2.6.1 An Open Specification for Pretty Good Privacy (openpgp)

NOTE: This charter is a snapshot of the 41st IETF Meeting in Los Angeles, California. It may now be out-of-date. Last Modified: 18-Mar-98


John Noerenberg <jwn2@qualcomm.com>

Security Area Director(s):

Jeffrey Schiller <jis@mit.edu>

Security Area Advisor:

Jeffrey Schiller <jis@mit.edu>

Mailing Lists:

General Discussion:ietf-open-pgp@imc.org
To Subscribe: ietf-open-pgp-request@imc.org
In Body: Only the word subscribe
Archive: http://www.imc.org/ietf-open-pgp/mail-archive/

Description of Working Group:

PGP, or Pretty Good Privacy, first appeared on the Internet in 1991. It has enjoyed significant popularity amongst the Internet Community.

PGP is used both for protecting E-mail and File Storage. It presents a way to digitally sign and encrypt information "objects." As such it is well suited for any store and forward application.

The goal of the OpenPGP working group is to provide IETF standards for the algorithms and formats of PGP processed objects as well as providing the MIME framework for exchanging them via e-mail or other transport protocols.

Because there is a significant installed base of PGP users, the working group will consider compatibility issues to avoid disenfranchising the existing community of PGP users.

Security Issues:

The whole purpose of Open-PGP is to provide security services.

Goals and Milestones:



Submit Internet-Draft for PGP Key Format & Message Specification

Dec 97


Submit Internet Draft for MIME encapsulation of PGP Messages Specification

Mar 98


Issue WG Last Call for PGP Key Format & Message Specification Internet-Draft documents

May 98


Submit PGP Key Format & Message Specification Internet-Draft to IESG for consideration as a Proposed Standard.


No Request For Comments

Current Meeting Report

Minutes of the Open Specification for Pretty Good Privacy (openpgp) Working Group

John Noerenberg spoke introductory remarks. It was proposed that a Trust Model document be produced, and there was some discussion about what a "trust model document" would contain, whether or not it documents the PGP Web Of Trust or whether it documents the interactions between Open PGP, PKIX, and SPKI. It was discussed that the formats and the trust process can be decoupled.

Implementation news: there is another PGP 5 implementation, see http://www.cryptography.org in the libraries directory. Note the survey is at http://www-ns.rutgers.edu/~mione/openpgp.

PGP/Mime: Dave Del Torto and x presented that they are working on the PGP/Mime drafts, it was proposed and there was some discussion that this document should not discuss the encryption algorithms. It was concluded that this should be discussed on the mailing list.

PGP Format Draft: Jon Callas presented the current draft. There was discussion about whether or not we should be adding things to the draft. There was discussion about whether or not there should be a four byte packet length field, and where it should be used. It was pointed out that ANSI X9.42 has been notified that there may be patented technology involving certain Diffie Hellman/El Gamal techniques. The AD advised us to sit tight.

The WG discussed how to insure greater interaction with PKIX and SPKI. Carl Ellison from SPKI pointed out he is already taking account of PGP in the current SPKI reference implementation. Paul Hoffman noted, "There are a huge number of PKIX documents, one more wouldn't hurt". Currently, there are no PKIX documents specifically devoted to interoperation between PKIX and PGP.

The meeting concluded with a presentation on a expanded specification of PGP to be known as PGP 6.6.6. In addition to the Web of Trust, it introduced the new concept, the Web of Contempt. Of course, this was, after all, April 1st.
Anyone who breathes the spirit of American roots and values knows instinctively that censorship is the feeble response of an insecure, beleaguered society.
-- Russell Sherman, "Piano Pieces," 1997


None Received

Attendees List

go to list