Standards: IETF WG proposing incompatible despite implementations and objections

Bruce Walzer bwalzer at 59.ca
Thu Apr 27 01:52:56 CEST 2023 

On Wed, Apr 26, 2023 at 03:19:44PM +0200, Bernhard Reiter wrote:
> Hi,
> 
> what happened the overhauled specifications of OpenPGP?
> 
> It seems that the IETF working group 
> plans to publish their proposal of an updated OpenPGP specification

I am not sure that that would be a politically valid act at this
time. It is obvious that there is no working consensus and that the
current draft is not usable in its present form. Or at least the last
I looked. At that time there was some bikeshedding about the name of
the standard that I thought might actually be a riff on the
bikeshedding complaints as a kind of a joke. I did not pay any
attention past that.

BTW, I just checked draft 8 and discovered that it was a serious
proposal and that the name of the standard is shown as changed to
"OpenPGP".

[...]

> Some technical arguments on this mailing lists have been brought up
> in the last months, but I am not sure if they have been considered by the 
> working group. The email discussion archived end of march at
>   https://mailarchive.ietf.org/arch/msg/openpgp/pNkkw2r16G-q_O0Nd6eL-JFLMXU/
> just shows procedural arguments refering to a resolution in September.
> 
> A good paths forward would be, if the technical arguments would be 
> re-considered, and deployed implementations.

My impression is that the ITEF process has deteriorated to the point that
meaningful change is not possible. An example from Draft 8 that is
near and dear to my heart[1]:

There was a complaint that there were too many block encryption modes
in one of the earlier drafts. There was OCFB, OCFB-MDC, OCB, EAX, and
GCM. My understanding was that EAX was only there because of the
uncertain patent status of OCB. Then GCM was added. The patent status
of OCB is very clear now and has been for something like 3 years. If
the process is capable of making substantive changes then EAX should
be removed by now, thus at least partially reflecting the concern
about too many block modes.

I checked Draft 8 and the EAX mode is still there...

Bruce Walzer

[1] https://articles.59.ca/doku.php?id=pgpfan:no_new_ae

More information about the Gnupg-devel mailing list