►
From YouTube: IETF-OPENPGP-20230927-1400
Description
OPENPGP interim meeting session
2023/09/27 1400
https://datatracker.ietf.org/group/openpgp/meetings/
A
That's
great,
thank
you
Aron.
Can
we
we
we
we
look
for
at
second.
A
D
Volunteer,
yes,
I
think
so
many
thanks.
Do
you
hear
my
video
isn't
working
so.
A
Thank
you
and
for
the
notak
takers,
we,
you
know
we
do.
A
So
it's
most
important
to
try
and
just
get
you
know,
decisions
outcome
of
discussion
and
you
don't
necessarily
need
to
try
and
capture
all
the
the
blowby.
C
Maybe
it
sounded
more
like
Network
interference
than
like
local
audio
problems.
Okay,
okay,
do
you
want?
You
kick
off,
yep
sure,
welcome
everyone
to
the
open,
pgp,
the
interim
meeting
in
September
2023,
you're
I'm,
one
of
your
co-chairs,
I'm,
Daniel
and
Stephen-
is
your
other
co-chair.
Thank
you
very
much
to
the
folks
who
volunteered
to
take
minutes
to
take
notes
rather,
which
is
Aon,
Whistler
and
stabos.
Anybody
else
can
click
on
the
note
taking
link
and
help
them
out
as
well.
That
would
be
great.
C
This
is
part
of
the
iotf
process.
So
you
have
this
ETF
not
well
here.
You've
probably
seen
this
in
other
iatf
contexts
looks
like
everybody
here
have
has
I
think
been
involved
with
ITF
at
some
point
or
another,
just
just
a
reminder
that
you
should
pay
attention
to
these
particular
concerns,
in
particular
concerns
about
intellectual
property
and
being
good
to
one
another.
This
is
an
all
remote
meeting.
There's
nobody
in
person!
C
Please
take
your
audio
and
video
off
unless
you're
active.
If
you
can
use
a
headset,
that
would
be
great
and
if
you
want
to
speak,
just
add
yourself
to
the
queue.
The
queue
is
a
little
hand
button
in
the
upper
left
of
your
meet
Echo
interface.
If
you
press
that
we'll
see
that
you're.
C
Then
either
Steve
or
I
will
call
on
you.
There
is
a
text
chat
as
well.
You
can
either
see
the
text
chat
in
a
tab
here
to
the
left,
which
is
where
it
says,
chat
panel
or
you
can
go
to
zip.
ietf
org
and
join
the
open,
pgp
channel,
and
it's
useful
to
be
able
to
follow
stuff.
C
Well,
one
more
thing:
this
is
a
the
ITF
code
of
conduct
be
courteous,
challenge,
challenge
ideas,
not
people
communicate,
clearly
use
reasoned
argument
and
we're
looking
for
fixes
that
will
help
the,
inter
as
a.
C
For
any
particular
party-
and
this
is
a
working
group-
so
we
are
trying
to
figure
out
how
the
working
group
is
going
to
go
our
agenda
for
today,
I'll
give
a
brief
reminder
of
the
status
of
the
crypto
refresh
draft,
which
is
our
only
chartered
work.
And
then
the
main
point
of
this
interim
meeting
is
to
try
to
sort
out
what
we
want
our
new
Charter
to
be
because
we're
very
close
to
the
end.
C
So
to
that
end,
we've
got
five
presentations
from
four
different
people
about
specific
work
that
might
be
considered
for
the
chartering,
we'll
take
a
look
through
the
specific
text
that's
been
proposed
and
if
anybody
has
any
comments
or
wants
to
point
to
existing
drafts,
we
can
handle
that
EV
as
well.
I
see
Paul,
asking
me
for
more
volume.
Give
me
a
minute
and
I
will
try
to
do
that.
Is
that
any
better.
G
C
That
not
hearing
anything
I'm
gonna
and
let
me
just
make
sure
that
we
have
everybody
here
who
has
submitted.
We
do
not
have
Neil
here.
Otherwise
we
have
all
the
folks
who
have
submitted
slides.
G
G
C
Okay,
thanks,
if
you
can
raise
Neil-
and
he
comes
in
before
we
get
to
him-
that's
also
works
too
and
Daniel
I.
Have
you
listed
there
under
the
rechartering
text,
because
your
merge
request
for
the
chartering
text
is
probably
the
most
complete,
but
that
doesn't
mean
that
we're.
C
Expecting
you
to
present
it,
although
we
we
do
I
hope
that
you'll
try
and
why
those
suggestions
so
crypto
refresh
status.
We
we
had
an
area
director
review
did
not
expose
any
major
flaws,
but
there
were
many
suggested
improvements.
Paul
has
been
diligent
about
responding
to
those
and
submitted
a
whole
and
also
swept
through
the
out
sending
Arata.
There
are
proposed
changes
that
are
in
gitlab
and
they've
all
been
tagged
with
the
ad
review.
Sorry
ad
review
tag
in
gitlab,
there's
a
link
there.
C
If
you
open
the
formal
slides
you
can
click
through
to
that
or
you
can
just
go
to
gitlab
for
the
rfc4
Bas
repository
and
click
over
to
the
set
of
merge
requests
that
have
that
are,
and
you
can
sort
them
by
a
tag
with
area
director
review.
The
goal
is
to
get
this
thing
out
the
door.
So
if
you
see
anything
in
there
that
you
don't
like,
please
speak
up,
and
if
you
see
there
that
you
do
like,
please
also
speak
up.
C
We
want
to
know
that
the
working
group
is
okay.
With
with
these
changes
in
response
to
the
area
director's
review,
and
many
thanks
to
Roman,
who
is
not
here
today,
but
for
his
work
on
on
taking
through
that
any
questions
about
the
crypto.
A
Refresh
so
just
wondering
what
our
plan
then
is
to
submit
a
new
ID
and
then
give
the
working
group
a
few
days
to
check
Che
that
that's
okay
and
then
discuss
with
Roman
if
he
thinks
it's
also
okay,
to
move
forward,
I
guess.
C
I
think
that's
right!
Paul!
If
I
recall
correctly,
there
are
also
a
few
outstanding
Arata
that
you
mentioned
not
having
dealt
with
and
you're
looking
for
more
people
to
propose
texts
to
correct
those
S.
You
want
to
speak
to
that.
I
Yeah
that's
correct
there.
There
are
like
I,
think
two
or
three
items
that
have
no
text
yet
because
I
wasn't
sure
what
to
propose
other
than
that.
Yes,
I
I
will
wait
for
a
bit
more
feedback
before
U
merging
the
current
request
into
the
into
Mainline
document
and
then
I'll
cut.
A
new
draft
for
Roman
to
look
at
like
most
ads,
actually
prefer
not
to
deal
with
like
the
the
third
party
system,
because
then
they're
not
guaranteed
that
that
actually
got
into
the
draft.
I
So
I
do
want
to
cut
a
new
draft
for
Roman,
and
then
he
can
say
if
we
need
another
one,
it
doesn't
really
matter
that
we're
going
to
ref
it
twice
or
not.
So
so
my
plan
was
to
merge
it
in
and
if
we
think
we've
addressed
all
the
issues
then
cut
a
new
draft
and
give
it
to
Roman.
A
I
I
Well
depends
a
bit
on
feedback
if,
if
there's
a
lot
of
feedback
that
requires
changes,
it
will
take
some
more
time
but
other
other
than
that
I
would
say.
I
really
want
to
get
this
done
within
one
to
two
weeks
like
I.
Don't
want
to
rush
it
too
fast,
so
people
who
happen
to
be
gone
this
week
can
give
feedback,
but
I
also
don't
want
to
wait
too
long.
So
does
that
seem
reasonable.
A
Yeah,
that's
that's
that
that's
great!
So,
let's,
let's
ask
people
to
to
consider
any
issues:
the
rising
look
at
the
Ming
L
traffic.
Look
at
the
tagged
issues
in
gitlab
o
over
the
next
week,
if
at
all
possible-
and
let's
say
with
the
understanding
that,
if
you
know
if
people
don't
raise
issues
in
the
next
week
or
so
then
we'll
we'll
move
ahead
with
putting
a
draft
and
and
giving
it
to
Roman
again.
A
I
I
mean
if
I
don't
get
any
feedback
at
all
I'll
I'll
I'll
try
to
individually
Pok
on
people
to
at
least
have
one
more
set
of
eyes
to
look
over
things.
I!
Don't
really
want
to
merge
anything
that
that
has
only
be
seen
by
me,
but
I
will
I
will
poke.
That
and
I
will
give
a
an
update
like
on
Monday
again
to
see
where
we
are.
C
Changes
I'm
I'm,
specifically
committing
myself
to
looking
over
those
changes
this
week
before
the
before
the
week
is
up
that
Paul
is
given
I
happy
to
have
that
in
the
notes
and
I
will
also
and
I
noted
that
Daniel
in
the
chat
U
is
volunteering
to
look
over
the
the
last
AATA
and
we'll
do
so.
I'm
also
going
to
look
over
the
last
outstanding
AATA
and
see
if
I
can
proposed
text
so
I.
Don't
think
that
Daniel
or
I
would
end
up
in
any
serious
conflict.
I
And
sorry,
one
more
thing:
I
I
did
talk
to
the
isg
and
Ayana
about
where
they
would
like
to
see
a
list
of
erata
entries
that
this
document
fixes
I
wasn't
sure
what
the
common
practice
was.
But
it
seems
that,
because
this
list
is
so
huge,
Ayana
specifically
said
they
would
really
like
that
to
be
a
list
in
documents.
I
I'll,
add
some
appendix
or
we
list
all
of
them.
C
A
Right,
okay,
so
I
think.
The
summary,
then,
is
if
you
care
about
this,
go
look
at
it
in
the
next
week.
Meanwhile,
Paul
dkg
and
Daniel
will
be
working
on
it
and
we'll
produce
something
to
give
for
ran
in
the
next
one
or
two
weeks
and
then
hopefully
we'll
all
proceed
happily
towards
becoming
an
RFC
in
the
months
ahead.
A
Just
as
a
kind
of
level
set
on
the
on
the
chartering,
I
think
our
goal
today
is
to
have
a
good
understanding
of
what
we
want
to
have
in
the
new
Charter
and
then
to
Wordsmith
Charter
text.
Subsequently
with
a
view
to
hopefully
having
a
charter
to
present
to
the
to
our
ad
and
the
isg
before
thef
in
November.
C
That
a
good
I
think,
that's
I,
think
that's
correct
Stephen.
So
the
goal
here
is
to
get
people
on
the
same
page
understanding
what
people
are
interested
in
here
if
there
are
concerns
about
things
and
also
I,
would
like,
during
this
meeting
to
think
a
little
bit
about
Milestones,
because
that's
one
of
the
things
that
Roman
specifically
asked.
If
we're
proposing
a
charter
text,
do
we
have
any
idea
about
specific
Milestones
that
we
might
want
to
include
so.
A
And
and
I
think
yeah,
and
for
that
I
think
most
Milestone
dates
are
fiction,
as
we
all
know,
but
the
sequencing
is
actually
more
interesting
right.
You
know
there's
pieces
of
work
that
people
think
need
to
be
in
a
certain
order
or
are
more
interesting
to
try
to
get
done.
First,
then,
that's
that's
the
useful
thing
for
now
and
we
can.
We
can
assign
fictional
dates
to
those
later
right.
C
Right
thanks,
okay,
so
I
think
we're
going
to
jump
into
the
presentations
now
hearing
no
other
feedback,
so
ustus.
If
you
want
to
jump
in
your
camera's
working.
G
Yes,
thank
you,
yeah,
let's
Jump
Right
In
next
slide.
G
G
So
as
my
observation
that
the
current
status,
the
status
quo,
is
that
the
standard
provides
mechanism
and
is
quite
vague
on
semantics,
and
we
didn't
change
that
in
the
crypto
refresh
because
we
felt
like
that
was
out
of
scope
mostly
and
while
some
may
think
that
this
is
a
good
thing
for
a
standards
document
I
think
that's
wrong
or
it's
holding
us
back
and
as
a
motivating
example,
I
have
included
a
random
result
from
the
interop
test
suite,
and
the
test
is
asking
a
quite
simple
question:
I
think
is
a
signature
valid.
G
It's
a
binary
signature.
There
is
nothing
funky
going
on
with
the
certificate
here
is
some
data,
here's
the
signature.
Is
it
valid
or
not,
and
what
it
mostly
does
is
play
around
with
the
signature
subpackets,
and
we
can
see
that
the
results
very
widely
and
I.
Don't
think.
That's
a
good
thing.
Next
slide.
G
Please
so
I
went
through
the
open
issues
in
the
in
our
buck
tracker
and
went
through
all
the
issues
that
have
been
labeled
as
as
Uncharted
and
put
them
in
like
three
categories,
and
surprisingly,
messages
are
the
least
worst
understood,
object
and
I
don't
want
to
go
into
details.
There
is
lots
of
discussion
going
on
in
the
buug
tracker
and
I
think
we
should
pick
that
up
next
slide.
G
G
Certificates
are
more
interesting,
a
way
more
complex,
compound
structure
of
packets
and
I
feel
like
here.
It
really
shows
that
the
the
text
lacks
guidance
and
again
I
went
through
the
the
issue,
tracker
and
added
added
a
lot
of
points
and
then,
in
the
end,
I
added,
like
my
pet
peeves
with
it
that
I
feel
like
we're
not
represented
in
the
issues,
notably,
the
question
is
or
like
a
top
level
question
is
under
what
C
circumstances
is
the
certificate
valid
and
how?
How
does
it
work?
G
You
know,
how
do
you
canonicalize
a
certificate
and
reason
about
it,
and
notably,
there
is
a
matter
of
revocations
which
I
think
dkg
will
also
talk
about,
and
what
we
think
should
happen
is
that
we
introduce
two
classes
of
revocations
hard
revocations
like
key
material
is
compromised
and
you
know
no
signature
May
ever
be
trusted
again
right,
but
then
again
there
are
some
software
revocations
that
could
possibly
be
undone,
but
implementation
is
currently
handle
this.
You
know
in
a
variety
of
ways,
and
that
makes
revocation
a
brittle
mechanism.
G
Please
finally,
signatures:
there
was
actually
a
nice
essay
from
Paul
from
PG
painless
who,
who
has
a
long
essay
blog
post
about
what
he
does
or
what
he
thinks
should
be
done
to
check
whether
a
signature
is
valid
and
it
goes
into
some
detail
on.
You
know
what
do
I
have
to
do
with
the
issuing
certificate.
G
How
do
I
canonicalize
it
at
which
point
in
time
and
stuff
and
then
a
lot
of
complexity
and
signatures
seems
to
re
revolve
around
subpackets
and
again,
there
is
a
lots
of
open
issues
in
the
issue.
Tracker
and
again,
I'll
say
a
few
things
about
my
pet
piece.
G
There
I
feel
like
there
should
be
more
guidance
about
how
many
subpackets
should
we
expect
and
what
should
happen
if
there's
more
or
fewer
than
the
expected
number
of
subpackets,
and
then
you
know
there
is
a
confusion,
maybe
about
What
sub
packets,
on
the
direct
key
signatures
should
cover.
That's
also
issue
100
70,
and
notably
there
is
a
question.
You
know
what
do
subkey
bindings
need,
key
flex
or
not,
and
I
think
they
should
have
key
flex
mandatory.
G
Likewise,
the
reason
for
revocation
should
be
mandatory
on
revocation
signatures
and
then
there's
the
regular
expression
subpacket,
which
is
not
not
the
favorite
subpacket
of
our
I
guess
that
should
be
replaced
and
finally
trust
signatures
or
the
delegations
they
can
be
scoped.
The
the
length
of
the
chain
can
be
restricted,
but
we
feel
like
the
maximum
value,
should
mean
infinite,
not
like
255
all
right.
That's
my
my
presentation,
I
think
these
are
open
questions
that
the
working
group
should.
A
Address
thanks,
Justice
yeah,
so.
A
E
Hice
you
were,
you
were
saying
that
you
wanted
a
definite
finite,
parsing,
depth,
rn1
and
then
at
the
bottom
here
you're
saying
that
there
should
be
an
indefinite
t
Sig
depth.
Do
they
not
kind
of
pull
against
each
other
me
if
we're
worried
about
exhausting
resources,
you.
E
G
Yeah,
that's
a
good
question:
I
mean
the
the
evaluator
could
still
decide
to
constrain
the
the
search
right.
E
Yes,
but
then
does
that
not
become
implementation
specific
and
then
we
we
end
up
having
you
know
things
will,
will
you
know
some
trust
signatures
will
work
in
some
circumstances
and
not
in
others.
A
Thanks
so
just
I,
just
added
myself
to
the
queue
to
ask
I
mean:
how
would
you
see
this
kind
of
work
being
done?
Is
it
you
know
a
bbas
document,
or
is
it
possible
to
kind
of
do
this
kind
of
work
with
separate
documents,
or
do
you
think
you
could
start
with
a
separate
document
and
then
see
how
to
progress
from
there?
And
what's
the
kind
of
idea
about
how
you
you?
How
would
this
kind
of
happen
in
terms
of
producing
outputs
from
the
working.
A
H
A
The
now
I
guess
for
now,
then
what
we
I
guess,
what
we
could
envisage
if
this,
if
this
work
was
part
of
the
charter,
would
be
to
that.
You
know
you
or
somebody
would
write
an
internet
draft
proposing
a
whole
bunch
of
fixes
and
then
we'd
have
to
figure
out
how
to
dispose
of
those
in
terms
of
updating
documents
or
new
RC's
or
whatever,
okay
yeah
good.
Anyone
else
want
to
join
the
queue
to
ask
questions
or
comments
on
this.
This
set
of.
A
E
Can
I
get
a
yeah
Andrew
go
ahead?
Sorry
for
jumping
back
in
there
were
a.
There
were
a
couple
of
other
things
discussed
on
the
list
about
the
semantics
of
signatures.
E
So
maybe
we
could
roll
kind
of
semantics
of
signatures
into
a
a
larger
document
and
then
have
a
like
a
semantics
of
signatures
document
that
could
be
read
alongside
the
the
crypto
refresh,
rather
than
being
something
that
would
replace
it.
Obviously,
I,
don't
think
anybody
has
any
appetite
for.
A
Dkg
I
guess
what
what
we
can
do
is
when
we
get
to
the
you
we
get
at
the
end
of
the
presentations.
We
can
maybe
ask
some
kind
of
poll
questions
as
to
whether
people
are
keen
on
tackling
these
topics
like
this
or
any
other
thought
on
how
to
organize.
A
B
Aon
these
initiatives
should
have
like
an
owner
or
like
someone
who
is
willing
to
make
sure
that
they
happen
and
then
some
people
that
are
interested
to
working
into
this
feature,
let's
say
or
into
this
documents
as
authors
or
contributors,
and
then
someone
who
is
willing
to
to
review
so
I,
would
split
these
three
categories
of
people,
owners,
contributors
and.
A
Reviewers
sure,
just
to
point
out
I
mean
that
that
that
could
be
something
that
happens
in
the
process
of
rechartering
or
we
could
recharter
to
enable
that
to
be
done
in
the
working
group
under
the
new
Charter.
A
So
you
know
we
don't
necessarily
have
to
it's
nice
if
we
know
who's
going
to
do
what
for
sure
U,
but
we
don't
have
to
have
that
a
fine
gra
view
of
that
necessarily
yeah
before
rechartering,
okay,
okay,
so
I
I,
unless
dkg
objects,
I
think
what
we'll
do
is
get
through
the
presentations
and
then
ask
the
you
know.
Maybe
set
do
some
polls
later
on
when
people
have
seen
all
the
presentations
as
to
what
they
feel
good
about
or
what
they
want
to
argue
against.
A
Gl,
okay,
so
I
guess
we
we
could
move
on
to
the
next.
Oneg
is
doing
that
now.
J
Great
yeah,
so
for
the
pqc
rechartering,
we
have
proposed
this
short
text
to
cover
the
integration
of
post
Quant
cryptography
into
the
open
pgb
protocol.
As
we've
stated
quite
a
few
times
already,
we
have
a
draft.
The
draft
is
version
two
it's
published
and
we
have
a
repository
where
one
anyone
can
make
comments
public
comments,
which
already
happened.
So
there
has
been
a
bit
of
discussion
and
yeah.
Of
course,
our
hope
is
that
the
draft
will
be
adopted
by
the
working.
J
Group
yeah
I
think
there's
not
not
to
much
to
say
because
we
multiple
times
we
have
talked
about
this
topic
in
the
working
group.
So
if
there
are
any
questions
or
comments,
I
think
it
makes
sense
to
discuss
them.
But
from
our
side
we
don't
see
the
need
to
go
into
the
details.
A
J
J
Yeah,
that
is
true.
We
have
also
already
committed
code
to
have
code
merged
into
the
r&p
library,
and
this
is
not
fully
not
yet
fully
supporting
the
V6
code
because
we
only
implemented
what
we
need
for
pqc,
but
yeah.
We
have
based
on
r&p
and
Bon.
We
have
a
running
code
on
our
side
and
proton
also
has
some
running
code.
I
know,
but
Aaron
could
say
more
to
that
of.
B
A
Okay
and
then
so
I
think
there's
the
I
think
there's
been
pretty
clear
agreement
that
addressing
pqc
is
a
is,
is
a
good
topic
for
rechartering
and
just
to
just
so
so,
I
can
understand.
A
There's
there's
some
separation
between
you
know.
Let's
say
wanting
to
address
the
record
now:
decrypt
later
attacks
versus
having
a
full
Suite
of
including,
let's
say,
possibly
even
hybrid
sign
schemes,
I
I,
I.
Think
the
reading
of
this
suggestion
for
the
recharter
text
I
assume
that
that
means
you
know
the
working
group
would
decide
those
kind
of
issues
during
the
process
of
let's
say
you
know
a
discussion
on
adoption
of
the.
A
J
Intention
to
keep
it
completely
open,
whatever
the
working
group
then
really
wants.
But
we
think
we
should.
That
should
be
discussed
in
detail
and
with
enough
time
for
anyone
to
work
into
the
topic
and
review
all
the
use
cases
and
the.
A
A
This
not
seeing
anyone,
okay,
again,
we'll
we'll
we'll
we
can
do
some
kind
of
polls
about
these
topics
toward
later
on
in
the
meeting,
so
I
think
thanks
Falco
and
we
can
probably
jump
to
the
next.
G
G
So
you
observed
that
in
in
open
pgp
implementations
or
in
the
in
the
spec,
there
is
only
one
single
interchange
format
defined
can
I
get
the
next
slide.
Please
for
exchanging
certificates
and
keys,
and
that's
key
rings,
and
indeed
Thunderbird
and
gy
G
can
use
key
rings
to
to
store
their
certificates
and
the
problem
with
that
is
that
it,
it
doesn't
scale,
and
that's
really
apparent
if,
if
you're
working
with
g
g
and
have
a
large
number
of
keys,
it's
it's
really
slow
and
there
have
been
some
improvements.
G
For
example,
GG
has
key
box,
which
also
is
still
expensive
to
access
and
modify,
and
newer
versions
have
a
key
demon
which
I
think
uses
SQL
I,
which
is
better,
but
we
moved
from
a
standard
open
protocol
to
a
proprietary
format.
There
is
an
extension
mechanism
in
the
form
of
trust,
packets
and
the
the
content
of
the
trust
packets
is
implementation
defined.
So
it's
no
suitable
way
to
to
exchange
information,
and
then
there
are
some
other
storage
solutions
for
authentication
information.
G
For
example,
Thunderbird
has
this
acceptance
table
in
sqlite
and
GG
has
the
trustb
and
those
are
also
proprietary,
and
you
can't
exchange
information
using
these
mechanisms
and
all
of
that
leads
to
poor
performance
and
poor
interoperability.
G
And
if
you
look
at
x509,
in
contrast,
there's
been
quite
a
bit
of
effort
to
change,
implementations,
to
use
a
common
certificate
store
and
the
the
nice
thing
about.
That
is
that
you
can
expect
applications
to
behave
consistently,
even
if
they
use
different
implementations
and
I'd
like
to
see
that
for
open
pgp
next
slide.
G
Please
so
our
proposed
solution
is
to
have
a
a
storage
directory
inspired
by
Ma
deer.
This
is
what
my
certificate
looks
in
my
certificate
directory.
Notably
there
is
a
default
location,
and
you
can
you
know
you
don't
need
to
synchronize
if
you
just
read
it,
but
if
you
modify
the
store,
you
need
to
synchronize
and
it's
indexed
by
primary
key
fingerprint,
and
there
is
an
extension
mechanism
for
building
indices.
For
example,
you
need
to
do
efficient,
lookups
by
subkey
thing,
print
or
subkey.
G
Key
ID,
and
currently
our
proposed
text
doesn't
include
that.
But
there
is
an
extension
mechanism
and
notably
there
is
one
distinguished
certificate
and
in
fact,
potentially
also
key.
G
And
that's
the
trust
route
and
with
the
trust
rout.
You
can
take
your
web
of
trust
engine
and
you
know
you
can
authenticate
user
IDs
on
certificates.
You
can
add
your
own
local
pet
names
to
certificates.
Like
you
know,
this
is
the
key
I
use
for
mom.
G
You
can
use
local
signatures
to
record
Provence
information
and
in
theory
you
know
if
you
can
share
this
information,
because
it's
all
open,
PTP
data
and
you
can
reason
about
it
with
the
V
of
trust
calculus
engine,
then
you
can
have
applications
using
different
op
pgp
implementations
behaving
consistently
next
slide.
G
Draft,
it's
expired
by
now,
but
I
think
it's
a
good
starting
point.
We
have
two
implementations,
one
implemented
by
Paul
and
it's
based
on
PG,
painless
and
one
is
based
on
zya
and
in
fact
you
know
you
have
you
see
two
links
for
every
implementation,
there's
like
a
a
low
level
and
a
high
level
interface
for
that
and
the
lowlevel
interface
doesn't
necessarily
you
know,
depend
on
the
PTP
implementation
itself
and
I'd
like
this.
G
This
work
to
be
adopted
by
the
working
group
and
I
hope
this
will
lead
to
better
interoperability
and
better
performance
and
more
consistent,
behavior
of
PTP
implementations
and
applications
built
on
top
of
that.
Thank.
A
You
so
again
yeah
any
questions
for
justice
on
this
topic.
Please
join
the
queue.
C
Usus
I
I
asked
in
the
text
chat
whether
you're,
willing
to
have
the
working
group
have
change
control
over
the
document
like
are.
Are
you
asking?
Are
you
proposing
this
that
the
working
group
would
explicitely.
C
I
think
so
makes
sense.
I
mean
it
sounds
like
you
there's.
We
have
two
implementations
already
from
folks
who
are
active
in
the
working
group,
so
that
seemed
reasonable
to
me.
Would
you
be
up
for
proposing
a
little
bit
of
text
into
the
charter.
MD
over
in
the
working
group,
admin,
repo.
A
Think
the
yeah,
so
the
just
on
the
trust
route
is
the
is
that
envisaged
to
be
something
that
the
you
know,
the
owner
of
a
search
store
has
a
key
PA
just
for
doing
this
kind
of
management,
or
is
that
also
envisaging,
let's
say,
an
operating
system
Distributing?
You
know
a
public
trust
rout
along
with
a
bunch
of
other
key
information
or
both.
G
Yeah,
that's
that's
a
good
question.
I
mean
the
original
intent
is
for
the
owner
of
the
the
store
to
to
have
a
a
certificate
and
key
to
issue
local
certifications
with
the
idea
that
you
know
with
with
the
web
of
trust
as
a
calculus.
You
can
reason
about
that.
There
is
no
no
special
thing
like
the
the
trust,
DB
or
anything
and
It
just
fits
nicely
into
that,
and
then
in
indeed
the
question
is
what
about
like
a
systemwide
store,
or
you
know
what
about
trust.
G
A
A
J
H
No,
no
just
just
it.
It
feels
like
this
is
very
much
about
interoperability
at
a
machine
level
between
multiple
pgp
applications,
rather
than
interoperability,
between
implementations
on
different
machines.
Given
that
it's
a
file
structure
which
presumbly
would
have
to
be
tarred
up
or
the
transferring
between
machines
is
different.
Is
that
the
intention
that
we
a
shared
store
for
multiple
applications
on
the
same
machine?
Or
do
you
see
it
as
more
generic
than
that?
Also
in
terms
of
scalability?
What
happens
if
you
have
a
large
key
store?
G
Yes,
indeed
so
yeah
it's
about
interoperability
between
between
between
programs,
it's
about
reducing
vendor
lockin
and
you
know
enabling.
G
More
competition
in
a
good
way,
and
indeed
there
there
should
be
indices
for
you
know,
subkey
handles
or
user
IDs,
and
that's
currently
or
the
the
current
spec
says
it's
out
of
scope.
But
there
is
this
extension
mechanism,
so
we
hope
that
people
will
experiment
with
that
and
then
specify
an
I,
don't
know
an
sqlite
schema
or
something,
and
then
we
will
potentially
later
on
adopt.
G
Right
and
in
terms
of
scalability,
so
we
looked
at
what
git
does
and
we
split
off
the
first
two
hex
digits
and
use
that
as
a
subdirectory
index,
and
we
we
figured
if
it
if
it's
scales
for
git,
then
it
will
probably
scale
for
us
I.
H
C
Height
thanks,
so
just
as
a
as
a
note,
maybe
other
folks
would
more
iatf.
C
Experience
can
weigh
in
on
this,
but
I
agree
Jonathan
that
it
looks
like
it
takes
it
a
little
bit
more
out
of
the
realm
of
sort
of
networked
interoperability,
but
open
pgp
is
also
a
store
and
forward
thing
and
and
if
you
consider
a
key
ring
as
an
openpgp
object,
it's
not
entirely
unreasonable
to
ask
about
how
we
construct
these
things
to
be
interruptable
within
the
machine
or
even
within,
like
AAR
ball
as
part
of
a
backup
or
something
like
that.
C
So
I,
don't
I,
don't
think
that
it's
impossible
to
imagine
the
ITF
working
on
something
like
this.
Although
I
agree
with
you,
it
would.
C
G
All
right-
that's
also
me
so
unfortunately,
Neil
cannot
be
here
today.
So
I
will
do
my
very
best
to
present
his
slides,
so
open
pgp
defines
mechanism
for
doing
authentication,
notably
if,
if
you
have
a
key
that
has
the
certification
capability,
then
you
can
use
that
to
create
third
party
certifications,
which
is
a
a
signature
with
the
same
kind
of
syntax
as
The
Binding
signature.
But
what
you
do
is
you
you
bind
or
you
certify
a
binding
between
a
primary
key
and
the
user
ID,
and
then
there
are
delegation.
G
So
you
can
mark
your
your
certification
as
a
trust
signature,
and
there
are
are
two
constraints
with
that.
You
can
constrain
the
the
length
of
the
chain
that
you're
are
willing
to
use
to
authenticate
a
Target
binding,
and
then
you
can
constrain
the
amount
of
trust
that
that
you're
willing
to
derive
from
this
delegation.
G
And
finally,
there
is
a
scoping
mechanism,
and
currently
the
scoping
mechanism
uses
regular
Expressions
on
the
on
the
target
domain,
and
that's
not
not
the
nicest
mechanism,
but
it's
there,
notably.
What
these
n
does
not
do
is
to
actually
Define
how
to
authenticate
the
user,
ID
and
or
The
Binding
between
a
key
and
a
user
ID,
and
there
are
web
of
trust
implementations.
You
know,
classic
pgp
had
one
and
GG
has
one,
but
while
there
is
some
documentation
targeted
at
users,
the
exact
semantics
are
not
well
defined.
Next
slide.
G
Please
and
I
think
an
interesting
observation
is
that
open
pgp
is
a
a
very
expressive
calculus
and
it
you
can
express
a
variety
of
ways
to
to
authenticate
bindings
with
it
and
when
we
look
at
x509
you
have
this
hierarchical
way
of
doing
things
and
that's
actually
a
subset
of
what
what
open,
PTP,
open,
ptps
web
of
trust
can
do,
and
the
most
obvious
use
case
is:
you
know
to
incre
increase
security
by
authenticating
these
bindings,
but
a
very
important
and
often
overlooked
use
case
is
to
increase
usability,
two
fault
actually.
G
First,
if
you're
doing
key
Discovery
and
you
can
authenticate
the
the
key
and
the
user
ID
or
your
target
person,
then
you
can
be
sure
that
if
you
send
a
message,
the
target
person
can
decrypt
it,
or
at
least
you
didn't
use
the
wrong
key
right
and
that's
also
usability
aspect.
G
You
know
tell
me
who
the
owner
is
in
in
in
my
context,
because
I
was
able
to
authenticate
it
next
slide,
please
so
traditionally
or
what
most
people
associate
with
the
web
of
trust
are
key
signing
parties,
which
is
it's
peer-to
peer.
We
come
together,
grass,
throughs
way
of
creating
authent
certifications
and
a
lot
of
people
have
made.
You
know,
have
tried
that
and
failed
or
have
seen
the
process
fail,
and
so
I
think
this
is
where
a
lot
of
the
better
reputation
comes
from.
G
But
there
are
other
ways
to
to
do
that.
For
example,
you
can
try
to
implement
a
Federated
way.
You
can
have
a
CA
in
your
organization,
be
it's
small
or
big.
You
can
have
huge,
centralized
public
CA
and
there's
precedence
for
that.
So
there's
the
pgp
global
directory,
and
nowadays
we
also
have
the
proton
CA,
which
is
not
for
everyone,
I
think,
but
is
for
all
the
proton
customers.
G
And
finally,
you
can
express
different
trust
models
using
the
web
of
trust
calculus.
For
example,
if
you
record,
when
you
use
the
certificate
using
local
certifications,
then
you
can
Implement
tofu
on
top
of
that,
and
likewise,
if
you
record
provenance
information
for
example,
if
you
get
a
certificate
via
wkd,
you
can
create
a
a
local
certification
saying
you
know.
I
I
got
this
key
on
on
this
day
and
you
can
associate
a
tiny
bit
amount
of
trust
with
with
the
fact
that
you
got
this
key
over
wky
next
slide,
please.
G
So
what
we
like
to
see
is
to
see
the
semantics
of
web
of
trust
in
open
pgp,
properly
defined,
and
our
preferred
model
is
to
see
the
the
authentication
problem
as
a
maximum
flow
problem,
so
imagine
trust
being
like
water
flowing
through
a
network
of
pipes
and
the
amount
of
water
you
can
transport
from
from
you
to
your
target.
U
binding
is
the
amount
of
trust
that
you're
willing
to
put
into
that
binding,
and
that
leads
both
to
a
good
mental
model
on
how
to
reason
about
that
right.
G
But
in
essence
you,
you
use
stra
to
find
candidats,
and
then
you
use
those
to
to
solve
the
maximum
flow
problem
on
the
candidates
and
it's
a
little
bit
T
tricky,
because
you
need
to
honor
the
constraints
like
scoping,
regular
expressions
and
the
chain
length,
and
you
need
to
be
a
bit
mindful
about
not
only
combining
independent
assertions,
but
it
leads
to
very
efficient
implementation.
So
our
implementation
scales
very
well.
We
don't
have
a
cach
or
anything,
it's
just
fast
enough
and
next
slide.
G
Please
we
we,
we
have
a
draft,
it's
not
submitted
to
the
data
tracker,
but
it
has
the
it
uses
the
same
kind
of
templates
and
there
are
two
independent
implementations,
one
made
by
power
from
PG
painless
and
one
is
done
by
Neil
and
we'd
like
to
see
the
working
group
adopt
our
or
this
kind
of.
G
C
This
you
a
sort
of
same
question
as
earlier
I,
don't
see
any
proposed
text
for
the
charter.
Would
you
or
Neil
be
willing
to
propose
Charter
text
for
this?
You
can.
G
G
H
C
Hopefully,
you
can
hear
me
now
I'm,
going
to
present
a
bit
of
a
grab
bag
of
open,
pgp
related
things
that
were
due
for
cleanup.
Some
of
these
were
already
mentioned
by
usus
in
his
pgb
semantic
slide
slide
deck
and
I
just
want
to
point
out
that
I
have
created
drafts.
That
could
be
starting
points
for
many
of
these
I'll
point
to
them
in
the
specific
slides.
I
am
not
in
any
way
committed
to
being
the
sole
author,
editor
or
even.
C
Editor,
if
anybody
else
is
interested
in
in
in
stepping
up
to
take
control
of
this
I
I,
all
of
the
drafts
that
are
mentioned
here,
I
would
be
happy
to
have
under
working
group.
Control
and
I
would
very
be
very
honored
to
have
somebody
else
take
over
Ed
torial
roles,
onia,
so
without
further
Ado.
This
is
a
draft
about
open,
ptb
replication,
so
it
started
off
with
me
trying
to
Define
this
delegated
revoker
mechanism.
C
That
would
be
an
improvement
over
the
old
revocation
key
and,
as
I
started,
to
outline
why
this
was
necessary.
It
grew
to
be
a
chunk
of
problem
statement
about
what
reputation
is
and
why
it
doesn't
work
very
well
in
open
pgp
generally.
This
draft
actually
tries
to
narrow
the
range
of
revocations
that
are
possible:
deprecating
user,
revocation
of
user
IDs
and
certifications,
because
it
appears
that
there
are
other
things
that
can
perform
those
effects.
With
the
same,
we
would
only
two
ways
to
do
it.
C
If
you
can,
if
you
can,
for
instance,
expire
your
user
ID,
then
that
might
be
sufficient,
maybe
the
maybe
this
reasoning
is
wrong,
but
I
would
be
happy
to
have
the
working
group
at
least
tackle
it,
tackle
it
and
and
decide
you
know.
Yes,
we
can
do
this
or
no,
we
can't
do
it
and
here's
why
we
need
to
keep
those
things.
The
goal
of
the
draft,
the
only
wire
format
change
is
this
delegated
Roker
mechanism
U,
which
embeds
a
full
key.
C
That
is
a
full
cryptographic
key,
not
a
full
open,
PP
certificate,
all
the
rest
of
it
is
either
deprecation
or
you
know,
of
existing
pieces
or
explicit
description
of
workflows
for
how
a
normal
user
would
go
about
doing
this
stuff.
The
goal
is
that
it
would
include
some
death
vectors
for
ration
and
try
to
sort
of
standardize
how
we
think
about
reputation
in
the
ecosystem.
There's
this
other
work
that
also
was
out
of
out
of
scope.
C
Prior
prior
to
this,
which
is
first
party,
we've
been
calling
it
attestations
of
third
party,
certifications
and
I
think
we
got
some
push
back
from
ory,
steel
and
others.
That
attestation
means
other
things
I'm
trying
to
move
in
the
direction
of
calling
it
approval
instead
of
attestation.
Although
the
first
version
of
this
draft,
doesn't
it
still
says,
attested,
the
basic
problem
this
tries
to
solve
is
that
their
certificate
can
accumulate
third
party
certifications
and
can
then
grow
without
bound.
C
That's
a
flooding
attack
it's
difficult
to
redistribute
and
you
would
like
to
be
able
to
take
a
a
certificate
and
say:
okay,
all
the
certifications
that
are
on
this
have
been
approved
by
the
key
holder.
So
how
do
we
do
that?
It's
a
pretty
well
defined
mechanism.
There's
already
some
implementations
that
produce
it.
I
believe
that
the
keys
at
open.org
key
server
actually
consumes
it
as
well
and
will
publish
thirdparty
attested.
A
first
party
approved
third
partyy
certifications,
and
we
already
have
some
reserved
code
points.
C
So
I
think
this
would
be
a
reasonable
thing
for
the
to
take
up.
We
just
push
this
out
the
door.
We
have
it
pretty
much
well
defined.
We've
got
some
implementations,
I
think
we
understand
what
it
means.
We
know
how
to
do
it
just
knock
it
out
user
ID
conventions
again.
Another
thing
that
was
deemed
out
of
scope:
we
don't
all
of
our
existing
documentation,
going
back
to
rc2
2440,
maybe
even
1991
lies
claims
that
the
user
ID
is
by
convention.
C
Rfc
22
2822
May
matter,
but
there
are
lots
of
reasons
why
it
isn't
exactly
that
dumb
nitpicky
reasons,
this
draft
exists,
I
copied
it
out
of
the
merge
request,
23,
which
we've
declined
to
include
in
the
crypto
refresh,
and
it
basically
says
here's
what
we
think
the
convention
actually
is
has
a
simple
set
of
regular
expressions
in
a
abnf
form
for
describing
it
and
I
think
it
actually
has
some
python
pseudo
code
U.
If
you
want
to
pull
from
there.
This
seems
like.
C
For
the
community,
finally,
like
correct
long,
longstanding
misrepresentation,
this
I
do
not
have
a
proposed
draft
for
I
just
wanted
to
flag
that
we
don't
actually
have
a
way
to
do
a
one
pass:
verification
of
an
open,
pgp
signature
in
a
pgp,
mind
message.
The
way
that
we
did
one
pass
verification
of
V4
signatures
is
that
in
the
multipart
my
multipart
signed
extension.
C
We
say
this
is
the
digest
you're
going
to
use,
and
that
way,
as
you
read
the
message
you
can
do
the
digesting
and
then
you
can
verify
at
the
end,
but
now
that
we
have
assault
and
V6
signatures,
that's
not
possible.
This
seems
analogous
to
the
hash
salt
issue
that
we
ran
into
with
the
clear
Tech
signing
framework
and
what
we
resolved
with
that
one
was
you
can't
do
one
pass
verification
of
clear
Tech
signing
Frameworks,
because
the
hash
salt
was
in
conflict
with
other
things.
C
I,
don't
think
we'll
have
that
constraint
in
pgp
mind
messages
we
could
add
assault,
parameter
to
the
content
type
for
pgp,
mind
multipart,
sign
messages
if
we
wanted
to
I,
don't
know
whether
it's
necessary,
whether
people
care
about
it.
If
nobody
cares
about
it,
we
can
just
ignore
it,
but
people
want
to
be
able
to
do
one
pass.
Verification
of
multiart
signed
of
pgp
pgp,
mind
messages
and
we
need
to
write
it
down
how
to
do
it.
D
C
It
would
be
good
to
have
it
in
the
charger
and
then
finally,
the
stateless,
open,
pgp
interface.
This
is
an
attempt
to
define
a
u
an
API,
that
programs
could
potentially
use
and,
at
the
very
least,
that
defines
sort
of
the
semantics,
the
very
high
level
semantics
that
we
expect
open,
pgp
implementors
to
handle
at
the
moment.
It's
very
much
focused
on
the
message
bits,
there's
key
generation
and
revocation
in
it
right
now,
but
it's
mainly
focused
on
signing
verification,
encryption
and
decryption.
C
We
actually
had
several
solid
implementations,
which
is
great.
The
draft
at
the
moment
has
also
sprouted
a
new
C
library
API,
in
addition
to
the
command
line
interface.
The
idea
behind
the
C
library
API
is
that
it's
an
API
that
should
be
possible
to
build
the
command
line
interface
from
and
also
be
something
that
you
could
sort
of
staple
other
language
Bings
on
top
of
the
C
library,
is
in
complete.
It
doesn't
handle
encryption
and
decryption
and
we
don't
have
any
implementations
of
it
yet.
C
But
it's
the
idea
here.
This
is
a
way
that
we
can.
You
know
another
way
that
we
can
try
to
think
about
how
applications
should
use
it.
The
goal
of
the
stus
interface
is
to
be
minimalist,
while
still
providing
all
of
the
high
Lev
semetic.
We
expect
people
to
use.
It
is
the
basis
of
the
interoperability
test,
Suite,
as
folks
probably
know,
and
there's
a
handful
of
proposals
that
are
out
there
to
extend
it
further.
I
think
there's
Community
interest.
C
I
would
love
to
have
this
be
group
document
and
not
just
my
own.
You
know
kicking
it
on
down
the
road,
so
those
are
five
possible
implementations
and
five
possible
things
to
to
actually
work
on
so
I
see
Stephen
your
comment
in
the
chat
that
this
is
way
too
much
work.
C
Topic
yeah,
so
I
would
be
happy
to
hear
any
feedback
on
any
of
these
pieces.
If
there
are
things
that
people
think
that
the
working
group
shouldn't
work
on,
for
instance,
I
see
Daniel
in
the
chat
saying,
does
anyone
do
one
pass
processing
of
pgp
Mind
messages?
I
want
to
point
out
that
it's
actually
not
this
pgp
MIM
question
is
not
just
it's
not
pgp.
M.
Generally,
it's
actually
pgp
p
m
multiart
signed
in
particular
a
PG.
C
An
encrypted
pgpm
message
doesn't
have
this
problem
because
you,
the
any
embedded
signature,
can
be
done
with
a
one
pass
signature
framing
within
the
encrypted
envelope.
So
you
actually
can
do
one
pass
signature
verification
for
encrypted
messages.
It's
only
multi-part
time.
That's
the.
C
Isue
so
I
mean
I
would
be
happy
to
drop
this
and
say
you
know
you
can't
get
there
from
here
for
mul
part
time.
The
way
that
we
did
with
the
clear
teex
signing
framework,
because,
as
Stephen
said,
there
is
a
lot
of
other
things
that
we
could
work
on
anyway.
If
people
have
any
thoughts
about
the
other
pieces
or
this
one
I'm
happy
to
hear
now.
B
C
This
can
you
say
a
little
bit
about
how
you
imagine
stop
working
within
within
the
working
group
as
a
working
group.
B
Say
if
it
would
be
like
a
living
draft
that
we
just
keep
on
extending
but
never
really
publish
it
or
whether
we
want
to
publish
a
so
now
and
then
extensions
further,
but
I
could
see.
Basically
it
becoming
part
of
the
community
work
that
that
we
do
to
keep
open
pgp.
C
Running
I
also
don't
know:
process-wise
I
can
also
Imagine
with
sop
and
actually
I.
Have
this
I
think
in
the.
C
How
would
you
extend
stop
to
do
this
so
one
of
the
ways
that
I
think
this
could
be
useful
is,
if
we
said,
look,
here's
the
Baseline
for
soop
and
when
you
define
some
new
mechanism
that
provides
some
new
semantics
for
open
pgp,
you
should
think
about
how
you
would
extend
stop
to
make
that
work
and
again
I,
don't
know
process-wise
how
that
fits
in,
but
I
think
it's
a
it's
a
useful
check
on
interesting
ideas
to
be
able
to
say
like
okay,
here's
a
proposal,
we
think
it'll
work.
B
It
but
I
would
still
make
the
so
document
instead
of
like
having
a
billion
little
pieces
into
every
standard.
Saying
here
is
how
it
would
work
into
so
I
would
rather
have
the
authors
of
the
open,
pgp,
revocation
going
or
the
authors
of
open,
pgp,
postquantum
and
going
and
saying
here
how
I
would
imagine
it
working
to
S
into
the
soft.
C
Draft
makes
sense
to
me:
Jonathan
asks.
Are
there
any
sop
implementations
at
present
that
can
use
a
hardware
backed
key
I
am
not
sure
that
there
are,
but
that
would
be
an
example
of
something
that
the
working
group
could
push
on
to
say.
You
know:
here's
how
you
identify
a
hardware
back
key
soft
has
car
outs
for
special
identifiers
for
things
like
Keys
loaded
from
a
file,
descriptor
keys,
loing
from
an
environment
variable.
So
it's
not
hard
to
imagine
something
like.
H
That
just
to
provide
context,
I,
actually
thought
earlier
this
week
about
trying
to
implement
sop
as
a
back
end
for
various
Dean.
Related
flows
like
Dean
package
shining
on
the
bottleneck
I
hit
was
because
my
key
is
on
a
hardware
back
token,
and
while
there
are
a
number
of
implementations
packaged
in
Debian,
there
is
no
Hardware
back
version.
So
I
think
that
soop
is
a
great
interface.
H
I
would
like
to
generically
move
a
bunch
of
Debian
tooling
over
to
it
as
much
as
possible,
but
there
are
actually
missing
pieces
of
the
implementation,
not
in
the
specification,
but
in
implementations.
That
means
that's
not
possible
at
the
minute
and
and
just
to
throw
in
in
a
related
way
about
it
again.
H
Why
you're
saying
it's
supposed
to
support
most
of
the
common
flows
in
pgp
in
terms
of
uses,
I
think
that
one
of
the
main
reasons
I
care
about
pgp
is
the
thing
that
should
continue
to
exist
is
the
web
of
trust
and
our
tooling,
for
that
is
very
poor,
I'm,
quite
interested
in
Justice's
proposal
from
earlier,
but
perhaps
not
as
part
of
salt,
but
perhaps
a
different
tool.
That
was
a
common
way
of
interacting
with
certifications
might
be
worth
considering
as
well.
A
Okay,
so
we
got
about
22
minutes
left
and
I'm
I'm,
not
hearing
any
objections.
I
just
put
in
the
chat,
a
suggestion
for
a
poll,
basically
to
kind
of
just
get
an
overall
reaction
from
the
people
present
at
the
meeting
to
the
set
of
things
discussed
today
in
particular
to
the
set
of
things
discussed
today
that
weren't
already
discussed
and
essentially
to
get
a
sense
of.
A
Should
we
add
the
new
things
discussed
today
into
the
pile
of
things
already
in
the
draft,
Charter
One,
Way
or
Another,
and
then
have
to
think
about
prioritizing
so
is,
is
that
is
that,
okay,
as
a
poll
DK
you
right
with
that.
C
If
I
can
just
reframe
what
I
think
you're
saying
I
think
you're
asking
are
I
have
no
objections
to
any
of
the
proposed
topics
raised
today.
C
A
Right
so
I'm
I'm
just
going
to
use
the
text
I
put
in
the
chat,
it's
essentially
looking
for
a
positive
sense.
So
if
you
feel
positive
towards
the
set
of
topics
today
being
kind
of
added
to
the
pile,
that's
already
in
the
draft
Charter
text
in
a
kind
of
a
union
operation,
please
raise
your
hand
if
you
feel
negative
towards
that
or
one
particular
thing.
Please
click
the
do
not
raise
your
hand
button.
A
So
if
you
feel
positive
towards
adding
these
to
the
pile
of
things
to
figure
out
how
to
prioritize,
then
raise
your
hand
if
you
feel
that
we
should
not
do
that
for
whatever
reason
then,
please
hit
the
do
not
raise
hand
if
you,
if
no
opinion
that
then
click
nothing
and
we
have
13
in
the
room
and
nine
raised
hands
so
far.
We
give
it
like
a
another
second
or
two
in
case
somebody's
searching
for
a.
A
Mess,
okay,
so
Daniel
is
skeptical
of
the
one
pass,
processing,
stuff
and
I
I.
Think
that's
noted.
Okay,
so
I
think
we
can
call
it
there.
We
have.
We
have
nine
raised
hands.
Zero,
clicked
do
not
raise
hand
and
out
of
13
in
the
room.
So
that's
that's
a
good
thing
to
put
in
the
notes
with
the.
A
Numbers:
okay,
so
dkj
you
were
going
to
pop
up
the
C.
Some
version
of
the
current
Charter
text
again,
given
20
minutes
left
now,
I
think
May
would
would
it
be
best
to
try
and
give
a
quick
overview
of
what's
already
in
in
Charter
text
and
then
ask
for
discussion
as
to
how
we
prioritize.
That
seems
to
be
the
trickiest
thing
to.
C
Me
yeah,
so
I
was
gonna.
The
way
I
was
going
to
do.
It
was
to
look
at
Daniel's,
merge,
request,
number
three,
which
is
sort
of
the
most
comprehensive
merge
request.
It
doesn't
cover
everything
and
obviously
doesn't
cover
the
stuff
that
that
us
was
committed
to
proposing
text
for
as
well
U,
but
it
actually
touches
basically
the
whole
Charter
I'm
just
sliding
through
it
here.
Hopefully,
folks
can
see
my
screen
share.
C
A
A
B
E
B
The
orig
dots
you
clicked
on
and
then
there's
view
file
ads
function
and
that's
going
to
be
much.
C
Clear
so
this
is
the
the
proposed.
This
is
the
proposed
replacement
right,
so
the
the
charter
The
Proposal,
is
that
the
charter
becomes
this
and
obviously
we
can
continue
to
words.
Mo.
D
F
C
A
C
Ahead,
okay,
yep,
so
the
main
goal
is
working
on
improvements
and
additions
to
the
openpgp
format
and
ecosystem
to
address
issues
that
have
been
identified
by
the
community.
It's
broken
down
into
some
top
level:
sections
security,
improvements,
new
functionality,
specifications
of
and
improvements
to,
network-based,
key
Discovery
mechanisms,
key
verification
mechanisms
and
cleanup
work.
Security
improvements
are
PQ,
QC
forward
secrecy,
domain
separation
for
signing
in
or
encryption
new
functionality
is
automatic,
forwarding,
persistent,
symmet
symmetric,
Keys
designated
revoker,
which
might
be
delegated
revoker
to
replace
applicated
mechanisms.
C
Activation
signatures
also
should
fly,
be
appr
first
party
approved,
certifications,
superseded
keys
to
facilitate
transition
between
Keys
the
interface
and
then
this
possible
pgp
mind
thing
that
might
get
dropped,
I
haven't
heard
anybody
speak
for
it
yet
and
then
Network
mechanisms
now
these
are
all
these
by
adopting
are,
for
example,
doesn't
mean
that
we
have
to
adopt
them,
but
hkp
or
wkd,
or
maybe
we
have
some
alternate
network
based
key
Discovery
mechanism,
key
verification
mechanism.
C
Presumably
the
web
of
trust
stuff
would
go
into
here
and
then
cleanup
work,
properly.
Document
user,
ID
inventions
produce
a
number
of
specifications
that
are
adjacent
to
the
open.
C
Pgp
specification
and
provide
guidance
to
open,
pgp
libraries
and
applications
to
achieve
before
mentioned
improvements,
and
this
the
process
acknowledges
Daniel
mentions
that
the
inext
that
the
pgp
M
might
be
things
like
storing
drafts
in
multiple
parts,
for
example,
so
for
and
then
basically
we're
we're
saying
we
need,
we
will
work
both
on
the
mailing
list
and
face
Toof
face
sessions.
Interim
calls
iotf
meetings.
C
We
need
rough
consensus
on
the
mailing
list
and
interoperable
support
by
at
least
two
implementations
before
submitting
a
draft
to
the
iesg,
and
we
won't
even
adopt
an
internet
draft
as
working
ride
them
unless
there's
two
uninterested
parties,
it's
not
clear
what
uninterested
parties
means
to
me,
but
seems
generally
not
unreasonable.
Do
folks
want
to
comment
on
the
proposed
text
here.
Like
is
this
a
reasonable
place
to
start
from?
It
doesn't
include
any.
A
Prioritization
so
yeah,
so
I,
I
I
think
that
close
to
the
other
set
of
things
we
discussed
today
that
are
not
already.
There
is
a
good
to
start
from,
but
has
a
a
problem
in
that.
It's
way
too
much
work
to
be
feasible,
I
think
that's
the
that's
the
big
problem,
I
think
all
the
work
presented
proposed
seems
totally
rational,
but
I,
don't
know
how
you
end
up
finishing
in
the
next
100.
A
B
B
And
basically
everyone
just
sends
an
email
onto
the
mailing
list
and
someone
just
collects
I
say
who,
like
the
the
working
consensus
and
then
sort
by
the
one
who
has
the
most
people,
who's
willing
to
work
on
them
to
the
one
who
has
the
least
people
who's
willing
to
work
on.
C
F
Ahead
so
I
mean
some
of
them.
There
is
already
drafts
for
them
right,
so
I
think
that's
pretty
strong
evidence
that
people
are
willing
to
work
on
it.
Then
the
the
two
items
under
security
improvements
that
don't
have
a
draft
I
would
be
willing
to
work
on
them
and
then
the
others
I
I
try
to
vaguely
order
them
in.
F
In
terms
of
you
know,
my
subjective
idea
on
on
the
you
know
importance,
but
so
you
know
if
it's
too
much
stuff,
we
could,
you
know,
got
some
of
the
end,
especially
the
ones
that
there
aren't
drafts
for
right
and
then
maybe,
if,
if
someone
is
still
willing
to
propose
a
draft
or
write
a
draft,
we
could
add
them
back
later.
I
imagine
but.
A
Yeah
so
I
guess
the
existence
of
drafts
is
very
good.
The
existence
of
implementation
is
even
better.
The.
Challenge,
though,
is
if
you
want.
If
you
want
a
draft,
that's
going
to
get
finished,
if
you,
if
you
have
like
20
drafts
the
time
to
finishing
any
one
of
those,
is
significantly
extended
by
having
the
other
19,
because
people
don't
have
review
Cycles
discuss
you
don't
have
you
know
a
focus
on
discussions
on
one
thing,
as
opposed
to
20
things
so.
A
You
I'm
not
hearing
any
inspired
ideas
to
cut
the
guardian
knot
here
so
far.
How
about
okay
Aron
go
ahead.
B
A
So
so
I
think
I
think
we
can
have
a
a
broad
Charter,
like
the
current
text.
I
think
that's
quite
defensible
because
there's
a
lot
of
things,
people
want
to
do
at
some
point.
I
think
the
challenge
would
be
to
to
figure
out
a
way
of
prioritizing
which
work
to
do
when
that
doesn't
get
you
stuck
with
20
drafts
that
are
not
moving
forward.
A
G
So
my
understanding
is
that
we
are
collecting
things
that
we
like
to
work
on,
but
that
doesn't
mean
that
they
necessarily
have
to
stall
one
AG
one
another
right
I
mean
they
can
proceed
at
their
own
pace.
A
A
C
I
think
part
of
the
issue
here
is
that
we
we've
have
sort
of
a
backlog
right.
We
had
an
a
working
group,
The
working
group
folded,
and
then
we
had
the
crypto
refresh
and
we
blocked
other
work
on
the
crypto
refresh.
But
meanwhile
the
community
kind
of
came
back
to
life
here,
and
so
what
we're
looking
at
is
the
result
of
this
backlog,
which
is
why
there
is
so
there
are
so
many
things.
A
Yeah
I
think
that's
fair
and,
and
you
know
it's
a
good
problem
to
have
it's
a
it's
a
much
worse
problem
to
not
have
anybody
want
to
do
so.
Kai
suggests
having
a
poll
for
each
topic
on
the
mailing
list.
It
sounds
to
me,
like
I,
think,
having
a
having
a
broad,
broadly
scoped.
Charter
text
is
kind
of
right,
because
there's
a
bunch
of
things
people
are
want
to
work
on.
A
People
are
discovering
new
things
they
want
to
work
on
and
we
don't
want
to
have
the
CH
have
to
recharter
every
time
something
gets
you
know
up
up
the
priority
list.
Would
it
be
a?
Would
it
be
possible
to
sort
of
say
that
the
working
group
will
only
will
generally
only
work
on
N
topics
at
a
given
time?
Where
n
is
two
or
three
or
something,
and
then
you
know
try
and
Stage
them
through
that
way,
we
could
try
and
figure
a
way
of
approaching
things
that.
G
B
A
Know
so
that
would
imply
trying
to
poll
the
the
mailing
list
for
people's
top
three
or
top
four
topics
from
those
that
have
been
discussed
so
far
and
then
working
through
those.
As
you
know,
as
one
gets
towards
completion
going
to
the
next.
D
Stos
yeah
thanks
just
to
put
something
into
perspective,
so
I'm,
one
of
the
co-authors
of
the
pqc
draft,
and
it's
it's
a
funded
BSI
project,
so
Falco
is
getting
paid
for
doing
this,
but
the
problem
with
BSI
projects.
Are
they
end
at
some
point,
so
I
think
our
project
ends
in
one
and
a
half
years.
D
My
intention
is
not
to
push
you
and
to
say
put
please
pqc
on
the
top
of
the
list,
but
just
to
remind
you
that
we
have
some
kind
of
a
time
schedule
there,
and
we
would
really
like
to
support
you
with
this
project,
but
it
would
have
to
fit
into
this
timeline.
D
D
Yeah
yeah,
so
I
don't
want
to
put
you
under
pressure
or
push
you
or
anything.
I
just
wanted
to
say
that
yeah.
A
Yeah
so
dkg,
would
you
be
happy
with
the
idea
of
having
a
broad
like
a
broadly
scoped
bit
of
Charter
text
and
then
having
a
kind
of
a
process
where
we
in
the
next
short,
while
ask
for
people's
top
three
or
four
and
then
as
work
proceeds
and
continue
to
see?
What's
the
next
thing,
people
want
to
work.
C
On
that
makes
sense
to
me,
are
you?
Are
you
proposing
Stephen,
then
that
we
would
take,
for
example,
the
The
Proposal
from
Daniel
that
we're
looking
at
on
the
screen
here
and
actually
remove
some
of
the
specifics.
A
I'm
proposing
we
add
to
we
add
more
examples,
but
that
everything
becomes
an
example
okay
and
that
then
we
PLL
the
working
group
to
see
of
all
those
things
that
are
credible,
all
of
which
are
credible.
What's
your
top
three
or
four
and
see
does
consensus
emerge
as
to
you
know
the
top
three
or
four
things
to
start
with,
and
then
we
also
propose
that
going
forward.
The
working
group
would
kind
of
rerun
that
process
periodically.
C
I
I
I
think
that
makes
sense.
We
also
want
to
ask
like
who's
willing
to
be
the
drivers
for
the
drafts
right.
It's
not
just
everybody
thinks
this
draft
should
get
done,
but
nobody's
willing
to.
Actually
you
know
be
the
editor.
B
Aron
yeah:
this
makes
it
hard
with
the
Milestones.
So
if
we
want
to
put
a
large
CH
to
text
and
then
say,
okay,
we
limit
to
work
to
five.
We
might
still
want
to
at
least
for
some
of
the
items
say:
okay,
p2c.
We
want
to
work
it
in
the
next
year
or
a
year
and
a
half
and
then
I
don't
know
forward
secrecy
in
the
next
two
years
or.
A
B
Okay,
so
basically
the
idea
would
be
we
Define
a
broadly
broad,
broad,
broadly
scope,
Charter,
we
add
into
it
what
is
going
to
be
picked
up
straight
away,
and
for
that
we
say
okay.
This
is
this
is
the
priority
among
the
things
that
we
decided
to
pick
up
now,.
A
E
Andrew
yeah,
just
I
I
I'm,
just
worried
that
doing
something
as
simple
as
count
the
number
of
votes
for
for
certain
things,
May
block
other
stuff
that
people
could
be
beavering
away
with
now,
I'm
speaking
purely
on
my
own
behalf
here,
like
I,
would
I
am
very
willing
to
work
on
the
key
Discovery
parts
of
this
and
I'm
I'm
quite
happy
to
work
away
at
those
in
the
background,
while
everybody
else
gets
on
with
other
things,.
F
E
I
I
I,
I
I,
wouldn't
you
know
I
I
wouldn't
want
to
block
people
from
doing
things,
if
say,
for
example,
like
I,
wouldn't
necessarily
be
comfortable
taking
the
lead
on
some.
You
know
on
on
some
of
the
like
the
postquantum
algorithms,
or
anything
like
like
that.
So
I,
I
I,
don't
think
it's
a
case
that
the
entire
group
needs
to
work
on
specific
things.
E
You
know
we
can
split
off
into
you,
know
individual
areas
and
individual
people
can
work
on
some
things
and
other
people
can
work
on
others
as
their
strengths
and
interests
lie,
and
then
we
can
kind
of
gather
up
and
and
review
later
so
I
I
I
just
like
to
leave
to
leave
I
I
wouldn't
like
to
have
something
that
was
that's.
That's
really
rigid
in
terms
of
sequencing.
That's
all
I'm,
saying.
A
Sure
understood,
yeah,
I
and
and
so
just
to
clarify,
if
we're
polling
the
working
group
to
look.
This
is
their
consensus,
for
you
know
a
credible,
small
or
a
list
of
topics
that
doesn't
mean
just
counting
votes.
That's
that's
looking
for
rough
consensus,
so
it's
a
little
bit
different
than
counting
votes
and
secondly,
it's
it's
for
sure
the
case
that
Nothing
Stops
people
collaborating
on
progressing
individual
work.
That's
documented
in
individual
drafts
that
then,
would
be
picked
up
formally
by
the
working
group
later.
A
So
this
doesn't
preclude
any
anybody
doing
anything
I
mean
we
can't
stop
you
doing
stuff.
It's
just
a
question
of
what
can
we
come
up
with
a
credibly
doable
list
of
things
for
the
working
group
within
the
next
few
years?
That
makes
sense
that
that
that,
because
we
have
so
much
stuff
here
that
it's
20
years
worth
of
work.
E
Yeah,
just
Ju
Ju
Just
quickly
before
let
let
Daniel
talk
just
I
I,
just
don't
want
to
discourage
people
from
working
on
things.
If
it's
never,
you.
D
A
F
Yeah,
to
be
honest,
I
think,
if
you
ask
the,
if
you
ask
everyone
for
their,
let's
say
three
favorite
topics,
I
to
be
honest,
I
think
everybody
will
say
something
different,
because
you
know
everybody
has
their
sort
of
betet
topics
right
that
they're
interested
in
and
so
do
I
and
I
think
so,
maybe,
rather
than
trying
to
find
a
consensus
on
the
priority
and
sort
of
the
ordering
in
which
things
should
be
done,
maybe
we
could
try
to
make
an
ordering
of
when
we
think
can
be
finished
so
saying
like
Okay,
the
the
PQ
see
work
is
already
very
far
along
you
know.
F
Maybe
we
can
finish
that
by
you
know:
X
dat
instead
forward
secrecy,
there's
no
draft
yet
so
you
know
we
put
fictional
dates
far
into
the
future
and
just
try
to
order
everything
that
way.
So
that
then,
like
the
the
work
of
reviewing
finished
drafts,
let's
say
should
still
be
some
staggered
right,
not
not
everything
at
the
same
time,
but
the
work
of
actually
working
on
drafts-
and
you
know,
writing
text
and
so
on
could
still
go
on
in
parallel
for
for
all
of
these
topics,
potentially
right.
A
F
C
And
to
clarify,
we
can
change
the
Milestones
without
changing
the
charter
right.
Yes,
so,
as.
A
C
A
Think
that,
given
that
we
have
to
wrap
up
I,
so
thanks
for
all
the
discussion,
I
think
it's
clear
bunch
of
people
want
to
do
a
bunch
of
things
which
is
great.
A
Dkg
and
I
will
try
and
figure
out
a
way
of
polling
the
the
working
group
to
see
if
we
can
figure
out
some
you
initial
list
of
of
higher
priority
things
to
include
as
specific
milestones
for
the
next
two
or
three
years
or
something
that's
credible
and
we'll
send
a
mail
to
the
list
trying
to
kick
that
off
in
the
next
week
or
so.
C
Dkg
yeah
I
think
that
makes
sense.
A
Okay
and
and
then
we'll
probably
we'll,
probably
ask
people
to
try
to
respond
within
a
couple
of
weeks
and
then
meanwhile,
word
smithing
of
the
chart.
The
broad
Charter
text
that
goes
above
the
set
of
Milestones
is
is
kind
of
Welcome
and
I.
C
Please
don't
forget
to
propose
additional,
don't
forget
to
if
you
have
committed
to
proposing
a
couple
of
additional
example
line
items
for
the
charter
text.
Please
do
that
and
if,
if
you
have
an
opportunity
to
review
the
out
sending
merge
requests
that
are
marked
ad
review,
please
do
that
and
if
you
want
to
take
a
look
at
the
remaining
atata
also
and
propose
text
to
resolve
them.
That's
also
a
welcome
contribution.
C
A
Yeah,
great
and
and
again
thanks
everybody
for
for
the
positive
discussion
and
for
the
interest
in
doing
work
and
we'll
try
and
organize
so
that
we
can
have
the
working
group
proceed
to
allow
people
to
do
the
they
want
to
do
and
unless
there's
any
other
business
I
think
we're
out
of
time
and
the
room.
May,
close
and
I
think
one
minute.
Okay,.
F
A
Other
business
I
think
we'll
declare
Victory
and
we'll
send
the
notes
to
the
list.
Thank
you
to
the
not
takers,
thank
you
for
everybody
for
participating,
we'll,
hopefully
get
this
sorted
out
in
in
the
next
shsh
while
and
talk
to
you
on
the
mailing
list.
So
thanks
all
thank.
A
Thanks
so
dkg,
just
before
you
drop
I,
I'm
I,
we
we
should
probably
organize
to
have
a
chat.
The
next,
maybe
Monday
or
so.
Is
that
suit
you
just
to
see
how
we
can
kind
of.
C
Clear
give
me
a
second
I
close
my
calendar,
trying
to
to
straighten
out
the
the
weird
noise
I
was
getting
on
the
streams
got
it
back
up.
C
Now
Monday
October.
C
2Nd
yeah
I
could
do.
C
You
want
to
do
the
same
time.
I
could
do
14
o'clock
UTC.
C
Okay,
I'll,
send
you
a
note
with
the
imagine
it
for
the
proposed
channel
the
chat.
D
C
I'll
I'll
send
you
a
link
to
one
that
that
will
work
without
accounts.