Re: [openpgp] [internet-drafts(_at_)ietf(_dot_)org] New Version Notifica

Hi Neal,

On Wed, September 2, 2020 4:05 pm, Neal H. Walfield wrote:
> Hi Derek,
>
> On Wed, 02 Sep 2020 20:59:34 +0200,
> Derek Atkins wrote:
> > Having said that, there was certainly discussion about the "revert to
> > 4880
> > requirement for a user id packet" change.  I don't recall the other
> > topic.
> As of draft 9 (published 9 March 2020) the User ID packet was still
> optional.
> In draft 10 (published 31 August 2020) that change was reverted.
>
>   https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-09#section-11.1
>   https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-10#section-11.1
>
> It was reverted specifically by this commit:
>
>   Revert to the RFC4880 requirement of having a User ID.
>
>   With the below referenced patch Derek Atkins integrated his
>   "Device-Certificate Draft" to allow the use of a stripped down OpenPGP
>   key by space constrained devices.  The draft was never meant as a
>   general lifting of requirements which were intentionally introduced
>   when formalizing the old PGP 2 formats as OpenPGP.  This patch
>   clarifies this.
>
>   
> https://gitlab.com/openpgp-wg/rfc4880bis/-/commit/6fd718d39fc8db20e4731350899db1b7c48c721e
>
> which was made on 12 March 2020.
>
> Between January 25, 2020 and March 12, 2020, there was one mail to
> this mailing list, which was a message from DKG about the stateless
> openpgp cli.  I reviewed the archives from the past year, but I
> couldn't find this discussed.  Did I miss something?
>
>   https://mailarchive.ietf.org/arch/browse/openpgp/?
There is a thread that started by Justus Winter on February 20, 2019,
Subject "User ID Attribute Subpacket", which began the conversation to
revert back to the RFC4880 definitions.  The thread kind of ended on March
8, 2019, but no changes were made to the draft at that time.  Search the
archive for "attribute" to easily find the thread.

My guess is that Werner took his time to update the spec based on the
conversations.

> FWIW, my position and, as I understand it, Justus' and Vincent's is
> that User IDs ought to be optional.  In fact, Hagrid is built around
> that assumption, and Sequoia explicitly supports it.
That was not the conversation that was had, and Vincent was not involved
in the thread at all.  But then again re-reading this thread it was about
why have User-Id Attribute Subpacket in addition to the UserID packet.. 
It wasn't specifically about reverting the change to make UserIDs
optional.

> Thanks,
>
> Neal
-derek

-- 
       Derek Atkins                 617-623-3745
       derek(_at_)ihtfp(_dot_)com             www.ihtfp.com
       Computer and Internet Security Consultant

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp