On 2021-01-10 at 09:08 -0500, Daniel Kahn Gillmor wrote:
Given our charter, i'm not convinced that any of this (including my
merge request, mentioned above) is in scope for the intended
cryptographic refresh of RFC 4880, so i dont think it belongs
ultimately in rfc4880bis.
Adding a new subpacket filter format is clearly out of scope of the
current charter. Let's call it "rfc4880tris material". :-)
Maybe, if rechartered before the publication, some low-hanging changes
completely uncontroversial might be included in the document. We could
all be shouting each other much earlier as that, as well. Or only very
difficultly reaching a consensus for rfc 4880 bis. It's too early in
the process. ¯\_(ツ)_/¯
However, I do think the User ID clarifications would be in scope, as
"addressing issues that have been identified by the
community since the working group was originally closed."
Not that your merge request really changes existing convention. It only
documents it. In fact, I think it should additionally state that user
"SHOULD NOT be larger than XYZ", or at least warn about the attacks
with a note that an implementation "MAY choose to implement a maximum
Usuer ID size" (or even packet size, basically [1])
Best regards
Ángel
1-
https://tools.ietf.org/html/draft-dkg-openpgp-abuse-resistant-keystore-04#section-4.1
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp