NOTE: This charter is a snapshot of the 45th IETF Meeting in Oslo, Norway. It may now be out-of-date. Last Modified: 21-Apr-99
John Noerenberg <email@example.com>
Security Area Director(s):
Jeffrey Schiller <firstname.lastname@example.org>
Marcus Leech <email@example.com>
Security Area Advisor:
Jeffrey Schiller <firstname.lastname@example.org>
To Subscribe: email@example.com
In Body: Only the word subscribe
Description of Working Group:
PGP, or Pretty Good Privacy, first appeared on the Internet in 1991. It has enjoyed significant popularity amongst the Internet Community.
PGP is used both for protecting E-mail and File Storage. It presents a way to digitally sign and encrypt information "objects." As such it is well suited for any store and forward application.
The goal of the OpenPGP working group is to provide IETF standards for the algorithms and formats of PGP processed objects as well as providing the MIME framework for exchanging them via e-mail or other transport protocols.
Because there is a significant installed base of PGP users, the working group will consider compatibilty issues to avoid disenfranchising the existing community of PGP users.
The whole purpose of Open-PGP is to provide security services.
Goals and Milestones:
Submit Internet-Draft for PGP Key Format & Message Specification
Submit Internet Draft for MIME encapsulation of PGP Messages Specification
Issue WG Last Call for PGP Key Format & Message Specification Internet-Draft documents
Submit PGP Key Format & Message Specification Internet-Draft to IESG for consideration as a Proposed Standard.
No Current Internet-Drafts
Request For Comments:
OpenPGP Message Format
OpenPGP - 45th IETF
John Noerenberg opened the meeting at 9:05 AM. Started attendance list, etc.
· Agenda Bashing
· Key Server Synchronization protocols
· RFC2440 Revisions
· Advance to Draft, Collect $200
· RFC2015 Revisions
Key Server Synchronization protocols
Bill Geiger - Hash table exchange
Marcel Waldvogel - Push-pull flooding
Marcel Waldvogel thesis: http://www.tik.ee.ethz.ch/tik/education/sadas/SASS1998-33/thesis.ps.gz
Bill Geiger: proposal introduction published in <http://www.imc.org/ietf-open-pgp/mail-archive/> in a messaged dated: Fri, 18 Jun 1999 09:43:36 -0500
JN: Key Server sync protocols are important. However, they are not in our charter. We need to decide whether to change the charter or create a new WG.
JN recommended WG report to SAAG that a new working group should be explored for Key Server Synchronization protocols. After some discussion, there were no objections to this recommendation.
JC: Need to decide what should be done to 2440 to get it ready for draft.
Discussed some of the below.
Need to have larger signatures to accommodate the equivalent of certificates. Possible solution is to add up a 4 byte length. Only reason to hold off is to think about if anything else needs to change other than the length field format.
[ Side conversation about closing off the group and leaving the fixes to a future group. JN: OpenPGP will exist until 2440 goes to Draft so we can go and fix this. In the interest of going to draft, the changes should be short at this time. MDC is clearly the most important.]
MDC Data packet - Need a way to detect packet damage. Currently, a packet may be maliciously damaged by re-arranging blocks. Easiest way to fix this is to append a hash, preferably sha-1.
Encryption Mode Normalization
Features subpackets - This will provide a way for different PGPs to know what each other supports and what they do not.
Gestalt for non-mandatory features
Large Block ciphers clarifications
Advance to Draft, Collect $200 6 months have passed
- 2 implementations
- No IPR problems
- 6 months of experience
JN: We have the experience but we do not have the interoperability fully checked.
Suggest: Enumerating all the musts and publishing a document so implementors can easily see requirements for compliance. Finally, we can get implementors into a room for testing.
Implementors' survey & results are at: noc.rutgers.edu/~mione/ietf/ietfopgp.html
IMC (Internet Mail Consortium) maintains the OpenPGP mailing list archive.
To subscribe and unsubscribe:
Dave Del Torto
1 outstanding item: 'Openpgp signed data'. 2 variations were presented. Variation 1 is from Tom Rossler. Variation 2 is the original written by Dave Del Torto. The main difference is that variation 1 leaves out md5 as a required hash for the MICALG. The consensus seemed to be we should remove MUST for md5 hash in the MICALG.
Discussion of parallel signatures. This is a way of dividing a message into multiparts and sign each individually. Allows you to verify signatures independently. (This text is in section 8 of the new draft to be submitted today.)
The aim at this time is that parallel signatures will be OPTIONAL in the revision to 2015.
Misc question from audience. Will feature packets be a MUST implement.
Jon Callas - New draft to replace 2440.
Tony Mione - enumerate MUSTs in 2440.
Dave, Thomas, Mike - New draft of 2015.
WG as a whole - WG last call on Son of 2440. Son of 2015. before Nov.
Tony tentatively volunteered to write a charter and call a bof for the PGP keysync work.
John closed the meeting at 9:55 AM.
Minutes submitted by Tony Mione