**Session Date/Time:** 25 Jul 2025 09:30 # OpenPGP ## Summary This OpenPGP session at the IETF covered several working group documents and presentations on draft specifications. Key discussions revolved around post-quantum cryptography (PQC), replacement keys, persistent symmetric keys, a proposal for post-quantum crypto with NIST Brainpool curves, HKP updates, and forwarding key issues. The session included calls for reviews, discussions on adoption, and future work items. ## Key Discussion Points * **Post-Quantum Cryptography (PQC):** The PQC draft has hit the publication-requested button. Interoperability testing revealed some gaps, particularly with V4 keys and support for non-required post-quantum suites. * **Replacement Key Draft:** This draft is considered stable, but a clear way to test interoperability is lacking. Volunteers were solicited for reviews and implementations. * **Persistent Symmetric Keys Draft:** Testing this draft is problematic due to how secret keys are handled in SOP. Further discussion is needed regarding the architecture. * **Post-Quantum Crypto with NIST Brainpool:** A proposal was presented for hybrid post-quantum crypto using NIST and Brainpool curves. The primary motivation is to support existing implementations using these curves. The need and motivations for different NIST curves were debated. * **HKP Update:** A proposal to update HKP to support multiple certificates per identity and to address spam issues. The presentation covered a new versioned submission API, pre-authenticated email verification, and canonical certificate ordering. There were discussions on complexity and the use of binary keys vs. legacy functionality. * **Forwarding Key Issues:** Discussion of the current state of forwarding and the need for changes to support new algorithms such as X25519 and X448. A new packet, FKESK, was proposed. * **Media Types:** Discussion regarding the existing media types for PGP and the need for new types to represent binary formats. There was no clear solution at this point. ## Decisions and Action Items * **PQC:** The chairs will nudge the rest of the process for PQC. * **Replacement Key Draft:** Daniel and Aaron volunteered to review the draft. The working group will take to the mailing list to decide when to initiate a working group last call. * **Persistent Symmetric Keys Draft:** The chairs will poke people to do reviews of this draft. Discussion will be encouraged on the mailing list. * **Post-Quantum Crypto with NIST Brainpool:** The authors will work to clarify the motivations for NIST curves in the draft. An adoption call will be initiated on the mailing list after clarification. Marked as a candidate for working group adoption in the data tracker. * **HKP Update:** Andrew will produce a new draft reflecting recent discussions and decisions. * **Media Types:** Andrew will have more chat with Alexi and maybe come back with a proposal at some point. * **Interoperability Testing:** The working group needs to determine how to test interoperability for replacement key draft and persistent symmetric key draft. ## Next Steps * The working group will discuss what to do next after PQC is further along in the publication process, reviewing previously prioritized items. * Daniel to weigh in with concerns on list about options for persistence metrics.