2.6.12 An Open Specification for Pretty Good Privacy (openpgp)
NOTE: This charter is a snapshot of the 63rd IETF Meeting in Paris, France. It may now be out-of-date.
Last Modified: 2005-07-10
Derek Atkins <firstname.lastname@example.org>
Security Area Director(s):
Russ Housley <email@example.com>
Sam Hartman <firstname.lastname@example.org>
Security Area Advisor:
Sam Hartman <email@example.com>
General Discussion: firstname.lastname@example.org
To Subscribe: email@example.com
In Body: Only the word subscribe
Description of Working Group:
PGP, or Pretty Good Privacy, first appeared on the Internet in 1991.
has enjoyed significant popularity amongst the Internet Community.
PGP is used both for protecting E-mail and File Storage. It presents a
way to digitally sign and encrypt information "objects." As such it is
well suited for any store and forward application.
The goal of the OpenPGP working group is to provide IETF standards for
the algorithms and formats of PGP processed objects as well as
the MIME framework for exchanging them via e-mail or other transport
Because there is a significant installed base of PGP users, the
group will consider compatibilty issues to avoid disenfranchising the
existing community of PGP users.
The whole purpose of Open-PGP is to provide security services.
Goals and Milestones:
|Done|| ||Submit Internet-Draft for PGP Key Format & Message
|Done|| ||Submit Internet Draft for MIME encapsulation of PGP Messages
|Done|| ||Issue WG Last Call for PGP Key Format & Message Specification
Internet-Draft documents |
|Done|| ||Submit PGP Key Format & Message Specification Internet-Draft to
IESG for consideration as a Proposed Standard. |
|Done|| ||WG Last Call for PGP/MIME draft |
|Done|| ||Submit PGP/MIME draft to IESG for consideration as PROPOSED
|May 01|| ||Submit Multiple Sig draft to IESG for consideration as PROPOSED
|Jul 01|| ||Begin RFC2440, PGP/MIME Interoperability testing |
|Aug 01|| ||Request DRAFT status for RFC2440 |
Request For Comments:
|RFC2440|| PS ||OpenPGP Message Format |
|RFC3156|| PS ||MIME Security with OpenPGP |
Current Meeting Report
- Introduction and Agenda Bashing
- 2440 bis status
- In "pentultimate last call" for some time (over a year) - now only doing tweaks to the document.
- If you want changes in wording - need to be compatable and suggest text.
- Only open issue is David Shaw's BNF request for literal+literal. No reason not to include David Shaw's request, but not in draft 14. Should go into 15
- Run last call and finish this document
- Use difference documents for new work - downside is that not everything will be in a small number of documents. Good news is that will have a fixed definitive document
- 2440 next steps
- Go to Last call. finish by end of August
- Try for a bake off? try for Draft Standard. (early in '06)
- update milestones - proposal given.
- Draft standard would be tried for 6 months after IESG approval.
- New Life
- New documents not hit 2440bis.
- Proposed Milestones
Aug 05 WGLC for 2440bis
Sep 05 Submit 2440bis to IESG as Proposed Standard
Nov 05 Finish Interop Test Plan
Jan 06 Begin 2440bis Interop Testing
Mar 06 Request DRAFT Status for 2440bis
- Meeting closed.
- standardize some X- headers for PGP.
- Lookup URL and key id of a sender
- simplified original by dropping some unnecessary data.
- key id - longer fingerprint - url to key
- What is the problem to be solved?
- Not completely clear
- invent header that could be used programatically to lookup key and keyid of sender
- Manual cut & paste?
- request for additinoal current usage of old headers for inclusion in the doument.
- Open Issuses:
- Add token to state strong preference for reciving PGP and potentially the PGP format to be sent.
- IETF process restricted to MIME?
- place same info into a packet?
- Keyserver field?
- unsure of what this would be really for. Next expansion of the idea.
- BNF problems on the draft need corrections.
- Open MIKE
- JON - Supports idea of draft - supports "supports token" - PGP has a similar item already used. used with different values for different reading devices.
- Wants support to plain inline text - kill mime and only use plain text as a personal preference.
- response - Need additional proposals to solve some of the problems?
JON - display problems not format issues - Don't ban text only w/o mime wrappers.
8-bit character set problems with servers -
Vigourous dispute on issues with character sets.
Thomas Roessler - two formats - with and w/o tag - please elimiate the untagged version.
??? - Please add finger print header - used for validation.
- possible support already?
JON - KeyID is a trucated fingerprint - allow for longer id to get fuller fingerprint w/o much additional parsing.
- -00 to -01 allowed for longer KeyID from a fixed length.