2.6.1 An Open Specification for Pretty Good Privacy (openpgp)

NOTE: This charter is a snapshot of the 45th IETF Meeting in Oslo, Norway. It may now be out-of-date. Last Modified: 21-Apr-99


John Noerenberg <jwn2@qualcomm.com>

Security Area Director(s):

Jeffrey Schiller <jis@mit.edu>
Marcus Leech <mleech@nortel.ca>

Security Area Advisor:

Jeffrey Schiller <jis@mit.edu>

Mailing Lists:

General Discussion:ietf-open-pgp@imc.org
To Subscribe: ietf-open-pgp-request@imc.org
In Body: Only the word subscribe
Archive: http://www.imc.org/ietf-open-pgp/mail-archive/

Description of Working Group:

PGP, or Pretty Good Privacy, first appeared on the Internet in 1991. It has enjoyed significant popularity amongst the Internet Community.

PGP is used both for protecting E-mail and File Storage. It presents a way to digitally sign and encrypt information "objects." As such it is well suited for any store and forward application.

The goal of the OpenPGP working group is to provide IETF standards for the algorithms and formats of PGP processed objects as well as providing the MIME framework for exchanging them via e-mail or other transport protocols.

Because there is a significant installed base of PGP users, the working group will consider compatibilty issues to avoid disenfranchising the existing community of PGP users.

Security Issues:

The whole purpose of Open-PGP is to provide security services.

Goals and Milestones:



Submit Internet-Draft for PGP Key Format & Message Specification

Dec 97


Submit Internet Draft for MIME encapsulation of PGP Messages Specification

Mar 98


Issue WG Last Call for PGP Key Format & Message Specification Internet-Draft documents

May 98


Submit PGP Key Format & Message Specification Internet-Draft to IESG for consideration as a Proposed Standard.

No Current Internet-Drafts
Request For Comments:







OpenPGP Message Format

Current Meeting Report

OpenPGP - 45th IETF

John Noerenberg opened the meeting at 9:05 AM. Started attendance list, etc.


Agenda Bashing

Key Server Synchronization protocols

2 Proposals

Bill Geiger - Hash table exchange
Marcel Waldvogel - Push-pull flooding

Marcel Waldvogel thesis: http://www.tik.ee.ethz.ch/tik/education/sadas/SASS1998-33/thesis.ps.gz

Bill Geiger: proposal introduction published in <http://www.imc.org/ietf-open-pgp/mail-archive/> in a messaged dated: Fri, 18 Jun 1999 09:43:36 -0500

JN: Key Server sync protocols are important. However, they are not in our charter. We need to decide whether to change the charter or create a new WG.

JN recommended WG report to SAAG that a new working group should be explored for Key Server Synchronization protocols. After some discussion, there were no objections to this recommendation.

RFC2440 Revisions

JC: Need to decide what should be done to 2440 to get it ready for draft.

Discussed some of the below.

V5 Signatures

Need to have larger signatures to accommodate the equivalent of certificates. Possible solution is to add up a 4 byte length. Only reason to hold off is to think about if anything else needs to change other than the length field format.

[ Side conversation about closing off the group and leaving the fixes to a future group. JN: OpenPGP will exist until 2440 goes to Draft so we can go and fix this. In the interest of going to draft, the changes should be short at this time. MDC is clearly the most important.]

MDC Data packet - Need a way to detect packet damage. Currently, a packet may be maliciously damaged by re-arranging blocks. Easiest way to fix this is to append a hash, preferably sha-1.

Encryption Mode Normalization

Features subpackets - This will provide a way for different PGPs to know what each other supports and what they do not.

Gestalt for non-mandatory features

Large Block ciphers clarifications


Advance to Draft, Collect $200 6 months have passed
- 2 implementations
- No IPR problems
- 6 months of experience

JN: We have the experience but we do not have the interoperability fully checked.

Suggest: Enumerating all the musts and publishing a document so implementors can easily see requirements for compliance. Finally, we can get implementors into a room for testing.

Implementors' survey & results are at: noc.rutgers.edu/~mione/ietf/ietfopgp.html
IMC (Internet Mail Consortium) maintains the OpenPGP mailing list archive.

To subscribe and unsubscribe:
List-subscribe: <mailto:ietf-open-pgp-request@imc.org?body=subscribe>
List-Unsubscribe: <mailto:ietf-open-pgp-request@imc.org?body=unsubscribe>

RFC2015 Revisions
Dave Del Torto
1 outstanding item: 'Openpgp signed data'. 2 variations were presented. Variation 1 is from Tom Rossler. Variation 2 is the original written by Dave Del Torto. The main difference is that variation 1 leaves out md5 as a required hash for the MICALG. The consensus seemed to be we should remove MUST for md5 hash in the MICALG.

Discussion of parallel signatures. This is a way of dividing a message into multiparts and sign each individually. Allows you to verify signatures independently. (This text is in section 8 of the new draft to be submitted today.)

The aim at this time is that parallel signatures will be OPTIONAL in the revision to 2015.

Misc question from audience. Will feature packets be a MUST implement.
JC: No.

Action items
Jon Callas - New draft to replace 2440.

Tony Mione - enumerate MUSTs in 2440.

Dave, Thomas, Mike - New draft of 2015.

WG as a whole - WG last call on Son of 2440. Son of 2015. before Nov.

Tony tentatively volunteered to write a charter and call a bof for the PGP keysync work.

John closed the meeting at 9:55 AM.

Minutes submitted by Tony Mione


None received.