big7aq/vyKrQFQXG0NQQL7rZAdk/s665vifos0yPmRDu7yDT1ggdyBp4Pa4re+ZJcNRNzNHo zU9al+CoImCQjnTtKMXmOe/BzGrpHI4QR3NNzVa423WCIWkHfwARAQABtClXaWt0b3IgS3dh cGlzaWV3aWN6IDx3aWt0b3JAbWV0YWNvZGUuYml6PokELgQTAQoCGAIbAQgLCQgHDQwLCgUV CgkICwIeAQIXgDQUgAAAAAASABlwcm9vZkBtZXRhY29kZS5iaXpkbnM6bWV0YWNvZGUuYml6 P3R5cGU9VFhUXBSAAAAAABIAQXByb29mQG1ldGFjb2RlLmJpemh0dHBzOi8vZ2lzdC5naXRo dWIuY29tL3dpa3Rvci1rLzM4OWQ1ODlkZDE5MjUwZTFmOWE0MmJjM2Q1ZDQwYzE2VRSAAAAA ABIAOnByb29mQG1ldGFjb2RlLmJpemh0dHBzOi8vd3d3LnJlZGRpdC5jb20vdXNlci93aWt0 b3Itay9jb21tZW50cy9ibzVvaWgvdGVzdC9zFIAAAAAAKgBAdGltZXN0YW1wK2JpdGNvaW4t dHJhbnNhY3Rpb25AbWV0YWNvZGUuYml6YWZjYjA5MmM1Y2E2NDA5NTI2ZDE4YWU5Y2YyMmQz YjU1ZDM3ZTcyM2ViMWI3NGUzZjg0ZjdlNmIwNTJhMTYyYUgUgAAAAAASAC1wcm9vZkBtZXRh Y29kZS5iaXpodHRwczovL25ld3MueWNvbWJpbmF0b3IuY29tL3VzZXI/aWQ9d2lrdG9yLWs3 FIAAAAAAEgAccHJvb2ZAbWV0YWNvZGUuYml6aHR0cHM6Ly9tZXRhY29kZS5iaXovQHdpa3Rv chYhBGU5CaLw43wQb1+vVGyIV+DY6PB0BQJdK4YGBQkHhq5HAAoJEGyIV+DY6PB0qPsQAIKT MUYx8RPHfLMM3F11XtLUobKO6CpU83TM894/uF06woM3OaHiajVqC8d6jBXcw2OLH9cCQ9oP Qsfxns3YcKLpWLnSv6F46U9M1e1rZM7H/ooEsNWZNiTyZPaO0bBDsLtpEEOzo609IftKaP3+ BFyEr4YGerHeXcmBzoGlxR84GVsoTzs+VLZn4zAxPMPSe+s9mTTU85uGAXDdhSjTvb5sKARV DQNAlrEo5tZ17/K0BcSztYBT+rnRVAROaxxsqvVQG8lGuohBQuv3BDaqSBwJp/qcDHz3eOLN LfvanZvGtoXtRybimd8mDjzG18wd/V1DJOIzixdsBA2PHzPvFAoYzohjZrEjC7KPFXiUN1NN 9B5PsTKXEWzZiqffjEQHCD8o3JO5tJwI04tN+g55HXxM750639OFuZRGpBTysY7NSqkzDcDN uzkcPU7mXFfNZNG1+t54NlSaU9cwfZNdOd4y6ClE3qZReKwZMiqgQPNF7h4FPpFzkR79z6CL Wt5iHhMVJ1au00xuf1c+NDGXp6oKUbtlTRpmGnLjLn1z+7s9wUDdfvUf+aRRDXRLPcseI0wv k82mkBhSbX5ZDRgFqEB+giNS7ydZw4ur5scXgMA2i6JUe3eAoDflygpB0+EWiJWv/Eyzwsoj 1V/z9TXDeTME1sQckXPpmspnuO0uogrEuQENBFs/lS0BCAC5oX3r3luF7czMF8UFxJz55Xuv NRs4tEjoHzqcqoe4+RJyfNDtspgevYIq1WTKw/H3ZYsd2wZpkM3I+BJn9eeHZKs77qXQZGN5 PBB65rZoLjMx+qHa6wH4lIYMYW7eB9HHMsT/5E3ILBSRzZIwJimd/QdIMKSrJ5mPMkAd+9+x ob5zKHO5L5pbQtJSGS0m17/hA0kCTLI885hLtT3JsI/KWwuAYDrTwsayzh/hG/NgdA3I8xlr QCLC0EFJoxHkN9tCyXeKPlrIPYyMB1jHTo1iNV0CQGpk+zf6DA/ySGfJxd30ksJZ8y5qxD43 zS0YffYMC01CeuqPoGZ2Fy9VxhODABEBAAGJAjwEGAEKACYCGwwWIQRlOQmi8ON8EG9fr1Rs iFfg2OjwdAUCXSuGiQUJBK95lQAKCRBsiFfg2OjwdHBFD/97ijOr6M+IcKbDHBTz1+5YP1VK XTwcea5YlwK8gByd/urvUr/+d/OdOu5Z6+N8r1TKI60JhawaZD2l8TcViuwFz1wi+hywBSDR KRRnDhz7g5gESsYiX0+1Vp3IOBRHgvQT2RdgirRccRNcDyo3Rna9XOhcKZoF4ykd7P8ja0ae ekeGU81xAHrZxJO930CYS3Eo+hlf6+F5qfcDv20Z4HdY9/9QrDCRwz64lgQlbAPoANHdTLPa m46ZBS/u5nrlqsTWBiFHXwnMmI+e54mC0UK+SrafLlCsEC3Qn5o1VaEx6WicAfNsl8vmYTyB Wf8lkLMXGSeH8QjF5lAmyCrGaHwcfkM5AaJJRd9OrtG2PgGRoHuYNri6Rs+Zwg3wc1Y5w3ir WGMJGJAGh33nsxpr63/onyaIea3lBpXe0ql6wlKN59PVARYIpNhOHs+m3K4mAqJ2GxBZn0Gn /uai+qFSNsFS3Zb00bGqfAIDaPx91VZp7gMoT2+OXlopyj9gtsJgRviQUEvn+DhieBTO9gQT 2N7aRqP3J2sB8nxIRp3SG1Nibt5mG2+m3JCJldgpFMrkP4JEmJNemaRURZU7lQLb8Xd8NlOZ mTtGgA/gUZqleWGdaRbQxJaV+AFCusMZMbR57KqLSKsN3gU5pV7l8DyWKTbzuG33DtD20Zie 2ben8GJucbkBDQRbP5VqAQgAt/NogC7amuAQT6aYul3lnaj7DmiZvLG99QBoTNRaQjJpbKd3 Mvu0pfah+GnQQicxOO3GOuPVWecTVMLBKDFX8L8WWTq2NFhwoZV55MBcVgVsO7a9SHWLUwzr sfKHh9G+77UNqxUldkKTRIjs0GSCivpVXJ222F4nYP0UlYsUQcNo9YS5m8vXwwbGygPRzpWr 5c5Bh6/9VmCH3WZ5O16BRqNietOBbqVKIrjdw5uL9SZFLYW4OksLOX70PvMzn9c0BWIUVSAw MJYGwlkN+xFiRKZkfh1+aLc4CmEZGstt9poqHCZAUUVnhTgjzheXswYgUpHYxtq/XeX2E5vk LK+JDQARAQABiQNyBBgBCgAmAhsCFiEEZTkJovDjfBBvX69UbIhX4Njo8HQFAl0rhokFCQSv eVgBQMB0IAQZAQoAHRYhBO8e4PqUIPgE/e/AJpf97zTauPgrBQJbP5VqAAoJEJf97zTauPgr udoIAIRxBiSbZeou42kj1cLNp0Tbwo9P0GcQm3OjrMt6NhwkSmOZtYznn6+TJoxHVqfGsFwO XgftJK25zKwsUpGV7p4GdwrYRn+rHFKkrsh2XKjiVWtVUD5SD/cGBgM6dMghqQrazLbmB8AV qzemayYX9u9w5NMxMVe4Zuze12dOgAf0wv+RPXVxxn0mVYlxOWjiod6VLn3g24aTv+bN6hmc sjGJRlQpBA0DVsSp9wYxlMCdtaThzCfOSToQOXmYMJmXmd3eSoAJNQRlSARlrP5ysiMbgS08 EukbL/hvs6mayfKA22RO5rjCQqGzN4BUqSw4RMxQQQOz/BO/sKY7RdICRtYJEGyIV+DY6PB0 n9wQAMF4H5qen/oDr3J37Y2N0OKctZxxii7fFqWSNc7GMS2tlZuakWQ7GbBC3vHBAC5j66d2 WXi3Yaf0uM4ydyu7LZ1fKpJ+9aWXjKMTdg+l7d9WV5UWY8fcXDl+nUEjO2biAJHhFfa3dKXL 3/1GwG5Q5vqjDiNhlhVVCqI4DoreuimLzHfs8QVulEm0WInrcPXKPevgYg7slwAax+Y4rXSx JeIeJo2GtgKD8nqaEX2TIEdajg5hS5MV2Wj6tvB9ZiWYy7ybPkNw/j4V5v0mUo5Hh5W+T3h2 FOMNFTJFQ7oC4AYNUwFoajh9tdgWNuKzU/Hdqoftjx387Kn4RtQIv8Clgfqt1zPjeWg1lYdp +RbjRRwV57Jq/LuKTBWAFp8zJ/tv4kVlZDxiBeeJWGoQ9LYQr6+LX7HMFmfXk1yYExwAGAwH w0h1C2Ldf5c2HoZQ7euHpbv5K1Y2MEMOiYkzwYX4XrGqsQFVGrgct0nKc5qD6BzY188sb9g4 RUa8L7MTsJyqOtkrWB1mYtNeclP9a3Eta1K6zHX90HqGjPDWjRXQ4KAhYaE8HPNkEuiI6OTR jGtSyM9iiv7LEo4D9Y8YW38XrRlCXjIhFvblDSZI/5qc+3YPT0nQ/Zb4Hwzi6OPFWwrAN3YY UyLsB+reNqoC57hhy/Q9hByH59vd03om+lfBvdPC Organization: Metacode Message-ID: Date: Wed, 21 Oct 2020 16:23:12 +0200 MIME-Version: 1.0 In-Reply-To: <3254.1603246077@localhost> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="FLwVTTTImVb0dpWNvlnjOiWKVDe7wxHNm" Archived-At: Subject: Re: [openpgp] heads-up: re-chartering the OPENPGP WG X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Oct 2020 14:24:23 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --FLwVTTTImVb0dpWNvlnjOiWKVDe7wxHNm Content-Type: multipart/mixed; boundary="7FXT25vThWwaqeH9evVOpxsgByDHKEuFU"; protected-headers="v1" From: Wiktor Kwapisiewicz To: Michael Richardson Cc: "openpgp@ietf.org" Message-ID: Subject: Re: [openpgp] heads-up: re-chartering the OPENPGP WG References: <20201020215929.GR39170@kduck.mit.edu> <260d532c97cfcf8285f68fa6080c809317646a76.camel@16bits.net> <73b6595fad9bd10d2772a5c6842adabc.squirrel@mail2.ihtfp.org> <0FC168CB-4394-4924-82B9-B40A15969FF0@ribose.com> <8e5fca53-4a3c-bb64-ef87-3a0f9d4bc11b@cs.tcd.ie> <3254.1603246077@localhost> In-Reply-To: <3254.1603246077@localhost> --7FXT25vThWwaqeH9evVOpxsgByDHKEuFU Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable Hi Michael, On 21.10.2020 04:07, Michael Richardson wrote: > We also have draft-koch-openpgp-webkey-service in the DT, > which sure sounds like webfinger/rfc7033, yet isn't. For the record WebFinger was actually considered for WKD. See: https://mailarchive.ietf.org/arch/msg/openpgp/6IfUxGRzJbszMP61M3lajZmIZtU= / Kind regards, Wiktor --=20 https://metacode.biz/@wiktor --7FXT25vThWwaqeH9evVOpxsgByDHKEuFU-- --FLwVTTTImVb0dpWNvlnjOiWKVDe7wxHNm Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEWaKd6o03OIxlaGPfuXoe4J20F+wFAl+QRFUpGGh0dHBzOi8v bWV0YWNvZGUuYml6L0B3aWt0b3Ivb3BlbnBncC9rZXkACgkQuXoe4J20F+wFYw// UJu6+9/26U25j7HW3nvwN6jq40MgDuTRl+I325AuBaeeYxCacFzZjd0YK34KziZJ O7H38j39mPeGx9wfJ6rZBYvYffPfxTIrBQlqfoJp8kPW1oA2WUeDQKsPheR5rGdK IGHKM0WYuPLtMFxkfgsqoUFIJyu/itgBEfUQrbMw0/AChcEIxxGCDnbKDEf1b3tV tHqw51rDVjd3X3gti3NwRwwC8xSCvdKERlikYGtQjMCtHKRJdmKvhVEDp11NH/bi s8ovT2sU09in/QTr/vsCMfEYSWq8afbbH/VOLIeQOz4s1F+8WFpVraa1//plUolu zJJUGNsqFScALzXIlIi28Lp2ZxC1ArDH1mKIcMiSPwxQVhAlEzBZfhchuhBMy1ym edKK3SPw4TaIgpVewuL0KycwKuPMEV9N2i/W825j1pnEVeHTywl4gDrtCgrYsuhH cgqm4Zx3P7pI1LLufpzcVHxzWGVLIVoDCfeyjjtqxMrbqHoNFdRZR/TRqWL7WAug BkPJe63hj9TeROeFXyrg1WqQ2jJOfKT++TDNxl32ocniIQdJ77/waqENVq9/GnCY OG2YA3BUhMbUBcBCLyTkAI8QDm62Us/R14Kl7OQwFqBww9+GOAW363/G30896Srr wJQvoYIyG/bjoXKEkZ55k7SDWZBn78eRX2KhJrSGzrA= =KzuO -----END PGP SIGNATURE----- --FLwVTTTImVb0dpWNvlnjOiWKVDe7wxHNm-- From nobody Wed Oct 21 09:58:49 2020 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2CE533A115F for ; Wed, 21 Oct 2020 09:58:48 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rshVixGC2cjU for ; Wed, 21 Oct 2020 09:58:46 -0700 (PDT) Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BB7FF3A086E for ; Wed, 21 Oct 2020 09:58:46 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 57CC9389C4; Wed, 21 Oct 2020 13:05:01 -0400 (EDT) Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 8G2H99ydc07c; Wed, 21 Oct 2020 13:05:00 -0400 (EDT) Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id E6597389C3; Wed, 21 Oct 2020 13:05:00 -0400 (EDT) Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id A79331D2; Wed, 21 Oct 2020 12:58:44 -0400 (EDT) From: Michael Richardson To: "Derek Atkins" , "openpgp\@ietf.org" In-Reply-To: References: <20201020215929.GR39170@kduck.mit.edu> <260d532c97cfcf8285f68fa6080c809317646a76.camel@16bits.net> <73b6595fad9bd10d2772a5c6842adabc.squirrel@mail2.ihtfp.org> <0FC168CB-4394-4924-82B9-B40A15969FF0@ribose.com> <8e5fca53-4a3c-bb64-ef87-3a0f9d4bc11b@cs.tcd.ie> X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Subject: Re: [openpgp] heads-up: re-chartering the OPENPGP WG X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Oct 2020 16:58:48 -0000 --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Derek Atkins wrote: > So... IF I read this right, the plan is to start from RFC4880 and then > re-hash all the discussions we've had in the past decade+ to re-intro= duce > changes to it? I think that the WG needs to go through the major diffs and gain consensus. I don't think we need to follow all the dead ends, etc. or the word-smithing. If there hasn't been any major restructuring of the document, then rfcdiff ought to do 70% of the work here for us. Someone just has to chop up what remains, and generate a slide for each part and attach some motivation. > Or is the plan to start from the current rfc4880bis draft and work fr= om > there to get it across the finish line? > The current wording in the charter leads me to the former and not the > latter process. Can you please confirm? =2D- Michael Richardson . o O ( IPv6 I=C3=B8T consulti= ng ) Sandelman Software Works Inc, Ottawa and Worldwide --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAl+QaMQACgkQgItw+93Q 3WVe8Af9GGkBYx6iJeZt3HI6FzLc7fXe7Wj0JGKGNM8KxX3uMvUJuYlDW5wMdIvF ZTudgi4Iej1fAtQtuvtm9Y9K52v1/PChYxyU4FhmkfhTKteNzSmpq4Ife04lIb3m TQETzVWbo3GMkPRCrll49ZwT/QU+xkxerWIvdPNO4R0axWKiJ40okyVCaHqBZpmB t3CRYlVY5NaRrefLl5upMViLfuV740Hlg6dlTN5jwdLBUimI+yxDQwH6IKrR7P/V bVBKXUj1ctrlEQBVcT3+SaoIl9s6XzOhzX3kLSYVbf4BCpjtmf+R7H4EVG8r49OF WXqf2D4gGYE1ohxzYJtmrJUzxuTPEQ== =g0mI -----END PGP SIGNATURE----- --=-=-=-- From nobody Wed Oct 21 23:19:51 2020 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 842FE3A0B71 for ; Wed, 21 Oct 2020 23:19:49 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.306 X-Spam-Level: X-Spam-Status: No, score=-1.306 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RDNS_NONE=0.793, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=fifthhorseman.net header.b=Xsho1BfW; dkim=pass (2048-bit key) header.d=fifthhorseman.net header.b=hc/qh6+r Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vpSn7dChYxFn for ; Wed, 21 Oct 2020 23:19:48 -0700 (PDT) Received: from che.mayfirst.org (unknown [162.247.75.117]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 68EB53A0B6E for ; Wed, 21 Oct 2020 23:19:48 -0700 (PDT) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019; t=1603347587; h=from : to : cc : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=UFoy67hrHNqo41BrzUk6L0Aw9VDPJZb5W1PndWPYwrQ=; b=Xsho1BfWZd+S8XP8yMamygH14i9Dq0caq7zXwcDY3J3klmFbmw8/dZ7JZB9IEzgYbihO3 SuEqq9Yx+T8C3rGBA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019rsa; t=1603347587; h=from : to : cc : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=UFoy67hrHNqo41BrzUk6L0Aw9VDPJZb5W1PndWPYwrQ=; b=hc/qh6+rce4yEtRvjIKKwGp4DKLGTWhlQ9h6pTtJlQrAie//JmiJb3O7k+o2MsZNALdQ/ znCt1mW3uAwcUFhmxkl8cjD/+Rakpz/oAgq1yx4Zacxdmd3EmRv+YE+REzy/DcGcnY41io9 eELRqfSo8WPnAmieAaLPK3CIb/d2kowf2xdcvlnFl2y8gagc5NbM1JzmtLluUjCx97rkYLB XQ5ArTyZX04uiEnLezd33427/ASVpD1UIDBQzY+bjyuPotH3hRRpWoTU8on3nS/flvbAqId A8XK00vn25vcgf703jHw9pk0TKhKRzl8xwxbcHgQabn7FD2GZe/NuyVocNiA== Received: from fifthhorseman.net (unknown [IPv6:2001:470:1f07:60d:f2de:f1ff:fec3:d109]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id BC4C4F9A5; Thu, 22 Oct 2020 02:19:46 -0400 (EDT) Received: by fifthhorseman.net (Postfix, from userid 1000) id 920232046B; Thu, 22 Oct 2020 02:19:43 -0400 (EDT) From: Daniel Kahn Gillmor To: Stephen Farrell , Derek Atkins Cc: Ronald Tse , "openpgp\@ietf.org" , Benjamin Kaduk In-Reply-To: References: <20201020215929.GR39170@kduck.mit.edu> <260d532c97cfcf8285f68fa6080c809317646a76.camel@16bits.net> <73b6595fad9bd10d2772a5c6842adabc.squirrel@mail2.ihtfp.org> <0FC168CB-4394-4924-82B9-B40A15969FF0@ribose.com> <8e5fca53-4a3c-bb64-ef87-3a0f9d4bc11b@cs.tcd.ie> Autocrypt: addr=dkg@fifthhorseman.net; prefer-encrypt=mutual; keydata= mDMEXEK/AhYJKwYBBAHaRw8BAQdAr/gSROcn+6m8ijTN0DV9AahoHGafy52RRkhCZVwxhEe0K0Rh bmllbCBLYWhuIEdpbGxtb3IgPGRrZ0BmaWZ0aGhvcnNlbWFuLm5ldD6ImQQTFggAQQIbAQULCQgH AgYVCgkICwIEFgIDAQIeAQIXgAIZARYhBMS8Lds4zOlkhevpwvIGkReQOOXGBQJd5Hw3BQkFpJWB AAoJEPIGkReQOOXGDYEA/j0ERjPxDleKMZ2LDcWc/3o5cLFwAVzBKQHppu0Be5IWAP0aeTnyEqlp RTE7M8zugwkhYeUYfYu0BjecDUMnYz6iDLgzBF3kewUWCSsGAQQB2kcPAQEHQK1IuW0GZmcrs2mx CYMl8IHse0tMF8cP7eBNXevrlx2ZiPUEGBYIACYCGwIWIQTEvC3bOMzpZIXr6cLyBpEXkDjlxgUC XeR7TwUJAiGl/gCBdiAEGRYIAB0WIQQsv6x2UaqQJzY+dXHEDyVUMvKBDwUCXeR7BQAKCRDEDyVU MvKBD7KmAQCHs+7588C4jto6fMje0Nu97zzoppjJM7lrGF2rVnbHvwD+MgmGUbHzPSUrTWnZBQDi /QM595bxNrBA4N1CiXhs2AMJEPIGkReQOOXGpp0BAM7YeBnt/UNvxJAGm4DidSfHU7RDMWe6Tgux HrH21cDkAQC9leNFXJsQ7F2ZniRPHa8CkictcQEKPL8VCWpfe8LbArg4BF3ke5wSCisGAQQBl1UB BQEBB0Cf+EiAXtntQMf51xpqb6uZ5O0eCLAZtkg0SXHjA1JlEwMBCAeIfgQYFggAJhYhBMS8Lds4 zOlkhevpwvIGkReQOOXGBQJd5HucAhsMBQkCIaVkAAoJEPIGkReQOOXGdYcBANYnW7VyL2CncKH1 iO4Zr0IwfdIv6rai1PUHL98pVi3cAP9tMh85CKGDa0Xi/fptQH41meollLW5tLb/bEWMuUNuBQ== Date: Thu, 22 Oct 2020 02:19:41 -0400 Message-ID: <87ft66u6iq.fsf@fifthhorseman.net> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" Archived-At: Subject: Re: [openpgp] heads-up: re-chartering the OPENPGP WG X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Oct 2020 06:19:50 -0000 --=-=-= Content-Type: text/plain I agree with Stephen that there is a lot in the current draft labeled rfc4880bis that we should be able to pretty easily document a rough consensus for, that is in-charter, and has interoperable implementations. We do still need to sort out how we clarify which parts meet those standards, so we can demonstrate that the re-formed WG can produce the chartered bis in a collaborative and reasonably prompt way. Looking forward to working with everyone here on this! --dkg --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQQsv6x2UaqQJzY+dXHEDyVUMvKBDwUCX5EkfwAKCRDEDyVUMvKB D7gUAQDATfJsLfXqhlik0PCr/AWpxiuWyoUt/4u7MpkIzsgQ7gEA85nbUtdQCeDV 5lnOVgoqRqfBcy7Ml2h0Avn5Gy2BlQM= =8dk0 -----END PGP SIGNATURE----- --=-=-=-- From nobody Fri Oct 23 05:51:19 2020 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A06EB3A0AC3 for ; Fri, 23 Oct 2020 05:51:17 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.898 X-Spam-Level: X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yTQCMoK34Q4o for ; Fri, 23 Oct 2020 05:51:15 -0700 (PDT) Received: from mail.dasr.de (mail.dasr.de [217.69.77.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AC66A3A0ABE for ; Fri, 23 Oct 2020 05:51:15 -0700 (PDT) Received: from pd9e79cc0.dip0.t-ipconnect.de ([217.231.156.192] helo=forster.huenfield.org) by mail.dasr.de with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.86_2) (envelope-from ) id 1kVwXF-0002gC-EZ for openpgp@ietf.org; Fri, 23 Oct 2020 12:51:09 +0000 Received: from grit.huenfield.org ([192.168.20.9] helo=grit.walfield.org) by forster.huenfield.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1kVwXE-0005TX-R9 for openpgp@ietf.org; Fri, 23 Oct 2020 14:51:09 +0200 Date: Fri, 23 Oct 2020 14:51:08 +0200 Message-ID: <87sga5xg03.wl-neal@walfield.org> From: "Neal H. Walfield" To: "openpgp@ietf.org" User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM/1.14.9 (=?ISO-8859-4?Q?Goj=F2?=) APEL/10.8 EasyPG/1.0.0 Emacs/26 (x86_64-pc-linux-gnu) MULE/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=US-ASCII X-SA-Exim-Connect-IP: 192.168.20.9 X-SA-Exim-Mail-From: neal@walfield.org X-SA-Exim-Scanned: No (on forster.huenfield.org); SAEximRunCond expanded to false Archived-At: Subject: [openpgp] Deprecating SHA1 X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Oct 2020 12:51:18 -0000 Hi, I'm turning to this mailing list to seek advice about how to deal with SHA1-based self signatures. I have two concrete questions, which are at the bottom of the email. But first, I want to present the concrete problem and my thoughts so far. Based on the "SHA-1 is a Shambles" paper [1] we decided to change Sequoia to reject signatures that use SHA1 by default [2]. This includes both signatures over data, as well as self signatures of all kinds including primary key binding signatures (aka backsigs). [1] https://sha-mbles.github.io/ [2] https://docs.sequoia-pgp.org/sequoia_openpgp/policy/struct.StandardPolicy.html#method.reject_hash_at A Secure Drop developer recently contacted us, and indicated that our policy was too strict: some of the Secure Drop installations have offline keys that use SHA1, and the users have no easy way (or lack the will) to update those keys. This prompted me to investigate the use of SHA1 in general. Unfortunately, it appears that many actively used certificates from technically sophisticated users still rely on SHA1. The results of my investigation are here: https://gitlab.com/sequoia-pgp/sequoia/-/issues/595 First, I found that Microsoft's "Security Notifications PGP Key" [3], which was created less than a year ago (Oct 2019) uses SHA-1. Given the use of the preferred-email-encoding@pgp.com notation, I suspect that they are using a Symantec PGP product. [3] https://www.microsoft.com/en-us/msrc/pgp-key-security-notifications Looking at the Debian Keyring, I found that: - 106 of the 884 certificate (12%) use SHA1 for all User ID binding signatures and direct key signatures - 63 more (7%) use SHA1 to protect at least one non-revoked User ID. - 234 have a non-revoked, live signing capable subkey - 19 of those have binding signatures that use SHA1 in some way (8%). - 9 use something stronger for the subkey binding signature, but SHA1 for the backsig. (This appears to be a bug in GnuPG, which I reported [4].) [4] https://dev.gnupg.org/T5110 As Debian Developers are perhaps the most sophisticated OpenPGP users, this is pretty damning. For Arch developers, the situation is worse: 2 of the 5 master ("CA") keys rely on SHA1. Of the 72 developer keys, 26 (36%) use SHA1 for all User ID self signatures and direct key signatures. Of the 46 remaining certificates, 2 use SHA1 for a non-revoked, live signing-capable subkey. Looking at the Fedora Project's signing Keys [5]: all 7 use SHA1 exclusively. When I spoke with the person responsible for this infrastructure, we discovered that this was due to a configuration error, which they promptly fixed. [5] https://getfedora.org/static/fedora.gpg Given these results, we decided to reevaluate our bad listing of SHA1. As the SHA1 paper indicates that SHA1's preimage resistance is not broken, I thought that we might be able to accept SHA1 for self signatures, and not for documents [6]. But, Azul pointed out [7] that Mallory could create a collision for a document and a self-signature, and then convince Alice to sign the document. This could work in practice because Mallory can predict everything in the signature, but the timestamp, and if Alice is an automated signing service, there is a good chance that Mallory would be able to get Alice to sign the document at the right time. [6] https://gitlab.com/sequoia-pgp/sequoia/-/issues/595 [7] https://gitlab.com/sequoia-pgp/sequoia/-/issues/595#note_433768966 If the signature included a salt, Mallory would have had a much harder time coercing Alice to sign the document with the right metadata. As such, we plan to include a salt in all signatures that Sequoia makes so that should, say, SHA256 suffer the same fate as SHA1, we can still rely on preimage resistance to allow us to continue to accept self signatures that use SHA256 for a while [8]. [8] https://gitlab.com/sequoia-pgp/sequoia/-/issues/597 So, two questions: - Does anyone see a safe way to accept SHA1 self-signatures today? Or (ouch!), if we want to be safe, do we have to convince ~10% of the sophisticated OpenPGP users to re-sign or regenerate their keys? - What do people think about including a salt in the hash to make the content of the hash less predictable as described in [7]? Thanks! :) Neal From nobody Fri Oct 23 07:52:46 2020 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7C1DD3A0EA8 for ; Fri, 23 Oct 2020 07:52:45 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.097 X-Spam-Level: X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ewgOw_ijvBLx for ; Fri, 23 Oct 2020 07:52:43 -0700 (PDT) Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 273303A0EA6 for ; Fri, 23 Oct 2020 07:52:42 -0700 (PDT) Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 4CHnJm6Fy8zKJ8; Fri, 23 Oct 2020 16:52:40 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1603464760; bh=bXgxfUuQmCmeBIrg8Oj2dyEV/E3jFC6sWpXTCAAln0k=; h=From:Subject:Date:References:Cc:In-Reply-To:To; b=RLEN/f0AfIcD4a9dcqlCOySt1n8VQ0o8x8RCYOFA6D5FQ6mJcwNMY+V+3OgzZUYfD cQaxc3YHbAVipyEYGVinEV5RnE1cn5ltIa6Nmte28KrwFwXEHJ+FmgNIAqOs2cODd2 XGxddZ5mum0LxM/0doQ4TjbX1zOumhiaNXme/LZ4= X-Virus-Scanned: amavisd-new at mx.nohats.ca Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id 2zxvNOndv2M6; Fri, 23 Oct 2020 16:52:38 +0200 (CEST) Received: from bofh.nohats.ca (bofh.nohats.ca [193.110.157.194]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Fri, 23 Oct 2020 16:52:38 +0200 (CEST) Received: from [193.110.157.220] (unknown [193.110.157.220]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by bofh.nohats.ca (Postfix) with ESMTPSA id 633B96029BA1; Fri, 23 Oct 2020 10:52:37 -0400 (EDT) Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable From: Paul Wouters Mime-Version: 1.0 (1.0) Date: Fri, 23 Oct 2020 10:52:35 -0400 Message-Id: References: <87sga5xg03.wl-neal@walfield.org> Cc: openpgp@ietf.org In-Reply-To: <87sga5xg03.wl-neal@walfield.org> To: "Neal H. Walfield" X-Mailer: iPhone Mail (18A393) Archived-At: Subject: Re: [openpgp] Deprecating SHA1 X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Oct 2020 14:52:46 -0000 Could you give implementers some guidance? - don=E2=80=99t allow creating sha1 signatures=20 - don=E2=80=99t allow verification with sha1 to pass for data time time stam= ped after 2020 (eg based on email headers or signature time stamps) - allow verification of old data with sha1 to pass Paul Sent from my iPhone > On Oct 23, 2020, at 08:51, Neal H. Walfield wrote: >=20 > =EF=BB=BFHi, >=20 > I'm turning to this mailing list to seek advice about how to deal with > SHA1-based self signatures. I have two concrete questions, which are > at the bottom of the email. But first, I want to present the concrete > problem and my thoughts so far. >=20 >=20 > Based on the "SHA-1 is a Shambles" paper [1] we decided to change > Sequoia to reject signatures that use SHA1 by default [2]. This > includes both signatures over data, as well as self signatures of all > kinds including primary key binding signatures (aka backsigs). >=20 > [1] https://sha-mbles.github.io/ > [2] https://docs.sequoia-pgp.org/sequoia_openpgp/policy/struct.StandardPo= licy.html#method.reject_hash_at >=20 > A Secure Drop developer recently contacted us, and indicated that our > policy was too strict: some of the Secure Drop installations have > offline keys that use SHA1, and the users have no easy way (or lack > the will) to update those keys. >=20 > This prompted me to investigate the use of SHA1 in general. > Unfortunately, it appears that many actively used certificates from > technically sophisticated users still rely on SHA1. The results of my > investigation are here: >=20 > https://gitlab.com/sequoia-pgp/sequoia/-/issues/595 >=20 > First, I found that Microsoft's "Security Notifications PGP Key" [3], > which was created less than a year ago (Oct 2019) uses SHA-1. Given > the use of the preferred-email-encoding@pgp.com notation, I suspect > that they are using a Symantec PGP product. >=20 > [3] https://www.microsoft.com/en-us/msrc/pgp-key-security-notifications >=20 > Looking at the Debian Keyring, I found that: >=20 > - 106 of the 884 certificate (12%) use SHA1 for all User ID binding > signatures and direct key signatures >=20 > - 63 more (7%) use SHA1 to protect at least one non-revoked User ID. >=20 > - 234 have a non-revoked, live signing capable subkey >=20 > - 19 of those have binding signatures that use SHA1 in some way > (8%). >=20 > - 9 use something stronger for the subkey binding signature, but > SHA1 for the backsig. (This appears to be a bug in GnuPG, which > I reported [4].) >=20 > [4] https://dev.gnupg.org/T5110 >=20 > As Debian Developers are perhaps the most sophisticated OpenPGP users, > this is pretty damning. >=20 > For Arch developers, the situation is worse: 2 of the 5 master ("CA") > keys rely on SHA1. Of the 72 developer keys, 26 (36%) use SHA1 for > all User ID self signatures and direct key signatures. Of the 46 > remaining certificates, 2 use SHA1 for a non-revoked, live > signing-capable subkey. >=20 > Looking at the Fedora Project's signing Keys [5]: all 7 use SHA1 > exclusively. When I spoke with the person responsible for this > infrastructure, we discovered that this was due to a configuration > error, which they promptly fixed. >=20 > [5] https://getfedora.org/static/fedora.gpg >=20 > Given these results, we decided to reevaluate our bad listing of SHA1. > As the SHA1 paper indicates that SHA1's preimage resistance is not > broken, I thought that we might be able to accept SHA1 for self > signatures, and not for documents [6]. But, Azul pointed out [7] that > Mallory could create a collision for a document and a self-signature, > and then convince Alice to sign the document. This could work in > practice because Mallory can predict everything in the signature, but > the timestamp, and if Alice is an automated signing service, there is > a good chance that Mallory would be able to get Alice to sign the > document at the right time. >=20 > [6] https://gitlab.com/sequoia-pgp/sequoia/-/issues/595 > [7] https://gitlab.com/sequoia-pgp/sequoia/-/issues/595#note_433768966 >=20 > If the signature included a salt, Mallory would have had a much harder > time coercing Alice to sign the document with the right metadata. As > such, we plan to include a salt in all signatures that Sequoia makes > so that should, say, SHA256 suffer the same fate as SHA1, we can still > rely on preimage resistance to allow us to continue to accept self > signatures that use SHA256 for a while [8]. >=20 > [8] https://gitlab.com/sequoia-pgp/sequoia/-/issues/597 >=20 > So, two questions: >=20 > - Does anyone see a safe way to accept SHA1 self-signatures today? > Or (ouch!), if we want to be safe, do we have to convince ~10% of > the sophisticated OpenPGP users to re-sign or regenerate their > keys? >=20 > - What do people think about including a salt in the hash to make > the content of the hash less predictable as described in [7]? >=20 > Thanks! >=20 > :) Neal >=20 > _______________________________________________ > openpgp mailing list > openpgp@ietf.org > https://www.ietf.org/mailman/listinfo/openpgp From nobody Fri Oct 23 08:17:21 2020 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1411A3A0EE6 for ; Fri, 23 Oct 2020 08:17:20 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.898 X-Spam-Level: X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vNmzDInChZaU for ; Fri, 23 Oct 2020 08:17:18 -0700 (PDT) Received: from mail.dasr.de (mail.dasr.de [217.69.77.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 637743A0EE0 for ; Fri, 23 Oct 2020 08:17:17 -0700 (PDT) Received: from pd9e79cc0.dip0.t-ipconnect.de ([217.231.156.192] helo=forster.huenfield.org) by mail.dasr.de with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.86_2) (envelope-from ) id 1kVyod-0004tx-W5; Fri, 23 Oct 2020 15:17:16 +0000 Received: from grit.huenfield.org ([192.168.20.9] helo=grit.walfield.org) by forster.huenfield.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1kVyod-0001cg-FI; Fri, 23 Oct 2020 17:17:15 +0200 Date: Fri, 23 Oct 2020 17:17:15 +0200 Message-ID: <87o8ktx98k.wl-neal@walfield.org> From: "Neal H. Walfield" To: Paul Wouters Cc: openpgp@ietf.org In-Reply-To: References: <87sga5xg03.wl-neal@walfield.org> User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM/1.14.9 (=?ISO-8859-4?Q?Goj=F2?=) APEL/10.8 EasyPG/1.0.0 Emacs/26 (x86_64-pc-linux-gnu) MULE/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=ISO-8859-7 Content-Transfer-Encoding: quoted-printable X-SA-Exim-Connect-IP: 192.168.20.9 X-SA-Exim-Mail-From: neal@walfield.org X-SA-Exim-Scanned: No (on forster.huenfield.org); SAEximRunCond expanded to false Archived-At: Subject: Re: [openpgp] Deprecating SHA1 X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Oct 2020 15:17:20 -0000 Hi Paul, Thanks for following up. On Fri, 23 Oct 2020 16:52:35 +0200, Paul Wouters wrote: > Could you give implementers some guidance? >=20 > - don=A2t allow creating sha1 signatures=20 I suspect that most implementations already do this. > - don=A2t allow verification with sha1 to pass for data time time > stamped after 2020 (eg based on email headers or signature time > stamps) > - allow verification of old data with sha1 to pass The Sequoia library does pretty much already what you are suggesting (although we set the cutoff for SHA1 to 2013, not 2020): when an application developer configures a policy, they can specify a timestamp. The timestamp is then used to select algorithms that were safe as of the specified time. https://docs.sequoia-pgp.org/sequoia_openpgp/struct.Cert.html#method.with= _policy The difficulty for the application developer is to find a timestamp and authenticate it. Consider: Alice encrypts an email to Bob. If Bob's certificate uses SHA1 for all of the self signatures, should Alice accept the self signatures? She has no email headers to extract a time stamp from (she's sending him a mail, not verifying a signature in a message that Bob sent her). As for the time stamp in the self signature, it's not clear to me why it should be trusted. Say Mallory collides a document sig and a self sig for Alice, and gets Alice to sign the document at the right time. He can set the self sig's timestamp to whatever he wants, including just far enough in the past that it gets by your proposed filter. Thanks for your thoughts, Neal From nobody Fri Oct 23 12:23:28 2020 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 191D13A0AD3 for ; Fri, 23 Oct 2020 12:23:27 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.099 X-Spam-Level: X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=spodhuis.org header.b=H1YNVktW; dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=spodhuis.org header.b=wPGPiJma Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O_VUdEwpjNf8 for ; Fri, 23 Oct 2020 12:23:25 -0700 (PDT) Received: from mx.spodhuis.org (smtp.spodhuis.org [IPv6:2a02:898:31:0:48:4558:736d:7470]) (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 27F973A0AD0 for ; Fri, 23 Oct 2020 12:23:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=spodhuis.org; s=d202008; h=OpenPGP:In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:To:From:Date:From:Reply-To:Subject:Date:To:Cc: Content-Transfer-Encoding:Content-ID:Content-Description:OpenPGP:Organization ; bh=b9j1SO9IOoCDKSwQMyuyzvErUi7/L69oCtTZlKF/reE=; t=1603481005; x=1604690605 ; b=H1YNVktWpfsTHL9534JWlcOCVoXCIhaeHzxeGmWW7ljBOpD+NyykAUN4LRrHpoWf73s0fRLiT jLT3621I8jaRtMRyaMDxZ5WB6t4qGeFRp1qa92s7mmaNnvarhpZNzSuL+tjWneh+eHlOinshGA8TU H8fV0j7+kCcIoRQNtR9byggXbOdipp3kugHD4SKPmAk/oRBsjZbIFLr9RUDwPWyydfCk3r4fP/IgG SvpcQTmeDAnUvvSgq4SqhfXa7wZpBvYlMYus6XuODI9PWLzDe999EuTFreuHU/3cQHIhX5g9KKK9u Se5NB2Xvf364l20bamDN5PZ2V+fR1qT41Z8GZQ==; DKIM-Signature: v=1; a=ed25519-sha256; q=dns/txt; c=relaxed/relaxed; d=spodhuis.org; s=d202008e2; h=OpenPGP:In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:To:From:Date:From:Reply-To:Subject:Date:To:Cc: Content-Transfer-Encoding:Content-ID:Content-Description:OpenPGP:Organization ; bh=b9j1SO9IOoCDKSwQMyuyzvErUi7/L69oCtTZlKF/reE=; t=1603481005; x=1604690605 ; b=wPGPiJmaAHLk4uyE/HYUZJokoIwMcQP6JHx32Gvrs1fTbvoPRU8GjzyVXd5weXMBvMOg5bD4U BCR4aN3iR/aCQ==; Received: from authenticated user by smtp.spodhuis.org with esmtpsa (TLSv1.3:TLS_AES_256_GCM_SHA384:256) id 1kW2em-000BKv-Rz; Fri, 23 Oct 2020 19:23:21 +0000 Date: Fri, 23 Oct 2020 15:23:17 -0400 From: Phil Pennock To: openpgp@ietf.org Message-ID: <20201023192317.GA444398@fullerene.field.pennock-tech.net> Mail-Followup-To: openpgp@ietf.org References: <87sga5xg03.wl-neal@walfield.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <87sga5xg03.wl-neal@walfield.org> OpenPGP: url=https://www.security.spodhuis.org/PGP/keys/keys-2013rsa-2020cv25519.asc Archived-At: Subject: Re: [openpgp] Deprecating SHA1 X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Oct 2020 19:23:27 -0000 On 2020-10-23 at 14:51 +0200, Neal H. Walfield wrote: > - Does anyone see a safe way to accept SHA1 self-signatures today? > Or (ouch!), if we want to be safe, do we have to convince ~10% of > the sophisticated OpenPGP users to re-sign or regenerate their > keys? At the start of this year, I reached out individually to maintainers signing releases of some security critical software and had good luck getting them to re-sign, by including instructions on how to do so. I never got around to producing a blog-post, but the messaging worked, everyone I reached out to followed through and fixed. It's a small sample set of about 5, and population biased towards caring about security. So while I wouldn't extrapolate to "everyone will do it", I think with pressure "many people will". The TLDR for folks using the widespread GnuPG software is that GnuPG defaults to protecting you against a new self-sig, but expert-mode makes it easy: gpg --expert --cert-digest-algo SHA256 --sign-key $YourKeyId Crafted messages around that worked. "Hey, it's one line and then uploading your keys" -- I think getting 80% of that 10% is probably fairly doable. That then leaves 2% of total users with broken keys, which is a more viable cut-off. If services such as keys.openpgp.org started showing big scary red warnings above keys which lack a sane self-sig, or warning on upload, we'd get some pressure that way. -Phil From nobody Fri Oct 23 13:14:05 2020 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 047893A0B1D for ; Fri, 23 Oct 2020 13:14:04 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.117 X-Spam-Level: X-Spam-Status: No, score=-1.117 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_SORBS_DUL=0.001, RDNS_DYNAMIC=0.982, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=hadrons.org Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J4_ADKq2Ip1n for ; Fri, 23 Oct 2020 13:14:01 -0700 (PDT) Received: from pulsar.hadrons.org (2.152.178.181.dyn.user.ono.com [2.152.178.181]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4660C3A0B1C for ; Fri, 23 Oct 2020 13:14:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=hadrons.org ; s=201908; h=In-Reply-To:Content-Transfer-Encoding:Content-Type:MIME-Version :References:Message-ID:Subject:Cc:To:From:Date:From:Reply-To:Subject: Content-ID:Content-Description:X-Debbugs-Cc; bh=HS/thiCxE6Fbwz00+SjYmjD2fIWV+WYMvrkC8MapsPA=; b=cNpX0NMx0xH0hYTwt14iBAYhr5 /dz5wFcLsngFjIfdlC24JUkiBObrCX4YSpSd1Rh4C5OFOA33Xg30ixOG4eJZJt3EFU2SMHNdsxyOw 7OWLLoWY9Re/uiVTXAvoft4CJc+PC4Ii2hfyGYgbk42zBdZRghW2vBBh+MuWdxCB+u0Ncj1vt8p5a ltFe+uMGhVmKAVymmGrvE/mwOmEjHN5+cT6BgnMHX4xntaoHVlmoPlsrcInPIp54B59151gQCp0Ch S1QkJumcMJdgUmCDNljSsPf+kmd0NuSmylfRISu5DpKQouFIQCHVlwpgFUZawnTVOnJ63zKv61NOr sqJM3Qfg==; Received: from guillem by pulsar.hadrons.org with local (Exim 4.92) (envelope-from ) id 1kW3ck-00042c-Rf; Fri, 23 Oct 2020 22:25:18 +0200 Date: Fri, 23 Oct 2020 22:13:55 +0200 From: Guillem Jover To: "Neal H. Walfield" Cc: "openpgp@ietf.org" Message-ID: <20201023201355.GA72347@thunder.hadrons.org> References: <87sga5xg03.wl-neal@walfield.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <87sga5xg03.wl-neal@walfield.org> Archived-At: Subject: Re: [openpgp] Deprecating SHA1 X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Oct 2020 20:14:04 -0000 Hi! [ CCing the Debian keyring maintainers, that I'm not sure whether they are subscribed, and leaving enough quoted text for context. ] On Fri, 2020-10-23 at 14:51:08 +0200, Neal H. Walfield wrote: > I'm turning to this mailing list to seek advice about how to deal with > SHA1-based self signatures. I have two concrete questions, which are > at the bottom of the email. But first, I want to present the concrete > problem and my thoughts so far. > > > Based on the "SHA-1 is a Shambles" paper [1] we decided to change > Sequoia to reject signatures that use SHA1 by default [2]. This > includes both signatures over data, as well as self signatures of all > kinds including primary key binding signatures (aka backsigs). > > [1] https://sha-mbles.github.io/ > [2] https://docs.sequoia-pgp.org/sequoia_openpgp/policy/struct.StandardPolicy.html#method.reject_hash_at > > A Secure Drop developer recently contacted us, and indicated that our > policy was too strict: some of the Secure Drop installations have > offline keys that use SHA1, and the users have no easy way (or lack > the will) to update those keys. > > This prompted me to investigate the use of SHA1 in general. > Unfortunately, it appears that many actively used certificates from > technically sophisticated users still rely on SHA1. The results of my > investigation are here: > > https://gitlab.com/sequoia-pgp/sequoia/-/issues/595 > […] > > Looking at the Debian Keyring, I found that: > > - 106 of the 884 certificate (12%) use SHA1 for all User ID binding > signatures and direct key signatures > > - 63 more (7%) use SHA1 to protect at least one non-revoked User ID. > > - 234 have a non-revoked, live signing capable subkey > > - 19 of those have binding signatures that use SHA1 in some way > (8%). > > - 9 use something stronger for the subkey binding signature, but > SHA1 for the backsig. (This appears to be a bug in GnuPG, which > I reported [4].) > > [4] https://dev.gnupg.org/T5110 > > As Debian Developers are perhaps the most sophisticated OpenPGP users, > this is pretty damning. > […] > > Given these results, we decided to reevaluate our bad listing of SHA1. > As the SHA1 paper indicates that SHA1's preimage resistance is not > broken, I thought that we might be able to accept SHA1 for self > signatures, and not for documents [6]. But, Azul pointed out [7] that > Mallory could create a collision for a document and a self-signature, > and then convince Alice to sign the document. This could work in > practice because Mallory can predict everything in the signature, but > the timestamp, and if Alice is an automated signing service, there is > a good chance that Mallory would be able to get Alice to sign the > document at the right time. > > [6] https://gitlab.com/sequoia-pgp/sequoia/-/issues/595 > [7] https://gitlab.com/sequoia-pgp/sequoia/-/issues/595#note_433768966 > […] > > So, two questions: > > - Does anyone see a safe way to accept SHA1 self-signatures today? > Or (ouch!), if we want to be safe, do we have to convince ~10% of > the sophisticated OpenPGP users to re-sign or regenerate their > keys? […] Regards, Guillem From nobody Fri Oct 23 13:15:11 2020 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 935233A0B1D for ; Fri, 23 Oct 2020 13:15:09 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.117 X-Spam-Level: X-Spam-Status: No, score=-1.117 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_SORBS_DUL=0.001, RDNS_DYNAMIC=0.982, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=hadrons.org Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3oGBztshf09K for ; Fri, 23 Oct 2020 13:15:07 -0700 (PDT) Received: from pulsar.hadrons.org (2.152.178.181.dyn.user.ono.com [2.152.178.181]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7C0E93A0B1C for ; Fri, 23 Oct 2020 13:15:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=hadrons.org ; s=201908; h=In-Reply-To:Content-Transfer-Encoding:Content-Type:MIME-Version :References:Message-ID:Subject:Cc:To:From:Date:From:Reply-To:Subject: Content-ID:Content-Description:X-Debbugs-Cc; bh=1NeovW51ENATG6TfvjYlr9wnGGpQVQq1X+gH28sAUno=; b=k1M3oM9MmPtbKdmsFvCApMIEqb +0KC7extV9jx7ZOm0RVIT4NC5dQoW1EppsdiWDT+///uDV73EgAFgAG+xYKI+JBG4TaB5Q/kmYHTa fO4WhqsGqgyG6y9Mg4jyRGB+4Wc3tpiTWlm74k/jfivWq1OeLra59PrEPJidg5aLmIz8uow0xULj/ BOh/9VCZSEtBnHRySi8X2qcFYQq3hOzNXauRtUzrz2wupOeWgvhwEUPmomSvTvLNnv5UY8yY1zLk1 6kupUq00+EpkYGiitugrrUtF1q60suMCcpvmZlcjIPkL5h8A/MesGoBNCKd7V6pdC7/9PeHSs6Id+ O+GnKN6w==; Received: from guillem by pulsar.hadrons.org with local (Exim 4.92) (envelope-from ) id 1kW3dr-000438-JK; Fri, 23 Oct 2020 22:26:27 +0200 Date: Fri, 23 Oct 2020 22:15:04 +0200 From: Guillem Jover To: "Neal H. Walfield" Cc: "openpgp@ietf.org" , keyring-maint@debian.org Message-ID: <20201023201504.GB72347@thunder.hadrons.org> References: <87sga5xg03.wl-neal@walfield.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <87sga5xg03.wl-neal@walfield.org> Archived-At: Subject: Re: [openpgp] Deprecating SHA1 X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Oct 2020 20:15:10 -0000 Hi! [ CCing the Debian keyring maintainers, that I'm not sure whether they are subscribed, and leaving enough quoted text for context. ] [ And forgot to actually CC the first time around, sorry! :) ] On Fri, 2020-10-23 at 14:51:08 +0200, Neal H. Walfield wrote: > I'm turning to this mailing list to seek advice about how to deal with > SHA1-based self signatures. I have two concrete questions, which are > at the bottom of the email. But first, I want to present the concrete > problem and my thoughts so far. > > > Based on the "SHA-1 is a Shambles" paper [1] we decided to change > Sequoia to reject signatures that use SHA1 by default [2]. This > includes both signatures over data, as well as self signatures of all > kinds including primary key binding signatures (aka backsigs). > > [1] https://sha-mbles.github.io/ > [2] https://docs.sequoia-pgp.org/sequoia_openpgp/policy/struct.StandardPolicy.html#method.reject_hash_at > > A Secure Drop developer recently contacted us, and indicated that our > policy was too strict: some of the Secure Drop installations have > offline keys that use SHA1, and the users have no easy way (or lack > the will) to update those keys. > > This prompted me to investigate the use of SHA1 in general. > Unfortunately, it appears that many actively used certificates from > technically sophisticated users still rely on SHA1. The results of my > investigation are here: > > https://gitlab.com/sequoia-pgp/sequoia/-/issues/595 > […] > > Looking at the Debian Keyring, I found that: > > - 106 of the 884 certificate (12%) use SHA1 for all User ID binding > signatures and direct key signatures > > - 63 more (7%) use SHA1 to protect at least one non-revoked User ID. > > - 234 have a non-revoked, live signing capable subkey > > - 19 of those have binding signatures that use SHA1 in some way > (8%). > > - 9 use something stronger for the subkey binding signature, but > SHA1 for the backsig. (This appears to be a bug in GnuPG, which > I reported [4].) > > [4] https://dev.gnupg.org/T5110 > > As Debian Developers are perhaps the most sophisticated OpenPGP users, > this is pretty damning. > […] > > Given these results, we decided to reevaluate our bad listing of SHA1. > As the SHA1 paper indicates that SHA1's preimage resistance is not > broken, I thought that we might be able to accept SHA1 for self > signatures, and not for documents [6]. But, Azul pointed out [7] that > Mallory could create a collision for a document and a self-signature, > and then convince Alice to sign the document. This could work in > practice because Mallory can predict everything in the signature, but > the timestamp, and if Alice is an automated signing service, there is > a good chance that Mallory would be able to get Alice to sign the > document at the right time. > > [6] https://gitlab.com/sequoia-pgp/sequoia/-/issues/595 > [7] https://gitlab.com/sequoia-pgp/sequoia/-/issues/595#note_433768966 > […] > > So, two questions: > > - Does anyone see a safe way to accept SHA1 self-signatures today? > Or (ouch!), if we want to be safe, do we have to convince ~10% of > the sophisticated OpenPGP users to re-sign or regenerate their > keys? […] Regards, Guillem From nobody Sat Oct 24 01:57:31 2020 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 754053A0B38 for ; Sat, 24 Oct 2020 01:57:29 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.099 X-Spam-Level: X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=earth.li Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a8RZY0KeDlFa for ; Sat, 24 Oct 2020 01:57:28 -0700 (PDT) Received: from the.earth.li (the.earth.li [IPv6:2a00:1098:86:4d:c0ff:ee:15:900d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0A7CC3A0B32 for ; Sat, 24 Oct 2020 01:57:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=earth.li; s=the; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID:Subject :To:From:Date:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=D39TxNaB/86MFTbCC59cRH6Fhb4SzBQ4N83i9ZNooW4=; b=lOvJf6VWQvKAluCOaUKAkWOuOa 80XCB+SdpS91jetRU2Op1n3On6SOO4iB1QcfMwLyJUiqOpBLD80qwLNut+EdY+r/no6HAX6oR0pnj MIVbF4/HWywpFXgcLdzGFsjmPkAxrDLd71zG3tkGPpe767pytZ+QLJuaYWIhswr82GTx/GSesoVnU 24Fr3GPdOr6aV0pYR0VC3MLCCJMqU+MDZdOPtD5d1zMmcty3rMBTCjbtzKTyEMWJHI6p0HB0CwIId q4jMNt3itDM4WKemUNAqQ2BhuGlyd9zVfG/ezNfxVNBiB86ttR18ZcbSvIQ+KpfWZJFa/15F9eScw xZGR/Ftw==; Received: from noodles by the.earth.li with local (Exim 4.92) (envelope-from ) id 1kWFMb-0005Ik-Nm for openpgp@ietf.org; Sat, 24 Oct 2020 09:57:25 +0100 Date: Sat, 24 Oct 2020 09:57:25 +0100 From: Jonathan McDowell To: openpgp@ietf.org Message-ID: <20201024085725.GB2594@earth.li> References: <87sga5xg03.wl-neal@walfield.org> <20201023192317.GA444398@fullerene.field.pennock-tech.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20201023192317.GA444398@fullerene.field.pennock-tech.net> User-Agent: Mutt/1.10.1 (2018-07-13) Archived-At: Subject: Re: [openpgp] Deprecating SHA1 X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Oct 2020 08:57:29 -0000 On Fri, Oct 23, 2020 at 03:23:17PM -0400, Phil Pennock wrote: > The TLDR for folks using the widespread GnuPG software is that GnuPG > defaults to protecting you against a new self-sig, but expert-mode makes > it easy: > > gpg --expert --cert-digest-algo SHA256 --sign-key $YourKeyId I'm one of the people with a SHA1 self signature. I've been aware of it for some time, and it's been on my todo list to sort out, but when I last tried GPG did not make it possible. What version of GPG is necessary for the above to work? The somewhat aged versions on the airgapped machine my master key lives on do not seem to want to update the type of the self sig with that command. J. -- Chaos, panic, & disorder - my work here is done. From nobody Sat Oct 24 08:41:59 2020 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5AE2F3A0CC0 for ; Sat, 24 Oct 2020 08:41:57 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.898 X-Spam-Level: X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P36Dsf_YEWoQ for ; Sat, 24 Oct 2020 08:41:55 -0700 (PDT) Received: from mail.dasr.de (mail.dasr.de [217.69.77.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 905AE3A0CB0 for ; Sat, 24 Oct 2020 08:41:55 -0700 (PDT) Received: from pd9e79cc0.dip0.t-ipconnect.de ([217.231.156.192] helo=forster.huenfield.org) by mail.dasr.de with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.86_2) (envelope-from ) id 1kWLg1-0005Bm-4b for openpgp@ietf.org; Sat, 24 Oct 2020 15:41:53 +0000 Received: from grit.huenfield.org ([192.168.20.9] helo=grit.walfield.org) by forster.huenfield.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1kWLg0-0005wt-MV for openpgp@ietf.org; Sat, 24 Oct 2020 17:41:52 +0200 Date: Sat, 24 Oct 2020 17:41:52 +0200 Message-ID: <87lffvy6kf.wl-neal@walfield.org> From: "Neal H. Walfield" To: openpgp@ietf.org In-Reply-To: <20201023192317.GA444398@fullerene.field.pennock-tech.net> References: <87sga5xg03.wl-neal@walfield.org> <20201023192317.GA444398@fullerene.field.pennock-tech.net> User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM/1.14.9 (=?ISO-8859-4?Q?Goj=F2?=) APEL/10.8 EasyPG/1.0.0 Emacs/26 (x86_64-pc-linux-gnu) MULE/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=US-ASCII X-SA-Exim-Connect-IP: 192.168.20.9 X-SA-Exim-Mail-From: neal@walfield.org X-SA-Exim-Scanned: No (on forster.huenfield.org); SAEximRunCond expanded to false Archived-At: Subject: Re: [openpgp] Deprecating SHA1 X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Oct 2020 15:41:57 -0000 Hi Phil, On Fri, 23 Oct 2020 21:23:17 +0200, Phil Pennock wrote: > > On 2020-10-23 at 14:51 +0200, Neal H. Walfield wrote: > > - Does anyone see a safe way to accept SHA1 self-signatures today? > > Or (ouch!), if we want to be safe, do we have to convince ~10% of > > the sophisticated OpenPGP users to re-sign or regenerate their > > keys? > > At the start of this year, I reached out individually to maintainers > signing releases of some security critical software and had good luck > getting them to re-sign, by including instructions on how to do so. > > I never got around to producing a blog-post, but the messaging worked, > everyone I reached out to followed through and fixed. It's a small > sample set of about 5, and population biased towards caring about > security. So while I wouldn't extrapolate to "everyone will do it", I > think with pressure "many people will". Thanks for the report. I think your hope is well founded. > The TLDR for folks using the widespread GnuPG software is that GnuPG > defaults to protecting you against a new self-sig, but expert-mode makes > it easy: > > gpg --expert --cert-digest-algo SHA256 --sign-key $YourKeyId I wasn't aware of this, thanks for pointing it out. Unfortunately, for many keys it is not enough. There are three types of signatures that we should worry about: 1. User ID (and User Attribute) self signatures 2. Subkey binding signatures 3. Primary key binding signatures (a signing-capable subkey's "backsig") Your suggestion causes gpg to update the User ID self signatures (1). It is possible to update subkey binding signatures (2) by changing their expiration time. I'm not aware of a way using gpg to simply say: refresh the current subkey binding signature. As for the backsig (3), it would make sense to update this when updating the subkey binding signature (2), however, gpg doesn't currently do this. See: https://dev.gnupg.org/T5110 > If services such as keys.openpgp.org started showing big scary red > warnings above keys which lack a sane self-sig, or warning on upload, > we'd get some pressure that way. Thats a good idea. :) Neal From nobody Sat Oct 24 09:54:06 2020 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 824503A0ECC for ; Sat, 24 Oct 2020 09:54:04 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.098 X-Spam-Level: X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, LOTS_OF_MONEY=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (3072-bit key) header.d=crustytoothpaste.net Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H-3H5LY1u2Df for ; Sat, 24 Oct 2020 09:54:02 -0700 (PDT) Received: from injection.crustytoothpaste.net (injection.crustytoothpaste.net [192.241.140.119]) (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8B63B3A0ECA for ; Sat, 24 Oct 2020 09:54:02 -0700 (PDT) Received: from camp.crustytoothpaste.net (unknown [IPv6:2001:470:b978:101:b610:a2f0:36c1:12e3]) (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)) (No client certificate requested) by injection.crustytoothpaste.net (Postfix) with ESMTPSA id EC4C160479; Sat, 24 Oct 2020 16:54:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=crustytoothpaste.net; s=default; t=1603558441; bh=l8nQMi/nHrf/eQyFKcQnEIQQayS4jSe2mj6BWlR2Krw=; h=Date:From:To:Cc:Subject:References:Content-Type: Content-Disposition:In-Reply-To:From:Reply-To:Subject:Date:To:CC: Resent-Date:Resent-From:Resent-To:Resent-Cc:In-Reply-To:References: Content-Type:Content-Disposition; b=DtQ7wZuSnTvqjUO0AL5FQf7j0QpsuIBDTNQMtudLUi/+1JXKxIsr6xBP44cDpQa7s QrGIzdmjJfSYxN48v5pMRfXS5Ffdm1M3c4YkWlKXf2zfOVzoxcwOq6yZqrXuhO8GNJ eVz6f4j4URwJPrwFWsQ6ybswoRmkFkIyVwfmGlc+ueYyH5MlP41hVF9wdI+EKN6U4E 7MHco99OxJLKpsZXpZ2BIi/8CJTjoKFFUNWTZA7lol07xZtjj7408f9z3LmNiqNXsa /gN+7F6x6slnbJ8xwJ2lF2Z7RJg4uz7B8OuWXkTys1zDO2Cam/fZOms2xXQyjItbA/ wwhwO+k78e+WjiuoyMpknjYm66Rorhtu3aQo4vi3nct/xBAnXL1aPng5blrl7t3Jdi qDSq/MZGRJf+PWMmYS50wyzy6vCBX5SFWJStXiyAkNQko0HpUKULcV/Zt1JnlW5O+v H4rtzOniTyUOFpXvkJ1bk7CcuU6nuj/eqH0W5uUNlnnnuN/VjbH Date: Sat, 24 Oct 2020 16:53:54 +0000 From: "brian m. carlson" To: "Neal H. Walfield" Cc: "openpgp@ietf.org" Message-ID: <20201024165354.GD860779@camp.crustytoothpaste.net> References: <87sga5xg03.wl-neal@walfield.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="EY/WZ/HvNxOox07X" Content-Disposition: inline In-Reply-To: <87sga5xg03.wl-neal@walfield.org> User-Agent: Mutt/1.14.6 (2020-07-11) Archived-At: Subject: Re: [openpgp] Deprecating SHA1 X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Oct 2020 16:54:04 -0000 --EY/WZ/HvNxOox07X Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2020-10-23 at 12:51:08, Neal H. Walfield wrote: > So, two questions: >=20 > - Does anyone see a safe way to accept SHA1 self-signatures today? > Or (ouch!), if we want to be safe, do we have to convince ~10% of > the sophisticated OpenPGP users to re-sign or regenerate their > keys? I think the time for transition with SHA-1 is gone. The algorithm is estimated to be attackable for $45,000. A thrifty and reasonably well-paid software engineer could put that away in a year or less. It's within the budget of almost any medium or large business. We should soundly bludgeon SHA-1 over the head and let it die. I'd propose stating that implementations MUST NOT accept signatures made with MD5 or SHA-1 in RFC 4880 bis. Both have been known to be weak for a long time. It will be painful, but we're not helping anyone by continuing to accept weak algorithms. I should point out that GnuPG has shipped with SHA-256 since approximately 2002 and SHA-384 and SHA-512 since at least 2007. That means everyone using any major operating system that still has security support should be able to verify newer signatures. If we're provident, we'll specify some version of SHA-3 to be a SHOULD. Cryptanalysis is advancing on SHA-2. > - What do people think about including a salt in the hash to make > the content of the hash less predictable as described in [7]? I know not everyone will agree, but I prefer deterministic signatures. There are use cases for OpenPGP with systems with little or no entropy using Ed25519 or deterministic ECDSA for signing. Smart cards come to mind, for example. Additionally, I don't think a salt is proof that a signature doesn't have a collision. If the salt is generated by the attacker, then it can easily be part of the collision. That could easily be the case if the signature came from a smart card or embedded device, where the salt might not be generated on the card. We therefore cannot rely on it as evidence that a signature using a weak algorithm is secure. --=20 brian m. carlson (he/him or they/them) Houston, Texas, US --EY/WZ/HvNxOox07X Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.2.20 (GNU/Linux) iHUEABYKAB0WIQQILOaKnbxl+4PRw5F8DEliiIeigQUCX5RcIQAKCRB8DEliiIei gULmAQCQOYRwXirOGiP9H6qo/xga5P0A8fmA+oECmsoD8eU2EgD+KJfMrs32xf6E 50ILqKfZ15zW+GC9m6ZNJo+RtFakJwQ= =Y32W -----END PGP SIGNATURE----- --EY/WZ/HvNxOox07X-- From nobody Sat Oct 24 18:01:16 2020 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 44AF73A0CB2 for ; Sat, 24 Oct 2020 18:01:14 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.096 X-Spam-Level: X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=icloud.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qCHSRfwTucXw for ; Sat, 24 Oct 2020 18:01:11 -0700 (PDT) Received: from pv50p00im-zteg10011401.me.com (pv50p00im-zteg10011401.me.com [17.58.6.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9D7283A0CB3 for ; Sat, 24 Oct 2020 18:01:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=icloud.com; s=1a1hai; t=1603587670; bh=DHAHcFvaD5O+1NfGt+7/6ZUy7OPWezl0q7No6+HFxDw=; h=Content-Type:Mime-Version:Subject:From:Date:Message-Id:To; b=BlQn2fEqMztPC1UmBmNVp8m0IrED3Z33kAFn5BP9ZU4Fimvh27I+z+1WV7pyI2QBA s2gQc+2YHw69k7+QzGwpD70biqL03joymT7lm970qaDOAgOqoqwOvwm0AS/gh0a+7k OTAkjBbuYOs2Hk2MRGHGxZas6Yg0UR/EOJ3ZJeeqsdXZYww+2aQMRSCcfvNfdPfrBa AiAPYiFPiNJTTK8CiINu8Ji/VhGNeXFxTAxznZmOxx5ZuTBPOu6Hf0oQV+eXwiE1Pv 1ecHPqWrDQv+IiP6xTHMZcmc/Hp91mkElYq8u5jjKRwfthyoH5pNV2t6ph4FZaRX1F WZXEC7QsmMv+Q== Received: from [192.168.7.161] (70-228-76-163.lightspeed.sntcca.sbcglobal.net [70.228.76.163]) by pv50p00im-zteg10011401.me.com (Postfix) with ESMTPSA id 6725F900210; Sun, 25 Oct 2020 01:01:10 +0000 (UTC) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\)) From: Jon Callas In-Reply-To: <20201024165354.GD860779@camp.crustytoothpaste.net> Date: Sat, 24 Oct 2020 18:01:09 -0700 Cc: Jon Callas Content-Transfer-Encoding: quoted-printable Message-Id: References: <87sga5xg03.wl-neal@walfield.org> <20201024165354.GD860779@camp.crustytoothpaste.net> To: "openpgp@ietf.org" X-Mailer: Apple Mail (2.3608.120.23.2.4) X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.737 definitions=2020-10-24_16:2020-10-23, 2020-10-24 signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-2006250000 definitions=main-2010250003 Archived-At: Subject: Re: [openpgp] Deprecating SHA1 X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 25 Oct 2020 01:01:14 -0000 I'm reading this with a good deal of exasperation. I apologize in = advance for my tone, and I am not at all sorry about the content. In 2004, the mathematician Wang Xiaoyun published a thing that possibly = doesn't need mentioning. She broke, where "broke" means found = collisions, in a mess of hash functions including MD5, SHA0, and a lot = more. Her original publication is one of the most badass things I've = ever seen in cryptography: she just published the collisions. H(X) =3D=3D = H(Y) for the suitable X and Y in enough number to show it's not a fluke = (two is a good number for this) and across appropriate hash functions. = This sent everyone into a tizzy. Did she know some underlying = mathematical secret that we didn't? Weeks and weeks went by, on to CRYPTO in Santa Barbara, and there was a = lot of stress, speculating, and hand-wringing going on. At CRYPTO, Wang = gave a talk on the work[1], and the rest of us found out that she didn't = have any new mathematical insight, she was merely the best cryptanalyst = on the planet, someone who had seen order trails of flipping bit that no = one else on the planet had seen. At dinner that evening, I was talking = to Ron Rivest and he said, "I used to think that hash functions were the = cryptographic primitive that we understand best, now I know that they're = the primitive we understand least." Between those times, coming out of a session where we all got to talk to = Wang in person, I walked out into the UCSB quad, got out my phone and = called my friend and colleague, Will Price, who was VPE at PGP; I was = CTO. We talked as I explained what had gone on in the session. I = remember hearing the clack of Will typing as we talked. Twenty minutes = later, he had a download link for me of a version of PGP that didn't use = MD5 at all, used SHA256 by default (much of our conversation was whether = it should be that or SHA512) and didn't outright prevent using SHA1 = (which wasn't broken yet, but the betting on when was pretty furious), = but it was pretty much stuck in the "advanced" preference UI in a = disused lavatory with a sign on the door reading "beware of the = leopard." That software went through our normal release QA, and shipped = right after that, total time less than a week. I know that hindsight is 2020, but why is this being discussed? I'm sure that some readers of that paragraph saw through the little = magic trick I did. I implied it took twenty minutes to make changes. = Those same readers will realize that in fact we'd been discussing what = to do and had a number of contingency plans based on what we found out = about what Wang had discovered. That phone call was us deciding what to = write in icing on the cake that had been baked weeks before. We're not = geniuses, we just thought ahead and made some bold contingency plans. = You can think ahead. You can be bold. Come on, get yourself an outfit = and be a cowboy, too[2]. I get the impression that most people here think that the map is the = territory. That RFC4880 and anything else is the definition of what one = does. Here are a number of options possible. * You could stop creating signatures that use SHA1. Just stop. Ditto for = any other compromised aspect of SHA1. * You could resolve a signature with SHA-1 in a creative way. For = example, signatures have a number of states. There's the obvious case of = a signature not computing correctly, say if the message has been = damaged. That one's easy. There's the case of a correct signature from a = trusted key. That's also easy. There are other cases that you have to = take care of that are in the middle. You have to deal with a correct = signature from an untrusted key. You have to deal with a signature made = by a key that you don't have and so you can tell if it's correct or not. = There are other edge cases, too. Thus, you could consider a SHA1 signature to be incorrect and let the = user know. You could consider it to be like a signature for a key you = don't have. You could let the user know that it's mathematically correct = but untrusted. (We did things like this in PGP; yes, this can be = complex.) You could consider a self-signature done with SHA1 to be non-existent, = and handle it appropriately. You could even take special knowledge you = have and do some reasonable thing. For example, let's suppose you know = that this self-signature was created before the Shatter attack, and so = you'll let is slide by.=20 * You could also do helpful things for the user -- for example, when you = have the key unlocked (by which I mean that you have the user's = passphrase and thus the private key in your hot little RAM), you could = go rewrite their self-signature with some other hash function and give = them a new one just like the old one. (We did that in PGP, too.) * You can do other helpful things for users like writing preferences in = their self-signature that you, as implementor, think are helpful. You = could do something like change key expiry automatically, as well. Just = as text editors help users with things like autocorrect, you can help = users in proper crypto management. * You could compute primitives in any way that a na=C3=AFve partner will = handle correctly, as well. All the way back to when PGP started doing = DSA (because in those days, there were patent issues with RSA), we were = concerned with the issue with DSA that losing a single random number = exposes the key. So when we computed the DSA random value, we took the = raw nonce and then ran it through a keyed hash with the DSA private key. = If you use N' =3D H(K+N) in DSA, you protect the nonce; learning the = nonce requires either breaking the hash function or knowing the private = key. (These days, you'd likely HMAC the nonce with the private key as = that's today's idiom. In those days, there was no HMAC.) It's been that = way for like ever, and no one ever noticed. We even discussed = deterministic constructions using the private key with NIST and they = said, no, we couldn't get that approved, but they liked the keyed hash. * You can do plenty of other things. The standard is not a = straightjacket. Implementers do not have to be fundamentalists nor = textualists about it, either. Particularly in the case where the OpenPGP support is built into some = context, like an email client, there's nothing wrong with building = something that only does a few things. I'm flabbergasted because it seems to me that people are waiting for the = working group to give permission to use (or not use) features of the = OpenPGP standard. On the other hand, it seems that there's this = expectation that if the standard says (e.g.) "MUST NOT use SHA1" that = that will somehow magically make all the software get updated.=20 Yeah, sure, there's nothing wrong with the standard noting that SHA1 is = broken for collisions, act accordingly. That's neither necessary nor = sufficient. Implementors can all decide that they're not going to use = SHA1, and that makes it *really* happen. I'm grouchy about guidance in = standards because implementation guidance for cryptography changes over = time and often has a lot of nuance in it. There's guidance in 4880 that = is just flat wrong. It's there despite being wrong because it was the = consensus of the working group and the area directors that these wrong = things are there. The one I'm thinking of is also not bad advice, but = it's still wrong. Sorry for getting carried away there. My point is that = the standard is not gospel and neither is it a bottleneck. It is a = description of how the bits are laid out for the purpose of = interoperability.=20 Summing up, yes, stop using SHA1! How many bits must a cryptography = write down before this is an issue. PGP, a reference implementation for = OpenPGP stopped in 2004. NIST said to stop using it by the end of 2010. = Highlight is 2020. Putting some appropriate text in OpenPGP about it is = a fine thing. You don't have to wait for that. Be bold!=20 Thanks for reading. Jon [1]: The Wikipedia article on Wang is dreadful. In it, it says, "At the = rump session of CRYPTO 2004, she and co-authors demonstrated..." This = statement is 100% true and yet paints a picture that is totally false. = It implies that the penny was dropped in the rump session when that was = the closest thing to an official coming-out. It had been discussed in = mailing lists, chat rooms, and the like before. [2]: https://www.youtube.com/watch?v=3DdCeelWFO56Y From nobody Sat Oct 24 18:03:52 2020 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C06A83A0CBA for ; Sat, 24 Oct 2020 18:03:51 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.099 X-Spam-Level: X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=spodhuis.org header.b=wTQclK7+; dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=spodhuis.org header.b=eKQcwRW+ Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b2TfqtjJwnrH for ; Sat, 24 Oct 2020 18:03:49 -0700 (PDT) Received: from mx.spodhuis.org (smtp.spodhuis.org [IPv6:2a02:898:31:0:48:4558:736d:7470]) (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B26023A0CB9 for ; Sat, 24 Oct 2020 18:03:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=spodhuis.org; s=d202008; h=OpenPGP:In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:Cc:To:From:Date:From:Reply-To:Subject:Date:To: Cc:Content-Transfer-Encoding:Content-ID:Content-Description:OpenPGP: Organization; bh=Z8jpLD/Ii+QcqhB5b+zFOsz/ENEzhCSp8wSUu8STvr8=; t=1603587829; x=1604797429; b=wTQclK7+Pau5DmSyGSNvXwwRQel3EWLSkayWTLVGHty7xzrePqYjdF3SNmRR 3DfAojyv7a3zzOxIYvuvdZQVP8fnuiqzor5ne3V5d2/o0kNFimovU527zGXHyWWjgxdy0ObHSctHg TCviMKHChqkTyoby753kd0ilghZoBcIznekAQ50OA8fxdmZC4WGh0060mLs/vT37iVpp0lN1AhlZu MwDxwQLHVgI5G6OyDeBlTBaMzij4+EgB22rWYqTIj+zj0viXmY6MRFx8Wo8KEprBvmsWiiIxKdg+1 pxizLeA5PeOmUAxM9lw/QwTZDlZ1pIe4u3VRTRv9xkxZmFfDMVw==; DKIM-Signature: v=1; a=ed25519-sha256; q=dns/txt; c=relaxed/relaxed; d=spodhuis.org; s=d202008e2; h=OpenPGP:In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:Cc:To:From:Date:From:Reply-To:Subject:Date:To: Cc:Content-Transfer-Encoding:Content-ID:Content-Description:OpenPGP: Organization; bh=Z8jpLD/Ii+QcqhB5b+zFOsz/ENEzhCSp8wSUu8STvr8=; t=1603587829; x=1604797429; b=eKQcwRW+5eoB2qhTHao0huvdTkPmP9Sw0OJE7kN9y3Cxik2kG0+TbrI9n+rS s4HIhdzQahH3f2aAdaJny7oTBg==; Received: from authenticated user by smtp.spodhuis.org with esmtpsa (TLSv1.3:TLS_AES_256_GCM_SHA384:256) id 1kWURm-0006un-1S; Sun, 25 Oct 2020 01:03:46 +0000 Date: Sat, 24 Oct 2020 21:03:43 -0400 From: Phil Pennock To: "Neal H. Walfield" Cc: openpgp@ietf.org Message-ID: <20201025010343.GA1089002@fullerene.field.pennock-tech.net> Mail-Followup-To: "Neal H. Walfield" , openpgp@ietf.org References: <87sga5xg03.wl-neal@walfield.org> <20201023192317.GA444398@fullerene.field.pennock-tech.net> <87lffvy6kf.wl-neal@walfield.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <87lffvy6kf.wl-neal@walfield.org> OpenPGP: url=https://www.security.spodhuis.org/PGP/keys/keys-2013rsa-2020cv25519.asc Archived-At: Subject: Re: [openpgp] Deprecating SHA1 X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 25 Oct 2020 01:03:52 -0000 On 2020-10-24 at 17:41 +0200, Neal H. Walfield wrote: > I wasn't aware of this, thanks for pointing it out. Unfortunately, > for many keys it is not enough. [profanity] > There are three types of signatures that we should worry about: > > 1. User ID (and User Attribute) self signatures > 2. Subkey binding signatures > 3. Primary key binding signatures (a signing-capable subkey's "backsig") Okay, I think the cases I hit didn't have this, or folks took time to add new subkeys when things expired. The UID self-sig is the one needed to let the web-of-trust calculate without SHA1 so is what I cared about. For myself, even with the oldest key, using expiring subkeys and refreshing periodically with newer subkeys, everything _except_ the self-sig had updated automatically by the time I went looking. I think really we need some nice pgpkey-sanitycheck command-line tool, from any project, which looks purely at public key information, so doesn't need to care about internals (private keys, keyboxes, etc). Such a tool might then report on outdated algorithms used in important places, while avoiding getting into the political mess of which algorithm order preferences should be included in a key. Deprecating X without tools to make it _trivial_ for people to tell if they're affected by X is going to be frustrating. In my previous email, I didn't mention the diagnostics I used to show people that their key was affected, but it involved `gpg --list-packets` and it was not pretty. I held off on "asking others to write software for me" in the previous post, keeping it to "this exists now". This time around, I'm throwing out a "Hey, pgpkey-sanitycheck would be a nice tool to have, folks" and running away. -Phil From nobody Sat Oct 24 18:19:34 2020 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D0A93A0B29 for ; Sat, 24 Oct 2020 18:19:32 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.099 X-Spam-Level: X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=spodhuis.org header.b=CSib/2EA; dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=spodhuis.org header.b=Svbz+Mhz Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QejVlJaW0fll for ; Sat, 24 Oct 2020 18:19:31 -0700 (PDT) Received: from mx.spodhuis.org (smtp.spodhuis.org [IPv6:2a02:898:31:0:48:4558:736d:7470]) (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 03AFA3A0B22 for ; Sat, 24 Oct 2020 18:19:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=spodhuis.org; s=d202008; h=OpenPGP:In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:Cc:To:From:Date:From:Reply-To:Subject:Date:To: Cc:Content-Transfer-Encoding:Content-ID:Content-Description:OpenPGP: Organization; bh=RKHKYk/I/tcKYjJbYA8swJDPfnWC9wbLI5FPKmgghec=; t=1603588771; x=1604798371; b=CSib/2EAW3rRxsU7C/nxHU9Gzsq5HtUUGIRvc0nyppgNoapNe+lfRENWUBUj atrKF/BZ9eL42qJr1mHNiqP66TgGTquB/d7No42L4NV6fGe0o5fH052b7Og02tYinIKq5EgckK2ma 3DKb3pKFdS2k7jhBWb9Y3fIdIbxWNKGEMhd3pMTFEVuFm/N4bJbYMF1mtxomYH4LmpB6G0Vk3fa65 MxeZ7ekQqKLyn7D8ljmrKqjNkl9ktdRmadWWVjmVD9eFedHBOpFeKwKE7DUy72P1z4bOBqLHaO5Ho 8N8OJyQNZeAM+AQubLrQ2DgBUt3eYyFIp51cwiF2Dw9EmnWatxA==; DKIM-Signature: v=1; a=ed25519-sha256; q=dns/txt; c=relaxed/relaxed; d=spodhuis.org; s=d202008e2; h=OpenPGP:In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:Cc:To:From:Date:From:Reply-To:Subject:Date:To: Cc:Content-Transfer-Encoding:Content-ID:Content-Description:OpenPGP: Organization; bh=RKHKYk/I/tcKYjJbYA8swJDPfnWC9wbLI5FPKmgghec=; t=1603588771; x=1604798371; b=Svbz+Mhzvwh7aLxZLACUlxSo4O+8r0UgCh+/Buau7umrQ0s1zFmx4JxOz4dF i4oWQc+bqjp29HDcqvROPNX1Cw==; Received: from authenticated user by smtp.spodhuis.org with esmtpsa (TLSv1.3:TLS_AES_256_GCM_SHA384:256) id 1kWUgx-0007Ll-E1; Sun, 25 Oct 2020 01:19:27 +0000 Date: Sat, 24 Oct 2020 21:19:24 -0400 From: Phil Pennock To: Jonathan McDowell Cc: openpgp@ietf.org Message-ID: <20201025011924.GB1089002@fullerene.field.pennock-tech.net> Mail-Followup-To: Jonathan McDowell , openpgp@ietf.org References: <87sga5xg03.wl-neal@walfield.org> <20201023192317.GA444398@fullerene.field.pennock-tech.net> <20201024085725.GB2594@earth.li> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20201024085725.GB2594@earth.li> OpenPGP: url=https://www.security.spodhuis.org/PGP/keys/keys-2013rsa-2020cv25519.asc Archived-At: Subject: Re: [openpgp] Deprecating SHA1 X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 25 Oct 2020 01:19:32 -0000 On 2020-10-24 at 09:57 +0100, Jonathan McDowell wrote: > On Fri, Oct 23, 2020 at 03:23:17PM -0400, Phil Pennock wrote: > > gpg --expert --cert-digest-algo SHA256 --sign-key $YourKeyId > > I'm one of the people with a SHA1 self signature. I've been aware of it > for some time, and it's been on my todo list to sort out, but when I > last tried GPG did not make it possible. What version of GPG is > necessary for the above to work? The somewhat aged versions on the > airgapped machine my master key lives on do not seem to want to update > the type of the self sig with that command. [ not to list-cop, just to make sure that I'm not blindly taking this down a rat-hole not germane to the IETF list, since I'm the one who raised GnuPG in the first place: ] Since this affects the ease of a deprecation, I'm considering this on-topic enough for me to reply here; if the follow-ups are specific to GnuPG, then gnupg-users might be a better mailing-list? If it's about the real-world practicalities of migrating and the impact on IETF standardization then perhaps not. I see commit messages about "Honor --cert-digest-algo when recreating a cert." from 2012: commit 2b3cb2ee94625498e7a7f939216c9bcddef6ec20 Author: David Shaw Date: Tue Jan 31 21:30:05 2012 -0500 commit 60c58766aeb847b769372fa981f79abac6014500 Author: Christian Aistleitner Date: Sun Oct 14 20:30:20 2012 +0200 Using `git tag --contains $COMMIT_SHA`, it looks like gnupg-2.1.0 onwards include it. If memory serves, there's an "odd minor is dev, even minor is release" pattern used here, so 2.2 would have been the first "real release" even though lots of places had 2.1 packaged. has an EOL table; GnuPG 1.4 is dead-end with no support for modern algorithms; 2.0 started on 2006-11-11 and reached EOL on 2017-12-31. GnuPG 2.2 cites 2014-11-06. If the modern GnuPG approach to partitioning up the work in managing a keyring is of concern, then I suspect Neal will be happy to help with a migration to Sequoia PGP. :) -Phil From nobody Sat Oct 24 22:58:34 2020 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A846B3A11BB for ; Sat, 24 Oct 2020 22:58:32 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.895 X-Spam-Level: X-Spam-Status: No, score=-1.895 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fB29SSijHJtX for ; Sat, 24 Oct 2020 22:58:31 -0700 (PDT) Received: from au-smtp-delivery-117.mimecast.com (au-smtp-delivery-117.mimecast.com [180.189.28.117]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CECD53A11BC for ; Sat, 24 Oct 2020 22:58:30 -0700 (PDT) Received: from AUS01-ME1-obe.outbound.protection.outlook.com (mail-me1aus01lp2053.outbound.protection.outlook.com [104.47.116.53]) (Using TLS) by relay.mimecast.com with ESMTP id au-mta-5-2s-zPJsrPQ2CmbWIXKNwKg-1; Sun, 25 Oct 2020 16:58:23 +1100 X-MC-Unique: 2s-zPJsrPQ2CmbWIXKNwKg-1 Received: from SGBP274CA0023.SGPP274.PROD.OUTLOOK.COM (2603:1096:4:b0::35) by ME2PR01MB2674.ausprd01.prod.outlook.com (2603:10c6:201:18::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3499.18; Sun, 25 Oct 2020 05:58:17 +0000 Received: from SG2APC01FT117.eop-APC01.prod.protection.outlook.com (2603:1096:4:b0:cafe::d0) by SGBP274CA0023.outlook.office365.com (2603:1096:4:b0::35) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3499.18 via Frontend Transport; Sun, 25 Oct 2020 05:58:16 +0000 X-MS-Exchange-Authentication-Results: spf=none (sender IP is 130.216.95.208) smtp.mailfrom=cs.auckland.ac.nz; icloud.com; dkim=none (message not signed) header.d=none;icloud.com; dmarc=none action=none header.from=cs.auckland.ac.nz Received: from uxcn13-tdc-a.UoA.auckland.ac.nz (130.216.95.208) by SG2APC01FT117.mail.protection.outlook.com (10.152.250.221) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.3499.18 via Frontend Transport; Sun, 25 Oct 2020 05:58:16 +0000 Received: from uxcn13-ogg-d.UoA.auckland.ac.nz (10.6.2.5) by uxcn13-tdc-a.UoA.auckland.ac.nz (10.6.3.2) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Sun, 25 Oct 2020 18:58:14 +1300 Received: from uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.5]) by uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.5]) with mapi id 15.00.1497.006; Sun, 25 Oct 2020 18:58:14 +1300 From: Peter Gutmann To: Jon Callas , "openpgp@ietf.org" CC: Jon Callas Thread-Topic: [openpgp] Deprecating SHA1 Thread-Index: AQHWqTtE6gFywsD2BkyikqQKtcY6XqmmIB4AgACII4CAASzMSg== Date: Sun, 25 Oct 2020 05:58:14 +0000 Message-ID: <1603605494524.48197@cs.auckland.ac.nz> References: <87sga5xg03.wl-neal@walfield.org> <20201024165354.GD860779@camp.crustytoothpaste.net>, In-Reply-To: Accept-Language: en-NZ, en-GB, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [130.216.158.4] MIME-Version: 1.0 X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 466b1d15-899a-4024-f142-08d878aaf75d X-MS-TrafficTypeDiagnostic: ME2PR01MB2674: X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:6790 X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0 X-Microsoft-Antispam-Message-Info: /GrmbrhK6dr0xQz3i/mGXva4pNIfmKi6zXc3Eb8w2zFrDSrJMvjo8e9eaXZQ+y1ra2FI7DLxr9B78pKC6DXw5LKwg2RQrptgHE/Uw6c3X34gG3YFSPyH/qW7W/562AT1Ih3zc5mD/4L4JiGe02A+lTuWJBNgrSxe9UW9yfRVRxAdXnx6c1dp3PBUZLNB4Vq47zQdjtuKVL0JV7gnQUQuV9QaSaL8aVYMBXz88F2id28DRnyvHKDGRYqB9+OqGOJqzJd1+WIH/ARZ+yMGdH6oLE4x0c3ohs22lJNyHIXZbZZkoN3o1J5Vchql1CVvOjxlXP8ywcGqc0ld1jIwOKiynKgNAdpVsCtSfQilR8Tr3tu9psOM0MNGCNs+r2xihwAjlQ5xGMUaW/rbZCefNcfYcg== X-Forefront-Antispam-Report: CIP:130.216.95.208; CTRY:NZ; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:uxcn13-tdc-a.UoA.auckland.ac.nz; PTR:natgate1-1.auckland.ac.nz; CAT:NONE; SFS:(4636009)(136003)(39860400002)(396003)(376002)(346002)(46966005)(70206006)(186003)(70586007)(336012)(82310400003)(7636003)(8936002)(26005)(2616005)(356005)(2906002)(82740400003)(8676002)(47076004)(786003)(110136005)(5660300002)(36906005)(4326008)(478600001)(4744005)(316002)(86362001); DIR:OUT; SFP:1101 X-OriginatorOrg: cs.auckland.ac.nz X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Oct 2020 05:58:16.0018 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 466b1d15-899a-4024-f142-08d878aaf75d X-MS-Exchange-CrossTenant-Id: d1b36e95-0d50-42e9-958f-b63fa906beaa X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=d1b36e95-0d50-42e9-958f-b63fa906beaa; Ip=[130.216.95.208]; Helo=[uxcn13-tdc-a.UoA.auckland.ac.nz] X-MS-Exchange-CrossTenant-AuthSource: SG2APC01FT117.eop-APC01.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: ME2PR01MB2674 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CAU17A13 smtp.mailfrom=pgut001@cs.auckland.ac.nz X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: cs.auckland.ac.nz Content-Language: en-NZ Content-Type: text/plain; charset=WINDOWS-1252 Content-Transfer-Encoding: quoted-printable Archived-At: Subject: Re: [openpgp] Deprecating SHA1 X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 25 Oct 2020 05:58:33 -0000 Jon Callas writes:=0A=0A>Here are= a number of options possible.=0A=0AAnother thing to consider is how to dea= l with existing signed data. If=0Athere's a file that's been sitting on a = local disk for twenty years signed=0Awith SHA-1 then the signature isn't go= ing to be suddenly invalid just because=0ASHA-1 is wobbly. So some provisi= on for recognising existing data as still=0Avalid rather than "anything sig= ned with SHA-1 is automatically suspect" would=0Abe good.=0A=0APeter.=0A From nobody Mon Oct 26 23:06:17 2020 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 254D53A15B6 for ; Mon, 26 Oct 2020 23:06:16 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.898 X-Spam-Level: X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vxPreH76ncRa for ; Mon, 26 Oct 2020 23:06:14 -0700 (PDT) Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8A70B3A15B4 for ; Mon, 26 Oct 2020 23:06:14 -0700 (PDT) Received: from kduck.mit.edu ([24.16.140.251]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 09R663wQ024937 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 27 Oct 2020 02:06:08 -0400 Date: Mon, 26 Oct 2020 23:06:03 -0700 From: Benjamin Kaduk To: Jon Callas Cc: "openpgp@ietf.org" , Jon Callas Message-ID: <20201027060603.GK39170@kduck.mit.edu> References: <87sga5xg03.wl-neal@walfield.org> <20201024165354.GD860779@camp.crustytoothpaste.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Archived-At: Subject: Re: [openpgp] Deprecating SHA1 X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Oct 2020 06:06:16 -0000 Hi Jon, On Sat, Oct 24, 2020 at 06:01:09PM -0700, Jon Callas wrote: > I'm reading this with a good deal of exasperation. I apologize in advance for my tone, and I am not at all sorry about the content. Understood. > * You can do plenty of other things. The standard is not a straightjacket. Implementers do not have to be fundamentalists nor textualists about it, either. Indeed. In fact, by my reading, the thread started with a request for help thinking about what to actually do in implementations, with much less regard for what to put in the standard. I appreciate that you took the time to write up so many potential things to do. Thanks, Ben From nobody Tue Oct 27 17:14:51 2020 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D7A5B3A0992 for ; Tue, 27 Oct 2020 17:14:48 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WQzT8HjXJvDw for ; Tue, 27 Oct 2020 17:14:47 -0700 (PDT) Received: from mailer.hiddenmail.net (mailer.hiddenmail.net [199.195.249.9]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6DF0B3A03F3 for ; Tue, 27 Oct 2020 17:14:47 -0700 (PDT) Received: from mailer by mailer.hiddenmail.net with local (Exim 4.80) (envelope-from ) id 1kXZ70-0007zv-1Y for openpgp@ietf.org; Wed, 28 Oct 2020 01:14:46 +0100 Message-ID: From: =?ISO-8859-1?Q?=C1ngel?= To: openpgp@ietf.org Date: Wed, 28 Oct 2020 01:14:44 +0100 In-Reply-To: <20201025010343.GA1089002@fullerene.field.pennock-tech.net> References: <87sga5xg03.wl-neal@walfield.org> <20201023192317.GA444398@fullerene.field.pennock-tech.net> <87lffvy6kf.wl-neal@walfield.org> <20201025010343.GA1089002@fullerene.field.pennock-tech.net> Content-Type: text/plain; charset="ISO-8859-15" Content-Transfer-Encoding: quoted-printable User-Agent: Evolution 3.30.5-1.1 MIME-Version: 1.0 Archived-At: Subject: Re: [openpgp] Deprecating SHA1 X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Oct 2020 00:14:49 -0000 On 2020-10-24 at 21:03 -0400, Phil Pennock wrote: > I think really we need some nice pgpkey-sanitycheck command-line > tool, from any project, which looks purely at public key information, > so doesn't need to care about internals (private keys, keyboxes, > etc). >=20 > Such a tool might then report on outdated algorithms used in > important places, while avoiding getting into the political mess of > which algorithm order preferences should be included in a key. >=20 > I held off on "asking others to write software for me" in the > previous post, keeping it to "this exists now". This time around, > I'm throwing out a "Hey, pgpkey-sanitycheck would be a nice tool to > have, folks" and running away. I too have thought in the past we should have a "pgplint" tool.=B9 I have several ideas on what to measure (this community probably has lots more), it's something I could do but didn't have the motivation to start coding it. =B9 I don't know if Broadcom might dislike such name, though. Maybe it should be called openpgp-lint, then? From nobody Fri Oct 30 02:51:10 2020 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EC06D3A0D7E for ; Fri, 30 Oct 2020 02:51:08 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.898 X-Spam-Level: X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ud-CAAp8HwCl for ; Fri, 30 Oct 2020 02:51:05 -0700 (PDT) Received: from mail.dasr.de (mail.dasr.de [217.69.77.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3336F3A0D7C for ; Fri, 30 Oct 2020 02:51:02 -0700 (PDT) Received: from pd9e79cc0.dip0.t-ipconnect.de ([217.231.156.192] helo=forster.huenfield.org) by mail.dasr.de with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.86_2) (envelope-from ) id 1kYR3k-0005vm-5v for openpgp@ietf.org; Fri, 30 Oct 2020 09:51:00 +0000 Received: from grit.huenfield.org ([192.168.20.9] helo=grit.walfield.org) by forster.huenfield.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1kYR3j-0005ej-L6; Fri, 30 Oct 2020 10:50:59 +0100 Date: Fri, 30 Oct 2020 10:50:59 +0100 Message-ID: <87d010vy7w.wl-neal@walfield.org> From: "Neal H. Walfield" To: "Neal H. Walfield" , openpgp@ietf.org In-Reply-To: <20201025010343.GA1089002@fullerene.field.pennock-tech.net> References: <87sga5xg03.wl-neal@walfield.org> <20201023192317.GA444398@fullerene.field.pennock-tech.net> <87lffvy6kf.wl-neal@walfield.org> <20201025010343.GA1089002@fullerene.field.pennock-tech.net> User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM/1.14.9 (=?ISO-8859-4?Q?Goj=F2?=) APEL/10.8 EasyPG/1.0.0 Emacs/26 (x86_64-pc-linux-gnu) MULE/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=US-ASCII X-SA-Exim-Connect-IP: 192.168.20.9 X-SA-Exim-Mail-From: neal@walfield.org X-SA-Exim-Scanned: No (on forster.huenfield.org); SAEximRunCond expanded to false Archived-At: Subject: Re: [openpgp] Deprecating SHA1 X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Oct 2020 09:51:09 -0000 On Sun, 25 Oct 2020 02:03:43 +0100, Phil Pennock wrote: > For myself, even with the oldest key, using expiring subkeys and > refreshing periodically with newer subkeys, everything _except_ the > self-sig had updated automatically by the time I went looking. Right. User ID self signatures are the worse offenders, but subkey binding signatures are also a problem. I collected some statistics about different projects. You can find them here: https://gitlab.com/sequoia-pgp/sequoia/-/issues/595 It seems that there are 19 certificates in the Debian keyring that have non-revoked, live signing-capable subkeys that rely on SHA-1 in someway. 10 use SHA1 for the subkey binding signature, and 9 only use it for the primary key binding signature (the backsig). That's just over 2% of the certificates in the Debian keyring. Arch is about the same (2 of 76 certificates). Although it is possible to fix the subkey binding signature by adjusting the subkey's expiration time, using gpg, this won't update the backsig, see: https://dev.gnupg.org/T5110 > I think really we need some nice pgpkey-sanitycheck command-line tool, > from any project, which looks purely at public key information, so > doesn't need to care about internals (private keys, keyboxes, etc). > > Such a tool might then report on outdated algorithms used in important > places, while avoiding getting into the political mess of which > algorithm order preferences should be included in a key. > > Deprecating X without tools to make it _trivial_ for people to tell if > they're affected by X is going to be frustrating. In my previous email, > I didn't mention the diagnostics I used to show people that their key > was affected, but it involved `gpg --list-packets` and it was not > pretty. Indeed. Unfortunately, `gpg --list-packets` doesn't show the content of the backsig: $ gpg --export FPR | gpg --list-packets ... # off=806 ctb=89 tag=2 hlen=3 plen=346 :signature packet: algo 1, keyid A23C95250F66162A version 4, created 1603438577, md5len 0, sigclass 0x18 digest algo 10, begin of digest e9 34 hashed subpkt 27 len 1 (key flags: 02) hashed subpkt 33 len 21 (issuer fpr v4 2...) hashed subpkt 2 len 4 (sig created 2020-10-23) hashed subpkt 9 len 4 (key expires after 3y0d0h5m) ** subpkt 32 len 156 (signature: v4, class 0x19, algo 1, digest algo 2) subpkt 16 len 8 (issuer key ID A...) data: [1024 bits] For what it is worth, `pgpdump` `sq packet dump` (also at https://dump.sequoia-pgp.org), and `rnp --list-packets` do show that information. > I held off on "asking others to write software for me" in the previous > post, keeping it to "this exists now". This time around, I'm throwing > out a "Hey, pgpkey-sanitycheck would be a nice tool to have, folks" and > running away. The tool that I used to conduct my analysis is available here: https://gitlab.com/sequoia-pgp/keyring-linter (Eventually we plan to integrate a linter into `sq`.) Justus was nice enough to upload it to crates.io: https://crates.io/crates/sequoia-keyring-linter So it should be just a `cargo install sequoia-keyring-linter` away. And, if I understood dkg correctly, he is in the process of packaging it for Debian. :) Neal From nobody Fri Oct 30 02:59:56 2020 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B40463A0D92 for ; Fri, 30 Oct 2020 02:59:54 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.898 X-Spam-Level: X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vYkbJSF1jFFj for ; Fri, 30 Oct 2020 02:59:53 -0700 (PDT) Received: from mail.dasr.de (mail.dasr.de [217.69.77.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 751223A0D88 for ; Fri, 30 Oct 2020 02:59:51 -0700 (PDT) Received: from pd9e79cc0.dip0.t-ipconnect.de ([217.231.156.192] helo=forster.huenfield.org) by mail.dasr.de with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.86_2) (envelope-from ) id 1kYRCH-00061y-5t; Fri, 30 Oct 2020 09:59:49 +0000 Received: from grit.huenfield.org ([192.168.20.9] helo=grit.walfield.org) by forster.huenfield.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1kYRCG-0006sW-RB; Fri, 30 Oct 2020 10:59:48 +0100 Date: Fri, 30 Oct 2020 10:59:48 +0100 Message-ID: <87blgkvxt7.wl-neal@walfield.org> From: "Neal H. Walfield" To: =?ISO-8859-1?Q?=C1ngel?= Cc: openpgp@ietf.org In-Reply-To: References: <87sga5xg03.wl-neal@walfield.org> <20201023192317.GA444398@fullerene.field.pennock-tech.net> <87lffvy6kf.wl-neal@walfield.org> <20201025010343.GA1089002@fullerene.field.pennock-tech.net> User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM/1.14.9 (=?ISO-8859-4?Q?Goj=F2?=) APEL/10.8 EasyPG/1.0.0 Emacs/26 (x86_64-pc-linux-gnu) MULE/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-SA-Exim-Connect-IP: 192.168.20.9 X-SA-Exim-Mail-From: neal@walfield.org X-SA-Exim-Scanned: No (on forster.huenfield.org); SAEximRunCond expanded to false Archived-At: Subject: Re: [openpgp] Deprecating SHA1 X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Oct 2020 09:59:55 -0000 On Wed, 28 Oct 2020 01:14:44 +0100, =C1ngel wrote: > I too have thought in the past we should have a "pgplint" tool.=B9 > I have several ideas on what to measure (this community probably has > lots more), it's something I could do but didn't have the motivation to > start coding it. I suspect that this mailing list is not the right place to discuss this issue in detail. I'd be happy to use the issue tracker for the keyring-linter as a place to gather ideas: https://gitlab.com/sequoia-pgp/keyring-linter (If someone prefers a more neutral place, I'd be fine with that.) :) Neal From nobody Fri Oct 30 05:25:26 2020 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 40D1D3A0E3B for ; Fri, 30 Oct 2020 05:25:25 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.897 X-Spam-Level: X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, LOTS_OF_MONEY=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Akhy-A_CC3uU for ; Fri, 30 Oct 2020 05:25:23 -0700 (PDT) Received: from mail.dasr.de (mail.dasr.de [217.69.77.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CE8973A0E39 for ; Fri, 30 Oct 2020 05:25:22 -0700 (PDT) Received: from pd9e79cc0.dip0.t-ipconnect.de ([217.231.156.192] helo=forster.huenfield.org) by mail.dasr.de with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.86_2) (envelope-from ) id 1kYTT5-0008SR-Nz; Fri, 30 Oct 2020 12:25:19 +0000 Received: from grit.huenfield.org ([192.168.20.9] helo=grit.walfield.org) by forster.huenfield.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1kYTT5-00033t-6f; Fri, 30 Oct 2020 13:25:19 +0100 Date: Fri, 30 Oct 2020 13:25:19 +0100 Message-ID: <87a6w3x5n4.wl-neal@walfield.org> From: "Neal H. Walfield" To: "brian m. carlson" Cc: "openpgp@ietf.org" In-Reply-To: <20201024165354.GD860779@camp.crustytoothpaste.net> References: <87sga5xg03.wl-neal@walfield.org> <20201024165354.GD860779@camp.crustytoothpaste.net> User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM/1.14.9 (=?ISO-8859-4?Q?Goj=F2?=) APEL/10.8 EasyPG/1.0.0 Emacs/26 (x86_64-pc-linux-gnu) MULE/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=ISO-2022-JP X-SA-Exim-Connect-IP: 192.168.20.9 X-SA-Exim-Mail-From: neal@walfield.org X-SA-Exim-Scanned: No (on forster.huenfield.org); SAEximRunCond expanded to false Archived-At: Subject: Re: [openpgp] Deprecating SHA1 X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Oct 2020 12:25:25 -0000 On Sat, 24 Oct 2020 18:53:54 +0200, brian m. carlson wrote: > On 2020-10-23 at 12:51:08, Neal H. Walfield wrote: > > So, two questions: > > > > - Does anyone see a safe way to accept SHA1 self-signatures today? > > Or (ouch!), if we want to be safe, do we have to convince ~10% of > > the sophisticated OpenPGP users to re-sign or regenerate their > > keys? > > I think the time for transition with SHA-1 is gone. The algorithm is > estimated to be attackable for $45,000. A thrifty and reasonably > well-paid software engineer could put that away in a year or less. It's > within the budget of almost any medium or large business. The attack presented in the paper is impressive, but it is perhaps not as devastating as one might initially think. In particular, it's not a preimage attack, but a collision attack that relies on human help. The attack is still dangerous, and I think we should deprecate SHA-1 in the near future, but there are a number of certificates out there in active use (see my previous mails) that rely on SHA-1. And, if there is a safe way to continue to support them in the near term (which I increasingly doubt is the case), I think we should. And, we should use the time that we buy to smooth the transition for users. Currently, the ecosystem has radically different approaches to handling SHA1. In Sequoia, we decided to bad list SHA1. (We still provide a mechanism for a user of the library to say: I know that this artifact has not been modified since T, so use a reasonable policy for this authenticated time stamp. For SHA1, we set the cuttoff to 2013.) In reaction to the SHA-1 is a Shambles paper, Werner changed gpg to disallow third-party certifications using SHA1 created prior to 19.1.2019 [1]. But, gpg still unconditionally permits self signatures and binding signatures using SHA-1 (tested with 2.2.20 from Debian). [1] https://github.com/gpg/gnupg/commit/edc36f59fcfcb4b896a53530345d586f7e5df560 It's not clear to me that the impersonation attack presented in the paper can't be adapted to self-signatures. For instance, I think Bob could get Alice to sign his key, then he could reuse that self signature to add an encryption capable subkey to Alice's key using a colliding binding signature. Also gpg doesn't appear to authenticate the timestamp in third-party certifications. Although the attack in the paper hides the collision blocks in the key material and user attribute, and assumes that the signature packets are identical, it seems to me that it would be possible with a bit more work to hide them in the signature packet's hashed subpacket area. Then, the attacker could control the signature packets' creation times, and circumvent this defense, at least for keys created prior to 2019. My understanding is that the RNP developers don't bad list SHA-1 at all. In the future, they plan to add a special result code RNP_SIGNATURE_WEAK, when a signature uses SHA1, but AIUI they still plan to accept SHA-1 by default. I'm not convinced that this will cause users to be more careful. https://bugzilla.mozilla.org/show_bug.cgi?id=1641720#c3 https://github.com/rnpgp/rnp/issues/1281 These different approaches make it harder to deprecate SHA1. Even though Sequoia tells a user that a certificate is unusable, because the crypto it relies on is weak, if that user is like most users I know, they will understand the message as: Sequoia can't do something that these other implementations can do. This places pressure on us to find a way to safely accept at least the certificates that rely on SHA1 and are in active use. I think we could solve this problem if we as an ecosystem could find a way to move forward together. In this regard, the players in the X.509 ecosystem are far ahead of us: they publish timelines to deprecate algorithms, and most implementations seem to follow them. > If we're provident, we'll specify some version of SHA-3 to be a SHOULD. > Cryptanalysis is advancing on SHA-2. I think this is reasonable. > > - What do people think about including a salt in the hash to make > > the content of the hash less predictable as described in [7]? > > I know not everyone will agree, but I prefer deterministic signatures. > There are use cases for OpenPGP with systems with little or no entropy > using Ed25519 or deterministic ECDSA for signing. Smart cards come to > mind, for example. I suggested adding the non-determinism to the hashed data (i.e., in the signature packet), not to the data that is directly signed. Most smartcards that I know of are fed the hash. So, in my proposal, it would be up to the host system to generate the salt, not the smartcard. > Additionally, I don't think a salt is proof that a signature doesn't > have a collision. If the salt is generated by the attacker, then it can > easily be part of the collision. That could easily be the case if the > signature came from a smart card or embedded device, where the salt > might not be generated on the card. We therefore cannot rely on it as > evidence that a signature using a weak algorithm is secure. I'm trying to save the self signatures. So, the case that I'm worried about is: Mallory convinces Alice to sign something, and the signature can be repurposed to modify Alice's key, e.g., attaching an encryption-capable subkey that Mallory controls to it. A self signature is over the primary key, a User ID, and a signature packet. In this case Mallory doesn't control the primary key or the User ID. So, he has to modify the signature packet. Since he can't give Alice a signature packet, he has to predict the signature packet's contents. Today, modulo the time stamp, this is possible. Adding a salt would make this harder. And, the authors of SHA-1 is a Shambles seem to suggest that this would be a reasonable defense: Section 7.2 SHA-1 Usage in X.509 Certificates If some of the CAs still issuingSHA-1certificates use predictable serialnumbers, a similar attack might be possible today (being located at the beginning of the$B!H(Bto-be-signed$B!I(B part of the certificate, if the serial number is unpredictable then the CPcollision attack is thwarted as a crucial part of the hashed input is not controlled by theattacker). https://eprint.iacr.org/2020/014.pdf Thanks, :) Neal From nobody Fri Oct 30 06:14:35 2020 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F1553A0E76 for ; Fri, 30 Oct 2020 06:14:27 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GjmDYZrU20-v for ; Fri, 30 Oct 2020 06:14:25 -0700 (PDT) Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C80993A0EBE for ; Fri, 30 Oct 2020 06:14:18 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 5F8C8BE47 for ; Fri, 30 Oct 2020 13:14:16 +0000 (GMT) X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dGB2_tEk5oHa for ; Fri, 30 Oct 2020 13:14:14 +0000 (GMT) Received: from [10.244.2.119] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 6532BBE2F for ; Fri, 30 Oct 2020 13:14:14 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1604063654; bh=YdJh+cmQP6wTyDuj3MzDJ+XDm/5vrlbLsDKnCYApZCE=; h=To:From:Subject:Date:From; b=jhqVvrTdXna4abwFAEpxnrYeYReiaGlPvyAY2TTLmK7FaeDzf9wTIkBrSnyK68YYJ FCulAXksFufhnNhiSWE1SGTnzji5VxNyp9e6DIiPPgDlHDTAQdyCX5kZfXvBrF2xGW NxQOxa7T7erbVC3eL5srRpWnGKFG6moCXmiFj7VM= To: "openpgp@ietf.org" From: Stephen Farrell Message-ID: <9d1da3a1-e67b-6c4a-deeb-979486a56f95@cs.tcd.ie> Date: Fri, 30 Oct 2020 13:14:12 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.3.2 MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="qeO2ghZPR2BUWEwGRQHhLuHR9oKqIi7Em" Archived-At: Subject: [openpgp] likely timeline for WG (re)formation X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Oct 2020 13:14:34 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --qeO2ghZPR2BUWEwGRQHhLuHR9oKqIi7Em Content-Type: multipart/mixed; boundary="1YoHd0Zj3LuJ4psEnkpfEuK1tkfaERRgT"; protected-headers="v1" From: Stephen Farrell To: "openpgp@ietf.org" Message-ID: <9d1da3a1-e67b-6c4a-deeb-979486a56f95@cs.tcd.ie> Subject: likely timeline for WG (re)formation --1YoHd0Zj3LuJ4psEnkpfEuK1tkfaERRgT Content-Type: multipart/mixed; boundary="------------82FF71B62303174B91ACE176" Content-Language: en-US This is a multi-part message in MIME format. --------------82FF71B62303174B91ACE176 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable Hiya, Just in case people feel nothing is happening wrt this, that's not the case: normal bureaucracy is happening:-) Having checked with DKG and Ben, the rough timeline I'd expect to see is: - charter [1] is in internal review (formally by IAB and IESG but also this list),'till Nov 5th, then IESG will most likely start 2-week external review, (when the charter is sent to ietf-announce and some other SDOs); - soonest IESG could approve WG creation then is likely Dec 3rd, because the IETF-109 meeting is in between; - all of the above is just normal processing for a WG coming out of hibernation; - given that timeline is not long (compared to the age of 4880 say:-), I'd encourage people to hold fire 'till that's done and we should be able to get going as an "official" WG in the not-too-distant (starting in on it all in detail now risks having to re-do stuff in a month or so, so probably isn't worthwhile I'd say) Cheers, S. [1] https://datatracker.ietf.org/doc/charter-ietf-openpgp/ --------------82FF71B62303174B91ACE176 Content-Type: application/pgp-keys; name="OpenPGP_0x5AB2FAF17B172BEA.asc" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="OpenPGP_0x5AB2FAF17B172BEA.asc" -----BEGIN PGP PUBLIC KEY BLOCK----- xsFNBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nemCP5PMvmh5= Cg8 gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kTq0IqYzsEv5HI58S+QtaFq= 978 CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtEgvw4fVhVWJuyy3w//0F2tzKrEMjmL5VGu= D/Q 9+G/7abuXiYNNd9ZFjv4625AUWwy+pAh4EKzS1FE7BOZp9daMu9MUQmDqtZUbUv0Q+DnQAB/4= tNn cejJPz0p2z3MWCp5iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqOVz+7L+WiVfxLbeVqB= wV+ 4uL9to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJgb097ZaNyuY1ETghVB5Uir= 1GC YChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k4LyM2lp5FmBKjG7cGcpBGmWav= ACY Ea7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK7uB7E7HlVE1IM1zNkVTYYGkKreU8D= VQu 8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9tlyWxn5XiHzFPJleXc0ksb9SkJokAfwTSZzTxeQPER= 8la 5lsEEPbU/cDTcwARAQABzSFTdGVwaGVuIEZhcnJlbGwgPHN0ZXBoZW5AamVsbC5pZT7CwX0EE= wEI ACcFAlo9UYwCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQWrL68XsXK+qGC= xAA pYHWYgGOIL3G6/OpkejdAkQoCVQAK8LJUSf6vzwost4iVfxIKcKW/3RqKNKkrRl8beJ7j1CWX= Az9 +VXAOsE9+zNxXIDgGA7HlvJnhffl+qwibVgiHgUcJFhCSbBrsjC+1uULaTU8zYEyET//GOGPL= F+X +degkE/sesh4zcEAjF7fGPnlncdCCH3tvPZZsdTcjwOCRVonKsDgQzBTCMz/RPBfEFX44HZx4= g1U QAcCA4xlucY8QkJEyCrSNGpGnvGK8DcGSmnstl1/a9fnlhpdFxieX3oY2phJ1WKkYTn6Advre= k3U P71CKxpgtPmkd3iUUz/VZa0Cv6YxQXskspRDVEvdCMYSQBtJPQ4y2+5UxVR9GIQXenwYp9AP2= niv Voh+ITsDWWeWnnvYMq07rSDjq0nGdj41MJkNX+Yb2PXVyXItcj5ybE3T2+y3pSBGFEZYJGuaL= 4Nw tBJFMOdOtBmUOPbetS2971EL3Izxb7ibOZWDwexv+8R6SWYfP1wVN3p46RyBQuXqJV8ccE11m= 6vt ZTGSYgnLUUFZMRQYH+0hwuYe0T3AA18xDdSYsa8vovCCd3l5S4UNzIM2PMChqGrEzKapUpZg7= +8A CcxRU3b9Ihd7WYjJ+pQPCoWYKozvtEvenbNpE/govO/ED3B14e+R2yevRPjRrsN7PJzSf15fQ= LvC wFwEEAEIAAYFAlo9UqAACgkQLzyHNoBfjaLrSwf+MIHbFRQ4O5cmLYR5sIByWelN3SuRN/gW8= rpK o9OkCz6An8uV/iCXy5tNMLzzi0BFl8f22DwBcC5qy9qnlIAdogWam1qWoTAoAD8veEqmuKhYr= qJs CcAyNrKYmK0hP3rpHxx1LySDmKYXmw/8qtBXKHTouMm+5tSsznhykRMTAAr2p7PSaHgo+hIVa= W/r KSspHjDhhZS+G9mtOZad1IH29M6G1Q1NCO0Ywe8krKLQIAQlFxtgvOqpPOZNzeKBa/+KbE8TG= gMW rkOhC8OeEM5PVzdDhlhD9kPzB/pCKDF5DofJ/ZRqnDpbKPQ0bsW38AOig3kOc0A27awiBEw3u= rqR 1cLBcwQQAQgAHRYhBH4XCgRchM9GDit5oBDvedn9g1MSBQJbtyScAAoJEBDvedn9g1MSI/oP/= 0A9 J9nrnBMqZpm857lfYWw+rshLK+tyeP4OQeOqnDFvs9jePpcyJLG3DF2r6VbVKPQq+AE6Uf5hc= JBD EN6BjEhRPSbLcqG3A1cz/nNwm8rPmNp+oKhmaBBQGxwciMLmzgynsDydnjPpMyEs04zvsbsl4= vrp 2095o105l8KcrrxQrioFjbwveGwHQK9bxJKhx9D+gIk+MouBur45UDKTZkMZrr9FGrtkyXCGA= xvK dcNC5Oa8z9sj1rcUJfG/OpVAMWhArdlZbFUQyoX6pU2Zb1CR2qpWAVerGSfBhmfCyStjARqaK= xlf tjO+Bj3Jj73Cr5eqej3qB5+V4BCsPjr4RLvVbYUCPsRdxWc+nBLlfVYkRURu21g1hFm5KFPjg= Uky o1s4vjUOY8DyI+xLGF7f/IhUBG6l+Vswhpwu7ydalZkeFiPx5xna5NfbEYxvsIf71DvipGvIO= aHv X4egWoFgm8n/9c3rcMxJtpwHPSsUt5dgLsyu6VE0IbvOAc3dN7CWJ355DVFJq9Zg2YVf0izSp= yyz JeGsgkfjW6xpmdvZxuT2UcN4BTcm6vYqueASGrb3lfhzC5gpeVsc/MoSjTS65vNWbpzONZWMZ= uLE FraxWJzC0JrDK3NCd0VN3kstqGkVbUIiYOnUm8Vu4zoVMLlGWzHLIGoPRG2nRezn1YyNfyb5w= sDc BBABCgAGBQJbxcflAAoJEGo7ETk8pK1gE7QL/ApC5P68W5DrI1787WJVZv1u4t/g39vTr7Xer= 3UM TVQg10vpa7pmqOGhjIDzDMg3Pe3K3M7fVzfAlUA1qw6ne4RCueVoRKpubeF4AlYbMr0K6hNCP= jt5 uAxmbBVuejKTc6pru5rv5gKL0nDbr+Snft5xt7juBLSSimw0/41sZnkjCxo9rF/RA/v6+uWyK= 171 RKmsEYu8fFtw1eqUNt/Xj792TUixE3pxXheNtQtZGk/9P3W83ChhG4Fh5EQsn0pIh9wZIAbMR= Lpg RKyW87fWHZC8/YH8h7afarvn9Thl5pFUldCe22mNJj6KLChn2aEHQd+PdY1GBpZEcmNEUPuov= wza tM0h64hCzTm41eDqRfihZVBT7TbfXQnv8rywa42Mk756RGzzEZcQEhwQXZcMQUfxIQQ2VyJo0= zG3 6VdZTQF7TF/4Lz7/3cJ56jOIm+dwPXtu+C2wAQuD4USOLt4JWPYpqzDfHYJIND/497P9Z9SuQ= eah r2ez3DRBg3qsHEjBV80yU3RlcGhlbiBGYXJyZWxsICgyMDE3KSA8c3RlcGhlbi5mYXJyZWxsQ= GNz LnRjZC5pZT7CwYAEEwEIACoCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AFAlo+o= 3cC GQEACgkQWrL68XsXK+qO0A//ZsfQzyXrZlu/eEV5jU620yeOM3P7SW3C3UQYdCgZ/TlvxGgKo= w5o DSXgjMiUyq9csGqbPBxlDYSxFZHNeDVKYIuP2ZK24tw5k6duTh4+sFwUualTMlcp0zBCIzn3h= Rcs RvuPKHfl5+6oOi0+xqx3jX/s/69L/fvHmdSKet5LIUAxoYaZkTCruFrPWb01tgAl5JExWkhmC= Y98 iD+EeiIMAWBjMw1xV+p0uCwNbN6XDzcToK7wsm+tAIiWUy3DpP60a6WbVwdV0HNt2WZq5U5Jd= h2k 4S+sN2CnYk4tTW7jHjsWarV3FLISCOObADZuB7ljU4kYfdwZ+WzenXY4LGlxGQSlAblGjwZe4= EIk CXAJUtzJhoFUuGaF/PlWjxqV3UFRcgTERZTijguVyREre8GNERNgvDxZvuXssEjvz9X5JfcIZ= DIJ pdzhLiEIj9noUbfx1SzB5KDPQj0O7elMHa1671/rwWcpGr/MfVPTOik4H7F8rcVJelceZTzC4= tvy a7M+jM4fyFWWt8Y4atTixUiP7U9o4uBZCQ0GzvsmFA4XLqn2pA5rVizMXnGbGOjufAP/efEJ4= ul3 qvjYe8ye8DXEDjKAxo/tuHYtk19XCi83QzFhWls5TT+XQeVTMEvVqo9Wek8yoxo67qvLKKqIc= G9g ivQd8MxYNAbNYgSPtkbhZ8TCwFwEEAEIAAYFAlo9UqAACgkQLzyHNoBfjaLzHAgAlWT6NXEGt= w/r 1miKNGcopzvzILQ9oB8rKI9U9EL6tOf/y2V5oYee/GyQDb3ZdoPxxYYcJf+RyiH1nMoqUIZiZ= Jaf 3bJXinDZ5+AdfE++UR2NBvqaNyC6u3r24jo1B/sagKbYtWgsYtRqHLD4IWi37MZrVyjBuF7u1= 4Q0 7+uhjq6mX2O/tHpCYw/Q82tbeTRPyUf1WQOAfD1kfBpW9PvAva5Iw9FWeXpCXRzwxnCZhYfGf= qtu Sw6CPBYLdbikqML6FZ7EDuTBb/8um1wK7Y9bgeIQC+CYjhYB5RXa1tDJRab2Js4luCvSR0w/C= gHw 26293tlve2Q6UTrmHxP5U22DlsLBfQQTAQgAJwUCWj1QMgIbAwUJCZQmAAULCQgHAgYVCAkKC= wIE FgIDAQIeAQIXgAAKCRBasvrxexcr6tJpD/4rrILH+meP07vrx8wW5eYuqCiPGYnh/CXxIF8eL= rfb e5d4QRgtq+w6UeQPMyzKRIRiCoBXB2oJLBZHyxBPxZlg33dTMrEGn8QWKx2iNuz9rZMXyOSWF= etu O01d/aUPd5BnbLbIyK5of8xCQlXM6KH8bc+9gQ7edR9mfLTdvBf2FR522hg8BRBM1imKc3vO8= v39 +qIHHRjuiwxBBCAOhHtHRsZXripS0uFA07dM46Oi/E8osjx6fQt/lH5z/PN+2adxYSrLSAXfr= 1oD 3RxYNhuWgyGFL64/VCQb1YGjf0Z5MBPnWm9jgUoOY5K9eNSS0L83WeJjlF5+Q/WOgB+rb49Pr= m2D Feo9+S9f2V53Llz1WIspXJg6f+n9lmHE94MfQj1GAHCzI0FeL19lvM+LhD8jJSCbhrC3+yoby= y/A UOs5Z3E+njjX1FF/VCVAs6iOa6i+XG+Y1hh3ir2y1kckJ5auT10MSU8GEZu9ayU4M3o3N9yxO= jao P0NuQ4MMLL/n/u4u94AeZaHPNBXn/hVfVRRmpRXtGKvJtFAEppGEYezB+bLKIm6XlpPkhnwYz= leL Z7AMEco2C6QM8QPB3g3JpS3sqRhA5rEP4lL16BmijmF+CHoPE/zwgKZbKpyVDqvIW5IDgvfIC= 2X4 pbZDRvGIUKaGSB4+ksZgUUnNyvfQr2p7jsLBcwQQAQgAHRYhBH4XCgRchM9GDit5oBDvedn9g= 1MS BQJbtySbAAoJEBDvedn9g1MSeKkQAJm44jt1kwHgQgeDBKdjdvl0AjE0xVEQxriZ6lP/l//34= YT0 auFfzsYIrChSpQXAEtobBAr4Ohw1Us+BZe+H5P8vm6LRuPwozC3SjwfX4Iec8+9ot6tIVg4sb= edD Sgb/CCFVjsmIGcQ1P73JLJTBJ6mxYCV/gn3QC6bwDOFo7kD9FDHCjRN8XfhHQ4Q9cYyt06uF3= 1qG /aumgWYC9geCGgAwiHgwxNYb9GoJ0iZjCROwbYvLTcQgsVUW2bTmsVR13UVKDsdl02sRV7qcV= YW6 R0a3Ra8KudX+nt25H5DRGd382KZ5W8pydsy/viTvD9z6v0ulChBYxAedIvGIClrhbxlLEPmIg= 4Im VOLGqsUgVm32J95WOjEkk4PEZ12xSDBtwhSJqmJNboWlfmw43KdIbY8zNhffIO3N6O7FsdGxm= qyH eLoTpqY+ySVUPpbuyW8ujnI/J//+6hdTZ9dQsEJQlWngKuWOQ5ma58MPSN88zllsqhZAFQjNx= qnk SzL6ZQ+v/jvuRRe16B80AeO55DsmbWsMv/YLLD1mSi7+Khy2EtMBhgojWwrGMvdLN6X3mnzNJ= Esc YyLxM9tSk+iySP2sLthK0BVgpAzBSdaf/ezIz60P+neHDzteNFf8Mn7lmgYk1amvZoJ29s5+n= 2Hw xyRL5dVMyMdyQmntubbctfqrZ0tIwsDcBBABCgAGBQJbxcflAAoJEGo7ETk8pK1gnCYMAJY4F= eIY jlIXGghFWzsB4fYwK1+iaFpU3fSto5qcrqVtVPjXpwqczqBWeXGyQxiB0kan4OVAXydIeaP8E= AuF CA7paP3s9STLJBO3KurkwyRkPW5zo0X7xVqaVToRsX2Ul98KVJoHYQD1KdezEtwlvpNwiiBr4= 2AY R751Vm6JBVAbQXuFpB3c8bUV0OkkRxNFtL8/2PieHar58n5dntGkbPlPkztahsFqktgacIgXH= X5v aT+7YeeZ1DWLOYjGO0wNhkOSeroCmxwJUikU7joBp823L7r5KfpqWTPpSCzVstQKZUGmmoE1q= Csw Y/Ud5wvp9SccpIILkRXj0rZRtfnE5MpL3hjmtNzfDd9qIsJtBJlSB2hZwAsVm1l+EWN9hG3tq= yA4 3niUMy2n6q690of3berSiQ+kvY/aC9Hx8I+bKzOV9/J2VUTqfaPZa4Uy2rVX5Q2p69n/PMj7m= Eer 0rCL3j9V16J9c+s0BSkXoKdtYdB0TWVhBgUybd9qtYcwHWvhP80uU3RlcGhlbiBGYXJyZWxsI= Dxz dGVwaGVuQHRvbGVyYW50bmV0d29ya3MuY29tPsLBfQQTAQgAJwUCWj1RWgIbAwUJCZQmAAULC= QgH AgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBasvrxexcr6jscEADEcB0WQEZn2AkrzDs1RhL0Lp6cZ= i0B igofkbcGfdhJyMSs19C0dhvncrAFClVI6/Udw3yFtDyYtOCf2W3M3A1K6/RfEizCLzTsdFIhn= i9g OJLlUpXViQtgrlstjk7hqVV3Ooz4BlCqS4cG7rfqf4LQQPpTAuFUEV9I28FBUB2irqC+v4gTy= sIg pMw0bA1yBU9sX5jE/tRkzqnuzZrkwiobDtRFJ9qp+7O2JtcY4EsVtLAsaodJKc5cF8R4OvB1n= 66v xxcgg9Eh4JNWZ47xsaCmAGo1Bcb2jIY35OtgAL7gCGLRSMKTtAaPy1/fEgIqhCljJ9x40Fkn/= 3r2 BX21WC9HFSPFTBz2RluLRzxdgxOrkYK8EiHUPoE5b1AEzZKw2AbeXfr57f5zYsN3IqfbQLUjM= YtU N1wK3Pjb+idD972wyXMWt8uOzlI7b9Ocu+nYm2whBfJv9Pmp3QYTmPz+LB9lH65VNVUSxSXVr= 5iW XO3qx1HtEiGEqkporMQCTh3T5Ud3PvMSRBFFKNs9WhJ/Lxz+SV30WLwG6dr5mQqlzAhb4Phc/= zek ZyXRdS/oDKrBLUucS36O//49JeyRi1QvOfxnfmIqRIAf/k3PoYJmTo5E82//r5Qj3YGlRu78b= a0H Arxs+ACD6AnEHHcbswpbtVEKYzlSu0Ar0Dc7vRWM/IyQdMLAXAQQAQgABgUCWj1SoAAKCRAvP= Ic2 gF+NosIsB/9f/29FNla3BJfGIEIDnhrqGD0i9bSa89SqBd++uG06TQgW5wsqtNcrwn81yZTq6= XE6 i9VtD4GKfqC0d4KZJr9bnbeD81cI64VOdL8zJWJs0vj5EIXCobKyX74Kb4uePUyZqwT2Q74I1= 16u /HwA9/FXsPo5isbh4ZqD4t0VHpWkmfq1FPT9a/JPyX46qKqB2Fce/7Qy+SQP1NfkuUlbhUH/J= G9a SSYvk3lznNiH41x9M+FDlL106itXOubrl3oi2fT3fsSedq7uzt+IV0DQEeNaoQAUuwEhdB8IW= OMq N2woDjGVKJftfsSWY9ilZrnDBNDrp0vRqcx33LUMkIw4d7iBwsFzBBABCAAdFiEEfhcKBFyEz= 0YO K3mgEO952f2DUxIFAlu3JJwACgkQEO952f2DUxJjuw/6ApHSsVTWD4a0H6FJ23A9Ftpy+aXZ4= vYl zkSrfsn2ECrEfK3lXQh/uzwjJUDYZeB1/BQsFZtcYNQOJSSHbQ49BFRLwb1J/wBZG4bbmrkLx= nNb KDKQvzxEpclkMW0Dj0J6o7kGrmzIGGrhB+JJN99AcineHRug8ZSFIERRCmigxdhAKU0BFD7P+= 5HN HltSL3DF1c2fFOf2JrgBKVoE+9RhMZjWNbYetFFLCkjXb5Rpay9zeMm1DxfSTGAnuOwUXW6qq= 4hn l5+VC/48ceDZElLLfu7RQUZv44pkSTOWZs+iQoJiHMFHk9wPqyB2Vok1yJ2a2j27WhXrJlPwn= Zbg JO5RyWDG3p/eVmpl5Uuc2dsfIpR17KnAuWpghK6V+cyFncDoGCl/YG2MvoolsW08FiZh3Ej4d= nJj j25TZkeFG74JJDXLvMYpJfSBGnmETv4Dhcm2xPqVMuFuL1qJlMbVLrMo2GXeo03OzNyvbs+u8= WLI aGm5hC7N1CXY8wZs4jo6OJ/expvnc07dEuws4zT3AiWv3nIouWReRStZy9QkavDocqbyPmilc= dPC Yk4BsOlzpwwO74hNG7iyl0KdAlwTxGQ7y0rJou6HYa1TmRhIEr3vKvlW+JfUUrqtjXgsuacTX= o4+ Ira2JUErL2cYzQMq1j4r1ZyhFnuz93s7Rsx/Nw0+0YvCwNwEEAEKAAYFAlvFx+UACgkQajsRO= Tyk rWCJqwv+NLVPE4sD4sDA2/6Ek7UsRIUkg+S39fhqWsLc4rtw/mDunv8Un61I3K04fZ2Ry4nF9= hZM 0a710UvXFbStvrzRJO3EAAcdJR9LTCd19e8UeruQbIee3YT91U4NkC9JMpecfq62/teOAU2e5= P3f WYaLs5ZX7zCLwWuBcW2l3SyoljQczM85HhJ3XHm+FnwQ6D9xRle+lvWTcuC9d1yAyUb8IOosp= cL2 lJTmy8e3r79R24hPlSB4LDe0wEN8AXbagrcAQZjwyaHyWxjJbTwZ0b43WGdfIqZ1ElOeoffbk= etP GRmWvx5xUvb2ALFBBdETzV270gs5XDJgJ1SIIKOyDADxwvroTe2jD8C/841eEql5QSow3s/U3= zRq k3mttto8Qw/DN71aeh6dmYSsvd2UjsHw/vofOPRBGxZLEkKTEvMnhmMW9hiKPkPia+QgevYE0= 20q pKSxLEdWA8nprHwxmGiDNesCfXSC6vm1qfyj5g8HzxSckq9ZaMhKMCo7vxflUEDuzsFNBFo9U= DIB EAD6DdHQfMav8OXfhjTteoarOrlJTSdci727xiezGPuBHmpvceBRZgRasdbaMc4HJee+R9+5x= /nL PCuy/DxDyIjwIUeJNgc+l7LjI9WfpHTD8U4xxjvR5Mi7+ToQQUOUNuzT0O0pyuxP1uY3RehHE= hOV fBZO59ipSeZL5iQC6T5MsK1SKfs51pLa5ToC1rc8tBJ4zZmxRAyZiYc/AH2uZ/6rYjTTkAn1D= VI9 DYo2D/zE4bGjXdJW5pKphFB2lX3dG4I7ODi+5e1H6A/QpCu6z8/ZkIQ+9T1xcX/YwiFeA7PbT= uW/ eITbMbI1eV3+fyym9aT7Rsflmp31Zxtr+sZwGGZf00ooMBFmqOS//NUQ/Vf3vDUew1h5QU1yD= aWT 3NApvi+XWPH9TPy6TMfZA2FThHf11sX/gDBa5JWQZbptPEcmoazpiKZt91CrFPOaoXDPck/Q6= 1df mr/oPikfByYnASIM3OwEuXqyQ9JDRfKrem5r+oA/wxWb5jELElAhOpnyqMMvOh7uz1foUssL8= MAv 2TGXmxpVJ8Nu4je6wf96Z22fQ0D38zud+CKH3bMP3ayXXJBcdPoENrzFbWP5FTg/4TTDJ3vOA= HZR 5iCunYghx8b7Ffa4UbkwlD+dh8GiIAtvT51Ac0cO0Wc0Zjc57zPUz1zloMbf+zb1Bsn7DuEQo= qj1 gwARAQABwsFlBBgBCAAPBQJaPVAyAhsMBQkJlCYAAAoJEFqy+vF7FyvqrC8P/1tF6TeR83xD6= Mas qXyrBjwcLmziaF0Mlkj8k/YUiZ/knb53n97xQnh9yxPv0TT8Wpfdn3BmvqGyh8+ouHX9jMOxi= RkM dNhIauVYY/8jmRfBSYWcFkfMzdYasvdLtmYJgx252HKTFdeOrszoOjWjEzwmh+tca3AFMu/nB= ++/ KAmi5UJV7zsZ7uYJ5jm97LV5SLjNJIXXM+lHqCDrjDaDhNczmq1LCRlU6/WDjvkuwaVhZG4lX= xMD rvKnXMkjseQ2oKjwrIdfQM86H1z5J31lfhqop+of0cimcIsBgSCPu+h96LHuAzeRBCbDKeqrf= ZtA ZAGsokRina9947fRWxXHh3O66ILmXKNRxxWbDkPvYnQWUat8SbSTDoPWrDIGDRIAypqYo3pcN= 2OE 0C1chqgDZQxkr+9kYZQpupOAN2TR+fM7JvbO9coKI8Uqog8CopoMeDQkd0YjcqlB1E0svODHT= zcS oRzogDBYDqNLP7qVkNXpcOAXSVioBgiSDf7o5RdS/qmUyXBIeq6I5z8xBcd+BQ/n/9Frkm6K7= IKP 3ngUP4wEoiPx5ZE5+fPIScGmVUcZIMhkvMvem9XXh1yyhqN14gfjmLwPGdWbrgG8QUe0s2WeW= Iys s6uTiyF+ZbJSo2XOKVc3YFMVUUfgyudqAV1wWdZinUk+H3pkqOKoHAy/8fST =3D40Nd -----END PGP PUBLIC KEY BLOCK----- --------------82FF71B62303174B91ACE176-- --1YoHd0Zj3LuJ4psEnkpfEuK1tkfaERRgT-- --qeO2ghZPR2BUWEwGRQHhLuHR9oKqIi7Em Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature" -----BEGIN PGP SIGNATURE----- wsF5BAABCAAjFiEEW7Wm6ldl0sWGPK4nWrL68XsXK+oFAl+cEaQFAwAAAAAACgkQWrL68XsXK+qg DRAAtbf5GwSqwrZvds0bMNbfe47Bk+kc1AVeNsYtblSJNJuXHg/gpFoXxBfFrLZJoOYax5GD+/4W 0uoCRkahxy6vMDIe6PSGjuQgWobaHGZu5Bumata+un5lvruf9kYONilXdHFMPaF6wMPjoWYQiUv1 4Xxk4BT+Z6pJ0LK//dVzcidKXHn7XdzWz9RVzCXxp4xJ900o12jDWpK0cfcl/RQ/Uc1BQ1JITD26 TzOuoJOPcg7yYTOF5TBTC1bFJWg1C8oEim627UwHlfNUWtxiDU5hLgnmjD0kXvNXj/HkCforFFkh gJ9ZkLU4k6X6RZdqoXC7Ae7EZgzAV6KuXGeIlxPhvw9RVXfI7ZvxPFRG2QpGHEZHfxF7erY/JYkd 7nGHBMSifScFapY3nJmUw/sFbBUxST5k+3OEmrz2KhqVwvXjr2Zh9sDZyBhBLJBavL0tB36rj7k5 6aXIVUYgJGjzNOeXly+FSf4FA3AQ6Wt+X/BhhrBIDiVHpvdG89lr65108/2VoQ+vIlM0VvDCeiCr vQpLmUfo1YN5AZR2uEGEJTNwqStMbo2cOoMqcjimSQkOMhRJAGz9Fo5Rc/BatyYdbPGK93cVAz90 eCeP6H9Kfr68niWl5ZjOxqs/WpcpIcR+BPcZZuaTBKbdbYFgcf0/u/KKVJvCkzW4R4v/nrrc9FwE AN0= =IVgt -----END PGP SIGNATURE----- --qeO2ghZPR2BUWEwGRQHhLuHR9oKqIi7Em-- From nobody Fri Oct 30 07:03:44 2020 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 57FC63A0EC1 for ; Fri, 30 Oct 2020 07:03:43 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VOuVW3Unypsl for ; Fri, 30 Oct 2020 07:03:41 -0700 (PDT) Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 92CA83A0EC0 for ; Fri, 30 Oct 2020 07:03:41 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id CAB77389BB; Fri, 30 Oct 2020 10:10:29 -0400 (EDT) Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id suxV8lb3nZUL; Fri, 30 Oct 2020 10:10:28 -0400 (EDT) Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 049C1389BA; Fri, 30 Oct 2020 10:10:28 -0400 (EDT) Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 4AE5D617; Fri, 30 Oct 2020 10:03:38 -0400 (EDT) From: Michael Richardson To: Stephen Farrell cc: "openpgp\@ietf.org" In-Reply-To: <9d1da3a1-e67b-6c4a-deeb-979486a56f95@cs.tcd.ie> References: <9d1da3a1-e67b-6c4a-deeb-979486a56f95@cs.tcd.ie> X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Subject: Re: [openpgp] likely timeline for WG (re)formation X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Oct 2020 14:03:43 -0000 --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Stephen Farrell wrote: > - given that timeline is not long (compared to the age > of 4880 say:-), I'd encourage people to hold fire 'till > that's done and we should be able to get going as an > "official" WG in the not-too-distant (starting in on > it all in detail now risks having to re-do stuff in > a month or so, so probably isn't worthwhile I'd say) In the meantime, if we plan on having virtual interims (I hope so) to time box ML discussion, then I suggest that we might want to doodle-poll, (or that other tool you prefer) for a consistent time-of-the-week in which = to do the virtual interims. If we are going monthly, which week. =2D- Michael Richardson . o O ( IPv6 I=C3=B8T consulti= ng ) Sandelman Software Works Inc, Ottawa and Worldwide --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAl+cHToACgkQgItw+93Q 3WVatQgAiuZ9+RtRzRvA+SQsBk/QehMFVxKALoJiOP5bBSIAGgrpx9I4oAUOmMrt n2VlE80p8z+cJTpvDo3LEN+/nwp5BQ6qGV2U+A4DRuwlAQDmqjNS7GAqaPZtIvpq Shlz8Dd8SaJNuADlKf7TsHP4rlYDDSmMad3Sc6xEnv8WPsCsyW7wiC+lZw9Ix4Ao ZHSXR4fSpoUAdyRr7VYtcnbB0ARPXWZhLsh9p/wVKr/hlXGdOWgRmhP1ankilW3k HrAxb5kaPwldv4uBN9hx1I3zJ48B32Vm4MGLTvBWFItX5oLDvMEQ2Q//QeIDwvti V5LG036A/ilIUbdPkKDEVA5xnS2Aww== =DmnQ -----END PGP SIGNATURE----- --=-=-=-- From nobody Fri Oct 30 07:06:50 2020 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3804C3A0EC3 for ; Fri, 30 Oct 2020 07:06:48 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.246 X-Spam-Level: X-Spam-Status: No, score=-2.246 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, NICE_REPLY_A=-0.247, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0uTuVWW5s27w for ; Fri, 30 Oct 2020 07:06:46 -0700 (PDT) Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 071153A0EC1 for ; Fri, 30 Oct 2020 07:06:45 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id E295EBE47; Fri, 30 Oct 2020 14:06:43 +0000 (GMT) X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AXYNgb0nk3pK; Fri, 30 Oct 2020 14:06:41 +0000 (GMT) Received: from [10.244.2.119] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id AFF96BE2E; Fri, 30 Oct 2020 14:06:41 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1604066801; bh=zEPa+Tp4VMe7W+aFvzHHpWm0A+KwpLjUxzwwQD+lJ9c=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=TIt3B/Ex7kLMPMS+aKhBg9hB/S76aMF2LV1HZN/TYncXWck/zu68of/3GZjocx+LL XNRl+IQfrHmw7yeXDqXezrzGCJ4ygKj9bXgd2rVaPoVh/V1pWcF01WvsC2MG6n2Eox Ai2c9WomqnAa0rJBsc4u7q5KAxXA923601gcKXBg= To: Michael Richardson Cc: "openpgp@ietf.org" References: <9d1da3a1-e67b-6c4a-deeb-979486a56f95@cs.tcd.ie> <8199.1604066618@localhost> From: Stephen Farrell Message-ID: <273a7baf-5be0-814c-386b-0f42b4e09abb@cs.tcd.ie> Date: Fri, 30 Oct 2020 14:06:40 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.3.2 MIME-Version: 1.0 In-Reply-To: <8199.1604066618@localhost> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="KRJf46tGcWztmYBfb2EamNQFOCxBI5eDK" Archived-At: Subject: Re: [openpgp] likely timeline for WG (re)formation X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Oct 2020 14:06:48 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --KRJf46tGcWztmYBfb2EamNQFOCxBI5eDK Content-Type: multipart/mixed; boundary="rnX7cvCTBOqHjsG4R2nP2KMzr3zA81SIQ"; protected-headers="v1" From: Stephen Farrell To: Michael Richardson Cc: "openpgp@ietf.org" Message-ID: <273a7baf-5be0-814c-386b-0f42b4e09abb@cs.tcd.ie> Subject: Re: [openpgp] likely timeline for WG (re)formation References: <9d1da3a1-e67b-6c4a-deeb-979486a56f95@cs.tcd.ie> <8199.1604066618@localhost> In-Reply-To: <8199.1604066618@localhost> --rnX7cvCTBOqHjsG4R2nP2KMzr3zA81SIQ Content-Type: multipart/mixed; boundary="------------4B07C1D9336C34524B269B86" Content-Language: en-US This is a multi-part message in MIME format. --------------4B07C1D9336C34524B269B86 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable Hiya, On 30/10/2020 14:03, Michael Richardson wrote: >=20 > Stephen Farrell wrote: > > - given that timeline is not long (compared to the age > > of 4880 say:-), I'd encourage people to hold fire 'till > > that's done and we should be able to get going as an > > "official" WG in the not-too-distant (starting in on > > it all in detail now risks having to re-do stuff in > > a month or so, so probably isn't worthwhile I'd say) >=20 > In the meantime, if we plan on having virtual interims (I hope so) to t= ime > box ML discussion, then I suggest that we might want to doodle-poll, > (or that other tool you prefer) for a consistent time-of-the-week in wh= ich to > do the virtual interims. >=20 > If we are going monthly, which week. That's a good point. I'll chat with DKG and see what he thinks. Meanwhile, any thoughts/preferences about whether and how to schedule virtual interim meetings (aka phone calls;-) welcome. Thanks, S. >=20 > -- > Michael Richardson . o O ( IPv6 I=C3=B8T cons= ulting ) > Sandelman Software Works Inc, Ottawa and Worldwide >=20 >=20 >=20 >=20 >=20 > _______________________________________________ > openpgp mailing list > openpgp@ietf.org > https://www.ietf.org/mailman/listinfo/openpgp >=20 --------------4B07C1D9336C34524B269B86 Content-Type: application/pgp-keys; name="OpenPGP_0x5AB2FAF17B172BEA.asc" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="OpenPGP_0x5AB2FAF17B172BEA.asc" -----BEGIN PGP PUBLIC KEY BLOCK----- xsFNBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nemCP5PMvmh5= Cg8 gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kTq0IqYzsEv5HI58S+QtaFq= 978 CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtEgvw4fVhVWJuyy3w//0F2tzKrEMjmL5VGu= D/Q 9+G/7abuXiYNNd9ZFjv4625AUWwy+pAh4EKzS1FE7BOZp9daMu9MUQmDqtZUbUv0Q+DnQAB/4= tNn cejJPz0p2z3MWCp5iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqOVz+7L+WiVfxLbeVqB= wV+ 4uL9to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJgb097ZaNyuY1ETghVB5Uir= 1GC YChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k4LyM2lp5FmBKjG7cGcpBGmWav= ACY Ea7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK7uB7E7HlVE1IM1zNkVTYYGkKreU8D= VQu 8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9tlyWxn5XiHzFPJleXc0ksb9SkJokAfwTSZzTxeQPER= 8la 5lsEEPbU/cDTcwARAQABzSFTdGVwaGVuIEZhcnJlbGwgPHN0ZXBoZW5AamVsbC5pZT7CwX0EE= wEI ACcFAlo9UYwCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQWrL68XsXK+qGC= xAA pYHWYgGOIL3G6/OpkejdAkQoCVQAK8LJUSf6vzwost4iVfxIKcKW/3RqKNKkrRl8beJ7j1CWX= Az9 +VXAOsE9+zNxXIDgGA7HlvJnhffl+qwibVgiHgUcJFhCSbBrsjC+1uULaTU8zYEyET//GOGPL= F+X +degkE/sesh4zcEAjF7fGPnlncdCCH3tvPZZsdTcjwOCRVonKsDgQzBTCMz/RPBfEFX44HZx4= g1U QAcCA4xlucY8QkJEyCrSNGpGnvGK8DcGSmnstl1/a9fnlhpdFxieX3oY2phJ1WKkYTn6Advre= k3U P71CKxpgtPmkd3iUUz/VZa0Cv6YxQXskspRDVEvdCMYSQBtJPQ4y2+5UxVR9GIQXenwYp9AP2= niv Voh+ITsDWWeWnnvYMq07rSDjq0nGdj41MJkNX+Yb2PXVyXItcj5ybE3T2+y3pSBGFEZYJGuaL= 4Nw tBJFMOdOtBmUOPbetS2971EL3Izxb7ibOZWDwexv+8R6SWYfP1wVN3p46RyBQuXqJV8ccE11m= 6vt ZTGSYgnLUUFZMRQYH+0hwuYe0T3AA18xDdSYsa8vovCCd3l5S4UNzIM2PMChqGrEzKapUpZg7= +8A CcxRU3b9Ihd7WYjJ+pQPCoWYKozvtEvenbNpE/govO/ED3B14e+R2yevRPjRrsN7PJzSf15fQ= LvC wFwEEAEIAAYFAlo9UqAACgkQLzyHNoBfjaLrSwf+MIHbFRQ4O5cmLYR5sIByWelN3SuRN/gW8= rpK o9OkCz6An8uV/iCXy5tNMLzzi0BFl8f22DwBcC5qy9qnlIAdogWam1qWoTAoAD8veEqmuKhYr= qJs CcAyNrKYmK0hP3rpHxx1LySDmKYXmw/8qtBXKHTouMm+5tSsznhykRMTAAr2p7PSaHgo+hIVa= W/r KSspHjDhhZS+G9mtOZad1IH29M6G1Q1NCO0Ywe8krKLQIAQlFxtgvOqpPOZNzeKBa/+KbE8TG= gMW rkOhC8OeEM5PVzdDhlhD9kPzB/pCKDF5DofJ/ZRqnDpbKPQ0bsW38AOig3kOc0A27awiBEw3u= rqR 1cLBcwQQAQgAHRYhBH4XCgRchM9GDit5oBDvedn9g1MSBQJbtyScAAoJEBDvedn9g1MSI/oP/= 0A9 J9nrnBMqZpm857lfYWw+rshLK+tyeP4OQeOqnDFvs9jePpcyJLG3DF2r6VbVKPQq+AE6Uf5hc= JBD EN6BjEhRPSbLcqG3A1cz/nNwm8rPmNp+oKhmaBBQGxwciMLmzgynsDydnjPpMyEs04zvsbsl4= vrp 2095o105l8KcrrxQrioFjbwveGwHQK9bxJKhx9D+gIk+MouBur45UDKTZkMZrr9FGrtkyXCGA= xvK dcNC5Oa8z9sj1rcUJfG/OpVAMWhArdlZbFUQyoX6pU2Zb1CR2qpWAVerGSfBhmfCyStjARqaK= xlf tjO+Bj3Jj73Cr5eqej3qB5+V4BCsPjr4RLvVbYUCPsRdxWc+nBLlfVYkRURu21g1hFm5KFPjg= Uky o1s4vjUOY8DyI+xLGF7f/IhUBG6l+Vswhpwu7ydalZkeFiPx5xna5NfbEYxvsIf71DvipGvIO= aHv X4egWoFgm8n/9c3rcMxJtpwHPSsUt5dgLsyu6VE0IbvOAc3dN7CWJ355DVFJq9Zg2YVf0izSp= yyz JeGsgkfjW6xpmdvZxuT2UcN4BTcm6vYqueASGrb3lfhzC5gpeVsc/MoSjTS65vNWbpzONZWMZ= uLE FraxWJzC0JrDK3NCd0VN3kstqGkVbUIiYOnUm8Vu4zoVMLlGWzHLIGoPRG2nRezn1YyNfyb5w= sDc BBABCgAGBQJbxcflAAoJEGo7ETk8pK1gE7QL/ApC5P68W5DrI1787WJVZv1u4t/g39vTr7Xer= 3UM TVQg10vpa7pmqOGhjIDzDMg3Pe3K3M7fVzfAlUA1qw6ne4RCueVoRKpubeF4AlYbMr0K6hNCP= jt5 uAxmbBVuejKTc6pru5rv5gKL0nDbr+Snft5xt7juBLSSimw0/41sZnkjCxo9rF/RA/v6+uWyK= 171 RKmsEYu8fFtw1eqUNt/Xj792TUixE3pxXheNtQtZGk/9P3W83ChhG4Fh5EQsn0pIh9wZIAbMR= Lpg RKyW87fWHZC8/YH8h7afarvn9Thl5pFUldCe22mNJj6KLChn2aEHQd+PdY1GBpZEcmNEUPuov= wza tM0h64hCzTm41eDqRfihZVBT7TbfXQnv8rywa42Mk756RGzzEZcQEhwQXZcMQUfxIQQ2VyJo0= zG3 6VdZTQF7TF/4Lz7/3cJ56jOIm+dwPXtu+C2wAQuD4USOLt4JWPYpqzDfHYJIND/497P9Z9SuQ= eah r2ez3DRBg3qsHEjBV80yU3RlcGhlbiBGYXJyZWxsICgyMDE3KSA8c3RlcGhlbi5mYXJyZWxsQ= GNz LnRjZC5pZT7CwYAEEwEIACoCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AFAlo+o= 3cC GQEACgkQWrL68XsXK+qO0A//ZsfQzyXrZlu/eEV5jU620yeOM3P7SW3C3UQYdCgZ/TlvxGgKo= w5o DSXgjMiUyq9csGqbPBxlDYSxFZHNeDVKYIuP2ZK24tw5k6duTh4+sFwUualTMlcp0zBCIzn3h= Rcs RvuPKHfl5+6oOi0+xqx3jX/s/69L/fvHmdSKet5LIUAxoYaZkTCruFrPWb01tgAl5JExWkhmC= Y98 iD+EeiIMAWBjMw1xV+p0uCwNbN6XDzcToK7wsm+tAIiWUy3DpP60a6WbVwdV0HNt2WZq5U5Jd= h2k 4S+sN2CnYk4tTW7jHjsWarV3FLISCOObADZuB7ljU4kYfdwZ+WzenXY4LGlxGQSlAblGjwZe4= EIk CXAJUtzJhoFUuGaF/PlWjxqV3UFRcgTERZTijguVyREre8GNERNgvDxZvuXssEjvz9X5JfcIZ= DIJ pdzhLiEIj9noUbfx1SzB5KDPQj0O7elMHa1671/rwWcpGr/MfVPTOik4H7F8rcVJelceZTzC4= tvy a7M+jM4fyFWWt8Y4atTixUiP7U9o4uBZCQ0GzvsmFA4XLqn2pA5rVizMXnGbGOjufAP/efEJ4= ul3 qvjYe8ye8DXEDjKAxo/tuHYtk19XCi83QzFhWls5TT+XQeVTMEvVqo9Wek8yoxo67qvLKKqIc= G9g ivQd8MxYNAbNYgSPtkbhZ8TCwFwEEAEIAAYFAlo9UqAACgkQLzyHNoBfjaLzHAgAlWT6NXEGt= w/r 1miKNGcopzvzILQ9oB8rKI9U9EL6tOf/y2V5oYee/GyQDb3ZdoPxxYYcJf+RyiH1nMoqUIZiZ= Jaf 3bJXinDZ5+AdfE++UR2NBvqaNyC6u3r24jo1B/sagKbYtWgsYtRqHLD4IWi37MZrVyjBuF7u1= 4Q0 7+uhjq6mX2O/tHpCYw/Q82tbeTRPyUf1WQOAfD1kfBpW9PvAva5Iw9FWeXpCXRzwxnCZhYfGf= qtu Sw6CPBYLdbikqML6FZ7EDuTBb/8um1wK7Y9bgeIQC+CYjhYB5RXa1tDJRab2Js4luCvSR0w/C= gHw 26293tlve2Q6UTrmHxP5U22DlsLBfQQTAQgAJwUCWj1QMgIbAwUJCZQmAAULCQgHAgYVCAkKC= wIE FgIDAQIeAQIXgAAKCRBasvrxexcr6tJpD/4rrILH+meP07vrx8wW5eYuqCiPGYnh/CXxIF8eL= rfb e5d4QRgtq+w6UeQPMyzKRIRiCoBXB2oJLBZHyxBPxZlg33dTMrEGn8QWKx2iNuz9rZMXyOSWF= etu O01d/aUPd5BnbLbIyK5of8xCQlXM6KH8bc+9gQ7edR9mfLTdvBf2FR522hg8BRBM1imKc3vO8= v39 +qIHHRjuiwxBBCAOhHtHRsZXripS0uFA07dM46Oi/E8osjx6fQt/lH5z/PN+2adxYSrLSAXfr= 1oD 3RxYNhuWgyGFL64/VCQb1YGjf0Z5MBPnWm9jgUoOY5K9eNSS0L83WeJjlF5+Q/WOgB+rb49Pr= m2D Feo9+S9f2V53Llz1WIspXJg6f+n9lmHE94MfQj1GAHCzI0FeL19lvM+LhD8jJSCbhrC3+yoby= y/A UOs5Z3E+njjX1FF/VCVAs6iOa6i+XG+Y1hh3ir2y1kckJ5auT10MSU8GEZu9ayU4M3o3N9yxO= jao P0NuQ4MMLL/n/u4u94AeZaHPNBXn/hVfVRRmpRXtGKvJtFAEppGEYezB+bLKIm6XlpPkhnwYz= leL Z7AMEco2C6QM8QPB3g3JpS3sqRhA5rEP4lL16BmijmF+CHoPE/zwgKZbKpyVDqvIW5IDgvfIC= 2X4 pbZDRvGIUKaGSB4+ksZgUUnNyvfQr2p7jsLBcwQQAQgAHRYhBH4XCgRchM9GDit5oBDvedn9g= 1MS BQJbtySbAAoJEBDvedn9g1MSeKkQAJm44jt1kwHgQgeDBKdjdvl0AjE0xVEQxriZ6lP/l//34= YT0 auFfzsYIrChSpQXAEtobBAr4Ohw1Us+BZe+H5P8vm6LRuPwozC3SjwfX4Iec8+9ot6tIVg4sb= edD Sgb/CCFVjsmIGcQ1P73JLJTBJ6mxYCV/gn3QC6bwDOFo7kD9FDHCjRN8XfhHQ4Q9cYyt06uF3= 1qG /aumgWYC9geCGgAwiHgwxNYb9GoJ0iZjCROwbYvLTcQgsVUW2bTmsVR13UVKDsdl02sRV7qcV= YW6 R0a3Ra8KudX+nt25H5DRGd382KZ5W8pydsy/viTvD9z6v0ulChBYxAedIvGIClrhbxlLEPmIg= 4Im VOLGqsUgVm32J95WOjEkk4PEZ12xSDBtwhSJqmJNboWlfmw43KdIbY8zNhffIO3N6O7FsdGxm= qyH eLoTpqY+ySVUPpbuyW8ujnI/J//+6hdTZ9dQsEJQlWngKuWOQ5ma58MPSN88zllsqhZAFQjNx= qnk SzL6ZQ+v/jvuRRe16B80AeO55DsmbWsMv/YLLD1mSi7+Khy2EtMBhgojWwrGMvdLN6X3mnzNJ= Esc YyLxM9tSk+iySP2sLthK0BVgpAzBSdaf/ezIz60P+neHDzteNFf8Mn7lmgYk1amvZoJ29s5+n= 2Hw xyRL5dVMyMdyQmntubbctfqrZ0tIwsDcBBABCgAGBQJbxcflAAoJEGo7ETk8pK1gnCYMAJY4F= eIY jlIXGghFWzsB4fYwK1+iaFpU3fSto5qcrqVtVPjXpwqczqBWeXGyQxiB0kan4OVAXydIeaP8E= AuF CA7paP3s9STLJBO3KurkwyRkPW5zo0X7xVqaVToRsX2Ul98KVJoHYQD1KdezEtwlvpNwiiBr4= 2AY R751Vm6JBVAbQXuFpB3c8bUV0OkkRxNFtL8/2PieHar58n5dntGkbPlPkztahsFqktgacIgXH= X5v aT+7YeeZ1DWLOYjGO0wNhkOSeroCmxwJUikU7joBp823L7r5KfpqWTPpSCzVstQKZUGmmoE1q= Csw Y/Ud5wvp9SccpIILkRXj0rZRtfnE5MpL3hjmtNzfDd9qIsJtBJlSB2hZwAsVm1l+EWN9hG3tq= yA4 3niUMy2n6q690of3berSiQ+kvY/aC9Hx8I+bKzOV9/J2VUTqfaPZa4Uy2rVX5Q2p69n/PMj7m= Eer 0rCL3j9V16J9c+s0BSkXoKdtYdB0TWVhBgUybd9qtYcwHWvhP80uU3RlcGhlbiBGYXJyZWxsI= Dxz dGVwaGVuQHRvbGVyYW50bmV0d29ya3MuY29tPsLBfQQTAQgAJwUCWj1RWgIbAwUJCZQmAAULC= QgH AgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBasvrxexcr6jscEADEcB0WQEZn2AkrzDs1RhL0Lp6cZ= i0B igofkbcGfdhJyMSs19C0dhvncrAFClVI6/Udw3yFtDyYtOCf2W3M3A1K6/RfEizCLzTsdFIhn= i9g OJLlUpXViQtgrlstjk7hqVV3Ooz4BlCqS4cG7rfqf4LQQPpTAuFUEV9I28FBUB2irqC+v4gTy= sIg pMw0bA1yBU9sX5jE/tRkzqnuzZrkwiobDtRFJ9qp+7O2JtcY4EsVtLAsaodJKc5cF8R4OvB1n= 66v xxcgg9Eh4JNWZ47xsaCmAGo1Bcb2jIY35OtgAL7gCGLRSMKTtAaPy1/fEgIqhCljJ9x40Fkn/= 3r2 BX21WC9HFSPFTBz2RluLRzxdgxOrkYK8EiHUPoE5b1AEzZKw2AbeXfr57f5zYsN3IqfbQLUjM= YtU N1wK3Pjb+idD972wyXMWt8uOzlI7b9Ocu+nYm2whBfJv9Pmp3QYTmPz+LB9lH65VNVUSxSXVr= 5iW XO3qx1HtEiGEqkporMQCTh3T5Ud3PvMSRBFFKNs9WhJ/Lxz+SV30WLwG6dr5mQqlzAhb4Phc/= zek ZyXRdS/oDKrBLUucS36O//49JeyRi1QvOfxnfmIqRIAf/k3PoYJmTo5E82//r5Qj3YGlRu78b= a0H Arxs+ACD6AnEHHcbswpbtVEKYzlSu0Ar0Dc7vRWM/IyQdMLAXAQQAQgABgUCWj1SoAAKCRAvP= Ic2 gF+NosIsB/9f/29FNla3BJfGIEIDnhrqGD0i9bSa89SqBd++uG06TQgW5wsqtNcrwn81yZTq6= XE6 i9VtD4GKfqC0d4KZJr9bnbeD81cI64VOdL8zJWJs0vj5EIXCobKyX74Kb4uePUyZqwT2Q74I1= 16u /HwA9/FXsPo5isbh4ZqD4t0VHpWkmfq1FPT9a/JPyX46qKqB2Fce/7Qy+SQP1NfkuUlbhUH/J= G9a SSYvk3lznNiH41x9M+FDlL106itXOubrl3oi2fT3fsSedq7uzt+IV0DQEeNaoQAUuwEhdB8IW= OMq N2woDjGVKJftfsSWY9ilZrnDBNDrp0vRqcx33LUMkIw4d7iBwsFzBBABCAAdFiEEfhcKBFyEz= 0YO K3mgEO952f2DUxIFAlu3JJwACgkQEO952f2DUxJjuw/6ApHSsVTWD4a0H6FJ23A9Ftpy+aXZ4= vYl zkSrfsn2ECrEfK3lXQh/uzwjJUDYZeB1/BQsFZtcYNQOJSSHbQ49BFRLwb1J/wBZG4bbmrkLx= nNb KDKQvzxEpclkMW0Dj0J6o7kGrmzIGGrhB+JJN99AcineHRug8ZSFIERRCmigxdhAKU0BFD7P+= 5HN HltSL3DF1c2fFOf2JrgBKVoE+9RhMZjWNbYetFFLCkjXb5Rpay9zeMm1DxfSTGAnuOwUXW6qq= 4hn l5+VC/48ceDZElLLfu7RQUZv44pkSTOWZs+iQoJiHMFHk9wPqyB2Vok1yJ2a2j27WhXrJlPwn= Zbg JO5RyWDG3p/eVmpl5Uuc2dsfIpR17KnAuWpghK6V+cyFncDoGCl/YG2MvoolsW08FiZh3Ej4d= nJj j25TZkeFG74JJDXLvMYpJfSBGnmETv4Dhcm2xPqVMuFuL1qJlMbVLrMo2GXeo03OzNyvbs+u8= WLI aGm5hC7N1CXY8wZs4jo6OJ/expvnc07dEuws4zT3AiWv3nIouWReRStZy9QkavDocqbyPmilc= dPC Yk4BsOlzpwwO74hNG7iyl0KdAlwTxGQ7y0rJou6HYa1TmRhIEr3vKvlW+JfUUrqtjXgsuacTX= o4+ Ira2JUErL2cYzQMq1j4r1ZyhFnuz93s7Rsx/Nw0+0YvCwNwEEAEKAAYFAlvFx+UACgkQajsRO= Tyk rWCJqwv+NLVPE4sD4sDA2/6Ek7UsRIUkg+S39fhqWsLc4rtw/mDunv8Un61I3K04fZ2Ry4nF9= hZM 0a710UvXFbStvrzRJO3EAAcdJR9LTCd19e8UeruQbIee3YT91U4NkC9JMpecfq62/teOAU2e5= P3f WYaLs5ZX7zCLwWuBcW2l3SyoljQczM85HhJ3XHm+FnwQ6D9xRle+lvWTcuC9d1yAyUb8IOosp= cL2 lJTmy8e3r79R24hPlSB4LDe0wEN8AXbagrcAQZjwyaHyWxjJbTwZ0b43WGdfIqZ1ElOeoffbk= etP GRmWvx5xUvb2ALFBBdETzV270gs5XDJgJ1SIIKOyDADxwvroTe2jD8C/841eEql5QSow3s/U3= zRq k3mttto8Qw/DN71aeh6dmYSsvd2UjsHw/vofOPRBGxZLEkKTEvMnhmMW9hiKPkPia+QgevYE0= 20q pKSxLEdWA8nprHwxmGiDNesCfXSC6vm1qfyj5g8HzxSckq9ZaMhKMCo7vxflUEDuzsFNBFo9U= DIB EAD6DdHQfMav8OXfhjTteoarOrlJTSdci727xiezGPuBHmpvceBRZgRasdbaMc4HJee+R9+5x= /nL PCuy/DxDyIjwIUeJNgc+l7LjI9WfpHTD8U4xxjvR5Mi7+ToQQUOUNuzT0O0pyuxP1uY3RehHE= hOV fBZO59ipSeZL5iQC6T5MsK1SKfs51pLa5ToC1rc8tBJ4zZmxRAyZiYc/AH2uZ/6rYjTTkAn1D= VI9 DYo2D/zE4bGjXdJW5pKphFB2lX3dG4I7ODi+5e1H6A/QpCu6z8/ZkIQ+9T1xcX/YwiFeA7PbT= uW/ eITbMbI1eV3+fyym9aT7Rsflmp31Zxtr+sZwGGZf00ooMBFmqOS//NUQ/Vf3vDUew1h5QU1yD= aWT 3NApvi+XWPH9TPy6TMfZA2FThHf11sX/gDBa5JWQZbptPEcmoazpiKZt91CrFPOaoXDPck/Q6= 1df mr/oPikfByYnASIM3OwEuXqyQ9JDRfKrem5r+oA/wxWb5jELElAhOpnyqMMvOh7uz1foUssL8= MAv 2TGXmxpVJ8Nu4je6wf96Z22fQ0D38zud+CKH3bMP3ayXXJBcdPoENrzFbWP5FTg/4TTDJ3vOA= HZR 5iCunYghx8b7Ffa4UbkwlD+dh8GiIAtvT51Ac0cO0Wc0Zjc57zPUz1zloMbf+zb1Bsn7DuEQo= qj1 gwARAQABwsFlBBgBCAAPBQJaPVAyAhsMBQkJlCYAAAoJEFqy+vF7FyvqrC8P/1tF6TeR83xD6= Mas qXyrBjwcLmziaF0Mlkj8k/YUiZ/knb53n97xQnh9yxPv0TT8Wpfdn3BmvqGyh8+ouHX9jMOxi= RkM dNhIauVYY/8jmRfBSYWcFkfMzdYasvdLtmYJgx252HKTFdeOrszoOjWjEzwmh+tca3AFMu/nB= ++/ KAmi5UJV7zsZ7uYJ5jm97LV5SLjNJIXXM+lHqCDrjDaDhNczmq1LCRlU6/WDjvkuwaVhZG4lX= xMD rvKnXMkjseQ2oKjwrIdfQM86H1z5J31lfhqop+of0cimcIsBgSCPu+h96LHuAzeRBCbDKeqrf= ZtA ZAGsokRina9947fRWxXHh3O66ILmXKNRxxWbDkPvYnQWUat8SbSTDoPWrDIGDRIAypqYo3pcN= 2OE 0C1chqgDZQxkr+9kYZQpupOAN2TR+fM7JvbO9coKI8Uqog8CopoMeDQkd0YjcqlB1E0svODHT= zcS oRzogDBYDqNLP7qVkNXpcOAXSVioBgiSDf7o5RdS/qmUyXBIeq6I5z8xBcd+BQ/n/9Frkm6K7= IKP 3ngUP4wEoiPx5ZE5+fPIScGmVUcZIMhkvMvem9XXh1yyhqN14gfjmLwPGdWbrgG8QUe0s2WeW= Iys s6uTiyF+ZbJSo2XOKVc3YFMVUUfgyudqAV1wWdZinUk+H3pkqOKoHAy/8fST =3D40Nd -----END PGP PUBLIC KEY BLOCK----- --------------4B07C1D9336C34524B269B86-- --rnX7cvCTBOqHjsG4R2nP2KMzr3zA81SIQ-- --KRJf46tGcWztmYBfb2EamNQFOCxBI5eDK Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature" -----BEGIN PGP SIGNATURE----- wsF5BAABCAAjFiEEW7Wm6ldl0sWGPK4nWrL68XsXK+oFAl+cHfAFAwAAAAAACgkQWrL68XsXK+p8 Xw/9Eb6a2WS5WRflv1ziEvbkWNvjGNEM+ecNlFIgQSCrOHkmUE9jNlHxaIqtcAYw0dk/SM3o5njd aZmXuxS7cWDz4RMI3sCXxQ0wuw0Qd2BhD6Bl3oj61xgLae0Q+w2GYY2ppDseI1Ak9DEKU3zOuxkQ LwDvvB0y98lqFtJEQ+jiGkqdkiiXHRbeAlcE5tX4Onkbz+6/XjRiKAfPIqdq7zuIS8cEWVmUYAfQ wQvYla/ndtv8eZI9BPBRQGTVJpKI6dNb9Lr0VNA3M30wj9jUPmCR+/MvicGyZwej7yZ1Q/Aax/ak aekegfAAObUstuxXXOnvwL3ocOxyH6eySHrDnjqq+DjnLuLcKjgM6+3wEkjaUvGmcboBi2y47Ums NgQ2Ja9amDUyH9KXU8MjkcBbhSL2oR2HpvFIgyi3rq+sXGMts/HLwEmbYG6Yf9F1z/J9T2Ps1YQc oQDtZZIGrOI3puROw9QyiNogBFG08RI3kYhstZbVihjSTvDH1QmyZdkzTeHPQwEwlLiRdwL7uvxL asbwvntvYC5hCaL1aCZwub1Fyzn0a1f1z0v5t5rfYeJQr/XckzJdJczTvJ7OGAOegDuiTA+mg+qK rLI8+u0/WfdeQdJ+x+YZoP4mr4yyTyLM8O9H9ev9PVcV7AfQX7N174XJSP0K/yBkAA452LBRfMJ2 yIE= =9Kjn -----END PGP SIGNATURE----- --KRJf46tGcWztmYBfb2EamNQFOCxBI5eDK-- From nobody Sat Oct 31 13:44:16 2020 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 63CB23A0CB3 for ; Thu, 29 Oct 2020 05:02:12 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.898 X-Spam-Level: X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tNHdBD4Z0FwR for ; Thu, 29 Oct 2020 05:02:11 -0700 (PDT) Received: from mail.cryptobit.ch (cryptobit.ch [188.40.138.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CE2E63A0C94 for ; Thu, 29 Oct 2020 05:02:10 -0700 (PDT) Received: from 127.0.0.1 (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client did not present a certificate) by mail.cryptobit.ch (Postfix) with ESMTPSA id 4CMPFC51Ygz1S4Rf; Thu, 29 Oct 2020 13:02:07 +0100 (CET) Message-ID: <196eb4d4cdd163f3a51be950bac87b4724b61c32.camel@cryptobit.ch> From: Tobias Mueller To: =?ISO-8859-1?Q?=C1ngel?= Cc: openpgp@ietf.org Date: Thu, 29 Oct 2020 13:02:04 +0100 In-Reply-To: References: <87sga5xg03.wl-neal@walfield.org> <20201023192317.GA444398@fullerene.field.pennock-tech.net> <87lffvy6kf.wl-neal@walfield.org> <20201025010343.GA1089002@fullerene.field.pennock-tech.net> Content-Type: text/plain; charset="UTF-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Archived-At: X-Mailman-Approved-At: Sat, 31 Oct 2020 13:44:15 -0700 Subject: Re: [openpgp] Deprecating SHA1 X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Oct 2020 12:02:12 -0000 Hi Ángel, On Wed, 2020-10-28 at 01:14 +0100, Ángel wrote: > I too have thought in the past we should have a "pgplint" tool. Maybe hopenpgp's "lint", i.e. "hokey lint" is such a tool. >From the man page: Available commands: [...] lint check key(s) for 'best practices' Cheers, Tobi From nobody Sat Oct 31 14:16:17 2020 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 98AFD3A0ECB; Sat, 31 Oct 2020 14:16:09 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.306 X-Spam-Level: X-Spam-Status: No, score=-1.306 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RDNS_NONE=0.793, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=fifthhorseman.net header.b=dCgO3IRE; dkim=pass (2048-bit key) header.d=fifthhorseman.net header.b=qGN+pbRe Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PDVBx1BbY902; Sat, 31 Oct 2020 14:16:07 -0700 (PDT) Received: from che.mayfirst.org (unknown [162.247.75.117]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 27D5C3A0EC7; Sat, 31 Oct 2020 14:16:06 -0700 (PDT) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019; t=1604178965; h=from : to : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=NkSmLbJMqGI/9W95A8/5pLdXxk7Ytv9zP6PfBLmphMQ=; b=dCgO3IREE42xVDxIY0Jo3SOy8AvjbQjlJAhgVqkdLQ/ptXHnoUgvvX62S5/gMB4Dy71Vx jTBm5i54idUSq8gDQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019rsa; t=1604178965; h=from : to : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=NkSmLbJMqGI/9W95A8/5pLdXxk7Ytv9zP6PfBLmphMQ=; b=qGN+pbReqnJJXTdfzOZmiHs4g9lDl+nfwjBxYMGnpoK+nagrybiLNlO7SneEnrJmWYq8u +VK7MZ8QYji+tbJXVulEsj6n28AJ5WDES73VYwhmKmqty6KFn5PWkfeNPzlo1CrkPEobuwi ysnokhbfYh0wMAk3pziRfN9IxIWg5XpDWvvQMZrzrZcJjFaAylJT9uxEP2HgvyJajv9CW19 VzMgoYgZ9MfD6NP85K/6amCKMe3ZyuE1p9ibc21iSMVB/Ye6HaOcTnOhFWl3QHBJXtUns2b xw+O8RZdM3Asrr+cs6lTEgm5CRPkXrNoW6Hf6iIn7GDaxE5nkwq0NsmRz0+w== Received: from fifthhorseman.net (unknown [108.58.6.98]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id C9B28F9A5; Sat, 31 Oct 2020 17:16:05 -0400 (EDT) Received: by fifthhorseman.net (Postfix, from userid 1000) id AF56E206AD; Sat, 31 Oct 2020 16:19:57 -0400 (EDT) From: Daniel Kahn Gillmor To: spasm@ietf.org, openpgp@ietf.org In-Reply-To: <160416804489.2019.4098533865860400253@ietfa.amsl.com> References: <160416804489.2019.4098533865860400253@ietfa.amsl.com> Autocrypt: addr=dkg@fifthhorseman.net; prefer-encrypt=mutual; keydata= mDMEXEK/AhYJKwYBBAHaRw8BAQdAr/gSROcn+6m8ijTN0DV9AahoHGafy52RRkhCZVwxhEe0K0Rh bmllbCBLYWhuIEdpbGxtb3IgPGRrZ0BmaWZ0aGhvcnNlbWFuLm5ldD6ImQQTFggAQQIbAQULCQgH AgYVCgkICwIEFgIDAQIeAQIXgAIZARYhBMS8Lds4zOlkhevpwvIGkReQOOXGBQJd5Hw3BQkFpJWB AAoJEPIGkReQOOXGDYEA/j0ERjPxDleKMZ2LDcWc/3o5cLFwAVzBKQHppu0Be5IWAP0aeTnyEqlp RTE7M8zugwkhYeUYfYu0BjecDUMnYz6iDLgzBF3kewUWCSsGAQQB2kcPAQEHQK1IuW0GZmcrs2mx CYMl8IHse0tMF8cP7eBNXevrlx2ZiPUEGBYIACYCGwIWIQTEvC3bOMzpZIXr6cLyBpEXkDjlxgUC XeR7TwUJAiGl/gCBdiAEGRYIAB0WIQQsv6x2UaqQJzY+dXHEDyVUMvKBDwUCXeR7BQAKCRDEDyVU MvKBD7KmAQCHs+7588C4jto6fMje0Nu97zzoppjJM7lrGF2rVnbHvwD+MgmGUbHzPSUrTWnZBQDi /QM595bxNrBA4N1CiXhs2AMJEPIGkReQOOXGpp0BAM7YeBnt/UNvxJAGm4DidSfHU7RDMWe6Tgux HrH21cDkAQC9leNFXJsQ7F2ZniRPHa8CkictcQEKPL8VCWpfe8LbArg4BF3ke5wSCisGAQQBl1UB BQEBB0Cf+EiAXtntQMf51xpqb6uZ5O0eCLAZtkg0SXHjA1JlEwMBCAeIfgQYFggAJhYhBMS8Lds4 zOlkhevpwvIGkReQOOXGBQJd5HucAhsMBQkCIaVkAAoJEPIGkReQOOXGdYcBANYnW7VyL2CncKH1 iO4Zr0IwfdIv6rai1PUHL98pVi3cAP9tMh85CKGDa0Xi/fptQH41meollLW5tLb/bEWMuUNuBQ== Date: Sat, 31 Oct 2020 16:19:56 -0400 Message-ID: <87wnz6jggj.fsf@fifthhorseman.net> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" Archived-At: Subject: Re: [openpgp] New Version Notification for draft-dkg-lamps-e2e-mail-guidance-00.txt X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 31 Oct 2020 21:16:10 -0000 --=-=-= Content-Type: text/plain Hi LAMPS and OpenPGP folks-- In the hopes of providing a useful space for discussion of effective implementation of end-to-end crypto for e-mail clients, i've just published the draft identified below. > https://datatracker.ietf.org/doc/draft-dkg-lamps-e2e-mail-guidance/ > https://www.ietf.org/archive/id/draft-dkg-lamps-e2e-mail-guidance-00.html > > Abstract: > End-to-end cryptographic protections for e-mail messages can provide > useful security. However, the standards for providing cryptographic > protection are extremely flexible. That flexibility can trap users > and cause surprising failures. This document offers guidance for > mail user agent implementers that need to compose or interpret e-mail > messages with end-to-end cryptographic protection. It provides a > useful set of vocabulary as well as suggestions to avoid common > failures. This is implementation guidance -- it covers some protocol structures but doesn't introduce any novel protocol elements. Rather, it gives pointers that explain common problems, subtleties and nuances that a MUA implementer might not understand about encrypted mail. You might think of it as a response to some of the problems that came up a few years ago in "EFAIL" (https://efail.de). The draft formalizes a few useful notions. In particular it documents "Cryptographic Envelope" and "Cryptographic Payload" as concepts that hopefully winnow down the space of infinite MIME recursion into usable, sensible structures for e-mail. I've pulled these definitions out of draft-autocrypt-lamps-protected-headers because they apply whether headers are protected or not. (I'll get to the protected headers in a separate conversation) I'm hoping to discuss this draft on the LAMPS mailing list (spasm@ietf.org) because of the coverage there of S/MIME and cryptographic e-mail more generally. But the principles are identical for PGP/MIME, so the draft covers PGP/MIME as well. Both standards exist and are in use, so cryptographic MUAs need to realistically grapple with that situation. I hope that developers who care about only one camp can see the moral equivalence of the two schemes and try to share tips that apply generally to cryptographic MUAs. If you're an implementer of a cryptographic MUA (or want to be), i hope you'll read the draft, offer commentary and share your insights. I welcome interested co-authors as well. The draft is written in pretty simple markdown, and for minor edits i welcome merge requests and bug reports at: https://gitlab.com/dkg/e2e-mail-guidance Any MRs or bug reports on gitlab for more substantive changes are welcome as well, but i encourage bigger conversations to target the LAMPS mailing list, and i'll use the issue/MR tracker on gitlab to track the mailing list discussion. If there's room in the upcoming LAMPS meeting at IETF 109 to discuss this, i'd be happy to lead a discussion for 5-10 minutes, but discussion on the mailing list is more important. Regards, --dkg On Sat 2020-10-31 11:14:04 -0700, internet-drafts@ietf.org wrote: > A new version of I-D, draft-dkg-lamps-e2e-mail-guidance-00.txt > has been successfully submitted by Daniel Kahn Gillmor and posted to the > IETF repository. > > Name: draft-dkg-lamps-e2e-mail-guidance > Revision: 00 > Title: Guidance on End-to-End E-mail Security > Document date: 2020-10-31 > Group: Individual Submission > Pages: 19 > URL: https://www.ietf.org/archive/id/draft-dkg-lamps-e2e-mail-guidance-00.txt > Status: https://datatracker.ietf.org/doc/draft-dkg-lamps-e2e-mail-guidance/ --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQQsv6x2UaqQJzY+dXHEDyVUMvKBDwUCX53G7QAKCRDEDyVUMvKB D0x8APwJ1d7fIvZgtqjtQxtmInyWlgc0bf+lZIKYpA7j6C45WgEA1HDyB1dF3e+y Z/aq3QV9a+J2lyIXdHR2R/bGAqpuDgk= =KJ7R -----END PGP SIGNATURE----- --=-=-=--