OpenPGP - 45th IETF
14-July-1999
John Noerenberg opened the meeting at 9:05 AM. Started attendance list, etc.
Agenda:
Agenda Bashing
Key Server Synchronization protocols
RFC2440 Revisions
Advance to Draft, Collect $200
RFC2015 Revisions
Summary
Agenda Bashing
Key Server Synchronization protocols
2 Proposals
Bill Geiger - Hash table exchange
Marcel Waldvogel - Push-pull flooding
Marcel Waldvogel thesis:
<http://www.tik.ee.ethz.ch/tik/education/sadas/SASS1998-33/thesis.ps.gz>
Bill Geiger: proposal introduction published in
<http://www.imc.org/ietf-open-pgp/mail-archive/>
in a messaged dated: Fri, 18 Jun 1999 09:43:36 -0500
JN: Key Server sync protocols are important. However, they are not
in our charter. We need to decide whether to change the charter or
create a new WG.
JN recommended WG report to SAAG that a new working group should be explored
for Key Server Synchronization protocols. After some discussion,
there were no
objections to this recommendation.
RFC2440 Revisions
JC: Need to decide what should be done to 2440 to get it ready for draft.
Discussed some of the below.
V5 Signatures
Need to have larger signatures to accommodate the equivalent of
certificates. Possible solution is to add up a 4 byte length. Only
reason to hold off is to think about if anything else needs to
change other than the length field format.
[ Side conversation about closing off the group and leaving the
fixes to a future group. JN: OpenPGP will exist until 2440 goes to
Draft so we can go and fix this. In the interest of going to draft,
the changes should be short at this time. MDC is clearly the most
important.]
MDC Data packet - Need a way to detect packet damage. Currently, a
packet may be maliciously damaged by re-arranging blocks. Easiest
way to fix this is to append a hash, preferably sha-1.
Encryption Mode Normalization
Features subpackets - This will provide a way for different PGPs to
know what each other supports and what they do not.
Gestalt for non-mandatory features
Large Block ciphers clarifications
Suggestions?
Advance to Draft, Collect $200
6 months have passed
Requirements
2 implementations
No IPR problems
6 months of experience
JN: We have the experience but we do not have the interoperability
fully checked. Suggest: Enumerating all the musts and publishing a
document so implementors can easily see requirements for
compliance. Finally, we can get implementors into a room for
testing.
Implementors' survey & results are at:
noc.rutgers.edu/~mione/ietf/ietfopgp.html
IMC (Internet Mail Consortium) maintains the OpenPGP
<http://www.imc.org/ietf-open-pgp/mail-archive/>mailing list archive.
To subscribe and unsubscribe:
List-subscribe:
<mailto:ietf-open-pgp-request(_at_)imc(_dot_)org?body=subscribe>
List-Unsubscribe:
<mailto:ietf-open-pgp-request(_at_)imc(_dot_)org?body=unsubscribe>
RFC2015 Revisions
Dave Del Torto
1 outstanding item: 'Openpgp signed data'. 2 variations were
presented.
Variation 1 is from Tom Rossler. Variation 2 is the original
written by Dave Del Torto. The main difference is that variation
1 leaves out md5 as a required hash for the MICALG.
The consensus seemed to be we should remove MUST for md5 hash in
the MICALG.
Discussion of parallel signatures. This is a way of dividing a
message into multiparts and sign each individually. Allows you to
verify signatures independently. (This text is in section 8 of the
new draft to be submitted today.)
The aim at this time is that parallel signatures will be OPTIONAL
in the revision to 2015.
Summary
Misc question from audience. Will feature packets be a MUST
implement. JC: No.
Action items
Jon Callas - New draft to replace 2440.
Tony Mione - enumerate MUSTs in 2440.
Dave, Thomas, Mike - New draft of 2015.
WG as a whole - WG last call on Son of 2440.
Son of 2015.
before Nov.
Tony tentatively volunteered to write a charter and call a bof
for the PGP keysync work.
John closed the meeting at 9:55 AM.
Minutes submitted by Tony Mione
john noerenberg
jwn2(_at_)qualcomm(_dot_)com
----------------------------------------------------------------------
The man that can most truly be accounted brave is he who best
knows the meaning of what is sweet in life and what is terrible,
and then goes out undeterred to meet what is to come.
-- Pericles, "Funeral Oration", 479 B.C.
----------------------------------------------------------------------