OpenPGP
draft-ietf-openpgp-crypto-refresh-13

Approval announcement
Draft of message to be sent after approval:

Announcement

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: The IESG <iesg@ietf.org>, draft-ietf-openpgp-crypto-refresh@ietf.org, openpgp-chairs@ietf.org, openpgp@ietf.org, rdd@cert.org, rfc-editor@rfc-editor.org, stephen.farrell@cs.tcd.ie
Subject: Protocol Action: 'OpenPGP' to Proposed Standard (draft-ietf-openpgp-crypto-refresh-13.txt)

The IESG has approved the following document:
- 'OpenPGP'
  (draft-ietf-openpgp-crypto-refresh-13.txt) as Proposed Standard

This document is the product of the Open Specification for Pretty Good
Privacy Working Group.

The IESG contact persons are Paul Wouters and Roman Danyliw.

A URL of this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/

Ballot Text

Technical Summary

   This document specifies the message formats used in OpenPGP.  OpenPGP
   provides encryption with public-key or symmetric cryptographic
   algorithms, digital signatures, compression and key management.

   This document is maintained in order to publish all necessary
   information needed to develop interoperable applications based on the
   OpenPGP format.  It is not a step-by-step cookbook for writing an
   application.  It describes only the format and methods needed to
   read, check, generate, and write conforming packets crossing any
   network.  It does not deal with storage and implementation questions.
   It does, however, discuss implementation issues necessary to avoid
   security flaws.

   This document obsoletes: RFC 4880 (OpenPGP), RFC 5581 (Camellia in
   OpenPGP) and RFC 6637 (Elliptic Curves in OpenPGP).

Working Group Summary

This draft is the sole deliverable of the currently chartered OPENPGP WG reopened in 2020.  The OPENPGP WG previously closed in 2017 without finishing this deliverable.

In 2021, the WG adopted the document largely based on this prior work.  In 2022, an alternative to this WG document was proposed (draft-koch-openpgp-2015-rfc4880bis) by a significant implementer.  The WG consensus was to continue ahead with this document.  See 
https://mailarchive.ietf.org/arch/msg/openpgp/PWp3ZcZ_qnDNLhuT-zR7gA2ddeg/.

In October 2023 during the second WG last call, this same implementer raised concerns about backwards compatibility.  See  
https://mailarchive.ietf.org/arch/msg/openpgp/BLgKYP9CbGtMsIJRV3Ws9jh57Tw/ and https://mailarchive.ietf.org/arch/msg/openpgp/moMPKZj83kmr5x2Zd9uGGUqxIS8/.  The WG consensus was to continue with publication.

These and related concerns were raised in IETF Last Call.  See https://mailarchive.ietf.org/arch/msg/last-call/H6RmSWvc5LOcJjSig-i4awjQFFw/.  The WG chairs summarized the situation in https://mailarchive.ietf.org/arch/msg/last-call/b5LQGVlvWvudI3qF42ntvd8wblU/ as:

==[ snip ]==
... the main developer of a significant implementation is in the "rough"
part of ... consensus ... the WG did explicitly consider [the identified concerns] during the work.
==[ snip ]==


Document Quality

There are multiple implementations that were used to produce the examples in the draft.

The OpenPGP interoperability test suite is 
coordinated by the Sequoia project at:

  https://tests.sequoia-pgp.org/


Personnel

   The Document Shepherd for this document is Stephen Farrell. The
   Responsible Area Director is Roman Danyliw.

RFC Editor Note