**Session Date/Time:** 07 Nov 2024 09:30

# OpenPGP

## Summary

This OpenPGP session covered the status of the interoperability test suite, post-quantum cryptography in OpenPGP, the key replacement protocol, and persistent symmetric keys.  Key discussions focused on NIST compliance for post-quantum combiners, code point allocation, target record formats in the key replacement protocol, and integration of persistent symmetric keys with post-quantum cryptography implementations.

## Key Discussion Points

*   **Interoperability Test Suite:**
    *   New co-maintainer and improvements including new tests, test vectors, usability improvements, and post-quantum test artifacts.
    *   Containerization of the test suite for easier use and integration into CI environments.
*   **Post-Quantum Cryptography:**
    *   Update on NIST standards and adoption of the seed key format.
    *   Discussion on the key derivation and combination function, specifically regarding NIST compliance and potential alignment with LAMPS.  Strong concerns were raised regarding the difficulty of creating a FIPS compliant combiner, and the potential value of simply deploying pure ML-KEM.
    *   Discussion on composite signatures and whether to align with the approach taken in LAMPS. Concern was raised about forcing complexity and adding a dependency on the crypto layer for simply validating two signatures.
    *   Implementation status: Most libraries are up-to-date, with interoperability testing in progress.
*   **Key Replacement Protocol:**
    *   Discussion of target record format, specifically regarding the inclusion of both fingerprint and imprint fields and potential deduplication strategies.
    *   Discussion on the value of preferred key server subpackets.
    *   UX guidance and the order to generate unidirectional replacement keys.
*   **Persistent Symmetric Keys:**
    *   Status update, including updates to RFC 9580, reserved code points, and test vectors.
    *   The format of the PKK format was discussed for AEAD algorithms with concerns about separating IV from ciphertext.
    *   Concerns were raised about code point exhaustion with large number of algorithm registry.
    *   Relation to post-quantum cryptography and considerations for API design.
    *   Whether the fingerprint should be deterministically derived from the key and implementing this in remote locked keys.

## Decisions and Action Items

*   **Interoperability Test Suite:** Move the test.oppg.org alias
*   **Post-Quantum Cryptography:**
    *   Authors to sync up with Mike K and other authors to address concerns about NIST compliance of the key combiner and aim for a single, FIPS-compliant combiner solution, possibly aligning with LAMPS.
    *   Authors to add one test vector per algorithm in the draft and create a GitHub repository for additional test vectors, especially for SLH-DSA.
    *   Working group to decide whether to allocate code points for the signature algorithms and, after resolving combiner issues, for the kem algorithms.
*   **Key Replacement Protocol:**
    *   Drop all references to the preferred key server subpacket from the draft.
    *   Authors to discuss the key name of the protocol based on feedback from the working group.
*   **Persistent Symmetric Keys:** Consider restricting the algorithms to v6 to address the fingerprint security issues.

## Next Steps

*   New draft versions incorporating the agreed-upon changes.
*   Continued discussions on the mailing lists, especially regarding the NIST compliant key combiner, target record format, and terminology.
*   Implementations and testing to continue.
*   Chairs to confer about the need for an interim meeting.