ietf-openpgp
[Top] [All Lists]

[openpgp] WG Review: Open Specification for Pretty Good Privacy (openpgp)

2020-11-26 17:47:59
A new IETF WG has been proposed in the Security Area. The IESG has not made
any determination yet. The following draft charter was submitted, and is
provided for informational purposes only. Please send your comments to the
IESG mailing list (iesg(_at_)ietf(_dot_)org) by 2020-12-06.

Open Specification for Pretty Good Privacy (openpgp)
-----------------------------------------------------------------------
Current status: Proposed WG

Chairs:
  Stephen Farrell <stephen(_dot_)farrell(_at_)cs(_dot_)tcd(_dot_)ie>
  Daniel Gillmor <dkg(_at_)fifthhorseman(_dot_)net>

Assigned Area Director:
  Benjamin Kaduk <kaduk(_at_)mit(_dot_)edu>

Security Area Directors:
  Benjamin Kaduk <kaduk(_at_)mit(_dot_)edu>
  Roman Danyliw <rdd(_at_)cert(_dot_)org>

Mailing list:
  Address: openpgp(_at_)ietf(_dot_)org
  To subscribe: https://www.ietf.org/mailman/listinfo/openpgp
  Archive: https://mailarchive.ietf.org/arch/browse/openpgp/

Group page: https://datatracker.ietf.org/group/openpgp/

Charter: https://datatracker.ietf.org/doc/charter-ietf-openpgp/

OpenPGP is an Internet standard that covers object encryption, object
signing, and identity certification. These were defined by the first
incarnation of the OpenPGP working group.

The following is an excerpt from the charter of the original incarnation
of the openpgp working group

The goal of the OpenPGP working group is to provide IETF
standards for the algorithms and formats of PGP processed
objects as well as providing the MIME framework for exchanging
them via e-mail or other transport protocols.

The working group concluded this work and was closed in March of 2008.
In the intervening period, there has been a rough consensus reached that
the RFC that defined the IETF openpgp standard, RFC4880, is in need of
revision.

This incarnation of the working group is chartered to primarily produce
a revision of RFC4880 to address issues that have been identified by the
community since the working group was originally closed.

These revisions will include, but are not necessarily limited to:

- Inclusion of elliptic curves recommended by the Crypto Forum
Research Group (CFRG) (see note below)

- A symmetric encryption mechanism that offers modern message integrity
protection (e.g. AEAD)

- Revision of mandatory-to-implement algorithm selection and deprecation
of weak algorithms

- An updated public-key fingerprint mechanism

The Working Group will perform the following work:

- Revise RFC4880.  The intent is to start from the current rfc4880bis draft.

- Other work related to OpenPGP may be entertained by the working group
as long as it does not interfere with the completion of the RFC4880
revision. As the revision of RFC4880 is the primary goal of the working
group, other work may be undertaken, so long as:

1. The work will not unduly delay the closure of the working group after
the revision is finished (unless the working group is rechartered).

2. The work has widespread support in the working group.

These additional work items may only be added with approval from the
responsible Area Director who may additionally require re-chartering
for certain work items, as needed.

Inclusion of CFRG Curves
-----------------------------

The Working Group will consider CFRG curves as possible Mandatory to
Implement (MTI) algorithms.

Working Group Process
--------------------------

The working group will endeavor to complete most if not all of its work
online on the working group's mailing list. We expect that the
requirement for face-to-face sessions at IETF meetings to be minimal.

For the revision of RFC 4880, all changes from RFC 4880, and for other
work items, all content, require both consensus on the mailing list and
the demonstration of interoperable support by at least two independent
implementations, before being submitted to the IESG.

Furthermore, the working group will adopt no I-D's as working group
items unless there is a review by at least two un-interested parties of
the I-D as part of the adoption process.

Milestones:

  Jun 2021 - submit RFC 4880 revision to the IESG



_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp