Markdown Version | Session Recording

Session Date/Time: 07 Nov 2024 09:30

OpenPGP

Summary

This OpenPGP session covered the status of the interoperability test suite, post-quantum cryptography in OpenPGP, the key replacement protocol, and persistent symmetric keys. Key discussions focused on NIST compliance for post-quantum combiners, code point allocation, target record formats in the key replacement protocol, and integration of persistent symmetric keys with post-quantum cryptography implementations.

Key Discussion Points

• Interoperability Test Suite:
  • New co-maintainer and improvements including new tests, test vectors, usability improvements, and post-quantum test artifacts.
  • Containerization of the test suite for easier use and integration into CI environments.
• Post-Quantum Cryptography:
  • Update on NIST standards and adoption of the seed key format.
  • Discussion on the key derivation and combination function, specifically regarding NIST compliance and potential alignment with LAMPS. Strong concerns were raised regarding the difficulty of creating a FIPS compliant combiner, and the potential value of simply deploying pure ML-KEM.
  • Discussion on composite signatures and whether to align with the approach taken in LAMPS. Concern was raised about forcing complexity and adding a dependency on the crypto layer for simply validating two signatures.
  • Implementation status: Most libraries are up-to-date, with interoperability testing in progress.
• Key Replacement Protocol:
  • Discussion of target record format, specifically regarding the inclusion of both fingerprint and imprint fields and potential deduplication strategies.
  • Discussion on the value of preferred key server subpackets.
  • UX guidance and the order to generate unidirectional replacement keys.
• Persistent Symmetric Keys:
  • Status update, including updates to RFC 9580, reserved code points, and test vectors.
  • The format of the PKK format was discussed for AEAD algorithms with concerns about separating IV from ciphertext.
  • Concerns were raised about code point exhaustion with large number of algorithm registry.
  • Relation to post-quantum cryptography and considerations for API design.
  • Whether the fingerprint should be deterministically derived from the key and implementing this in remote locked keys.

Decisions and Action Items

• Interoperability Test Suite: Move the test.oppg.org alias
• Post-Quantum Cryptography:
  • Authors to sync up with Mike K and other authors to address concerns about NIST compliance of the key combiner and aim for a single, FIPS-compliant combiner solution, possibly aligning with LAMPS.
  • Authors to add one test vector per algorithm in the draft and create a GitHub repository for additional test vectors, especially for SLH-DSA.
  • Working group to decide whether to allocate code points for the signature algorithms and, after resolving combiner issues, for the kem algorithms.
• Key Replacement Protocol:
  • Drop all references to the preferred key server subpacket from the draft.
  • Authors to discuss the key name of the protocol based on feedback from the working group.
• Persistent Symmetric Keys: Consider restricting the algorithms to v6 to address the fingerprint security issues.

Next Steps

• New draft versions incorporating the agreed-upon changes.
• Continued discussions on the mailing lists, especially regarding the NIST compliant key combiner, target record format, and terminology.
• Implementations and testing to continue.
• Chairs to confer about the need for an interim meeting.