Thanks to everyone who joined the OpenPGP Working Group last week at
IETF 110. We had a packed agenda, with not a lot of time for extra
discussion. Below is the report i sent to the SAAG list:
----
We discussed attacks against secret key material that are facilitated by
corruption of the associated public keys. This is research work by
Bruseghini, Paterson, and Huigens.
We also had a presentation of the OpenPGP Interoperability Test Suite by
Winter, identifying places where interoperability is solid, and places
where more guidance is likely to be needed. See
https://tests.sequoia-pgp.org/ for more detail from this ongoing
project.
Finally, Niibe presented some of the historical warts of ECC wire
representation within OpenPGP, and proposed an argument for a
normalization of ECC representation for future curves, including CFRG's
"heavy-duty" curve Curve448.
----
The minutes for the 110 meeting can be found at
https://datatracker.ietf.org/doc/minutes-110-openpgp/ and are reproduced
here as well (thanks to Yoav Nir for taking the minutes).
The XMPP room openpgp(_at_)jabber(_dot_)ietf(_dot_)org was logged during the
meeting
here:
https://www.ietf.org/jabber/logs/openpgp(_at_)jabber(_dot_)ietf(_dot_)org/2021-03-11.html
---------------
## OpenPGP Session @ IETF 110
2021-03-11 14:30:00 to 15:30:00 UTC
Stephen Farrell and DKG chairing.
Note Well was projected.
No agenda bashing. Will go over github issues (with Paul W) if time permits.
DKG went over the process for rfc4880bis. Using gitlab.
Stephen: Looking to do that (work on the crypto refresh draft) in interim
meetings. Not open for new ideas at this time.
----
## Lara Bruseghini presenting Key Extraction Attacks through Encrypted Private
Key Corruption Stephen Farrell: When will we see the results? Lara: Don't know
yet. Kirsty Paine: Did you report the vulnerabilities (found in two apps) Lara:
Yes. We contacted them. They've been fixed a few months ago. Kenny Paterson: We
did responsible disclosure. All libraries we found were patched.
----
## Justus Winter on A Common OpenPGP Interoperability Test Suite
DKG (no relation to the dkgpg library): Thanks for the presentation and the
work. ### No other questions
----
## NIIBE Yutaka on SOS (Simple Octet String)
### [representing new ECC in OpenPGP]
PHB: Can also use a random seed + a per-algorithms key generation mechanism. If
we adopted that, you push the onus of tagging and bagging on the algorithm
creators. DKG: That has serious interop / legacy issues with deployed clients.
PHB: Yes, but this solution is good for the next set of curves.
----
## Open Issues (with the draft)
Paul Wouters: pulling in a lot of issues. 3DES is still a MUST because we
didn't get to this section yet. Presenting the parts in small chunks to the WG.
Re-confirmed the consensus on the items. DKG: Can follow up now or on the list.
Paul W: If we have a new way for new curves, should discuss it soon, because
we're going to do that part soon. Stephen Farrell: Think we want 1 or 2
interims between now and 111. Willl do Doodle polls on the list.
DKG: Hoping to get more people to give feedback on the list.
Stephen Farrell: Good night.
### Session ended
-------------------
Regards,
--dkg
signature.asc
Description: PGP signature
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp