OpenPGP
draft-ietf-openpgp-crypto-refresh-13

Changed document external resources from:

related_implementations https://github.com/ProtonMail/gopenpgp/tree/v3
related_implementations https://github.com/dkg/PGPy/tree/dkg/crypto-refresh
related_implementations https://github.com/openpgpjs/openpgpjs/tree/crypto-refresh
related_implementations https://github.com/pgpainless/pgpainless/milestone/6
related_implementations https://gitlab.com/sequoia-pgp/sequoia/-/tree/crypto-refresh

to:

related_implementations https://github.com/ProtonMail/gopenpgp/tree/v3 (GOpenPGP: implementation in Go)
related_implementations https://github.com/dkg/PGPy/tree/dkg/crypto-refresh (PGPy: implementation in Python)
related_implementations https://github.com/openpgpjs/openpgpjs/tree/crypto-refresh (OpenPGP.js: implementation in Javascript)
related_implementations https://github.com/pgpainless/pgpainless/milestone/6 (PGPainless: implementation in Java)
related_implementations https://gitlab.com/sequoia-pgp/sequoia/-/tree/crypto-refresh (Sequoia: implementation in Rust)

[Ballot comment]
Thank you for writing it, I found it an interesting read...

I'd also like to thank David Blacka for the DNSDIR Review (which raises a bunch of interesting questions that would not have occurred to me). I'd also like to thank DKG for his response -- https://mailarchive.ietf.org/arch/msg/last-call/YQcgcGpgeveTTCqH7Mt_1Jypt4w/ ), and the pointer to https://datatracker.ietf.org/doc/draft-dkg-openpgp-userid-conventions/ which will address some of these.

[Ballot comment]

# Éric Vyncke, INT AD, comments for draft-ietf-openpgp-crypto-refresh-12

Thank you for the work put into this document. The content is above my expertise, hence I only did a quick review (else I would have balloted YES). The reviewed content is usually easy to read.

Please find below some non-blocking COMMENT points (but replies would be appreciated even if only for my own education).

I hope that this review helps to improve the document,

Regards,

-éric

# COMMENTS (non-blocking)

## The most concise shepherd's write-up

The justification for the intended status is just "PS"... not even expanded...

## Abstract

Isn't the 2nd paragraph (especially the first sentence) applicable to all standards track document? I.e., why not removing it ? (and I have noted the very rough consensus about this I-D based on the shepherd write-up).

## Section 3.5

Should another time epoch be specified ? Using the 1970 Unix epoch will cause a problem in 2038, a not too distant future. Why didn't this revised OpenPGP propose alternative epoch ?

## IANA registries

Should this I-D be an opportunity to reserve some registry values for a FCFS allocation ?

[Ballot comment]
I have given a good read of this specification, as this is outside my core expertise, I kept my perspective only related to the transport protocols and from that point of view I have no objection.

One comment though, in section 6.2.2 it says -

  Note that some transport methods are sensitive to line length

I believe examples of such "transport methods" would be great here as transport methods are not mentioned or explained anywhere else in this specification.

(Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs:

IANA has completed its review of draft-ietf-openpgp-crypto-refresh-12. If any part of this review is inaccurate, please let us know.

IANA understands that, upon approval of this document, there are thirty-three actions which we must complete.

IANA has a question about the first action requested in the IANA Considerations section of this document.

First, the Pretty Good Privacy (PGP) registry group located at:

https://www.iana.org/assignments/pgp-parameters/

will be renamed to:

OpenPGP

This change will also be reflected on the IANA Matrix at:

https://www.iana/org/assignments/

IANA Question -> Should we update the URL to this registry group? If you would like us to change the URL, we will have the old URL redirect to the new one.

Second, in the newly renamed OpenPGP registry group, the PGP String-to-Key (S2K) registry will be renamed to String-to-Key (S2K) Types and the contents will be changed to the contents of Table 1 in Section 3.7.1 of the current draft.

Third, in the newly renamed OpenPGP registry group, the PGP Packet Types/Tags registry will be renamed to Packet Types and the contents will be changed to the contents of Table 3 in section 5 of the current draft.

Fourth, in the newly renamed OpenPGP registry group, the PGP User Attribute Types registry will be renamed to the User Attribute Subpacket Types registry and the contents changed to the contents of Table 13 in section 5.12 of the current draft.

Fifth, in the newly renamed OpenPGP registry group, the Image Format Subpacket Types registry will be renamed to the Image Attribute Encoding Format registry and the contents will be changed to the contents of Table 15 in section 5.12.1 of the current draft.

Sixth, in the newly renamed OpenPGP registry group, the Key Server Preference Extensions registry will be renamed to the Key Server Preference Flags registry and the contents will be changed to the contents of Table 8 in section 5.2.3.25 of the current draft.

Seventh, in the newly renamed OpenPGP registry group, the Reason for Revocation Extensions registry will be renamed to the Reason for Revocation Code registry and the contents changed to the contents of Table 10 in section 5.2.3.31 of the current draft.

Eighth, in the newly renamed OpenPGP registry group, the Key Flags Extensions registry will be renamed to the Key Flags registry and the contents will be changed to the contents of Table 9 in section 5.2.3.29 of the current draft.

Ninth, in the newly renamed OpenPGP registry group, the Implementation Features registry will be renamed to the Features Flags registry and the contents will be changed to the contents of Table 11 in section 5.2.3.32 of the current draft.

Tenth, in the newly renamed OpenPGP registry group, the existing Public Key Algorithms registry is to have its contents entirely replaced by the contents of Table 18 in section 9.1 of the current draft.

Eleventh, in the newly renamed OpenPGP registry group, the existing Symmetric Key Algorithms registry is to have its contents entirely replaced by the contents of Table 21 in section 9.3 of the current draft.

Twelveth, in the newly renamed OpenPGP registry group, the existing Compression Algorithms registry is to have its contents entirely replaced by the contents of Table 22 in section 9.4 of the current draft.

Thirteenth, in the newly renamed OpenPGP registry group, the existing Hash Algorithms registry is to have its contents entirely replaced by the contents of Table 23 in section 9.5 of the current draft.

Fourteenth, in the newly renamed OpenPGP registry group, the existing Signature Subpacket Types registry is to have its contents entirely replaced by the contents of Table 5 in section 5.2.3.7 of the current draft.

Fifteenth, in the newly renamed OpenPGP registry group, the existing New Packet Versions registry is to be removed entirely. In its place will be a note with the following content:

Those wishing to use the removed "New Packet Versions" registry should instead register new versions of the relevant packets in the "Key and Signature Versions", "Key ID and Fingerprint" and "Encrypted Message Packet Versions" registries.

Sixteenth, in the newly renamed OpenPGP registry group, located at:

https://www.iana.org/assignments/pgp-parameters/

a new registry is to be created called the Secret Key Encryption (S2K Usage Octet) registry. The new registry will be maintained via Specification Required as defined in RFC8126.

There are initial registrations in the new registry. The new registry will be populated by the contents of Table 2 in Section 3.7.2.1 of the current draft with the reference for each new registration set to [ RFC-to-be ].

Seventeenth, in the newly renamed OpenPGP registry group, located at:

https://www.iana.org/assignments/pgp-parameters/

a new registry is to be created called the Signature Types registry. The new registry will be maintained via Specification Required as defined in RFC8126.

There are initial registrations in the new registry. The new registry will be populated by the contents of Table 4 in Section 5.2.1 of the current draft with the reference for each new registration set to [ RFC-to-be ].

Eighteenth, in the newly renamed OpenPGP registry group, located at:

https://www.iana.org/assignments/pgp-parameters/

a new registry is to be created called the Signature Notation Data Subpacket Notation Flags registry. The new registry will be maintained via Specification Required as defined in RFC8126.

There are initial registrations in the new registry. The new registry will be populated by the contents of Table 6 in Section 5.2.3.24 of the current draft with the reference for each new registration set to [ RFC-to-be ].

Nineteenth, in the newly renamed OpenPGP registry group, located at:

https://www.iana.org/assignments/pgp-parameters/

a new registry is to be created called the Signature Notation Data Subpacket Types registry. The new registry will be maintained via Specification Required as defined in RFC8126.

There are initial registrations in the new registry. The new registry will be populated by the contents of Table 7 in Section 5.2.3.24 of the current draft with the reference for each new registration set to [ RFC-to-be ].

Twentieth, in the newly renamed OpenPGP registry group, located at:

https://www.iana.org/assignments/pgp-parameters/

a new registry is to be created called the Key ID and Fingerprint registry. The new registry will be maintained via Specification Required as defined in RFC8126.

There are initial registrations in the new registry. The new registry will be populated by the contents of Table 12 in Section 5.5.4 of the current draft with the reference for each new registration set to [ RFC-to-be ].

Twenty-first, in the newly renamed OpenPGP registry group, located at:

https://www.iana.org/assignments/pgp-parameters/

a new registry is to be created called the Image Attribute Version registry. The new registry will be maintained via Specification Required as defined in RFC8126.

There are initial registrations in the new registry. The new registry will be populated by the contents of Table 14 in Section 5.12.1 of the current draft with the reference for each new registration set to [ RFC-to-be ].

Twenty-second, in the newly renamed OpenPGP registry group, located at:

https://www.iana.org/assignments/pgp-parameters/

a new registry is to be created called the Armor Header Line registry. The new registry will be maintained via Specification Required as defined in RFC8126.

There are initial registrations in the new registry. The new registry will be populated by the contents of Table 16 in Section 6.2.1 of the current draft with the reference for each new registration set to [ RFC-to-be ].

Twenty-third, in the newly renamed OpenPGP registry group, located at:

https://www.iana.org/assignments/pgp-parameters/

a new registry is to be created called the Armor Header Key registry. The new registry will be maintained via Specification Required as defined in RFC8126.

There are initial registrations in the new registry. The new registry will be populated by the contents of Table 17 in Section 6.2.2 of the current draft with the reference for each new registration set to [ RFC-to-be ].

Twenty-fourth, in the newly renamed OpenPGP registry group, located at:

https://www.iana.org/assignments/pgp-parameters/

a new registry is to be created called the ECC Curve OID and Usage registry. The new registry will be maintained via Specification Required as defined in RFC8126.

There are initial registrations in the new registry. The new registry will be populated by the contents of Table 19 in Section 9.2 of the current draft with the reference for each new registration set to [ RFC-to-be ].

Twenty fifth, in the newly renamed OpenPGP registry group, located at:

https://www.iana.org/assignments/pgp-parameters/

a new registry is to be created called the ECC Curve-specific Wire Formats registry. The new registry will be maintained via Specification Required as defined in RFC8126.

There are initial registrations in the new registry. The new registry will be populated by the contents of Table 20 in Section 9.2.1 of the current draft with the reference for each new registration set to [ RFC-to-be ].

Twenty-sixth, in the newly renamed OpenPGP registry group, located at:

https://www.iana.org/assignments/pgp-parameters/

a new registry is to be created called the Hash Algorithm Identifiers for RSA Signatures use of EMSA-PKCS1-v1_5 Padding registry. The new registry will be maintained via Specification Required as defined in RFC8126.

There are initial registrations in the new registry. The new registry will be populated by the contents of Table 24 in Section 9.5 of the current draft with the reference for each new registration set to [ RFC-to-be ].

Twenty-seventh, in the newly renamed OpenPGP registry group, located at:

https://www.iana.org/assignments/pgp-parameters/

a new registry is to be created called the AEAD Algorithms registry. The new registry will be maintained via Specification Required as defined in RFC8126.

There are initial registrations in the new registry. The new registry will be populated by the contents of Table 25 in Section 9.6 of the current draft with the reference for each new registration set to [ RFC-to-be ].

Twenty-eighth, in the newly renamed OpenPGP registry group, located at:

https://www.iana.org/assignments/pgp-parameters/

a new registry is to be created called the Encrypted Message Packet Versions registry. The new registry will be maintained via Specification Required as defined in RFC8126.

There are initial registrations in the new registry. The new registry will be populated by the contents of Table 26 in Section 10.3.2.1 of the current draft with the reference for each new registration set to [ RFC-to-be ].

Twenty-ninth, in the newly renamed OpenPGP registry group, located at:

https://www.iana.org/assignments/pgp-parameters/

a new registry is to be created called the Key and Signature Versions registry. The new registry will be maintained via Specification Required as defined in RFC8126.

There are initial registrations in the new registry. The new registry will be populated by the contents of Table 27 in Section 10.3.2.2 of the current draft with the reference for each new registration set to [ RFC-to-be ].

Thirtieth, in the newly renamed OpenPGP registry group, located at:

https://www.iana.org/assignments/pgp-parameters/

a new registry is to be created called the Elliptic Curve Point Wire Formats registry. The new registry will be maintained via Specification Required as defined in RFC8126.

There are initial registrations in the new registry. The new registry will be populated by the contents of Table 28 in Section 11.2 of the current draft with the reference for each new registration set to [ RFC-to-be ].

Thirty-first, in the newly renamed OpenPGP registry group, located at:

https://www.iana.org/assignments/pgp-parameters/

a new registry is to be created called the Elliptic Curve Scalar Encodings registry. The new registry will be maintained via Specification Required as defined in RFC8126.

There are initial registrations in the new registry. The new registry will be populated by the contents of Table 29 in Section 11.3 of the current draft with the reference for each new registration set to [ RFC-to-be ].

Thirty-second, in the newly renamed OpenPGP registry group, located at:

https://www.iana.org/assignments/pgp-parameters/

a new registry is to be created called the ECDH KDF and KEK Parameters registry. The new registry will be maintained via Specification Required as defined in RFC8126.

There are initial registrations in the new registry. The new registry will be populated by the contents of Table 30 in Section 11.5.1 of the current draft with the reference for each new registration set to [ RFC-to-be ].

Thirty-third, in the newly renamed OpenPGP registry group, located at:

https://www.iana.org/assignments/pgp-parameters/

all of the registries will have their registration policy set to Specification Required as defined in RFC8126. The only exceptions will be the following four registries - which will have the registration policy RFC Required as defined in RFC 8126:

1] Packet Types registry (please see the third action above)

2] Key and Signature Versions registry (please see the twenty-ninth action above)

3] Key ID and Fingerprint registry (please see the twentieth action above)

4] Encrypted Message Packet Versions registry (please see the twenty-eighth action above)

We understand that these are the only actions required to be completed upon approval of this document.

NOTE: The actions requested in this document will not be completed until the document has been approved for publication as an RFC. This message is meant only to confirm the list of actions that will be performed.

For definitions of IANA review states, please see:

https://datatracker.ietf.org/help/state/draft/iana-review

Thank you,

David Dong
IANA Services Sr. Specialist

The following Last Call announcement was sent out (ends 2023-11-19):

From: The IESG
To: IETF-Announce
CC: draft-ietf-openpgp-crypto-refresh@ietf.org, openpgp-chairs@ietf.org, openpgp@ietf.org, rdd@cert.org, stephen.farrell@cs.tcd.ie
Reply-To: last-call@ietf.org
Sender:
Subject: Last Call:  (OpenPGP) to Proposed Standard


The IESG has received a request from the Open Specification for Pretty Good
Privacy WG (openpgp) to consider the following document: - 'OpenPGP'
  as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
last-call@ietf.org mailing lists by 2023-11-19. Exceptionally, comments may
be sent to iesg@ietf.org instead. In either case, please retain the beginning
of the Subject line to allow automated sorting.

Abstract


  This document specifies the message formats used in OpenPGP.  OpenPGP
  provides encryption with public-key or symmetric cryptographic
  algorithms, digital signatures, compression and key management.

  This document is maintained in order to publish all necessary
  information needed to develop interoperable applications based on the
  OpenPGP format.  It is not a step-by-step cookbook for writing an
  application.  It describes only the format and methods needed to
  read, check, generate, and write conforming packets crossing any
  network.  It does not deal with storage and implementation questions.
  It does, however, discuss implementation issues necessary to avoid
  security flaws.

  This document obsoletes: RFC 4880 (OpenPGP), RFC 5581 (Camellia in
  OpenPGP) and RFC 6637 (Elliptic Curves in OpenPGP).




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/



No IPR declarations have been submitted directly on this I-D.


The document contains these normative downward references.
See RFC 3967 for additional information:
    rfc7253: The OCB Authenticated-Encryption Algorithm (Informational - Internet Research Task Force (IRTF))
    rfc9106: Argon2 Memory-Hard Function for Password Hashing and Proof-of-Work Applications (Informational - Internet Research Task Force (IRTF))

# Document Shepherd Write-Up for Group Documents

*This version is dated 4 July 2022.*

## Document History

1. Does the working group (WG) consensus represent the strong concurrence of a
  few individuals, with others being silent, or did it reach broad agreement?

The draft is the result of a multi-year effort to
udpate RFC4880 that stumbled at points, but in the
end has broad agreement. The shepherd/chairs consider
it important to get this document out of the WG so
it gets finished - if we processed all nits first
then there's a significant danger that people will
start to want to make changes again that could
result in not finishing the work. WG participants
are explicitly ok with that apporach as they
also recognise the risk of not finishing (again;-).

2. Was there controversy about particular points, or were there decisions where
  the consensus was particularly rough?

The main (recent) controversy was when an important
implemention decided they no longer supported some of
the changes incorporated in the draft. Others however
continued to support the draft. There was a specific
poll of the WG to establish that we had consensus to
continue with this draft in October 2022. That poll
had significant engagement from WG participants and
concluded that we did have consensus for finishing
this draft.

3. Has anyone threatened an appeal or otherwise indicated extreme discontent? If
  so, please summarize the areas of conflict in separate email messages to the
  responsible Area Director. (It should be in a separate email because this
  questionnaire is publicly available.)

No appeal has been threatened. The people associated
with the implemention mentioned above continue to be
unhappy with aspects of the draft. (That's all public
on the WG list.)

4. For protocol documents, are there existing implementations of the contents of
  the document? Have a significant number of potential implementers indicated
  plans to implement? Are any existing implementations reported somewhere,
  either in the document itself (as [RFC 7942][3] recommends) or elsewhere
  (where)?

There are multiple implementations that were
used to produce the examples in the draft.

The OpenPGP interoperability test suite is
coordinated by the Sequoia project at:

  https://tests.sequoia-pgp.org/


## Additional Reviews

5. Do the contents of this document closely interact with technologies in other
  IETF working groups or external organizations, and would it therefore benefit
  from their review? Have those reviews occurred? If yes, describe which
  reviews took place.

Not needed. The OpenPGP community are engaged.

6. Describe how the document meets any required formal expert review criteria,
  such as the MIB Doctor, YANG Doctor, media type, and URI type reviews.

N/A.

7. If the document contains a YANG module, has the final version of the module
  been checked with any of the [recommended validation tools][4] for syntax and
  formatting validation? If there are any resulting errors or warnings, what is
  the justification for not fixing them at this time? Does the YANG module
  comply with the Network Management Datastore Architecture (NMDA) as specified
  in [RFC 8342][5]?

N/A.

8. Describe reviews and automated checks performed to validate sections of the
  final version of the document written in a formal language, such as XML code,
  BNF rules, MIB definitions, CBOR's CDDL, etc.

N/A.

## Document Shepherd Checks

9. Based on the shepherd's review of the document, is it their opinion that this
  document is needed, clearly written, complete, correctly designed, and ready
  to be handed off to the responsible Area Director?

This is ready. It's a complex spec with a lot of history
so it'll be no surprise if AD review/IETF LC or IESG
review throw up some issues related to clarity etc.

10. Several IETF Areas have assembled [lists of common issues that their
    reviewers encounter][6]. For which areas have such issues been identified
    and addressed? For which does this still need to happen in subsequent
    reviews?

N/A.

11. What type of RFC publication is being requested on the IETF stream ([Best
    Current Practice][12], [Proposed Standard, Internet Standard][13],
    [Informational, Experimental or Historic][14])? Why is this the proper type
    of RFC? Do all Datatracker state attributes correctly reflect this intent?

PS

12. Have reasonable efforts been made to remind all authors of the intellectual
    property rights (IPR) disclosure obligations described in [BCP 79][7]? To
    the best of your knowledge, have all required disclosures been filed? If
    not, explain why. If yes, summarize any relevant discussion, including links
    to publicly-available messages when applicable.

Mail to check sent to authors. All authors reponded and none
have IPR to declare.

13. Has each author, editor, and contributor shown their willingness to be
    listed as such? If the total number of authors and editors on the front page
    is greater than five, please provide a justification.

All good afaik.

14. Document any remaining I-D nits in this document. Simply running the [idnits
    tool][8] is not enough; please review the ["Content Guidelines" on
    authors.ietf.org][15]. (Also note that the current idnits tool generates
    some incorrect warnings; a rewrite is underway.)

There are nits. We'll correct 'em as processing continues.

15. Should any informative references be normative or vice-versa? See the [IESG
    Statement on Normative and Informative References][16].

All good.

16. List any normative references that are not freely available to anyone. Did
    the community have sufficient access to review any such normative
    references?

All good.

17. Are there any normative downward references (see [RFC 3967][9] and [BCP
    97][10]) that are not already listed in the [DOWNREF registry][17]? If so,
    list them.

All good I think.

18. Are there normative references to documents that are not ready to be
    submitted to the IESG for publication or are otherwise in an unclear state?
    If so, what is the plan for their completion?

N/A

19. Will publication of this document change the status of any existing RFCs? If
    so, does the Datatracker metadata correctly reflect this and are those RFCs
    listed on the title page, in the abstract, and discussed in the
    introduction? If not, explain why and point to the part of the document
    where the relationship of this document to these other RFCs is discussed.

Yes, but all good.

20. Describe the document shepherd's review of the IANA considerations section,
    especially with regard to its consistency with the body of the document.
    Confirm that all aspects of the document requiring IANA assignments are
    associated with the appropriate reservations in IANA registries. Confirm
    that any referenced IANA registries have been clearly identified. Confirm
    that each newly created IANA registry specifies its initial contents,
    allocations procedures, and a reasonable name (see [RFC 8126][11]).

IANA changes (vs. RFC4880) were discussed by the
WG and agreed.

21. List any new IANA registries that require Designated Expert Review for
    future allocations. Are the instructions to the Designated Expert clear?
    Please include suggestions of designated experts, if appropriate.

There are new registries but we think the DE instructions
are clear. We'll work with our AD on suggested DE folk
later.

# Document Shepherd Write-Up for Group Documents

*This version is dated 4 July 2022.*

## Document History

1. Does the working group (WG) consensus represent the strong concurrence of a
  few individuals, with others being silent, or did it reach broad agreement?

The draft is the result of a multi-year effort to
udpate RFC4880 that stumbled at points, but in the
end has broad agreement. The shepherd/chairs consider
it important to get this document out of the WG so
it gets finished - if we processed all nits first
then there's a significant danger that people will
start to want to make changes again that could
result in not finishing the work. WG participants
are explicitly ok with that apporach as they
also recognise the risk of not finishing (again;-).

2. Was there controversy about particular points, or were there decisions where
  the consensus was particularly rough?

The main (recent) controversy was when an important
implemention decided they no longer supported some of
the changes incorporated in the draft. Others however
continued to support the draft. There was a specific
poll of the WG to establish that we had consensus to
continue with this draft in October 2022. That poll
had significant engagement from WG participants and
concluded that we did have consensus for finishing
this draft.

3. Has anyone threatened an appeal or otherwise indicated extreme discontent? If
  so, please summarize the areas of conflict in separate email messages to the
  responsible Area Director. (It should be in a separate email because this
  questionnaire is publicly available.)

No appeal has been threatened. The people associated
with the implemention mentioned above continue to be
unhappy with aspects of the draft. (That's all public
on the WG list.)

4. For protocol documents, are there existing implementations of the contents of
  the document? Have a significant number of potential implementers indicated
  plans to implement? Are any existing implementations reported somewhere,
  either in the document itself (as [RFC 7942][3] recommends) or elsewhere
  (where)?

There are multiple implementations that were
used to produce the examples in the draft.

## Additional Reviews

5. Do the contents of this document closely interact with technologies in other
  IETF working groups or external organizations, and would it therefore benefit
  from their review? Have those reviews occurred? If yes, describe which
  reviews took place.

Not needed. The OpenPGP community are engaged.

6. Describe how the document meets any required formal expert review criteria,
  such as the MIB Doctor, YANG Doctor, media type, and URI type reviews.

N/A.

7. If the document contains a YANG module, has the final version of the module
  been checked with any of the [recommended validation tools][4] for syntax and
  formatting validation? If there are any resulting errors or warnings, what is
  the justification for not fixing them at this time? Does the YANG module
  comply with the Network Management Datastore Architecture (NMDA) as specified
  in [RFC 8342][5]?

N/A.

8. Describe reviews and automated checks performed to validate sections of the
  final version of the document written in a formal language, such as XML code,
  BNF rules, MIB definitions, CBOR's CDDL, etc.

N/A.

## Document Shepherd Checks

9. Based on the shepherd's review of the document, is it their opinion that this
  document is needed, clearly written, complete, correctly designed, and ready
  to be handed off to the responsible Area Director?

This is ready. It's a complex spec with a lot of history
so it'll be no surprise if AD review/IETF LC or IESG
review throw up some issues related to clarity etc.

10. Several IETF Areas have assembled [lists of common issues that their
    reviewers encounter][6]. For which areas have such issues been identified
    and addressed? For which does this still need to happen in subsequent
    reviews?

N/A.

11. What type of RFC publication is being requested on the IETF stream ([Best
    Current Practice][12], [Proposed Standard, Internet Standard][13],
    [Informational, Experimental or Historic][14])? Why is this the proper type
    of RFC? Do all Datatracker state attributes correctly reflect this intent?

PS

12. Have reasonable efforts been made to remind all authors of the intellectual
    property rights (IPR) disclosure obligations described in [BCP 79][7]? To
    the best of your knowledge, have all required disclosures been filed? If
    not, explain why. If yes, summarize any relevant discussion, including links
    to publicly-available messages when applicable.

Mail to check sent to authors.

13. Has each author, editor, and contributor shown their willingness to be
    listed as such? If the total number of authors and editors on the front page
    is greater than five, please provide a justification.

All good afaik.

14. Document any remaining I-D nits in this document. Simply running the [idnits
    tool][8] is not enough; please review the ["Content Guidelines" on
    authors.ietf.org][15]. (Also note that the current idnits tool generates
    some incorrect warnings; a rewrite is underway.)

There are nits. We'll correct 'em as processing continues.

15. Should any informative references be normative or vice-versa? See the [IESG
    Statement on Normative and Informative References][16].

All good.

16. List any normative references that are not freely available to anyone. Did
    the community have sufficient access to review any such normative
    references?

All good.

17. Are there any normative downward references (see [RFC 3967][9] and [BCP
    97][10]) that are not already listed in the [DOWNREF registry][17]? If so,
    list them.

All good I think.

18. Are there normative references to documents that are not ready to be
    submitted to the IESG for publication or are otherwise in an unclear state?
    If so, what is the plan for their completion?

N/A

19. Will publication of this document change the status of any existing RFCs? If
    so, does the Datatracker metadata correctly reflect this and are those RFCs
    listed on the title page, in the abstract, and discussed in the
    introduction? If not, explain why and point to the part of the document
    where the relationship of this document to these other RFCs is discussed.

Yes, but all good.

20. Describe the document shepherd's review of the IANA considerations section,
    especially with regard to its consistency with the body of the document.
    Confirm that all aspects of the document requiring IANA assignments are
    associated with the appropriate reservations in IANA registries. Confirm
    that any referenced IANA registries have been clearly identified. Confirm
    that each newly created IANA registry specifies its initial contents,
    allocations procedures, and a reasonable name (see [RFC 8126][11]).

IANA changes (vs. RFC4880) were discussed by the
WG and agreed.

21. List any new IANA registries that require Designated Expert Review for
    future allocations. Are the instructions to the Designated Expert clear?
    Please include suggestions of designated experts, if appropriate.

There are new registries but we think the DE instructions
are clear. We'll work with our AD on suggested DE folk
later.

# Document Shepherd Write-Up for Group Documents

*This version is dated 4 July 2022.*

## Document History

1. Does the working group (WG) consensus represent the strong concurrence of a
  few individuals, with others being silent, or did it reach broad agreement?

The draft is the result of a multi-year effort to
udpate RFC4880 that stumbled at points, but in the
end has broad agreement. The shepherd/chairs consider
it important to get this document out of the WG so
it gets finished - if we processed all nits first
then there's a significant danger that people will
start to want to make changes again that could
result in not finishing the work. WG participants
are explicitly ok with that apporach as they
also recognise the risk of not finishing (again;-).

2. Was there controversy about particular points, or were there decisions where
  the consensus was particularly rough?

The main (recent) controversy was when an important
implemention decided they no longer supported some of
the changes incorporated in the draft. Others however
continued to support the draft. There was a specific
poll of the WG to establish that we had consensus to
continue with this draft in October 2022. That poll
had significant engagement from WG participants and
concluded that we did have consensus for finishing
this draft.

3. Has anyone threatened an appeal or otherwise indicated extreme discontent? If
  so, please summarize the areas of conflict in separate email messages to the
  responsible Area Director. (It should be in a separate email because this
  questionnaire is publicly available.)

No appeal has been threatened. The people associated
with the implemention mentioned above continue to be
unhappy with aspects of the draft. (That's all public
on the WG list.)

4. For protocol documents, are there existing implementations of the contents of
  the document? Have a significant number of potential implementers indicated
  plans to implement? Are any existing implementations reported somewhere,
  either in the document itself (as [RFC 7942][3] recommends) or elsewhere
  (where)?

There are multiple implementations that were
used to produce the examples in the draft.

## Additional Reviews

5. Do the contents of this document closely interact with technologies in other
  IETF working groups or external organizations, and would it therefore benefit
  from their review? Have those reviews occurred? If yes, describe which
  reviews took place.

Not needed. The OpenPGP community are engaged.

6. Describe how the document meets any required formal expert review criteria,
  such as the MIB Doctor, YANG Doctor, media type, and URI type reviews.

N/A.

7. If the document contains a YANG module, has the final version of the module
  been checked with any of the [recommended validation tools][4] for syntax and
  formatting validation? If there are any resulting errors or warnings, what is
  the justification for not fixing them at this time? Does the YANG module
  comply with the Network Management Datastore Architecture (NMDA) as specified
  in [RFC 8342][5]?

N/A.

8. Describe reviews and automated checks performed to validate sections of the
  final version of the document written in a formal language, such as XML code,
  BNF rules, MIB definitions, CBOR's CDDL, etc.

N/A.

## Document Shepherd Checks

9. Based on the shepherd's review of the document, is it their opinion that this
  document is needed, clearly written, complete, correctly designed, and ready
  to be handed off to the responsible Area Director?

This is ready. It's a complex spec with a lot of history
so it'll be no surprise if AD review/IETF LC or IESG
review throw up some issues related to clarity etc.

10. Several IETF Areas have assembled [lists of common issues that their
    reviewers encounter][6]. For which areas have such issues been identified
    and addressed? For which does this still need to happen in subsequent
    reviews?

N/A.

11. What type of RFC publication is being requested on the IETF stream ([Best
    Current Practice][12], [Proposed Standard, Internet Standard][13],
    [Informational, Experimental or Historic][14])? Why is this the proper type
    of RFC? Do all Datatracker state attributes correctly reflect this intent?

PS

12. Have reasonable efforts been made to remind all authors of the intellectual
    property rights (IPR) disclosure obligations described in [BCP 79][7]? To
    the best of your knowledge, have all required disclosures been filed? If
    not, explain why. If yes, summarize any relevant discussion, including links
    to publicly-available messages when applicable.

Mail to check sent to authors.

13. Has each author, editor, and contributor shown their willingness to be
    listed as such? If the total number of authors and editors on the front page
    is greater than five, please provide a justification.

All good afaik.

14. Document any remaining I-D nits in this document. Simply running the [idnits
    tool][8] is not enough; please review the ["Content Guidelines" on
    authors.ietf.org][15]. (Also note that the current idnits tool generates
    some incorrect warnings; a rewrite is underway.)

There are nits. We'll correct 'em as processing continues.

15. Should any informative references be normative or vice-versa? See the [IESG
    Statement on Normative and Informative References][16].

All good.

16. List any normative references that are not freely available to anyone. Did
    the community have sufficient access to review any such normative
    references?

All good.

17. Are there any normative downward references (see [RFC 3967][9] and [BCP
    97][10]) that are not already listed in the [DOWNREF registry][17]? If so,
    list them.

All good I think.

18. Are there normative references to documents that are not ready to be
    submitted to the IESG for publication or are otherwise in an unclear state?
    If so, what is the plan for their completion?

N/A

19. Will publication of this document change the status of any existing RFCs? If
    so, does the Datatracker metadata correctly reflect this and are those RFCs
    listed on the title page, in the abstract, and discussed in the
    introduction? If not, explain why and point to the part of the document
    where the relationship of this document to these other RFCs is discussed.

Yes, but all good.

20. Describe the document shepherd's review of the IANA considerations section,
    especially with regard to its consistency with the body of the document.
    Confirm that all aspects of the document requiring IANA assignments are
    associated with the appropriate reservations in IANA registries. Confirm
    that any referenced IANA registries have been clearly identified. Confirm
    that each newly created IANA registry specifies its initial contents,
    allocations procedures, and a reasonable name (see [RFC 8126][11]).

IANA changes (vs. RFC4880) were discussed by the
WG and agreed.

21. List any new IANA registries that require Designated Expert Review for
    future allocations. Are the instructions to the Designated Expert clear?
    Please include suggestions of designated experts, if appropriate.

There are new registries but we think the DE instructions
are clear. We'll work with our AD on suggested DE folk
later.