**Session Date/Time:** 29 Mar 2023 06:30

# openpgp

## Summary

The OpenPGP working group session at IETF 116 focused primarily on finalizing the crypto refresh draft and discussing potential future charter topics. The meeting covered updates to the draft, including changes related to signature trailer length, signature salt size, key storage, and new public key algorithms. A significant portion of the discussion centered on the integration of Curve25519 and Curve448, addressing potential security vulnerabilities related to key exchange and encryption. Interoperability and test suite updates were also presented. Finally, the group began a preliminary discussion of potential topics for a future charter, including post-quantum cryptography, automatic forwarding, key transparency, and various web-of-trust enhancements.

## Key Discussion Points

*   **Crypto Refresh Draft Updates:** D presented the recent changes to the crypto refresh draft since -07. Daniel Wiggins followed with a more detailed explanation of the x25519 and x448 algorithm choices.
*   **Curve25519/448 Security Considerations:** A discussion arose regarding potential vulnerabilities related to key exchange with the new curves, specifically concerning the use of V3 PKE with the new algorithms and the potential for man-in-the-middle attacks. The proposed solution involves mandating the use of AES in specific corner cases to mitigate these risks. Additionally, the inclusion of exchange points in the key derivation function (KDF) was discussed, with some suggesting it for stronger security guarantees.
*   **Editorial Changes and Merge Requests:** D presented several open merge requests focused on editorial changes, guidance, and updates to RFC 2119 keywords. These included recommendations for setting criticality flags, clarifying primary key requirements, implementing specific sub packets, and updating self-signature guidance.
*   **Session Key Reuse Security Considerations:** Fa presented security considerations related to the session key reuse feature introduced in the crypto refresh, highlighting potential pitfalls and recommending user guidance documentation.
*   **Interoperability and Test Suite Updates:** Daniel presented updates to the Stateless OpenPGP (SOP) command-line interface, including the addition of a profile option to aid in interoperability testing. Yous presented a report on the interop test suite.
*   **Future Charter Topics:** The working group began a preliminary discussion of potential topics for a future charter, including post-quantum cryptography, automatic forwarding, key transparency, and various web-of-trust enhancements. Key sharing between implementations, plus semantics to sign certificates are additional proposals for the re-charter.

## Decisions and Action Items

*   **Daniel to create a merge request** reflecting the discussion on the use of AES when using V3 encryption with new curves, and mail to the list with specifics. The merge request should be as minimal and simple as possible.
*   **The working group decided against making the key derivation function (KDF) change** to include the exchange points at this time to avoid further delays.
*   **Editors to merge editorial changes** and guidance merge requests.
*   **Editors to drop merge request 223** as it proposes a wire format change.
*   **D and Paul to execute proposed changes** and tidy up editorial bits. The editors should produce a -09 draft.
*   **The chair will create a repo** where people can add their text towards a potential re-charter

## Next Steps

*   D and Paul will finalize the crypto refresh draft, producing a -09 revision, for review by the working group.
*   Upon publication request for the crypto refresh, the working group will schedule a call to discuss potential charter topics and begin drafting a charter proposal.