On 2021-03-25 at 08:38 -0400, Daniel Kahn Gillmor wrote:
On Thu 2021-03-25 02:20:16 +0100, Ángel wrote:
This issue also affected the security considerations section. I made a
follow-up at https://gitlab.com/dkg/rfc4880bis/-/merge_requests/1
Looks like you've done a merge request against my personal repo, rather
than putting it in the openpgp-wg repo where everyone else will be able
to see it -- i recommend making this MR against
https://gitlab.com/openpgp-wg/rfc4880bis instead so that it gets public
visibility, and the merge requests aren't scattered. I'm attaching the
proposed patch below so that people following the list can see it.
Hi Daniel
Yep. I wanted it to appear on top of merge_requests/41 but did not find
how to do that. Happy to learn how to do that.
Now that Paul has merged your branch, I have rebased it and opened a
direct MR against the main repository:
https://gitlab.com/openpgp-wg/rfc4880bis/-/merge_requests/44
I tried to keep what was salvable but ended up leaving just three lines
from rfc6637.
I'm not convinced that these specific security considerations are
invalid given that the compatibility profiles section is gone. For
example, do we believe it to be untrue that:
Compliant applications SHOULD implement, advertise through key
preferences, and use the strongest algorithms specified in this
document.
I think that looks correct, and I see no reason to cut it just because
we've dropped the Compatibility Profiles section.
I considered it. That (and folllowing) paragraphs look mostly fine. The
problem there is the part about "use the strongest algorithms specified
in this document". On 6637 that refers to the algorithm strength it is
defining (i.e. the previous paragraphs that get removed). I considered
whether it could be amended. That could end up as "use the strongest
algorithms as defined by local policy", "as defined by the implementer"
or some similarly vague description which wasn't really satisfactory.
Also note that "specified in this document" changes meanings when put
in 4880-refresh than in 6637 which was just about ECC.
I like some of the points it discusses, such as the order issue with
multiple recipients, but it still revolves around strength ("the
stronger encryption algorithm", "the weakest algorithm"...) which is no
longer defined.
I think we're better clearing it and seeing what is importable. I may
have missed some sentence, but I doubt you could keep most of it as
such.*
We MAY want to provide a more complete table than was in 6637
(preferably as a new section, not embedded in Security), in which case
we could more easily reimport some bigger chunk.
That is worth its own discussion, though. I'm not convinced at this
point that 4880-refresh should explicitly state the relative strength
of each algorithm.
(*) A phrase that got removed but should be recovered is «MDC MUST be
used when a symmetric encryption key is protected by ECDH.». I pondered
where to move it, but I concluded that should better go at its own
changeset stating that new algorithms cannot be used without MDC i.e.
they cannot be used with the "Symmetrically Encrypted Data Packet"
(still somewhat redundant, as that one MUST NOT be created).
Additionally, the phrase "A compliant application MUST only use
iterated and salted S2K"... is also mostly fine, but I had already
covered a proposal for that one in the previous
https://gitlab.com/openpgp-wg/rfc4880bis/-/merge_requests/42
If you find other phrases being removed that you think should have been
kept, I would be happy discuss them in more detail. But for now, and
after carefully reviewing the change itself, I stand by the proposal I
did.
Best regards
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp