2.6.12 An Open Specification for Pretty Good Privacy (openpgp)

NOTE: This charter is a snapshot of the 63rd IETF Meeting in Paris, France. It may now be out-of-date.

Last Modified: 2005-07-10

Chair(s):

Derek Atkins <derek@ihtfp.com>

Security Area Director(s):

Russ Housley <housley@vigilsec.com>
Sam Hartman <hartmans-ietf@mit.edu>

Security Area Advisor:

Sam Hartman <hartmans-ietf@mit.edu>

Mailing Lists:

General Discussion: ietf-openpgp@imc.org
To Subscribe: ietf-openpgp-request@imc.org
In Body: Only the word subscribe
Archive: http://www.imc.org/ietf-openpgp/mail-archive/

Description of Working Group:

PGP, or Pretty Good Privacy, first appeared on the Internet in 1991.
It
has enjoyed significant popularity amongst the Internet Community.

PGP is used both for protecting E-mail and File Storage. It presents a
way to digitally sign and encrypt information "objects." As such it is
well suited for any store and forward application.

The goal of the OpenPGP working group is to provide IETF standards for
the algorithms and formats of PGP processed objects as well as
providing
the MIME framework for exchanging them via e-mail or other transport
protocols.

Because there is a significant installed base of PGP users, the
working
group will consider compatibilty issues to avoid disenfranchising the
existing community of PGP users.

Security Issues:

The whole purpose of Open-PGP is to provide security services.

Goals and Milestones:

Done  Submit Internet-Draft for PGP Key Format & Message Specification
Done  Submit Internet Draft for MIME encapsulation of PGP Messages Specification
Done  Issue WG Last Call for PGP Key Format & Message Specification Internet-Draft documents
Done  Submit PGP Key Format & Message Specification Internet-Draft to IESG for consideration as a Proposed Standard.
Done  WG Last Call for PGP/MIME draft
Done  Submit PGP/MIME draft to IESG for consideration as PROPOSED standard
May 01  Submit Multiple Sig draft to IESG for consideration as PROPOSED standard
Jul 01  Begin RFC2440, PGP/MIME Interoperability testing
Aug 01  Request DRAFT status for RFC2440

Internet-Drafts:

  • draft-ietf-openpgp-rfc2440bis-14.txt

    Request For Comments:

    RFCStatusTitle
    RFC2440 PS OpenPGP Message Format
    RFC3156 PS MIME Security with OpenPGP

    Current Meeting Report
    AGENDA --
    • Introduction and Agenda Bashing
      • No changes
    • 2440 bis status
      • In "pentultimate last call" for some time (over a year) - now only doing tweaks to the document.
      • If you want changes in wording - need to be compatable and suggest text.
      • Only open issue is David Shaw's BNF request for literal+literal. No reason not to include David Shaw's request, but not in draft 14. Should go into 15
      • Run last call and finish this document
      • Use difference documents for new work - downside is that not everything will be in a small number of documents. Good news is that will have a fixed definitive document

    • 2440 next steps
      • Go to Last call. finish by end of August
      • Try for a bake off? try for Draft Standard. (early in '06)
      • update milestones - proposal given.
      • Draft standard would be tried for 6 months after IESG approval.


      • New Life
      • New documents not hit 2440bis.

    • Proposed Milestones
      •    Aug 05  WGLC for 2440bis
   Sep 05  Submit 2440bis to IESG as Proposed Standard
   Nov 05  Finish Interop Test Plan
   Jan 06  Begin 2440bis Interop Testing
   Mar 06  Request DRAFT Status for 2440bis
      • No Objections

    • Message Header
      • draft-josefsson-openpgp-mailnews-header-01.txt


      • standardize some X- headers for PGP.
      • Lookup URL and key id of a sender
      • simplified original by dropping some unnecessary data.
        • key id - longer fingerprint - url to key

      • What is the problem to be solved?
        • Not completely clear
        • invent header that could be used programatically to lookup key and keyid of sender
        • Manual cut & paste?
        • request for additinoal current usage of old headers for inclusion in the doument.

      • Open Issuses:
        • Add token to state strong preference for reciving PGP and potentially the PGP format to be sent.
          • IETF process restricted to MIME?
          • place same info into a packet?

        • Keyserver field?
          • unsure of what this would be really for. Next expansion of the idea.

        • BNF problems on the draft need corrections.

      • Open MIKE
        • JON - Supports idea of draft - supports "supports token" - PGP has a similar item already used. used with different values for different reading devices.


          • Wants support to plain inline text - kill mime and only use plain text as a personal preference.

        • response - Need additional proposals to solve some of the problems?
          • JON - display problems not format issues - Don't ban text only w/o mime wrappers.
          8-bit character set problems with servers -

          Vigourous dispute on issues with character sets.

          Thomas Roessler - two formats - with and w/o tag - please elimiate the untagged version.

          ??? - Please add finger print header - used for validation.
          - possible support already?
          JON - KeyID is a trucated fingerprint - allow for longer id to get fuller fingerprint w/o much additional parsing.
          - -00 to -01 allowed for longer KeyID from a fixed length.
    • Open Discussion
    - Meeting closed.

    Slides

    Agenda
    OpenPGP Status
    mailnews-header