►
From YouTube: IETF-OPENPGP-20230927-1400
Description
OPENPGP interim meeting session
2023/09/27 1400
https://datatracker.ietf.org/group/openpgp/meetings/
A
C
Maybe
it
sounded
more
like
Network
interference
than
like
local
audio
problems.
Okay,
okay,
do
you
want?
You
kick
off,
yep
sure,
welcome
everyone
to
the
open,
pgp,
the
interim
meeting
in
September
2023,
you're
I'm,
one
of
your
co-chairs,
I'm,
Daniel
and
Stephen-
is
your
other
co-chair.
Thank
you
very
much
to
the
folks
who
volunteered
to
take
minutes
to
take
notes
rather,
which
is
Aon,
Whistler
and
stabos.
Anybody
else
can
click
on
the
note
taking
link
and
help
them
out
as
well.
That
would
be
great.
C
This
is
part
of
the
iotf
process.
So
you
have
this
ETF
not
well
here.
You've
probably
seen
this
in
other
iatf
contexts
looks
like
everybody
here
have
has
I
think
been
involved
with
ITF
at
some
point
or
another,
just
just
a
reminder
that
you
should
pay
attention
to
these
particular
concerns,
in
particular
concerns
about
intellectual
property
and
being
good
to
one
another.
This
is
an
all
remote
meeting.
There's
nobody
in
person!
C
C
C
For
any
particular
party-
and
this
is
a
working
group-
so
we
are
trying
to
figure
out
how
the
working
group
is
going
to
go
our
agenda
for
today,
I'll
give
a
brief
reminder
of
the
status
of
the
crypto
refresh
draft,
which
is
our
only
chartered
work.
And
then
the
main
point
of
this
interim
meeting
is
to
try
to
sort
out
what
we
want
our
new
Charter
to
be
because
we're
very
close
to
the
end.
C
So
to
that
end,
we've
got
five
presentations
from
four
different
people
about
specific
work
that
might
be
considered
for
the
chartering,
we'll
take
a
look
through
the
specific
text
that's
been
proposed
and
if
anybody
has
any
comments
or
wants
to
point
to
existing
drafts,
we
can
handle
that
EV
as
well.
I
see
Paul,
asking
me
for
more
volume.
Give
me
a
minute
and
I
will
try
to
do
that.
Is
that
any
better.
G
C
G
G
C
C
Expecting
you
to
present
it,
although
we
we
do
I
hope
that
you'll
try
and
why
those
suggestions
so
crypto
refresh
status.
We
we
had
an
area
director
review
did
not
expose
any
major
flaws,
but
there
were
many
suggested
improvements.
Paul
has
been
diligent
about
responding
to
those
and
submitted
a
whole
and
also
swept
through
the
out
sending
Arata.
There
are
proposed
changes
that
are
in
gitlab
and
they've
all
been
tagged
with
the
ad
review.
Sorry
ad
review
tag
in
gitlab,
there's
a
link
there.
C
If
you
open
the
formal
slides
you
can
click
through
to
that
or
you
can
just
go
to
gitlab
for
the
rfc4
Bas
repository
and
click
over
to
the
set
of
merge
requests
that
have
that
are,
and
you
can
sort
them
by
a
tag
with
area
director
review.
The
goal
is
to
get
this
thing
out
the
door.
So
if
you
see
anything
in
there
that
you
don't
like,
please
speak
up,
and
if
you
see
there
that
you
do
like,
please
also
speak
up.
C
C
I
Yeah
that's
correct
there.
There
are
like
I,
think
two
or
three
items
that
have
no
text
yet
because
I
wasn't
sure
what
to
propose
other
than
that.
Yes,
I
I
will
wait
for
a
bit
more
feedback
before
U
merging
the
current
request
into
the
into
Mainline
document
and
then
I'll
cut.
A
new
draft
for
Roman
to
look
at
like
most
ads,
actually
prefer
not
to
deal
with
like
the
the
third
party
system,
because
then
they're
not
guaranteed
that
that
actually
got
into
the
draft.
I
A
I
I
Well
depends
a
bit
on
feedback
if,
if
there's
a
lot
of
feedback
that
requires
changes,
it
will
take
some
more
time
but
other
other
than
that
I
would
say.
I
really
want
to
get
this
done
within
one
to
two
weeks
like
I.
Don't
want
to
rush
it
too
fast,
so
people
who
happen
to
be
gone
this
week
can
give
feedback,
but
I
also
don't
want
to
wait
too
long.
So
does
that
seem
reasonable.
A
Yeah,
that's
that's
that
that's
great!
So,
let's,
let's
ask
people
to
to
consider
any
issues:
the
rising
look
at
the
Ming
L
traffic.
Look
at
the
tagged
issues
in
gitlab
o
over
the
next
week,
if
at
all
possible-
and
let's
say
with
the
understanding
that,
if
you
know
if
people
don't
raise
issues
in
the
next
week
or
so
then
we'll
we'll
move
ahead
with
putting
a
draft
and
and
giving
it
to
Roman
again.
A
I
I
mean
if
I
don't
get
any
feedback
at
all
I'll
I'll
I'll
try
to
individually
Pok
on
people
to
at
least
have
one
more
set
of
eyes
to
look
over
things.
I!
Don't
really
want
to
merge
anything
that
that
has
only
be
seen
by
me,
but
I
will
I
will
poke.
That
and
I
will
give
a
an
update
like
on
Monday
again
to
see
where
we
are.
C
Changes
I'm
I'm,
specifically
committing
myself
to
looking
over
those
changes
this
week
before
the
before
the
week
is
up
that
Paul
is
given
I
happy
to
have
that
in
the
notes
and
I
will
also
and
I
noted
that
Daniel
in
the
chat
U
is
volunteering
to
look
over
the
the
last
AATA
and
we'll
do
so.
I'm
also
going
to
look
over
the
last
outstanding
AATA
and
see
if
I
can
proposed
text
so
I.
Don't
think
that
Daniel
or
I
would
end
up
in
any
serious
conflict.
I
And
sorry,
one
more
thing:
I
I
did
talk
to
the
isg
and
Ayana
about
where
they
would
like
to
see
a
list
of
erata
entries
that
this
document
fixes
I
wasn't
sure
what
the
common
practice
was.
But
it
seems
that,
because
this
list
is
so
huge,
Ayana
specifically
said
they
would
really
like
that
to
be
a
list
in
documents.
I
I'll,
add
some
appendix
or
we
list
all
of
them.
C
A
Right,
okay,
so
I
think.
The
summary,
then,
is
if
you
care
about
this,
go
look
at
it
in
the
next
week.
Meanwhile,
Paul
dkg
and
Daniel
will
be
working
on
it
and
we'll
produce
something
to
give
for
ran
in
the
next
one
or
two
weeks
and
then
hopefully
we'll
all
proceed
happily
towards
becoming
an
RFC
in
the
months
ahead.
A
Just
as
a
kind
of
level
set
on
the
on
the
chartering,
I
think
our
goal
today
is
to
have
a
good
understanding
of
what
we
want
to
have
in
the
new
Charter
and
then
to
Wordsmith
Charter
text.
Subsequently
with
a
view
to
hopefully
having
a
charter
to
present
to
the
to
our
ad
and
the
isg
before
thef
in
November.
C
That
a
good
I
think,
that's
I,
think
that's
correct
Stephen.
So
the
goal
here
is
to
get
people
on
the
same
page
understanding
what
people
are
interested
in
here
if
there
are
concerns
about
things
and
also
I,
would
like,
during
this
meeting
to
think
a
little
bit
about
Milestones,
because
that's
one
of
the
things
that
Roman
specifically
asked.
If
we're
proposing
a
charter
text,
do
we
have
any
idea
about
specific
Milestones
that
we
might
want
to
include
so.
A
And
and
I
think
yeah,
and
for
that
I
think
most
Milestone
dates
are
fiction,
as
we
all
know,
but
the
sequencing
is
actually
more
interesting
right.
You
know
there's
pieces
of
work
that
people
think
need
to
be
in
a
certain
order
or
are
more
interesting
to
try
to
get
done.
First,
then,
that's
that's
the
useful
thing
for
now
and
we
can.
We
can
assign
fictional
dates
to
those
later
right.
C
G
G
It's
a
binary
signature.
There
is
nothing
funky
going
on
with
the
certificate
here
is
some
data,
here's
the
signature.
Is
it
valid
or
not,
and
what
it
mostly
does
is
play
around
with
the
signature
subpackets,
and
we
can
see
that
the
results
very
widely
and
I.
Don't
think.
That's
a
good
thing.
Next
slide.
G
Please
so
I
went
through
the
open
issues
in
the
in
our
buck
tracker
and
went
through
all
the
issues
that
have
been
labeled
as
as
Uncharted
and
put
them
in
like
three
categories,
and
surprisingly,
messages
are
the
least
worst
understood,
object
and
I
don't
want
to
go
into
details.
There
is
lots
of
discussion
going
on
in
the
buug
tracker
and
I
think
we
should
pick
that
up
next
slide.
G
G
Certificates
are
more
interesting,
a
way
more
complex,
compound
structure
of
packets
and
I
feel
like
here.
It
really
shows
that
the
the
text
lacks
guidance
and
again
I
went
through
the
the
issue,
tracker
and
added
added
a
lot
of
points
and
then,
in
the
end,
I
added,
like
my
pet
peeves
with
it
that
I
feel
like
we're
not
represented
in
the
issues,
notably,
the
question
is
or
like
a
top
level
question
is
under
what
C
circumstances
is
the
certificate
valid
and
how?
How
does
it
work?
G
You
know,
how
do
you
canonicalize
a
certificate
and
reason
about
it,
and
notably,
there
is
a
matter
of
revocations
which
I
think
dkg
will
also
talk
about,
and
what
we
think
should
happen
is
that
we
introduce
two
classes
of
revocations
hard
revocations
like
key
material
is
compromised
and
you
know
no
signature
May
ever
be
trusted
again
right,
but
then
again
there
are
some
software
revocations
that
could
possibly
be
undone,
but
implementation
is
currently
handle
this.
You
know
in
a
variety
of
ways,
and
that
makes
revocation
a
brittle
mechanism.
G
Please
finally,
signatures:
there
was
actually
a
nice
essay
from
Paul
from
PG
painless
who,
who
has
a
long
essay
blog
post
about
what
he
does
or
what
he
thinks
should
be
done
to
check
whether
a
signature
is
valid
and
it
goes
into
some
detail
on.
You
know
what
do
I
have
to
do
with
the
issuing
certificate.
G
G
There
I
feel
like
there
should
be
more
guidance
about
how
many
subpackets
should
we
expect
and
what
should
happen
if
there's
more
or
fewer
than
the
expected
number
of
subpackets,
and
then
you
know
there
is
a
confusion,
maybe
about
What
sub
packets,
on
the
direct
key
signatures
should
cover.
That's
also
issue
100
70,
and
notably
there
is
a
question.
You
know
what
do
subkey
bindings
need,
key
flex
or
not,
and
I
think
they
should
have
key
flex
mandatory.
G
Likewise,
the
reason
for
revocation
should
be
mandatory
on
revocation
signatures
and
then
there's
the
regular
expression
subpacket,
which
is
not
not
the
favorite
subpacket
of
our
I
guess
that
should
be
replaced
and
finally
trust
signatures
or
the
delegations
they
can
be
scoped.
The
the
length
of
the
chain
can
be
restricted,
but
we
feel
like
the
maximum
value,
should
mean
infinite,
not
like
255
all
right.
That's
my
my
presentation,
I
think
these
are
open
questions
that
the
working
group
should.
A
E
E
A
Thanks
so
just
I,
just
added
myself
to
the
queue
to
ask
I
mean:
how
would
you
see
this
kind
of
work
being
done?
Is
it
you
know
a
bbas
document,
or
is
it
possible
to
kind
of
do
this
kind
of
work
with
separate
documents,
or
do
you
think
you
could
start
with
a
separate
document
and
then
see
how
to
progress
from
there?
And
what's
the
kind
of
idea
about
how
you
you?
How
would
this
kind
of
happen
in
terms
of
producing
outputs
from
the
working.
A
H
A
The
now
I
guess
for
now,
then
what
we
I
guess,
what
we
could
envisage
if
this,
if
this
work
was
part
of
the
charter,
would
be
to
that.
You
know
you
or
somebody
would
write
an
internet
draft
proposing
a
whole
bunch
of
fixes
and
then
we'd
have
to
figure
out
how
to
dispose
of
those
in
terms
of
updating
documents
or
new
RC's
or
whatever,
okay
yeah
good.
Anyone
else
want
to
join
the
queue
to
ask
questions
or
comments
on
this.
This
set
of.
A
E
E
A
A
A
So
you
know
we
don't
necessarily
have
to
it's
nice
if
we
know
who's
going
to
do
what
for
sure
U,
but
we
don't
have
to
have
that
a
fine
gra
view
of
that
necessarily
yeah
before
rechartering,
okay,
okay,
so
I
I,
unless
dkg
objects,
I
think
what
we'll
do
is
get
through
the
presentations
and
then
ask
the
you
know.
Maybe
set
do
some
polls
later
on
when
people
have
seen
all
the
presentations
as
to
what
they
feel
good
about
or
what
they
want
to
argue
against.
J
Great
yeah,
so
for
the
pqc
rechartering,
we
have
proposed
this
short
text
to
cover
the
integration
of
post
Quant
cryptography
into
the
open
pgb
protocol.
As
we've
stated
quite
a
few
times
already,
we
have
a
draft.
The
draft
is
version
two
it's
published
and
we
have
a
repository
where
one
anyone
can
make
comments
public
comments,
which
already
happened.
So
there
has
been
a
bit
of
discussion
and
yeah.
Of
course,
our
hope
is
that
the
draft
will
be
adopted
by
the
working.
J
A
J
J
Yeah,
that
is
true.
We
have
also
already
committed
code
to
have
code
merged
into
the
r&p
library,
and
this
is
not
fully
not
yet
fully
supporting
the
V6
code
because
we
only
implemented
what
we
need
for
pqc,
but
yeah.
We
have
based
on
r&p
and
Bon.
We
have
a
running
code
on
our
side
and
proton
also
has
some
running
code.
I
know,
but
Aaron
could
say
more
to
that
of.
B
A
There's
there's
some
separation
between
you
know.
Let's
say
wanting
to
address
the
record
now:
decrypt
later
attacks
versus
having
a
full
Suite
of
including,
let's
say,
possibly
even
hybrid
sign
schemes,
I
I,
I.
Think
the
reading
of
this
suggestion
for
the
recharter
text
I
assume
that
that
means
you
know
the
working
group
would
decide
those
kind
of
issues
during
the
process
of
let's
say
you
know
a
discussion
on
adoption
of
the.
A
J
A
G
G
So
you
observed
that
in
in
open
pgp
implementations
or
in
the
in
the
spec,
there
is
only
one
single
interchange
format
defined
can
I
get
the
next
slide.
Please
for
exchanging
certificates
and
keys,
and
that's
key
rings,
and
indeed
Thunderbird
and
gy
G
can
use
key
rings
to
to
store
their
certificates
and
the
problem
with
that
is
that
it,
it
doesn't
scale,
and
that's
really
apparent
if,
if
you're
working
with
g
g
and
have
a
large
number
of
keys,
it's
it's
really
slow
and
there
have
been
some
improvements.
G
For
example,
GG
has
key
box,
which
also
is
still
expensive
to
access
and
modify,
and
newer
versions
have
a
key
demon
which
I
think
uses
SQL
I,
which
is
better,
but
we
moved
from
a
standard
open
protocol
to
a
proprietary
format.
There
is
an
extension
mechanism
in
the
form
of
trust,
packets
and
the
the
content
of
the
trust
packets
is
implementation
defined.
So
it's
no
suitable
way
to
to
exchange
information,
and
then
there
are
some
other
storage
solutions
for
authentication
information.
G
And
if
you
look
at
x509,
in
contrast,
there's
been
quite
a
bit
of
effort
to
change,
implementations,
to
use
a
common
certificate
store
and
the
the
nice
thing
about.
That
is
that
you
can
expect
applications
to
behave
consistently,
even
if
they
use
different
implementations
and
I'd
like
to
see
that
for
open
pgp
next
slide.
G
Please
so
our
proposed
solution
is
to
have
a
a
storage
directory
inspired
by
Ma
deer.
This
is
what
my
certificate
looks
in
my
certificate
directory.
Notably
there
is
a
default
location,
and
you
can
you
know
you
don't
need
to
synchronize
if
you
just
read
it,
but
if
you
modify
the
store,
you
need
to
synchronize
and
it's
indexed
by
primary
key
fingerprint,
and
there
is
an
extension
mechanism
for
building
indices.
For
example,
you
need
to
do
efficient,
lookups
by
subkey
thing,
print
or
subkey.
G
G
G
Draft,
it's
expired
by
now,
but
I
think
it's
a
good
starting
point.
We
have
two
implementations,
one
implemented
by
Paul
and
it's
based
on
PG,
painless
and
one
is
based
on
zya
and
in
fact
you
know
you
have
you
see
two
links
for
every
implementation,
there's
like
a
a
low
level
and
a
high
level
interface
for
that
and
the
lowlevel
interface
doesn't
necessarily
you
know,
depend
on
the
PTP
implementation
itself
and
I'd
like
this.
G
C
C
A
Think
the
yeah,
so
the
just
on
the
trust
route
is
the
is
that
envisaged
to
be
something
that
the
you
know,
the
owner
of
a
search
store
has
a
key
PA
just
for
doing
this
kind
of
management,
or
is
that
also
envisaging,
let's
say,
an
operating
system
Distributing?
You
know
a
public
trust
rout
along
with
a
bunch
of
other
key
information
or
both.
G
Yeah,
that's
that's
a
good
question.
I
mean
the
original
intent
is
for
the
owner
of
the
the
store
to
to
have
a
a
certificate
and
key
to
issue
local
certifications
with
the
idea
that
you
know
with
with
the
web
of
trust
as
a
calculus.
You
can
reason
about
that.
There
is
no
no
special
thing
like
the
the
trust,
DB
or
anything
and
It
just
fits
nicely
into
that,
and
then
in
indeed
the
question
is
what
about
like
a
systemwide
store,
or
you
know
what
about
trust.
G
A
A
J
H
No,
no
just
just
it.
It
feels
like
this
is
very
much
about
interoperability
at
a
machine
level
between
multiple
pgp
applications,
rather
than
interoperability,
between
implementations
on
different
machines.
Given
that
it's
a
file
structure
which
presumbly
would
have
to
be
tarred
up
or
the
transferring
between
machines
is
different.
Is
that
the
intention
that
we
a
shared
store
for
multiple
applications
on
the
same
machine?
Or
do
you
see
it
as
more
generic
than
that?
Also
in
terms
of
scalability?
What
happens
if
you
have
a
large
key
store?
G
More
competition
in
a
good
way,
and
indeed
there
there
should
be
indices
for
you
know,
subkey
handles
or
user
IDs,
and
that's
currently
or
the
the
current
spec
says
it's
out
of
scope.
But
there
is
this
extension
mechanism,
so
we
hope
that
people
will
experiment
with
that
and
then
specify
an
I,
don't
know
an
sqlite
schema
or
something,
and
then
we
will
potentially
later
on
adopt.
H
C
C
G
All
right-
that's
also
me
so
unfortunately,
Neil
cannot
be
here
today.
So
I
will
do
my
very
best
to
present
his
slides,
so
open
pgp
defines
mechanism
for
doing
authentication,
notably
if,
if
you
have
a
key
that
has
the
certification
capability,
then
you
can
use
that
to
create
third
party
certifications,
which
is
a
a
signature
with
the
same
kind
of
syntax
as
The
Binding
signature.
But
what
you
do
is
you
you
bind
or
you
certify
a
binding
between
a
primary
key
and
the
user
ID,
and
then
there
are
delegation.
G
So
you
can
mark
your
your
certification
as
a
trust
signature,
and
there
are
are
two
constraints
with
that.
You
can
constrain
the
the
length
of
the
chain
that
you're
are
willing
to
use
to
authenticate
a
Target
binding,
and
then
you
can
constrain
the
amount
of
trust
that
that
you're
willing
to
derive
from
this
delegation.
G
And
finally,
there
is
a
scoping
mechanism,
and
currently
the
scoping
mechanism
uses
regular
Expressions
on
the
on
the
target
domain,
and
that's
not
not
the
nicest
mechanism,
but
it's
there,
notably.
What
these
n
does
not
do
is
to
actually
Define
how
to
authenticate
the
user,
ID
and
or
The
Binding
between
a
key
and
a
user
ID,
and
there
are
web
of
trust
implementations.
You
know,
classic
pgp
had
one
and
GG
has
one,
but
while
there
is
some
documentation
targeted
at
users,
the
exact
semantics
are
not
well
defined.
Next
slide.
G
You
know
tell
me
who
the
owner
is
in
in
in
my
context,
because
I
was
able
to
authenticate
it
next
slide,
please
so
traditionally
or
what
most
people
associate
with
the
web
of
trust
are
key
signing
parties,
which
is
it's
peer-to
peer.
We
come
together,
grass,
throughs
way
of
creating
authent
certifications
and
a
lot
of
people
have
made.
You
know,
have
tried
that
and
failed
or
have
seen
the
process
fail,
and
so
I
think
this
is
where
a
lot
of
the
better
reputation
comes
from.
G
But
there
are
other
ways
to
to
do
that.
For
example,
you
can
try
to
implement
a
Federated
way.
You
can
have
a
CA
in
your
organization,
be
it's
small
or
big.
You
can
have
huge,
centralized
public
CA
and
there's
precedence
for
that.
So
there's
the
pgp
global
directory,
and
nowadays
we
also
have
the
proton
CA,
which
is
not
for
everyone,
I
think,
but
is
for
all
the
proton
customers.
G
And
finally,
you
can
express
different
trust
models
using
the
web
of
trust
calculus.
For
example,
if
you
record,
when
you
use
the
certificate
using
local
certifications,
then
you
can
Implement
tofu
on
top
of
that,
and
likewise,
if
you
record
provenance
information
for
example,
if
you
get
a
certificate
via
wkd,
you
can
create
a
a
local
certification
saying
you
know.
I
I
got
this
key
on
on
this
day
and
you
can
associate
a
tiny
bit
amount
of
trust
with
with
the
fact
that
you
got
this
key
over
wky
next
slide,
please.
G
So
what
we
like
to
see
is
to
see
the
semantics
of
web
of
trust
in
open
pgp,
properly
defined,
and
our
preferred
model
is
to
see
the
the
authentication
problem
as
a
maximum
flow
problem,
so
imagine
trust
being
like
water
flowing
through
a
network
of
pipes
and
the
amount
of
water
you
can
transport
from
from
you
to
your
target.
U
binding
is
the
amount
of
trust
that
you're
willing
to
put
into
that
binding,
and
that
leads
both
to
a
good
mental
model
on
how
to
reason
about
that
right.
G
But
in
essence
you,
you
use
stra
to
find
candidats,
and
then
you
use
those
to
to
solve
the
maximum
flow
problem
on
the
candidates
and
it's
a
little
bit
T
tricky,
because
you
need
to
honor
the
constraints
like
scoping,
regular
expressions
and
the
chain
length,
and
you
need
to
be
a
bit
mindful
about
not
only
combining
independent
assertions,
but
it
leads
to
very
efficient
implementation.
So
our
implementation
scales
very
well.
We
don't
have
a
cach
or
anything,
it's
just
fast
enough
and
next
slide.
G
C
G
G
H
C
Hopefully,
you
can
hear
me
now
I'm,
going
to
present
a
bit
of
a
grab
bag
of
open,
pgp
related
things
that
were
due
for
cleanup.
Some
of
these
were
already
mentioned
by
usus
in
his
pgb
semantic
slide
slide
deck
and
I
just
want
to
point
out
that
I
have
created
drafts.
That
could
be
starting
points
for
many
of
these
I'll
point
to
them
in
the
specific
slides.
I
am
not
in
any
way
committed
to
being
the
sole
author,
editor
or
even.
C
Editor,
if
anybody
else
is
interested
in
in
in
stepping
up
to
take
control
of
this
I
I,
all
of
the
drafts
that
are
mentioned
here,
I
would
be
happy
to
have
under
working
group.
Control
and
I
would
very
be
very
honored
to
have
somebody
else
take
over
Ed
torial
roles,
onia,
so
without
further
Ado.
This
is
a
draft
about
open,
ptb
replication,
so
it
started
off
with
me
trying
to
Define
this
delegated
revoker
mechanism.
C
That
would
be
an
improvement
over
the
old
revocation
key
and,
as
I
started,
to
outline
why
this
was
necessary.
It
grew
to
be
a
chunk
of
problem
statement
about
what
reputation
is
and
why
it
doesn't
work
very
well
in
open
pgp
generally.
This
draft
actually
tries
to
narrow
the
range
of
revocations
that
are
possible:
deprecating
user,
revocation
of
user
IDs
and
certifications,
because
it
appears
that
there
are
other
things
that
can
perform
those
effects.
With
the
same,
we
would
only
two
ways
to
do
it.
C
If
you
can,
if
you
can,
for
instance,
expire
your
user
ID,
then
that
might
be
sufficient,
maybe
the
maybe
this
reasoning
is
wrong,
but
I
would
be
happy
to
have
the
working
group
at
least
tackle
it,
tackle
it
and
and
decide
you
know.
Yes,
we
can
do
this
or
no,
we
can't
do
it
and
here's
why
we
need
to
keep
those
things.
The
goal
of
the
draft,
the
only
wire
format
change
is
this
delegated
Roker
mechanism
U,
which
embeds
a
full
key.
C
That
is
a
full
cryptographic
key,
not
a
full
open,
PP
certificate,
all
the
rest
of
it
is
either
deprecation
or
you
know,
of
existing
pieces
or
explicit
description
of
workflows
for
how
a
normal
user
would
go
about
doing
this
stuff.
The
goal
is
that
it
would
include
some
death
vectors
for
ration
and
try
to
sort
of
standardize
how
we
think
about
reputation
in
the
ecosystem.
There's
this
other
work
that
also
was
out
of
out
of
scope.
C
Prior
prior
to
this,
which
is
first
party,
we've
been
calling
it
attestations
of
third
party,
certifications
and
I
think
we
got
some
push
back
from
ory,
steel
and
others.
That
attestation
means
other
things
I'm
trying
to
move
in
the
direction
of
calling
it
approval
instead
of
attestation.
Although
the
first
version
of
this
draft,
doesn't
it
still
says,
attested,
the
basic
problem
this
tries
to
solve
is
that
their
certificate
can
accumulate
third
party
certifications
and
can
then
grow
without
bound.
C
That's
a
flooding
attack
it's
difficult
to
redistribute
and
you
would
like
to
be
able
to
take
a
a
certificate
and
say:
okay,
all
the
certifications
that
are
on
this
have
been
approved
by
the
key
holder.
So
how
do
we
do
that?
It's
a
pretty
well
defined
mechanism.
There's
already
some
implementations
that
produce
it.
I
believe
that
the
keys
at
open.org
key
server
actually
consumes
it
as
well
and
will
publish
thirdparty
attested.
A
first
party
approved
third
partyy
certifications,
and
we
already
have
some
reserved
code
points.
C
So
I
think
this
would
be
a
reasonable
thing
for
the
to
take
up.
We
just
push
this
out
the
door.
We
have
it
pretty
much
well
defined.
We've
got
some
implementations,
I
think
we
understand
what
it
means.
We
know
how
to
do
it
just
knock
it
out
user
ID
conventions
again.
Another
thing
that
was
deemed
out
of
scope:
we
don't
all
of
our
existing
documentation,
going
back
to
rc2
2440,
maybe
even
1991
lies
claims
that
the
user
ID
is
by
convention.
C
Rfc
22
2822
May
matter,
but
there
are
lots
of
reasons
why
it
isn't
exactly
that
dumb
nitpicky
reasons,
this
draft
exists,
I
copied
it
out
of
the
merge
request,
23,
which
we've
declined
to
include
in
the
crypto
refresh,
and
it
basically
says
here's
what
we
think
the
convention
actually
is
has
a
simple
set
of
regular
expressions
in
a
abnf
form
for
describing
it
and
I
think
it
actually
has
some
python
pseudo
code
U.
If
you
want
to
pull
from
there.
This
seems
like.
C
For
the
community,
finally,
like
correct
long,
longstanding
misrepresentation,
this
I
do
not
have
a
proposed
draft
for
I
just
wanted
to
flag
that
we
don't
actually
have
a
way
to
do
a
one
pass:
verification
of
an
open,
pgp
signature
in
a
pgp,
mind
message.
The
way
that
we
did
one
pass
verification
of
V4
signatures
is
that
in
the
multipart
my
multipart
signed
extension.
C
We
say
this
is
the
digest
you're
going
to
use,
and
that
way,
as
you
read
the
message
you
can
do
the
digesting
and
then
you
can
verify
at
the
end,
but
now
that
we
have
assault
and
V6
signatures,
that's
not
possible.
This
seems
analogous
to
the
hash
salt
issue
that
we
ran
into
with
the
clear
Tech
signing
framework
and
what
we
resolved
with
that
one
was
you
can't
do
one
pass
verification
of
clear
Tech
signing
Frameworks,
because
the
hash
salt
was
in
conflict
with
other
things.
C
I,
don't
think
we'll
have
that
constraint
in
pgp
mind
messages
we
could
add
assault,
parameter
to
the
content
type
for
pgp,
mind
multipart,
sign
messages
if
we
wanted
to
I,
don't
know
whether
it's
necessary,
whether
people
care
about
it.
If
nobody
cares
about
it,
we
can
just
ignore
it,
but
people
want
to
be
able
to
do
one
pass.
Verification
of
multiart
signed
of
pgp
pgp,
mind
messages
and
we
need
to
write
it
down
how
to
do
it.
D
C
It
would
be
good
to
have
it
in
the
charger
and
then
finally,
the
stateless,
open,
pgp
interface.
This
is
an
attempt
to
define
a
u
an
API,
that
programs
could
potentially
use
and,
at
the
very
least,
that
defines
sort
of
the
semantics,
the
very
high
level
semantics
that
we
expect
open,
pgp
implementors
to
handle
at
the
moment.
It's
very
much
focused
on
the
message
bits,
there's
key
generation
and
revocation
in
it
right
now,
but
it's
mainly
focused
on
signing
verification,
encryption
and
decryption.
C
We
actually
had
several
solid
implementations,
which
is
great.
The
draft
at
the
moment
has
also
sprouted
a
new
C
library
API,
in
addition
to
the
command
line
interface.
The
idea
behind
the
C
library
API
is
that
it's
an
API
that
should
be
possible
to
build
the
command
line
interface
from
and
also
be
something
that
you
could
sort
of
staple
other
language
Bings
on
top
of
the
C
library,
is
in
complete.
It
doesn't
handle
encryption
and
decryption
and
we
don't
have
any
implementations
of
it
yet.
C
But
it's
the
idea
here.
This
is
a
way
that
we
can.
You
know
another
way
that
we
can
try
to
think
about
how
applications
should
use
it.
The
goal
of
the
stus
interface
is
to
be
minimalist,
while
still
providing
all
of
the
high
Lev
semetic.
We
expect
people
to
use.
It
is
the
basis
of
the
interoperability
test,
Suite,
as
folks
probably
know,
and
there's
a
handful
of
proposals
that
are
out
there
to
extend
it
further.
I
think
there's
Community
interest.
C
C
Topic
yeah,
so
I
would
be
happy
to
hear
any
feedback
on
any
of
these
pieces.
If
there
are
things
that
people
think
that
the
working
group
shouldn't
work
on,
for
instance,
I
see
Daniel
in
the
chat
saying,
does
anyone
do
one
pass
processing
of
pgp
Mind
messages?
I
want
to
point
out
that
it's
actually
not
this
pgp
MIM
question
is
not
just
it's
not
pgp.
M.
Generally,
it's
actually
pgp
p
m
multiart
signed
in
particular
a
PG.
C
C
Isue
so
I
mean
I
would
be
happy
to
drop
this
and
say
you
know
you
can't
get
there
from
here
for
mul
part
time.
The
way
that
we
did
with
the
clear
teex
signing
framework,
because,
as
Stephen
said,
there
is
a
lot
of
other
things
that
we
could
work
on
anyway.
If
people
have
any
thoughts
about
the
other
pieces
or
this
one
I'm
happy
to
hear
now.
B
B
C
B
It
but
I
would
still
make
the
so
document
instead
of
like
having
a
billion
little
pieces
into
every
standard.
Saying
here
is
how
it
would
work
into
so
I
would
rather
have
the
authors
of
the
open,
pgp,
revocation
going
or
the
authors
of
open,
pgp,
postquantum
and
going
and
saying
here
how
I
would
imagine
it
working
to
S
into
the
soft.
C
Draft
makes
sense
to
me:
Jonathan
asks.
Are
there
any
sop
implementations
at
present
that
can
use
a
hardware
backed
key
I
am
not
sure
that
there
are,
but
that
would
be
an
example
of
something
that
the
working
group
could
push
on
to
say.
You
know:
here's
how
you
identify
a
hardware
back
key
soft
has
car
outs
for
special
identifiers
for
things
like
Keys
loaded
from
a
file,
descriptor
keys,
loing
from
an
environment
variable.
So
it's
not
hard
to
imagine
something
like.
H
That
just
to
provide
context,
I,
actually
thought
earlier
this
week
about
trying
to
implement
sop
as
a
back
end
for
various
Dean.
Related
flows
like
Dean
package
shining
on
the
bottleneck
I
hit
was
because
my
key
is
on
a
hardware
back
token,
and
while
there
are
a
number
of
implementations
packaged
in
Debian,
there
is
no
Hardware
back
version.
So
I
think
that
soop
is
a
great
interface.
H
I
would
like
to
generically
move
a
bunch
of
Debian
tooling
over
to
it
as
much
as
possible,
but
there
are
actually
missing
pieces
of
the
implementation,
not
in
the
specification,
but
in
implementations.
That
means
that's
not
possible
at
the
minute
and
and
just
to
throw
in
in
a
related
way
about
it
again.
H
Why
you're
saying
it's
supposed
to
support
most
of
the
common
flows
in
pgp
in
terms
of
uses,
I
think
that
one
of
the
main
reasons
I
care
about
pgp
is
the
thing
that
should
continue
to
exist
is
the
web
of
trust
and
our
tooling,
for
that
is
very
poor,
I'm,
quite
interested
in
Justice's
proposal
from
earlier,
but
perhaps
not
as
part
of
salt,
but
perhaps
a
different
tool.
That
was
a
common
way
of
interacting
with
certifications
might
be
worth
considering
as
well.
A
Okay,
so
we
got
about
22
minutes
left
and
I'm
I'm,
not
hearing
any
objections.
I
just
put
in
the
chat,
a
suggestion
for
a
poll,
basically
to
kind
of
just
get
an
overall
reaction
from
the
people
present
at
the
meeting
to
the
set
of
things
discussed
today
in
particular
to
the
set
of
things
discussed
today
that
weren't
already
discussed
and
essentially
to
get
a
sense
of.
C
A
Right
so
I'm
I'm
just
going
to
use
the
text
I
put
in
the
chat,
it's
essentially
looking
for
a
positive
sense.
So
if
you
feel
positive
towards
the
set
of
topics
today
being
kind
of
added
to
the
pile,
that's
already
in
the
draft
Charter
text
in
a
kind
of
a
union
operation,
please
raise
your
hand
if
you
feel
negative
towards
that
or
one
particular
thing.
Please
click
the
do
not
raise
your
hand
button.
A
So
if
you
feel
positive
towards
adding
these
to
the
pile
of
things
to
figure
out
how
to
prioritize,
then
raise
your
hand
if
you
feel
that
we
should
not
do
that
for
whatever
reason
then,
please
hit
the
do
not
raise
hand
if
you,
if
no
opinion
that
then
click
nothing
and
we
have
13
in
the
room
and
nine
raised
hands
so
far.
We
give
it
like
a
another
second
or
two
in
case
somebody's
searching
for
a.
A
A
Numbers:
okay,
so
dkj
you
were
going
to
pop
up
the
C.
Some
version
of
the
current
Charter
text
again,
given
20
minutes
left
now,
I
think
May
would
would
it
be
best
to
try
and
give
a
quick
overview
of
what's
already
in
in
Charter
text
and
then
ask
for
discussion
as
to
how
we
prioritize.
That
seems
to
be
the
trickiest
thing
to.
C
Me
yeah,
so
I
was
gonna.
The
way
I
was
going
to
do.
It
was
to
look
at
Daniel's,
merge,
request,
number
three,
which
is
sort
of
the
most
comprehensive
merge
request.
It
doesn't
cover
everything
and
obviously
doesn't
cover
the
stuff
that
that
us
was
committed
to
proposing
text
for
as
well
U,
but
it
actually
touches
basically
the
whole
Charter
I'm
just
sliding
through
it
here.
Hopefully,
folks
can
see
my
screen
share.
A
A
B
E
C
D
F
C
A
C
Ahead,
okay,
yep,
so
the
main
goal
is
working
on
improvements
and
additions
to
the
openpgp
format
and
ecosystem
to
address
issues
that
have
been
identified
by
the
community.
It's
broken
down
into
some
top
level:
sections
security,
improvements,
new
functionality,
specifications
of
and
improvements
to,
network-based,
key
Discovery
mechanisms,
key
verification
mechanisms
and
cleanup
work.
Security
improvements
are
PQ,
QC
forward
secrecy,
domain
separation
for
signing
in
or
encryption
new
functionality
is
automatic,
forwarding,
persistent,
symmet
symmetric,
Keys
designated
revoker,
which
might
be
delegated
revoker
to
replace
applicated
mechanisms.
C
C
Pgp
specification
and
provide
guidance
to
open,
pgp
libraries
and
applications
to
achieve
before
mentioned
improvements,
and
this
the
process
acknowledges
Daniel
mentions
that
the
inext
that
the
pgp
M
might
be
things
like
storing
drafts
in
multiple
parts,
for
example,
so
for
and
then
basically
we're
we're
saying
we
need,
we
will
work
both
on
the
mailing
list
and
face
Toof
face
sessions.
Interim
calls
iotf
meetings.
C
We
need
rough
consensus
on
the
mailing
list
and
interoperable
support
by
at
least
two
implementations
before
submitting
a
draft
to
the
iesg,
and
we
won't
even
adopt
an
internet
draft
as
working
ride
them
unless
there's
two
uninterested
parties,
it's
not
clear
what
uninterested
parties
means
to
me,
but
seems
generally
not
unreasonable.
Do
folks
want
to
comment
on
the
proposed
text
here.
Like
is
this
a
reasonable
place
to
start
from?
It
doesn't
include
any.
A
Prioritization
so
yeah,
so
I,
I
I
think
that
close
to
the
other
set
of
things
we
discussed
today
that
are
not
already.
There
is
a
good
to
start
from,
but
has
a
a
problem
in
that.
It's
way
too
much
work
to
be
feasible,
I
think
that's
the
that's
the
big
problem,
I
think
all
the
work
presented
proposed
seems
totally
rational,
but
I,
don't
know
how
you
end
up
finishing
in
the
next
100.
A
B
C
F
Ahead
so
I
mean
some
of
them.
There
is
already
drafts
for
them
right,
so
I
think
that's
pretty
strong
evidence
that
people
are
willing
to
work
on
it.
Then
the
the
two
items
under
security
improvements
that
don't
have
a
draft
I
would
be
willing
to
work
on
them
and
then
the
others
I
I
try
to
vaguely
order
them
in.
F
In
terms
of
you
know,
my
subjective
idea
on
on
the
you
know
importance,
but
so
you
know
if
it's
too
much
stuff,
we
could,
you
know,
got
some
of
the
end,
especially
the
ones
that
there
aren't
drafts
for
right
and
then
maybe,
if,
if
someone
is
still
willing
to
propose
a
draft
or
write
a
draft,
we
could
add
them
back
later.
I
imagine
but.
A
Yeah
so
I
guess
the
existence
of
drafts
is
very
good.
The
existence
of
implementation
is
even
better.
The.
Challenge,
though,
is
if
you
want.
If
you
want
a
draft,
that's
going
to
get
finished,
if
you,
if
you
have
like
20
drafts
the
time
to
finishing
any
one
of
those,
is
significantly
extended
by
having
the
other
19,
because
people
don't
have
review
Cycles
discuss
you
don't
have
you
know
a
focus
on
discussions
on
one
thing,
as
opposed
to
20
things
so.
A
B
A
So
so
I
think
I
think
we
can
have
a
a
broad
Charter,
like
the
current
text.
I
think
that's
quite
defensible
because
there's
a
lot
of
things,
people
want
to
do
at
some
point.
I
think
the
challenge
would
be
to
to
figure
out
a
way
of
prioritizing
which
work
to
do
when
that
doesn't
get
you
stuck
with
20
drafts
that
are
not
moving
forward.
A
A
A
C
I
think
part
of
the
issue
here
is
that
we
we've
have
sort
of
a
backlog
right.
We
had
an
a
working
group,
The
working
group
folded,
and
then
we
had
the
crypto
refresh
and
we
blocked
other
work
on
the
crypto
refresh.
But
meanwhile
the
community
kind
of
came
back
to
life
here,
and
so
what
we're
looking
at
is
the
result
of
this
backlog,
which
is
why
there
is
so
there
are
so
many
things.
A
Yeah
I
think
that's
fair
and,
and
you
know
it's
a
good
problem
to
have
it's
a
it's
a
much
worse
problem
to
not
have
anybody
want
to
do
so.
Kai
suggests
having
a
poll
for
each
topic
on
the
mailing
list.
It
sounds
to
me,
like
I,
think,
having
a
having
a
broad,
broadly
scoped.
Charter
text
is
kind
of
right,
because
there's
a
bunch
of
things
people
are
want
to
work
on.
A
People
are
discovering
new
things
they
want
to
work
on
and
we
don't
want
to
have
the
CH
have
to
recharter
every
time
something
gets
you
know
up
up
the
priority
list.
Would
it
be
a?
Would
it
be
possible
to
sort
of
say
that
the
working
group
will
only
will
generally
only
work
on
N
topics
at
a
given
time?
Where
n
is
two
or
three
or
something,
and
then
you
know
try
and
Stage
them
through
that
way,
we
could
try
and
figure
a
way
of
approaching
things
that.
G
B
A
D
D
A
Yeah
so
dkg,
would
you
be
happy
with
the
idea
of
having
a
broad
like
a
broadly
scoped
bit
of
Charter
text
and
then
having
a
kind
of
a
process
where
we
in
the
next
short,
while
ask
for
people's
top
three
or
four
and
then
as
work
proceeds
and
continue
to
see?
What's
the
next
thing,
people
want
to
work.
C
A
I'm
proposing
we
add
to
we
add
more
examples,
but
that
everything
becomes
an
example
okay
and
that
then
we
PLL
the
working
group
to
see
of
all
those
things
that
are
credible,
all
of
which
are
credible.
What's
your
top
three
or
four
and
see
does
consensus
emerge
as
to
you
know
the
top
three
or
four
things
to
start
with,
and
then
we
also
propose
that
going
forward.
The
working
group
would
kind
of
rerun
that
process
periodically.
C
B
Aron
yeah:
this
makes
it
hard
with
the
Milestones.
So
if
we
want
to
put
a
large
CH
to
text
and
then
say,
okay,
we
limit
to
work
to
five.
We
might
still
want
to
at
least
for
some
of
the
items
say:
okay,
p2c.
We
want
to
work
it
in
the
next
year
or
a
year
and
a
half
and
then
I
don't
know
forward
secrecy
in
the
next
two
years
or.
A
B
A
F
E
I
I
I,
I
I,
wouldn't
you
know
I
I
wouldn't
want
to
block
people
from
doing
things,
if
say,
for
example,
like
I,
wouldn't
necessarily
be
comfortable
taking
the
lead
on
some.
You
know
on
on
some
of
the
like
the
postquantum
algorithms,
or
anything
like
like
that.
So
I,
I
I,
don't
think
it's
a
case
that
the
entire
group
needs
to
work
on
specific
things.
E
You
know
we
can
split
off
into
you,
know
individual
areas
and
individual
people
can
work
on
some
things
and
other
people
can
work
on
others
as
their
strengths
and
interests
lie,
and
then
we
can
kind
of
gather
up
and
and
review
later
so
I
I
I
just
like
to
leave
to
leave
I
I
wouldn't
like
to
have
something
that
was
that's.
That's
really
rigid
in
terms
of
sequencing.
That's
all
I'm,
saying.
A
Sure
understood,
yeah,
I
and
and
so
just
to
clarify,
if
we're
polling
the
working
group
to
look.
This
is
their
consensus,
for
you
know
a
credible,
small
or
a
list
of
topics
that
doesn't
mean
just
counting
votes.
That's
that's
looking
for
rough
consensus,
so
it's
a
little
bit
different
than
counting
votes
and
secondly,
it's
it's
for
sure
the
case
that
Nothing
Stops
people
collaborating
on
progressing
individual
work.
That's
documented
in
individual
drafts
that
then,
would
be
picked
up
formally
by
the
working
group
later.
A
So
this
doesn't
preclude
any
anybody
doing
anything
I
mean
we
can't
stop
you
doing
stuff.
It's
just
a
question
of
what
can
we
come
up
with
a
credibly
doable
list
of
things
for
the
working
group
within
the
next
few
years?
That
makes
sense
that
that
that,
because
we
have
so
much
stuff
here
that
it's
20
years
worth
of
work.
E
D
A
F
Maybe
we
can
finish
that
by
you
know:
X
dat
instead
forward
secrecy,
there's
no
draft
yet
so
you
know
we
put
fictional
dates
far
into
the
future
and
just
try
to
order
everything
that
way.
So
that
then,
like
the
the
work
of
reviewing
finished
drafts,
let's
say
should
still
be
some
staggered
right,
not
not
everything
at
the
same
time,
but
the
work
of
actually
working
on
drafts-
and
you
know,
writing
text
and
so
on
could
still
go
on
in
parallel
for
for
all
of
these
topics,
potentially
right.
A
F
A
C
A
C
Please
don't
forget
to
propose
additional,
don't
forget
to
if
you
have
committed
to
proposing
a
couple
of
additional
example
line
items
for
the
charter
text.
Please
do
that
and
if,
if
you
have
an
opportunity
to
review
the
out
sending
merge
requests
that
are
marked
ad
review,
please
do
that
and
if
you
want
to
take
a
look
at
the
remaining
atata
also
and
propose
text
to
resolve
them.
That's
also
a
welcome
contribution.
C
A
Yeah,
great
and
and
again
thanks
everybody
for
for
the
positive
discussion
and
for
the
interest
in
doing
work
and
we'll
try
and
organize
so
that
we
can
have
the
working
group
proceed
to
allow
people
to
do
the
they
want
to
do
and
unless
there's
any
other
business
I
think
we're
out
of
time
and
the
room.
May,
close
and
I
think
one
minute.
Okay,.