►
From YouTube: OPENPGP WG Interim Meeting, 2021-02-26
Description
OPENPGP WG Interim Meeting, 2021-02-26
A
C
B
I've
just
hit
the
record
button
people.
So
if
you
have
a
problem
with
being
recorded,
that's
you
should
have
read
the
note
well
and
and
not
have
a
problem,
but
I
am
recording
now
also
for
people
helping
with
minutes.
That
means
we
can
go
back
to
the
recording,
if
need
be,
so
we
are
being
recorded.
Pardon
me
for
the
introduction.
A
A
Re-Paste
the
the
either
pad
in
the
because
I've
heard
a
couple
of
doo
doo
sounds
so
maybe
someone
can
replace
the
ether
pad
regularly
in
the
chat
when
that,
when
that
happens,
that'd
be
great.
Thank
you,
so
yeah,
and
once
we
talked
about
how
the
devrap
dress
has
been
developed,
we
will
talk
about
what
the
next
steps
are
for
it
and
then.
A
Finally,
I
want
to
just
make
sure
folks
are
thinking
about
the
meeting
at
ietf
110
and,
if
possible,
to
try
to
think
about
when
the
next
interim
will
be
we're
not
going
to
make
any
specific
decisions
here,
but
we
want
to
try
to
get
a
sense
of
of
what
how
people
think
about
where
we're
going.
Stephen,
you
want
to
take
the
next
slide.
A
Okay,
so
just
a
catch
up
for
folks,
the
the
crypto
refresh
document
is
was
reset
to
rfc
4880.
That
is,
we
had
this
48
abyss.
The
working
group
got
unchartered
like
and
it's
been
sort
of
running
without
a
working
group,
but
with
an
ietf
name.
So
we
reset
to
rfc
4880
and
we're
trying
to
import
the
changes
from
4080
bis
dash
10,
which
was
the
last
draft
on
that
change
on
that
on
that
chain.
A
So
our
goal
here
is
to
try
to
make
to
try
to
make
sure
that
we
import
and
review
all
the
pieces
that
differ
from
4880,
so
draft
zero.
Zero
was
4880
with
some
minor
formatting
changes.
Draft
zero
one
was
fixing
the
open
errata,
the
ones
that
were
confirmed.
There
are
still
a
bunch
of
errata
that
are
mentioned
and
sort
of
reserved
for
document
update
that
people
might
want
to
take
a
look
through,
but
we
incorporated
those
incorporated
the
camellia,
ciphers
and
cleaned
up
a
bit
of
the
terminology
that
technology
cleanup
included.
A
Some
changes
to
white
space
which
we
have
since
reverted,
because
it
was
determined
that
it
didn't
really
cover
exactly
what
we
wanted
it
to
cover
next
slide.
B
Sure,
actually,
just
to
say
thanks
to
browner
and
paul
for
being
willing
to
be
editors
for
these
documents.
It's
it's
not
it's
not
the
most
enjoyable
path,
but
it's
really
worthwhile
thanks.
A
Much
much
appreciated,
and
also
thanks
to
other
folks
who
volunteered
to
step
up
as
editor,
we're
glad
that
we
don't
have
to
use
everybody
as
editor,
but
we
hope
that
everybody
who
is
willing
to
consider
it
is
also
reviewing.
A
So
o2
was
the
latest
revision
and
that
was
posted
on
monday
here,
we're
starting
to
see
a
bunch
of
other
changes
incorporated
that
have
some
significant
details,
so
the
the
top
level
changes
that
were
made
were
that
all
the
code
points
that
had
been
in
4880
bis
dash
10
have
been
reserved
now,
even
though
they're
not
being
necessarily
all
specified,
but
that
way
they
don't
get
clobbered
in
some
future
revision.
A
It's
incorporated
all
of
rfc6637
or
tried
to
which
covers
the
elliptic
curve
work,
mainly
the
nist
curves.
We've
changed
the
specification.
The
the
registries,
nearly
all
of
the
registries,
went
from
very
strict
gatekeeping,
like
ietf
consensus
or
ietf
review
down
to
specification
required.
A
There
are
only
two
registries
that
are
rfc
required,
as
opposed
to
specification
required,
meaning
that
something
needs
to
get
through
the
ietf
standardization
process
and
those
two
are
packet
version
and-
and
I
believe
packet
type
itself,
but
all
the
rest
required
are
just
specification
required,
which
means,
if
you
write
a
specification,
you
don't
even
have
to
necessarily
publish
it
at
the
ietf.
You
just
have
to
make
sure
it's
in
a
stable
spot,
make
sure
there's
some
implementations
and
talk
to
ayanna
about
it.
A
Full
effect
until
the
draft
gets
published
as
an
rfc
there's
some
deprecation
of
older
cryptographic,
mechanisms
that
we
know
are
broken,
there's
the
inclusion
of
sha-3
and
finally,
there's
the
inclusion
of
curve
255.19,
which
is,
I
guess,
people
are
calling
them.
The
the
the
cfrg
curves,
but
specifically
so
far,
is
only
included
and
mentioned
for
elliptic
curve,
diffie
helmet.
That
is
the
encryption
variant
and
it
is
not
currently
in
the
draft
for
signing.
A
So
we've
had
a
bunch
of
folks
do
some
review
on
the
list.
There's
been
some
nitpicking
and
some
specific
non-nitpicky
details
which
I'm
grateful
for.
I
know
it
hasn't
been
that
long.
It's
only
been
a
couple
days
four
days,
I
guess,
but
I
do
hope
that
other
folks
would
be
willing
to
will
review
this
and
look
at
the
changes
here.
A
If
you
are
unclear
about
where
to
find
that
stuff
next
slide
yeah
there
we
go
so
the
the
document
is
currently
being
worked
on
in
markdown.
If
you
are
comfortable
in
markdown
with
the
text
editor,
you
can
get
to
the
source
of
it.
We've
already
had
a
couple
people
post
some
diffs
to
the
mailing
list,
which
is
great.
Those
are
things
that
will
make
it
easier
to
think
about
applying
changes.
C
A
A
There's
also
an
issue
tracker
at
this
gitlab
instance,
and
I've
been
using
the
issue
tracker
to
sort
of
note
things
that
have
come
up
that
maybe
we
can't
deal
with
right
away
so
that
we
don't
lose
track
of
them,
and
I
welcome
folks
to
to
use
the
to
use
the
issue
tracker
for
that
purpose
and
again,
if
you
do
that,
please
try
to
follow
up
on
the
list
and
make
sure
that
the
list
knows
that
that's
being
done,
because
the
list
is
sort
of
the
canonical
place
for
this.
A
A
There
is
also
rfc488bis.md,
which
is
a
markdown
variant
of
the
last
version
of
draft
ietf
openpgp
4880
bis
dash
10..
The
goal
right
now
is
that
we're
trying
to
bring
the
crypto
refresh
document
up
to
parity
with
that,
and
so
that's
present
in
the
repo
as
a
historical
reminder
and
to
something
that
we
can
compare
against
and
then.
Finally,
the
document
that
we
are
working
on
is
just
named
crypto
dash
refresh.md
in
there.
A
A
What
changes
might
come
next?
I've
been
basically
doing
comparisons
between
rfc,
4880bis.md
and
cryptorefresh.md.
So
I
welcome
anyone
else
to
take
a
look
at
those
and
try
to
look
at
what
the
remaining
changes
are
hope.
This
makes
sense.
If
anybody
has
any
questions
again,
I
hope
you
feel
free
to
shout
them
out.
You
can
also
just
put
a
plus
q
in
the
chat.
A
A
A
C
A
B
H
Yeah
me
neither
I
I
do
have
to
go.
Make
sure
that,
from
the
notes
on
the
mailing
list,
that
everything
is
is
tracked
properly
in
the
tracker,
so
that
we
can.
We
can
either
discuss
this
for
consensus
or
merge
them
in
yeah,
but
yeah.
A
A
A
All
right
so
so
I
was
looking
through
the
differences
between
4888bis.md
and
cryptorefresh.md
and
trying
to
identify
topic
level
views
of
what
of
of
what
differences
are.
So
this
slide
shows
us
a
set
of
things,
and
this
is
a
rough
characterization.
This
is
a
characterization
that
I've
done.
It
is
not
necessarily
a
guarantee.
A
I
welcome
other
people
to
do
the
same
kind
of
view,
and
but
this
is
an
attempt
to
to
break
down
the
things
that
are
that
were
in
48
bis,
dash
10
that
are
not
yet
in
crypto
refresh
and
I've
categorized
them
here
as
things
that
seem
to
me
to
be
within
the
chartered
crypto
refresh
that
we're
doing
things
that
are
crypto
related,
but
maybe
aren't
explicitly
in
the
charter,
but
we
might
need
them
in
order
to
achieve
the
charter
and
there's
several
things
that
are
not
crypto
related,
not
really
in
the
charter
and
they're
over
in
the
right-hand
column.
A
Despite
some
of
those
things
being
things
that
I
care
about,
I
have
to
acknowledge
that
if
our
goal
is
completing
the
charter,
we
might
want
to
focus
on
the
columns
further
towards
the
left,
and
we
can
worry
about
the
columns
further
on
the
right
later.
Note
also
that
the
registration
that
the
the
way
that
the
specification,
the
registries
have
changed
so
that
their
specification
required.
A
So
if
you
care
deeply
about
things
that
are
just
in
the
right
hand,
column,
these
are
things
you
might
be
able
to
do
to
pick
up
later,
I
see
daniel
in
the
queue
daniel.
I
Yes,
the
only
thing
I
wanted
to
mention
is
that
the
in
the
the
intended
recipient
fingerprint
could
be
mute,
or
I
I
I
guess,
not
that
specific
mechanism,
but
like
some
kind
of
mechanism
to
fix
the
surreptitious
forwarding
issue
right
could
be
at
least
viewed
as
a
crypto,
or
at
least
you
know,
security-related
feature.
A
Yep
that
makes
sense
these.
These
are
not
hard
and
fast
categorizations.
Here.
This
is
my
attempt
to
do
that,
and
I
I
can
see
your
argument
there.
If
you're
concerned
you're,
I
think
what
you're
saying
is.
We
we
see
some
known
vulnerabilities
in
the
current
open,
pgp,
workflows,
cryptographic
vulnerabilities
that
could
be
fixed
by
the
intended
recipients.
Think
fingerprint
sub-packet
right
right
yeah,
so
we
may
want
to.
We
may
want
to
try
to
promote
that
to
the
crypto
related
column,
yeah.
I
A
I
see
a
plus
q
from
from
werner.
I
I
don't
know
how
to
tell
when
people
are
out
of
the
queue
with
this
mechanism.
Here.
G
Okay,
should
we
just
use
the
race
and
think
so
so
my
command
is
just
about
the
brainpower
thing
that
it's
here
on
the
agenda,
the
brain
pool
curves
are
actually
actually
in
6637,
and
I
don't
see
that
there's
anything
which
is
relevant
for
for
crypto
revenge
refresh
because
we
already
have
implemented
it
years
ago,
along
with
the
list
curves.
So
let's
just
find
standard
thing.
A
I
actually
don't
see
brainpool
mentioned
in
6637,
but
if
you
want
to
point
that
point
out
the
specifics
on
the
list,
that
would
be.
That
would
be
great.
G
Okay,
so
the
thing
is
just
that
637
mentioned
that
you
can
use
any
oid
for
that.
So
what
we
added
is
the
oit
of
these,
which
are
used
for
paint
pool
but
advantage
of
brain
pool
is
that
there
is
only
one
ready
for
these
curves.
So
there's
no,
not
the
problem
we
used
to
have
with
rsa
things
and
so
on
many
varieties.
G
A
G
Right
yeah:
it's
actually
this
curve
simulator
in
this
curve,
so
we
just
plug
it.
It
just
replace
the
parameters
for
the
curves.
A
Yep,
that
makes
sense,
so
I
don't
know
that
I
want
to
do
a
full
readout
of
the
slide
here,
just
because
it's
a
lot
of
text,
I'm
hoping
that
everyone
can
see
the
slide.
If
you
can't
see
the
slides,
please
speak
up,
but
I
appreciate
the
comments
from
daniel
and
werner
about
maybe
thinking
about
re-categorizing
a
couple
of
the
things
that
are
placed
on
the
slide.
Does
anybody
else
have
thoughts
about
pieces
here?
Have
I
identified?
Have
I
missed
something
that
was
in
4080
abyss?
A
That
is
not
yet
encrypted
refresh
topic
wise
do
folks
have
like
I.
A
Sure
that
we
are
in
rough
agreement
on
the
pieces
that
are
necessary
to
try
to
bring
us
towards
our
towards
parity,
and
then
I'd
like
to
stay
on
this
slide
for
a
little
bit.
If
people
don't
have
other
issues
with
what's
on
here
and
talk
a
little
bit
about
how
we
think
what
steps
we
think
we
should
do
like
in
what
order
to
head
towards
something
that
we
can
get
published.
F
A
Okay,
I
will
point
out
that
to
do
that
work
we
are
going
to
need
to
recharter
the
working
group
and
I
think
we
can.
I
think
we
are
actually
you
know
the
working
group
is
functioning
right
now.
We've
got
you
know
a
re,
a
new
document
posted
roughly
every
couple
weeks.
A
There
are
comments
coming
in
on
the
list
from
multiple
implementers
and
consumers
of
these
tools.
So
I
think
that
that
being
able
to
do
a
recharger
seems
pretty
plausible.
I
see
plus
q
from
andre.
K
Yeah,
I'm
just
saying
that
I
would
like
to
have
all
the
issues
here
addressed
in
an
update
and
not
to
go
for
another
rfc.
It's
a
huge
pain
in
the
ass
honestly
to
update
certifications
and
so
on
for
a
new
crypt
standard.
So
any
changes
we
are
making
now
they
should
be
valid
for
the
next
10
years
or
something
like
that
and
not
require
a
new
update
immediately
afterwards.
K
So
I'm
basically
just
saying
that
I
disagree
with
neil's
opinion.
A
C
I
see
a
plus
q
from
derek,
so
I'm
going
to
agree
with
andre
and
also
disagree
with
neil
on
that.
There
are
some
things
that
are
on
the
non-crypto
list
that
I
think
should
get
done
now.
C
There
are
certainly
items
on
this
list,
for
example
some
of
the
notation
stuff
that
personally
I
put
in
but
other
things
on
here
as
well-
that
I
think
are
fairly
non-contentious
and
should
be
easily
added
in.
We
might
find
that
there
are
some
contentious
issues
here,
at
which
point
then
we
might
want
to
reconsider
whether
or
not
to
what
to
do
about
those
contentious
issues,
but
for
the
non-contentious
issues.
I
think
we
should
include
them
even
if
they're
not
necessarily
directly
crypto
related.
A
A
Else
in
the
queue
right
now
for
what.
B
It's
worth
I
I'd
like
to
just
jump
in
I
mean
I
think
this
is
something
that
we
need
to
handle
correctly,
because
for
two
reasons
one
is
there's
a
working
group
charter
and
we
don't
really
want
to
go
beyond
that,
because
that
was
scoped
in
a
certain
way.
B
You
know,
if
we
succeed
in
that
meeting,
that
charter,
we
can
then
go
beyond
it,
but-
and
secondly,
I
think
this
working
group
this
this-
this
is
not
the
first
time
we've
tried
this
and
one
of
the
reasons
I
think
that
that
is
foundered.
Last
time
was
kind
of
trying
to
get
too
much
done
and
kind
of
not
focusing
sufficiently
on
what
needs
to
be
done.
B
So
I
I
think
the
point
about
certifications
and
so
on
is
a
valid
one.
You
know
it's
possible
to
have
a
product
certified
according
to
more
than
one
rfc,
though
you
don't
necessarily
need
to
have
a
single
document
first
for
a
single
certification,
so
there
may
be
ways
to
handle
it
that
way.
A
Yeah,
I
think
that
the
the
point
that
derek
made
might
be
a
pretty
salient
one
for
us
right,
which
is
the
about
the
contentiousness
of
a
feature.
If
something
is
uncontentious
like
there
are
no
objections
from
people
in
the
working
group
and
it
has
multiple
implementations
and
it
doesn't
seem
to
introduce
new
cryptographic
wrinkles
that
we
haven't
seen
an
evaluation
for
maybe
that
is
something
that
we
can
just
go
ahead
and
include,
but
again,
if
it's
anything
that
causes
contention
or
delay,
I
think
that
would
be
a
real
mistake.
A
A
J
Yeah
this
has
been.
I
just
wanted
to
jump
in
and
note
that
in
the
isg
as
a
whole,
we
recently
had
a
case
or
two
where
there
was
a
document
that
came
to
us
from
a
working
group,
and
it
was
sort
of
seen
as
exceeding
the
charter
of
the
working
group
and
that
caused
some
problems,
and
so
I
think
that
the
isg
as
a
whole
might
be
particularly
sensitive
to
staying
within
the
charter
for
the
next
several
months.
J
H
No
worry
it's
not
the
best
ui
yeah.
I
just
wanted
to
also
clarify
that
as
long
as
we're
still
in
a
draft
we
can,
we
can
think
we
have
consensus
on
all
the
previous
versions
that
we've
done.
But
then,
if
someone
joins
and
says,
I
actually
disagree
with
that,
like
the
consensus
is
only
stuck
forever
once
we
publish
the
rfc.
H
So
I
also
would
like
to
make
sure
that
you
know
once
we
have
like
the
largest
chunk
of
crypto
related
things
done,
that
we
that
we
try
to
publish
as
an
rfc
and
bring
in
all
the
other
things
also
as
quickly
as
possible.
But
in
a
separate
document
like
if
it's
small
things
that
fit
in
properly,
we
can
try
and
do
it.
But
as
soon
as
someone
objects,
I
think
we
should
move
it
out
again
and-
and
I
really
don't
want
this
draft
to
live
forever.
A
Sounds
good,
so
if
folks
have
no
other
comments
on
this
slide,
I
want
to
take
move
on
to
the
next
one.
B
A
It
may
be
difficult
to
verify
it
from
like
right
now
in
real
time
too.
I
I
welcome
anyone
to
go
back
to
the
repo
and
try
look
at
look
at
the
diff
between
those
between
rfc,
480,
bis.md
and
crypto,
refresh
md,
and
see,
if
there's
any
changes
that
are
in
there
that
are
not
identified
here.
K
A
B
A
So
I
I
want
to
point
out
that,
while
so
this,
this
slide
shows
what
we
need
to
what's
in
480
bis,
but
not
yet
in
crypto
refresh,
but
that
doesn't
necessarily
mean
that
the
resultant
document
will
be
will
complete
our
charter,
and
the
next
slide
actually
has
some
discussions
of
potential
additional
things
that
we
may
decide
are
relevant
in
order
to
to
meet
the
charter
responsibly
and
maybe.
A
Right
but
but
these
are
things
that
we're
not
in
48
bis
dash
10,
but
given
that
we're
working
on
it
now
and
not
five
years
ago,
those
may
be
things
that
we
think
need
to
be
included
at
this
point.
So
I
I
only
found
two
when
I
was
doing
my
own
review.
A
This
is
a
harder
review
to
do
because
you're
not
just
looking
at
a
diff
and
identifying
things,
but
those
are
the
two,
the
idea
of
including
curve
48,
which
is
you
know,
another
modern
curve
which
is
stronger
than
curve
255.19
and
argon
2.
As
a
as
a
you
know,
the
the
winner
of
the
password
hash
competition
figuring
out
how
to
do
those
things
in
the
context
of
open
pgp
seem
to
me,
like
those
are
things
that
would
be
relevant
for
bringing
open,
pgp's
cryptography
into
the
modern
world,
and
those
were
not.
A
A
There
may
be.
Other
things
that
people
who
understand
the
crypto
and
the
risks
will
think
are
necessary
beyond
beyond
parody
with
bis
dash,
tan.
A
B
G
Okay,
I
got
to,
I
don't
think
it
makes
much
sense
for
all
pgp
to
extensive
synthetic
encryption
stuff
here
in
particular
for
using
passphrases
or
manual
type
passphrases
and
using
icon2.
The
problem
I
see
with
this
is
that
all
implementations-
it
only
makes
sense
if
it
would
be
mandatory
to
implement
and
for
interoperability
reasons,
and
I
doubt
that
we
can
do
and
will
do
this
because
of
subprops
of
item
two
in
unattended
usage.
G
B
I
didn't
I
just
didn't
catch
what
you
said.
The
reason
why
you
wouldn't
implement,
because
you
just
restate
that
I
just
didn't
catch
the
words
okay.
G
For
interpretability
reasons,
because
we
all
need
to
implement
that
all
implementations
need
to
have
that,
because
sdk
and
the
sdk
system
makes
only
sense
if,
if
they're
all,
if
all
implementations
got
this
and
so
we're
breaking
a
lot
of
a
lot
of
stuff
with
that,
and
on
the
other
hand,
I
don't
see
that
symmetric
encryption
is
something
which
should
be
primary
goal
of
openpgp,
because
openpgp
is
publicly
protocol.
A
G
Yeah,
so
for
what
do
you
need
sdk?
So
one
thing
is:
protect
your
protect
your
private
key
for
that.
Okay,
that's!
Not
that's
not
a
problem,
because
it's
a
look
at
a
local
thing
right.
G
Yeah,
that's
that.
But
the
other
thing
is
some
metric
encryption
and
if
you
start
to
use
symmetric
encryption
wide
scale,
you
need
to
have
some
way
to
manage
the
metric
keys
and
you
are
surely
not
using
a
kdf
function
to
improve
the
passphrases
but
you're
useful
and
to
be
passed
prices
for
this.
And
so
this
does
not
make
sense
to
make
it
stronger.
I
Yes,
I
mean,
I
guess,
I'm
not
sure
how
much
you
want
to
go
into
the
details
you
need,
but
I
personally
think
that
an
s2k
update
is
very
important.
I
think
both
both
for,
as
runner
said,
protecting
private
keys,
which,
for
example,
multiple
applications.
I
You
know
private
keys
encrypted
with
s2k
on
the
server
flowcrypt
also
backs
up
private
keys
encrypted
with
a
password
in
in
gmail
accounts,
which
is,
like
you
know,
an
untrusted
environment
right
and
also
for
symmetric
encryption.
I
I
think
it
is
quite
important,
as
as,
let's
say,
with
openpgp.js
maintainer
hat
on,
I
see
quite
a
lot
of
people
using
that
it's
like
an
easy
way
to
you
know,
implement
symmetric
encryption
when,
when
that's
what
you
need
right-
and
I
would
like
you-
know-
openphp.js
symmetric
encryption
to
be
secure
by
default
and
openpgp
symmetric
encryption
in
general
right
and,
I
think,
without
an
s2k
update.
I
I
think
an
sdk
update
is
really
needed
to
make
sure
that
it's
secure,
and
you
know
that
all
the
all
the
mechanisms
that
the
specification
provides
are
secure.
Basically,.
K
K
Oh
sorry
and
daniel,
I
have
to
go
to
complete
opposite
standpoint
of
your
opinion.
For
me,
people
are
encrypting
symmetrically
files
that
are
maybe
10
years
old,
20
years
old
and
they
want
to
decrypt
them
and
any
change.
There
is
an
api
break,
basically,
which
is
huge.
K
K
K
B
Okay,
so
I
think
so
I
didn't
very
clearly.
We
probably
want
to
record
this
as
an
issue
to
be
to
come
back
to
at
least,
but
I
think
I
have
derek
and
then
dkg
in
the
queue
so
derek.
C
Thanks,
I
was
going
to
point
out
that
there
we
already
have
compatibility
issues
with
2.6.
If
nothing
else,
there's
idea.
I've
got
decades
worth
of
encrypted
emails
sitting
in
my
mail
folders
that
I
can't
encrypt
or
can't
decrypt
and
read
today
because
they're
encrypted
with
idea
and
yeah.
Yes,
I
know
I
can
use
gdpg1.
C
C
You
know
these
old
methods
back
in
or
you
know
you
or
you
just
have
this
cutoff,
where
you
just
can't
read
old
stuff
anymore,
so
there's
multiple
ways:
you
can
do
it
and
there's
multiple
answers.
I
don't
have
the
right
one.
I
don't
have
a
suggestion
for
the
right
one,
but
I
was
pointing
out
that
we've
already
crossed
that
bridge
overall,
so
so
bringing
it
up
again
is
just
a
kind
of
a
non-starter.
So
I
I
mean
it's,
you
know
it's
it's
all.
A
All
right,
I'm
here,
can
you
hear
me
now?
Yes,
so
I
agree
with
derek
that
adding
a
new
sdk
mechanism
does
not
need
to
break
interoperability
with
the
old
stuff
that
was
on
disk.
It
would
use
a
different
s2k
identifier,
I'm
assuming
again.
This
is
a
situation
where
actually
having
text
to
consider
would
make
it
useful.
We
could
say
we
could
determine
whether
that
happens.
A
Secondly,
I
feel
like
the
argument
that
I'm
hearing
that
says
we
can't
introduce
a
new
sdk
mechanism
because
it
makes
it
difficult
to
know
when
you're
allowed
to
use
it
or
not.
I
think
that's,
I
think,
there's
some
truth
to
that
right.
We
can
introduce
new
public
key
algorithms
and
we
can
t
or
or
symmetric
ciphers,
and
we
can
tell
whether
they're
usable,
because
we
can
see
people's
certificates
when
you're
encrypting
to
them.
A
Have
any
indication
about
what
the
recipient's
capabilities
are,
so
there's
a
concern
there
that
that
if
you
do
symmetric
crypto
and
you
are
using
something
that
the
recipient
can't
can't
handle
that
you
give
them
an
undecryptable
message,
so
I
hear
that
at
the
same
time,
I
think
what
that
argument
is
saying
if
I
follow
it
to
its
logical
conclusion,
is
we
can
never
change
the
sdk
algorithms
and
even
if
we
decide
that
pbkdf2
is
seriously
problematic
for
some
cryptographic,
you
know
some
crypt,
analytic
reason
it
doesn't
matter.
A
There
is
no
way
for
us
to
ever
add
any
new
s2k
mechanisms
in
the
spec,
and
that
seems
odd
to
me,
like
I
don't
think,
that's
a
great
outcome.
It's
not
a
great
place
for
us
to
be.
It
seems
to
suggest
that
openpgp
password-based
crypto
is
stuck
using
pbkdf2
and
if
there's
any
problems
in
that
openpgp
is
just
dead
for
for
password-based
crypto.
A
That
seems
problematic
to
me,
and
so,
if
we're
going
to
say
that's
not
the
case,
then
we
then
I
think
we
have
a
responsibility
since
we're
trying
to
do
a
crypto
refresh
to
say
what
is
the
current
best
state
for
doing
this
and
then
to
think
about
what
the
deployability
concerns
are.
K
Yeah,
thank
you
daniel.
You
basically
made
my
point.
K
I'm
totally
in
agreement
that
we
don't
want
to
have
pkdf
forced
forever.
We
have
this
flexibility
and
we
surely
want
to
have
our
standards
that
they
are
flexible
to
switch
these
standards.
So
when
a
vulnerable
vulnerability
occurs,
then
we
can
switch,
but
currently
it's
something
like
a
switch
in
in
the
sqk
algorithm,
it's
painful
for
our
users,
so
we
have
to
think
about
it
when
we
want
to
enforce
it
and
when
it's
cryptographically
necessary,
we
should
be
prepared
to
do
this
and
to
have
the
option
to
flexibility
or
flexible
changes.
K
These
algorithms,
that's
great,
that's
totally
my
opinion
and
to
have
arkansas
again
two
in
this.
It's
great.
I
have
no
objections
to
this,
but
I
just
don't
want
to
have
a
default
switch,
that's
not
related
to
current
attacks,
so
yeah.
I
think
we
are
basically
on
the
same
line
here
yeah.
So
that's
it
for
me.
A
Thanks,
so
what
I'm
hearing
is
that
we
want
to
be
able
to
switch
to
new
s2k
mechanisms
at
some
point
in
the
future,
but
we
don't
want
to
automatically
start
deploying
and
sending
messages
that
are
encrypted
with
those
mechanisms
in
the
future.
So
that
sounds
to
me
like
what
we
need
is.
We
need
a
specification
yesterday
that
says
here's
what
you
should
do,
how
to
interpret
things
like
this,
and
you
should
not
generate
them.
B
Okay,
so
this
just,
we
have
rendering
queue
we're
coming
up
to
10
minutes
to
the
hour
we
kind
of
promised
to
be
about
an
hour.
So
I
don't
know
how
many
people
can.
If
somebody
has
a
real
problem
with
running
a
few
minutes
over
then
please,
let
us
know
in
the
chat
and
and
just
before,
verner
goes.
I
say
I
guess
what
at
the
least
what
you
should
do
is
create
an
issue
to
to
track
that
there's
there
are,
there
are
things
to
talk
about.
B
There
are
many
good
points
for
or
against
inclusion
of
argon
to
that
we
definitely
need
to
track
and
come
back
to
so
we
should
create
an
issue
for
that
and
verner.
G
Yeah,
okay,
the
I
got
two
thing
has
been
discussed
on
the
melee
on
the
mailing
list
a
lot
and
I
don't
think
it
makes
sense
to
stop
with
this.
Actually,
our
tiny
tiny
item
again
here
in
the
conference
in
the
in
the
conference
either
we
can
include
it
or
when
we
will
have
a
specification
to
that
later,
that
if
that,
if
we,
it
seems
to
be
pretty
clear
that
we
can't
come
to
an
agreement
on
this.
So
let's
better
stop
with
that.
B
B
Did
people
have
a
thoughts
on
448
is
that
you
know
not
really
needed,
because
it's
just
pointing
up
it's
a
faction
statement
or
it's
something
that
really
is
needed
or
it's
something
that
lots
of
people
have
already
done.
I
don't
know
the
answer
to
any
of
those.
G
Yeah,
okay,
so
so
in
newport
g
we
we
implemented
448
448,
but
we
also
realized
that
to
do
this
properly
in
the
specification,
we
would
need
to
have
a
new
data
type
for
this
actually
for
for
everything,
so
that
could
delay
us
even
more
so
if
we
could
add
448
with
not
a
really
rock
solid
specification.
That's
that
that's
okay
to
me,
but
we
can
also
leave
it.
Leave
it
out.
B
B
B
Okay,
that's
saying
is,
I
think,
it's
controversial,
that's
good
did
what
about
the
dot
dot,
dot
part
of
dkg,
slides.
L
K
Yeah,
I'm
not
relating
to
angel's
point.
So
do
you
want
to
discuss
interest
point
straight
off
anyhow,
so
my
problem,
my
point,
is
regarding
the
old
traveling
thing
of
open
pgp
keys
without
user
ids.
K
We
haven't
discussed
this
in
this
meeting
yet
and
I
think
there's
a
huge
split
in
our
community
regarding
this
issue,
and
maybe
we
should
discuss
it.
I
mean
we
have
six
minutes
basically
on
our
agenda.
So
that's
not
really
the
time
we
should
take
for
this,
but
yeah
I
mean
just
give
you
my
viewpoint
and
then
I
will
be
quiet.
K
It's
as
a
implementer
of
a
may
client
and
and
the
file
encryption
client
with
cleopatra
and
gpul.
K
K
B
B
Nice
to
hear,
but
probably
better,
not
to
hear
so
I
I
guess
what
I
heard
you're
saying
basically,
is
that
we
should
create
an
issue
for
dealing
with
keys
without
user
ids,
so
somebody
should
create
an
issue
in
the
in
the
tracker
for
that
I
I'm
hoping
dkg
will
and
then
in
the
queue.
I
guess
people
do
want
to
discuss
this.
I
see
vincent
yeah.
M
So
I
feel
like
this
addresses
me
that
there
seems
to
be
a
misunderstanding
of
what
the
point
of
open,
pgp
keys
without
user
ids
is
so
at
least
what
you
describe
as
those
should
be
pushed
to
to
key
servers
and
can
be
downloaded
from
there.
M
M
K
Now
what
I
would
like
to
clarify
is
in
rc
4880
bills
if
it
is
legal,
legal,
rc,
meaning
to
provide
such
keys,
because
in
our
country
it's
kind
of
a
gray
area,
I
think
it's
disallowed
and
you're
doing
it
anyway
and
yes
for
for
an
update
of
our
rfc,
we
should
maybe
consider
if
you
should
could
clarify
this.
A
There
are,
there
are
multiple
things
that
people
transmit
that
are
open,
pgp
related
that
are
not
specified
in
the
draft.
I
don't
know
that
we
can
fully
outline
all
of
them.
You
know
one
common
example
that
I've
seen
is
that
people
transmit
a
free-floating,
revocation
signature
and
expect
people
to
incorporate
that
into
their
key
stores.
A
That
goes
under
the
term
revocation
certificate.
I
hear
people
call
it.
It
is
not
in
the
draft,
it's
commonly
widely
done
it's
accepted
and
it
appears
to
be
super
useful.
So
maybe
what
we
want
is
we
want
a
section
that
describes
common
formats
of
things
that
people
transmit
and
that
could
include
both
certificates
with
user
id
stripped
and
revocation
certificates.
F
So
if
my
reading
of
48.80
is
correct,
then
currently
you
can
provide
a
tpk
that
has
a
user
id,
but
no
signature.
So
how
grid
the
keys
keys.openpcp.org.
A
Okay,
so
can
we
take
the
next
slide?
Thank
you
steven
for
the
prompt.
I
want
to
remind
everyone
here
we're
about
at
time
here.
I
don't
want
to
run
us
over
too
long.
I
want
to
remind
people
we
have
another
meeting
coming
up.
It
will
also
be
about
an
hour.
It
is
in
almost
exactly
two
weeks.
A
A
You
can
do
a
one
day,
registration
fee,
if
you
want
a
smaller
fee
or
there
is
a
registration
fee
waiver
which
can
be
done
on
a
sort
of
no
questions
asked
basis.
I
appreciate
the
discussion
that
we've
had
here
today
and
I
think
we're
making
good
progress
towards
identifying
what
needs
to
be
done,
and
hopefully
we
can
keep
that
momentum
up.
A
If
you
have
a
specific
issue
that
you
think
should
be
on
the
110
agenda
and
you
want
to
present
it
or
you
want
someone
else
to
present
it,
please
mail
either
the
list
or
the
chairs,
and
we
can
try
to
make
sure
that
that
happens.
We
already
have
a
couple
of
folks
who
are
lined
up
to
try
to
give
some
presentations
there,
but
we
welcome
other
suggestions.
B
So
just
one
note
on
the
red
two
notes
of
that:
one
is
under
registration,
fee
waiver,
the
intent
of
that
is
to
allow
people
to
participate,
for
whom
paying
would
be
difficult.
It's
an
honor
based
system,
so
you
know
it's
if
it
turns
there's
no
tracking
of
that
being
done
essentially
other
than
the
number
of
people
taking
advantage
of
a
waiver.
B
B
Please
do
take
advantage
of
it,
but
people
who
don't
need
to
use
it
to
you
know
maybe
do
the
pay
for
the
the
day
or
the
week
as
need
be,
and
then
the
other
point
to
note,
I
think,
is
that
the
session
at
itf
110
is
likely
to
have
kind
of
a
bigger
group
of
you
know
nothing,
including
people
who
are
not
active
participants,
so
it
might
issues
that
are
more
suited
for
that
are
ones
where
we
would
like
other
people
to
know
about
the
work
going
on
in
the
working
group,
and
if
there
are,
if
there
are
issues
that
could
wait
until
may
or
sometime,
that
are
more
detailed
for
mostly
only
of
concern
to
more
active
participants.
A
A
If
you
want
to
land
directly
between
the
two
ietfs
that
would
be
early
may,
if
we
think
that
meetings
like
this
are
useful.
I'd
like
to
hear
from
folks
on
the
list
how
they
feel
about
that.
But
if,
if
folks
feel
like
meeting
like
this
is
useful,
we
could
also
do
multiple
interims
between
ietfs,
so
that
could
we
could
put
something,
for
example,
in
early
april.
If
we
wanted
to
try
it,
we
could
even
do
like
a
monthly
interim
meeting
if
we
think
that
this
kind
of
discussion
is
fruitful.
A
A
With
more
frequency,
I
would
actually
request
that
people
identify
specific
topics
that
they
want
to
cover.
We
can
queue
them
up.
Some
of
them
will
have
been
queued
already
by
the
revisions
of
crypto
refresh,
but
I'd
like
to
hear
from
folks
on
the
list
about
when
they
think
the
next
interim
would
should
be.
H
D
B
Now
so
yeah,
given
we're
at
time,
I,
let's
assume
that
the
suggestion
of
early
may
is
reasonable
if
people
would
like
to
speak
to
some
other
alternative,
either
doing
it
earlier
or
later
or
at
some
other
cadence.
That
would
be
good
to
hear
again
now
we're
on
the
list.
So
now
is
your
chance.
If
you
want
to
bring
it
up
now,.
B
Okay,
we'll
take
it
to
the
list
in
the
minutes
and
so
on,
but
with
the
suggestion
will
be
early
may
daniel
suggests
semi-regularly.
So
I
mean
I
guess
we
don't.
We
also
don't
want
to
put
too
much
pressure
on
the
editors,
because
kind
of
each
of
these
will
cause
work
for
them
as
well,
so
mostly
might
be
too
soon.
I'm
too
regular.
Sorry,
but
let's
assume
early
may
we'll
organize
that
and
if
compared
to
the
list.
B
Okay,
so
that's,
I
think
that
brings
us
to
the
end
of
our
planned
agenda.
So
there's
probably
any
other
business
kind
of
call
here
is
there
anybody
have
any
other
business.
B
Not
hearing
any
thanks
again
for
for
note-taking,
I
guess
okay,
you
want
to
declare
the
meeting
closed
unless
you
have
something
else
to
say.
A
Yeah,
I
think
we
can
declare
it
closed.
I
saw
a
little
hand
wave
from
werner.
I
don't
know
what
that
actually
means.
I
couldn't
if
that
was
a
goodbye
or
I
want
to
speak
or
or
what
I
failed
to
do
vid
to
get
any
video
working
on
this
session.
I
just
saw
the
slides,
so
I
sort
of
second
uses
his
preference
for
a
different
video
printing
solution,
but
we
can
figure
that
out
on
the
list
too,
but
yeah
borrowing
any
other
business.
A
I
think
we
should
we
should
close
it.
I
I'm
really
actually
heartened
to
see
the
discussion
that's
happening
here,
and
I
hope
that
folks
will
continue
in
that
vein.
Put.
A
List,
if
you
can
the
ietf
jabber
room
stephen,
do
you
know
if
that
jabber
room
will
be
open?
If
people
want
to
join
and
have
a
discussion
there.
B
Is
always
open,
so
you
can
join
that
anytime
and
there
is
a
option
now
they're
running
some
experiments
that
you
have
a
matrix.org
client
there's
a
way
to
get
into
it,
which
I
tested
earlier
and
it
didn't
quite
work
but
more
or
less
kind
of
work
and
there's
some
other
zoolope
or
something
at
the
name.
Another
messaging
solution
that
can
also
interoperate
with
those
rooms
great.
A
Okay,
well,
I
don't
want
to
keep
folks
for
longer.
People
are
probably
busy,
but
I
thank
you
all
for
a
productive
discussion
and
I
look
forward
to
seeing
more
comments
on
the
list.
A
Yeah,
I
will
grab
a
copy
of
the
note
of
the
ether
pad.
Do
we
have?
Does
our
recording
include
the
chat
cause?
There
was
a
bunch
of
interesting
discussion
in
the
chat.
M
As
well,
I
copied
some
of
the
relevant
chat
comments,
mostly
about
agreeing
and
disagreeing
with
speakers
into
the
notes
as
well.
That's
great
thank.
B
K
Vincent
by
the
way,
when
I
have
you
here,
I
would
be
interested
to
have
a
talk
with
you.
I
mean
we
would
have
met
in
foster,
but
this
didn't
happen
this
week.
Yeah.
M
Yeah,
did
you
want
to
talk
about
the
the
user
ids
issue,
or
did
you
have
something
else?
Just
generally.