[Top] [All Lists]

Re: [openpgp] I-D Action: draft-ietf-openpgp-crypto-refresh-04.txt

2021-10-20 16:27:19
Hi folks--

On Mon 2021-10-18 14:19:13 -0700, internet-drafts(_at_)ietf(_dot_)org wrote:
A New Internet-Draft is available from the on-line Internet-Drafts 
This draft is a work item of the Open Specification for Pretty Good Privacy 
WG of the IETF.

   Title           : OpenPGP Message Format
   Authors         : Werner Koch
                         Paul Wouters
   Filename        : draft-ietf-openpgp-crypto-refresh-04.txt
   Pages           : 136
   Date            : 2021-10-18

As you can see, the design team has pushed out the latest version of the
crypto refresh draft.

This incorporates variations on several of the features that were in the
older draft-ietf-openpgp-rfc4880bis-draft-10, and some new features
that haven't been incorporated in a previous draft:

Feature inclusions:

 - AEAD packets are now defined (they differ from the older draft-10 in
   a few subtle ways, most notably that the chunk size is more tightly
   constrained, and that what was called the "nonce" is now explicitly
   the IV)

 - AEAD protection of secret key material (note that public key material
   is now included in the encrypted form as additional data)

 - Intended Recipients Subpacket (allows a defense against signature
   replay in redirected encrypted messages)

 - SKESKv5 (works only with AEAD)

 - Argon2 as S2K

 - Curve448: X448 for ECDH, Ed448 for signing


 - forbid creation of weaker S2K types, except when string is known to
   be high-entropy.

 - more strongly deprecate non-integrity-protected symmetric encryption

 - drop (reserve) bit 0x04 from Features packet ("v5 keys"), due to not
   being actionable and potentially causing interop issues.


 - Corrections to the OpenPGP message grammar
 - Corrections to OpenPGP certificate structure
 - Algorithm-specific details are now presented in tabular form, for
   public keys and for specific elliptic curve choices

The design team is meeting regularly, and making good progress in
collaboration.  We hope the larger WG will review the latest draft that
the DT has produced!

You can see (and contribute to) outstanding issues and merge requests at if you're interested.

The design team has several issues in active discussion that did not
make it into draft-04, but will likely to come up soon:

 - Mandatory-to-implement choices (aka "MTI"): see recent summaries of
   design-team meetings on the openpgp-dt mailing list:

 - v5 signatures: see active discussion at

 - v5 keys: see different possible proposed changes at and

I'm hoping that after the next revision, we can start talking about what
"done" looks like ☺ -- we already have some interoperable tests
happening, which is a good sign.

Note, we also have an upcoming meeting at IETF 112, tentatively
scheduled for Wednesday, 10 November 2021, in Session I.

Happy Hacking,


Attachment: signature.asc
Description: PGP signature

openpgp mailing list
<Prev in Thread] Current Thread [Next in Thread>