From mmadison@loveofbeer.com Fri Apr 07 14:12:42 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FRvRq-0000uI-An for openpgp-archive@ietf.org; Fri, 07 Apr 2006 14:12:42 -0400 Received: from [217.97.200.106] (helo=localhost) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1FRvRA-0008Mq-BF for openpgp-archive@ietf.org; Fri, 07 Apr 2006 14:12:42 -0400 Message-ID: <000001c65a98$c4356400$0100007f@localhost> From: "Jordan Bell" To: Subject: Software At Low Pr1ce Date: Fri, 07 Apr 2006 20:12:33 +0200 MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="----=_NextPart_000_0001_01C65A98.C4356400" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-Spam-Score: 4.2 (++++) X-Scan-Signature: dd7e0c3fd18d19cffdd4de99a114001d This is a multi-part message in MIME format. ------=_NextPart_000_0001_01C65A98.C4356400 Content-Type: multipart/alternative; boundary="----=_NextPart_001_000E_01C65A98.C4356400" ------=_NextPart_001_000E_01C65A98.C4356400 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable By the time Scarlett had undressed and blown out the candle, her plan for tomorrow had worked itself out in every detail. It was a ------=_NextPart_001_000E_01C65A98.C4356400 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Software






------=_NextPart_001_000E_01C65A98.C4356400-- ------=_NextPart_000_0001_01C65A98.C4356400 Content-Type: image/gif; name="Lf.gif" Content-Transfer-Encoding: base64 Content-ID: <000801c63b06$0762dd00$0403a8c0@mlto> R0lGODlhmwBtAaIAAO3uygAzmQAAZv///8xmAAAAAAAAAAAAACH5BAAAAAAALAAAAACbAG0B AAP/OKrS/jDKSau9OOtNlx9cKI5kaXbeqa5sSy5uLM8yQ994noF67/+jD+/jIEpsDRiEl0ym BLYoE0pMCakPI3UKLDKRUmdEiUWKm9jscD2emsFubrS7/NrPZq8+r2TXy1xngmmEhYZ0gnB4 gYQMfGVOZI4geYNvd16SlV2Ki2R/Yo9bg5GlbWqoloyHQJ1pm6mAS3qsYUdxsZezrD+XmhVP o7toWq+rcK5VwZ+Izc7P0NHS09TV1tfY2dozAN3e3+Dh4uPk5ebn6Onq6+zeQu/w8fLz9PX2 9/j59936/f7/AAMKFMJvoMGDCBPmK6iwocOHAxlCnEixIjyJCglo1LiA/4AHjx82huTYEaSC jSQ7fiwp8iRIkjBNQsSIMGVMlR9f5pSZckDPnDhtvhzqsihFmgeFutQJdKRPkz1/sjxp9GlJ q0qPAniY1SNHmUuBZl3606vXqkq/QgXrEKnBrmHfCW1p9arcuGNb0pXa0O1AuFWp1u3Kk63g wWub8tUKESXUlSMTG3X8lO5hnyzLErU70a/Fz6APeg5NuvTCraZTqz7drrXr17Bjy55Nu7bt 27hz697Nu7fv38CDCx9OvLjx48iTK1/OvLnz5gECdIv+vPo6AeyiS/e2HUD37uq0gw9PnXv5 6ee9p2fuYN137vBfv3cff779+M+xpxsvXbx47//mbaedOPcJuF44AtaH34LN6YcOf9Phl6CE CNY3IYDjzIehhupZB4CD50CI4YgXqjcgOP9FqOKIKH5z34oMskffihqWOF6LOJJIYI4X9pjf A+SBV2OA6B14o5AHmnjeiUW6mKSHUEapnH9UVmnllVhmqeWW/knp5ZdghinmmGSWaeaZaKap 5ppstunmm3DGKeecdNZp5514knljjO3sGZufzrUXXobkAJohk4byWehsTKL45DkOglhOfzsS OuOGD14qX4zSDcBia5IuiuSSpKbXKIVKOmlgeY2emGKTRe7JIY2whWoppiq+iOunOvaqq660 +srnq6iCGiSrCuZq4an/qQb7q4RDCgtjhS16mig5ti6q7La7lkiti8l2y6CP0vJa7KzpQBAi jq8i2iqzR0KLJKwmnluqn6aqmidx1zLH5b8AByzwwAT3u+/BCCes8MIMN+zwwxBHLPHEFFds 8cUYZ6xxjhsLuq6zmTK6rKzMQhlpyL3uR9uzPJKZbYWU2vduqfbKmnK8yq5aXQODxhwuuQXu emvKqCI7rYyZ+swt0ApSih6h35XcbrHKnawyjEwvDR/O4HJbaddEV83zoFgH22y9WxP5rbcc Y/3oxhgXLPfccsNt991456333nz37fffgAcu+OCEF74voAav/ObLX7cNtqaQDx2gkSXvNnbS /407vm7ij2vrOdW8Ycd4i6NGbfqoUOvrtLumslq5zTnTK5t+oxf9M8hHA2u0uOxO+rWBZsem bogpsiwzvMWDzXKziB+6JOizX8278b57HS31knMKvfAo58r65KqKuCyLrJdu3rfou8254R7S 7f778GfJ/vz012///fjnr//+/Pfv//8ADE7i1vew4ZmjSwOcVNSCpzbZwUtKtWtbAgu1wLCV i1xPixKQukei1q3KZkoDUKKypiMCHieCyeud8mAmws6t7XZCgyAHT3c+BuLqPc2znfcqh7QP zZCBGExWEMcFQ0UF6nIH5JGrnpc7FfKqSw40UgAPF78qzm2KWMyiFv+3yMUuevGLYAyjGMdI xs9pDInEM2HueNga/rxtZ9kxYhJbJptWyTFQcSTQ83TWxKbRC11HC6R1NvgxOu6ObULKYNdC qDk1FsdqczTk5BC5yPBFyGnpM5fJvBHBC9qQa9EqoRkdeUI0HtCDC0qhJVOJKHNBEYplZJMV ZwmwWNrylrjMpS53ycte+vKXwAwmngxYPU1qLnJ0zGSfUNlAWL4GhWzLXBwNRUrpkTCarulk CFv5ynulLlbgnJA4W0ijt10TnNzDHNAwOERPSkucJPTc8u5ojk5u6Jy4e6IqszZOsz0qkVo7 ZrrINr1zfRKGNVqe+DqHPWNC6lKmY+UfiQj/roR2MFzMSxIsZ6YvYbqGliANKcE8StKSmvSk KE2pSlfK0pb6rZoH81gkgWVG2HC0gWhD0BuBA8liArKmH0VoEbc3nJ76bpvoTGory0nNfHJt WHvsVlRBZUpRkbOgAVXata4nUT1er58yyyYnVYZUdwatgo2bpyB3eEi2YhMdRvVpJbNKoadS FKtPxKjbtPfMqspzrh2kWdpkN0mc3lSn5iNfYmH6S5E69rHyc6lkJ0vZylr2spjNrGY9ytg1 7bQdMi1kDPeDVkbBzoLIrGZcv+lQ4tVQZLf6qfRcyI7V7uhXzKzoVZcaUWXqFpM57ZHrqNMf YoE2tLH1mnJ/m9fR/x7pdS2EXT+lulbQPiiFNFTkXLMrXCkG0meLdas/aaNNIQKRWtNFK7p+ yiGL9hG1tS2vbgPLRwmCj5Ua/ee43LXK9nbWS/+NE2QHTODNGvjACE6wghfM4AY7WE45DGpr 5SQp5CoqwqSdrmiLmUfaCg+JqwWuEQlIUw6b+Lqoyw2IQqxYwZ4tp5K8GXEHtLrh1lfE773N iscaY7y28516LW1A75m9AH9jx90I1SuFKt4X8q5DwdunXl1oZB4n2co69HF1gTwtdhbxrXad jQGRK6J2efO+He1ufTuUWCgv1VFLZONlCUxnKz74znjOs573zGeX+hVS9vyShUt5HdpVOP/Q R7wyewI9tj+77NCXI2SSgeSxDfLs0qEdXqNXTIFJT9rRPzK0pzd9ZFF/SHSiloCnOZlqU7N6 1Zg+tZkwTWliklrWpI60rU0taVi3+tSDhiOuDz2OW8d62K8Wh7GRu2xZJ1vQuhbUrn39aVcD G8SS9qumUX1t9oH6f9/u856DDcBwP9t+5l61xNRVaWlbutXtIWStt43sdzubTc0utbOPfWt9 o7HZqh42uR9N7WtzG9n7jlStwQFwhS8cTg0f9a8TTu1/8/rg91a3m/LN7ou7m9XujrbBM95x cZv85ChPucpXznLAfRZipNqyhCf8sJjvRrYSAy9TyXnYODuzYjqtF1pbP6VWi4G1bP7kqsxr vi0bgQ6fGSszkVIM4zdDueUCrDOVsM71rnv962APu9jHTvY/vXzmeMP5n/aGsw9W/czFy23O mehlJ9a9ygJues2uqUqKufdmTj3oxU4VSu5CS6lnbxje86b1yJb98ZCPvOQnT/nKWz6SvjUc voCqeVdyvnDANXN2Cdu3hkL9pVI2q3H5Zvp8Bq7M30vqiy+vG5HS/va4z73ud2+bBAAAOw== ------=_NextPart_000_0001_01C65A98.C4356400 Content-Type: image/gif; name="MW.gif" Content-Transfer-Encoding: base64 Content-ID: <000b01c63b06$076ec3e0$0403a8c0@mlto> R0lGODlhNgFWAKIAAP//////zP/MmcxmM5lmM5kAAAAAAAAAACH5BAAAAAAALAAAAAA2AVYA AAP/CLrc/jDKSau9OOvNu/9gqBiGKJKkyaQbq74whpavGwO2vbL6bfUSnZAGrBR9I9ouOTs2 UaBjVHnLAaFIzjCyXX6kvh6PiiMvuh1wdrozz9YtslNOZ8Md1rPbXMbzL2p3WlQlQn2HTGNM eliMQ41lWE8PLm9JepeWbYWEmoiflZ5+l5gNV3ukjU2bnZCRVqqteaKvnSugnKSIKbySSqGl u7ZeEJUjwWO/w5HIysSHwMVEy8HPqZyKup/CzbrZ3Iva0aDe19qMpnXb5+Pn6ebgXfLq4PUU omJ8+eHV9vOU+qa92zZHHLxsp0Z5wUcPjTRouUr9W9hw2jdaAB2uY+ds/2A3R6tepZsokV6i bzgwdUTZj6CyWB41jiKEi6NNlxKP4XI1EFbIjD/XocnDxdNPlkg7wtMp8mBAhf0sDTUJdBPF nuocSuXZFKC4P16LQvVGTdojgTjTkkxZDeFTj+4gxqSasQ3Wu1efbS0YliwgsEIrWhOrMOnN tdQuOkvot3HNwWMPC+bX7uvcviX/Bnn7uC1auUvHIUYJmPRWs2fpuMrH15phRzsZuws6mOXm 20DpTgLJyjOkqVBsCxpOvLjx48iTK1/OvLnz59CjS59Ovbr169iza98+QEF3AN/Dex8Pnrz4 8ujPqzfPPn3789vjy78xYECA+vft49+vf4AA/v/5BQjggP3l91+BBB4oYH/zNeigCPYJEICE EwZQoYQUZljhhRxiaKGHIH64YYgkiujhhd89qOKKFvg3oogbdmjhiybWGGOIMtKIY4n3segg YGkMxxUD9k1IQAH/EfBfAQQoWYB/TwqA5JEE+DcAk/YVoGWEATS55H1MKnkkkxOGKSGSXVJZ ppgEfJiij/IBSVhLa9AEAZdUSmmkABKyKeZ9SloYKIaDTnhlmnyiiSiSen5oQJlnCorkAIH2 COd8cj4EWRZ2OuBin01SumSTaTZpqgCm+nckl1GKiCSalFaJapVtCmCAkmcm2SeUqaJ4aZzM MMWWKcMWwpQmERkVSyj/vfRwX4WxHgmpfloGgCWiFA5gAKEnomrrhFK6SOm2hBZQ5rmidhmt m7/G+Yuw+hTLFhG37FKvG/UOq28DeDrJpodkFvAoqi5WKKu1tRrMJKiEVmkuhmhua22iueZp aLvxdUovJcdsvDGxZ9yLR76d8otim2TaKq2UYqJJJZtoeqthuODeai6lE1Oa8sPrEkxzthhr p7GwIntMNLwkGxMy0nfqCKOGTkcN9dRPV/0i1f8FEHR2Q++7tLzzcvy11x+DffQCn8pY4tpq t832225DuzXX+W507NJl5123Tl2f7R2CgC8oOIGDB0744Ya/OTd1tDkh9kvvWpWI5ET30F2P /5hfrjkAltpXXuacbw565lqLN7roqIdO3uKYsu7669FlCvvstMcge+2456777rz37vvvsd8u g/DAF//cPnPWAlYgXzALOWx+OG/87MzrpVRxxhobMk0l66u939O3i3wt5MeTi/OQl1WM1x3f 0j33e4cfNPLjmx/cZ718NMH3xMI/tvcAlN/i6KeVlQxjfNVDB8f8Vzn3xU+Av0IgTEByPds8 gXgXzKAGN8hB4kFwO/ULFlHgYkEPLpBkDvwfA9n3QR+FEDRxIQowRJOp7I1thXJIIfhaqKIL QuQ3whnhUZRlhJSUDYDv0yELechEISXDF9I71rJM2MQqmoCKVsyiFv+3yMUuevGLYAyjGMdI xjKa8YxohE4CPVCANBaPNj+AI51i0EY3+q4yRrhecbTExwdoiQF8/CMEAllHBRCykHZkDkkU kT9zNLJ8kLRbA/5YR0QCoI+GLKQgJ6nJTiZSOou0yCOfmKzFKCUQlPTjJT2ZST+ycpWfDB5e YGi+vBBjjavc5AIq+Upd7rKXgYxlc0L5FWQdcA9ypAAhd/nLZrbSAZv05TOFmRxidsZ6s8Ei JwV5SG4u05XBhKYlqWkcGoZjhNjkhjkv0EZpSnOaEfCmM8lZTYaUEjJCNCYQK1BJWHLSlYAc ZzRfSU8wfvOfv/TlQBUazoKOcZwOjSgHICr/0Ypa9KIYzahGN8rRjnr0ow6iaHNEagKSghGd GUjmcChqyYM2VJy6PCg0B+nShmLSkJNMI0o1ExdB1LSlM2VmUHFKVAmYVKiXHGo/h2pG00wQ hujTX1BQmVRVApKpEEWkJpXJz6vmFKcsdSMRQ2OR/eHvrHPMaVi9ytaqfrWoJj1qUd2K1HbG U6yToSEQT0PWDbyTrrncKlLb2sm/yrWlN81lUhM716bmVY8iPGVElEdFxgLWq1q1amM3e1nN MhWsg+3sGKfSmGiYE49+baxIl8rZzH6Ws2/1LGhVi9fL/LC0FcxnWoMK1MGy1q2CJaprYzvI 2PY2uLAVI2tgIYy9L+51JDsFZ0xtmtiXarW6lg3ta19KV8bKFaTG+e4eVwpe6Yh3vHA4b3l/ p97UojEBADs= ------=_NextPart_000_0001_01C65A98.C4356400 Content-Type: image/gif; name="A.gif" Content-Transfer-Encoding: base64 Content-ID: <000c01c63b06$077134e0$0403a8c0@mlto> R0lGODlh9QBXAKIAAP//////zP/MmcxmM5lmM5kAAAAAAAAAACH5BAAAAAAALAAAAAD1AFcA AAP/CLrcbsZJKKu9i+LNr+5gKI5kyXxetKEm5Lqnas4KS2Mvm8vAbtm2zGs1rAQfvF+ypJMd OU9Q9CbkfVAa7LK2PF63wjBy2gM3yNCuCm00S91U7nmdzNa3QPy9PR/rKVowYUUxghNqcoRV gYY5c40RilyGZWVPUWxyhzF8nJueYk1VYpWTpKWofaqQoFqqqF+mmrNfTmCYmV5Wt3ufp6Wu nqKpwL2vob3DqcNBzMnGoG2Uvp+X0NHLu792q887eq/O4drC0+Llx7/Sujh0KaPU2a3P3fVp Ptvu89i1sej/6oi1Q9Ru1jqBBrPhI8YNoCY2uOyRCpavITKJCTMWxKYk/5NGhraQJLT4kF6a dw5hkQtIshhGhCBHriTikaKyPBP9qQx5qpmbmzxl5ry4j5bOMQ4pdsilTCVHRgpdSbI0LWC+ Qnn63WEVzdGgqn4YiZ2a7pDPRx7jqF3LlkbatnDjyp1LF+7bunjz6t1L9y7fv4ADCx5MuLBh AAMUJEasuDHjx4sjO5YMebLlypgpaz7MuTOGAQMCgBY9QMDo06FRmy6NmvRq0q5Vt56duvZr 0Ks96969ILSAAAF+Axf+m/jw4MeRF0eunLnx586bQ28efDHv64Z9H18uvbv35dyNRwe/PTl1 8r+tY68Lx62HEtoJFDBNwHQBAgQCFCi9X8B8+f8EpHZfaAXcl99v+NlnH34ByHdfcAZCWJ18 vt0nAIPpradXezi89wN8yFHoX3D1kTgAfvXld2Jx9S0X4HIDFNDggSXS5599xxnw23w3Nvif duppOBeHHhpRZAilhZhgfTEyiOKTF+IXGoUAQBjefwIsmN+TwRlQ43wnkpjlk9qZJiR7lmRw wodb9aMmJWQhJtyTMvpX2pgyFjhliwj212CZM8qIGJOBJnnhfPqJqR+BJ2Io2pnsOVHDmkZa QamlsEyqpgOGrmiho/oZEKqJ4GHY4nEAFoeojXVKKICoN74qJoDIBQlpW5j2oOkEm+q6KabA UspAaEr62KV8JKZYIn7/DzKr6oHKGeAbgDIGGICOJ1qoX3oDjslfjY/eGleua3y4a7C/XupV A4YmF5678EYnr3j0xlvvvOGKa5ew5a4jaboAawqHaN2hV/DBBieM8MIJ26pvHLnC5GvAWVxq ca/D1gYbbRtrzPHHHofc8ci0PWyXJJecMYotWmElQWKPhhsaYzHDbHOVN9eM8846V6bzzznb HMBjJuNFZNFIJ82E0kw3fcPRTkct9dRUV2311VhnrfXWXHfdmV8beS12CwR1MglYH60FiSCE kNU22mNT8ZZNULMVia91rBnxxLruHTfEZTvilT+ARMJyy1apvLeli+st7N9q4SQQ3WcbbpRT /2k7vivGd2PMd+ebQy43QeasRFJLmIewdsWJbKN56KK7FThXlQflElpw+/vN7rz3/k3sgItU iEFnEcURCaB7znfojD8O/AySJwWO8YUPtULfD2Sv8uPJ1/287pZTtYs+xyAu/vHZ3928wMqv D/v3wK8Ojyznyg///e/jr//+/Pfv//8ADKAAB0jAAhrwgHIBmwgKgMDCrEt1DyxLXBjYQMEc ZSm2+0uBNtiADVJQAR78oANCyIAQitCA53BJ9UpSCfM9EA0FAgAFPxjDDtLwhCC84QJqWEGh YE5wPAHi5XQCQwaekIcl1OEIlShDHCIwhacLIjmi9xYP2tCKOdyhE/95yEUsNhCK5BOf7VD3 uxGQMIto7KIE1LjECoKReNNjoQRJgEU2NtGLV+RgG90YFDuEsXhybGEfoWbEGTIxiRuooR2/ iLIVKqUnh4sk+joIwiai0ZI2RGQmL4nEHjbtjDnUYyiPeMNOgtKTUnMiKg2oylW68pWwjKUs Z0nLWtrylp1ppWF0GQde7uaREMxdXnAISjziMY9JFOUILWBMZTqTkrcCJgYTh5diLnOHlcTm NbMpw0Qys4Tc7KY4xblFcUWRdhZx4SDhxCEjblOb2RRhOeHpy1bKM5wzxKYqfakbRRBOinBI J/kuWAF3QvOb40woPMfJS13eM6H5rKQ99QWmlMtVDisCtegCialMeoLznaXcJwaaiUQOFpKY FDVGRh+h0RWK0XuhLKgmtdhRfK7xpgiN50fBScODQqqiP5TiUAhKx3B69ALzNKpSFerTiCrV oArlp2eA6keLHoWd1uNARB/a0J1ydadgBalNP9rTsAopK4HYyViGh9FJJrOkojQhTZvqzJou dIlwNWUyfYpLme5Gqr3s60ivA1gaFFawujlsUcWVAAA7 ------=_NextPart_000_0001_01C65A98.C4356400 Content-Type: image/gif; name="MO.gif" Content-Transfer-Encoding: base64 Content-ID: <000901c63b06$076ec3e0$0403a8c0@mlto> R0lGODlhbQFWAKIAAP//////mcyZZsxmM5kAAAAAAP//zAAAACH5BAAAAAAALAAAAABtAVYA AAP/CLrcWsXJSasFEN7NcnwZ9nFkuXnmOaacxjauK8lvbU90F693n7cengi2+tWCoZuxB2JW jMjk7LMcOhdIR1CL0nWx0OqVlRNLRUWeWKkWmtbjeJNbCsuJuvx8L6P5f193R21PQn94goBu JHCCTnaMbo02ZVSEVmB7fJgPVn9JOyNbXpVno1mIdGihO6RpZ6mZnn2BoyCwtquir4eBt4eq FCituhGfvbAWxLKVwqKcGsu0Q13TfLuympyxetvAmNKLik3V2NnX2eHo1+br29qpoO3g7VKT s4jNUx2b+O9o3JZ1cwfvXDd9cyAZhBcq4Dx9CvVAvLTvX5R5/qBZykex/5BBgd5wJdyYcaA2 Vg4/LvpHLxbIX7lULkR47BSumydJqixXsefIcyCDrgR6CaHLTOZevqP5hSk3k+k6Kp10EarT ha6y/pRIEVjElC2ZFe3oM2ROZ1jAWJtqiCzPg2ShEtRYkOrQcXDlEilFciLHv8ECZ/Q69qnV wnrBDST21ayqq1hnpnGpM7FhyfEmq6go9KzjxjLDbhV72SJi0gcX65ym0JrobwXVejH5ba3m 0qaJUl5nO2roT3Xv7lp927XRxK5f38bgUaM8HL5iSm9bBRXt5bms414ynUut7/Z4LacXgm0U UiWHib8+5bxaRTd9OZpPv779+/jz69/Pv7////8ABijggAQWaOCBCCao4IIMNujggxBGSMEA ClAIgIUYVqjhhRtmyOGHHobY4YggkuihhCimqGIJAwxgQIsvugjjjDIOEACNMeaI4441xnhj jzz+qGONKxZp5JELuBiAAUsyaYCTSzYppZNQVhnlk1dmiSWVWna55ZVQWojkmGQ2aCOXW1Jp 5ZNofummmlqu2WacXr5Y5p39DXVEfsk04CKTAxAQgAA2CkAAATYSIIChiwoaqKKDHiqAAYcq 6mSLkRpgKKI3Hqqkp0sKqmmgnxKQI6B4pqqfnmhZlgg/Eyj5IqKGamrqkgMQSmuNTVoaZa5Q 1opprU9iKiixTN4qaAD/plKqKKbFqiqtfaxCh9uraUlwJq6BGhopjS2G22munU4aqgBTCmqp oeSGq6yNoUZ6LrPhynrjtPi+ag+sMDDXCRXvpYVSwL8ELN+Fl7pr66K2mippjAzPai6wUuZ6 K6OTPoruqMraCuikihYAI6r5ljxGH51k2+8zAPubMsrZGsJvERMmHIDI8jp5qLOAnmkzpeZe yqmtv1oMpahIB8Dsuez+avLTTND8Mg7/Tu0yv1e3jPUzKvsZZqKmbvpup7iCqnGyGzvJKJNi 56jopp+y/fCN6CJKpZhQ5/3GzClrUbW/Wm89M8x9S63tnGlOifjiijee+ONoOn6v3pTXwffV /5cD3rfgXVtdONZ+ein6mqOXTvrppl+Jd+WsC7P1SlxrnvXmhsecOeYM8Djk7rr3DuTvvAPv e+vEO4MT1X673NRew/EC+g8ilih99NSbaP30159Y/PbKcO/99ylWC/745Jdv/vnop6/++uy3 7/778MfP4D11iC///UjiZe171dk/SPOWkEcYaEE//KmvgHSJDbWYE7jNzU5wtTMg/vS3BZuQ JhoA5J+r/uZAzEWQZhGUoPzwor+wVJA4yjmB8pLHua4ZA3QijB8JjdIb1OTlDQRkReDUwI8Q xvB9FAyPKx5SGZgU8CJITKISq/LDEbZlL5qIyEsQOAPcyeyDPYRhE//bV8LR5MaGGPTNBV4o s5U9L4ud2yIXs6DD2XyRHTkcD9XIiEYOerCOuFOjHh0UnhwSTHl99N8eBykgQRLykIhMpCIX ychGOvKRkIykJCdJyUpaUpFUZAEBLsnImADhYAqMwyY5mcjkACEy96nUoRqgSgaocpQSeKUr ZUlKqPnlJ2HEpTEyCJMNAmCVo4TlKlkpTFjOcgHD/KUxa2nL07TRNuVBoXGqBUxixrKY10Qm Npmpt1umJymaCWIKWjlLcipTm9lUQDJpyc2SeVMg1iGMd0BpAXauM5jbtKY6l7nPdrrTmZWR YhFZMs5K9fOgyjQnMRWKTn/ma5q3iKIkwon/DYiSYJPDvGc6K5DRfDp0WtPZpUR9EkcNotKV 6jynSlfaUIS2VKMfjek+DapNms50mfdM5k35KVOH8rSnQK3PT4NK1KIa9ahITapSl8rUpjp1 qUMVUFSdMNWnJpAM9MTPUI2pUIaWk6teRSYFzPnKYnKVlVZtTijVmkmqMnSdKP1lXNEq1pTW c6xzjasw7UrXtHJmPbypR1MEawpqytUBGK2rXc+K2LlWdat55etef1rVp34HjAFUBgpTeIHE 0nWvdWVsXw9L2glEVbSKnSxe/bo/MU6zsG8ZjCFZSlqwwlWxeTUrZetpU9wmVK695StrwSJb 77gjl8WY7W93Ws3QgUZWuDyNLkcju1vQ+na4nimuCQUrGhsEs7HQDS94hXvd0o63tJC1Lnmx 6xh/PGc0wBEjQcHLT/V+N7W4ve96zTta1OrVt5V1KnyAU1L+vYJ5crxmcKHb265+9cGm5Whw pVvT0bJXWgHeT4aZsOELq6jD+QHxC0Ts4R+SuAQnLmoCAAA7 ------=_NextPart_000_0001_01C65A98.C4356400-- From owner-ietf-openpgp@mail.imc.org Wed Apr 12 10:52:27 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FTghn-0000Lb-CU for openpgp-archive@lists.ietf.org; Wed, 12 Apr 2006 10:52:27 -0400 Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FTghm-0008Rm-3x for openpgp-archive@lists.ietf.org; Wed, 12 Apr 2006 10:52:27 -0400 Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3CELnkc070361; Wed, 12 Apr 2006 07:21:49 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3CELnOc070360; Wed, 12 Apr 2006 07:21:49 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from ns1.cpanel.btnaccess.com (ns1.cpanel.btnaccess.com [205.177.121.2]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3CELltt070353 for ; Wed, 12 Apr 2006 07:21:48 -0700 (MST) (envelope-from robholliday@isocore.com) Message-Id: <200604121421.k3CELltt070353@balder-227.proper.com> Received: from [65.213.193.6] (helo=ISODELL001) by ns1.cpanel.btnaccess.com with esmtp (Exim 4.52) id 1FTgE4-00086P-SL for ietf-openpgp@imc.org; Wed, 12 Apr 2006 10:21:45 -0400 From: "Robert Holliday" To: Subject: On-line Registration Closing Sunday Date: Wed, 12 Apr 2006 10:21:41 -0400 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0038_01C65E1A.E3EDC910" X-Mailer: Microsoft Office Outlook, Build 11.0.5510 Thread-Index: AcZePGrSOO1hlu3gRXWTkZHRX2lUJQ== X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - ns1.cpanel.btnaccess.com X-AntiAbuse: Original Domain - imc.org X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [47 12] X-AntiAbuse: Sender Address Domain - isocore.com X-Source: X-Source-Args: X-Source-Dir: Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: X-Spam-Score: 0.0 (/) X-Scan-Signature: 9b0e2bac7c1211e21cfcad57f02e2c8b This is a multi-part message in MIME format. ------=_NextPart_000_0038_01C65E1A.E3EDC910 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit This week is the last chance for attendees to register online for the International Conference on Network Security. For those interested in registering before time runs out please go to: www.networksecurity2006.com Conference Program Monday, April 17 TECHNICAL SESSIONS AND PANELS 8:45 - 10:30 am Opening Session Chair: Guy Copeland VP and Assistant to the President, CSC . Introduction Guy Copeland . Keynote Speech Andy Purdy Department of Homeland Security . Issues in Wiretapping Technologies Matt Blaze University of Pennsylvania Break (10:30 - 10:45 am) 10:45 am - 12:30 pm Panel: User Authentication Technologies Chair: Radia Perlman Sun Microsystems . PKI: It's not that hard. Why don't we have it? Charlie Kaufman Microsoft . Web Services/Liberty Approach to Single Sign-on Gerald Beuchelt Sun Microsystems . Is the Identity-based Crypto the Best Solution? Terence Spies Voltage Security . PKI: Let's Make it Happen! Bill Burr NIST . SAML Comparison to Kerberos to Support a Centralized Authoritative Source for Authentication Hank Simon Lockheed Martin Lunch (12:30 - 1:45 pm) 1:45 - 3:00 pm Mesh Network Security Chair: Russ Housley Vigil Security, LLC . Status of 802.11 Mesh and Security Donald Eastlake III Motorola . Security Issues in 802.11s William Arbaugh, UMD Jesse Walker, Intel . More on 802.11s Robert Moskowitz ICSA Labs, Cybertrust Break (3:00 - 3:15 pm) 3:15 - 4:30 pm Defending Against Denial of Service Chair: Jim Hughes Sun Microsystems . Surviving Denial of Service Andy Ellis Akamai . MITHRIL: Adaptable Security for Survivability in Collaborative Computing Sites Von Welch, NCSA Jim Basney, NCSA Himanshu Khurana, NCSA . Investigating the Impact of Real-World Factors on Internet Worm Propagation Xiaoyan Hong University of Alabama 4:30 - 5:30 pm Panel: Legislative Aspects of Security . Pat Schambach Nortel . Robert Dix Jr. Citadel Security Software . Michael Aisenberg Verisign . John Morris Center for Democracy & Technology 5:30 - 6:30 pm Reception 6:45 - 7:45 pm Tutorial: Network Incident Response Presenter: Richard Bejtlich Tao Security Tuesday, April 18 TECHNICAL SESSIONS AND PANELS 9:00 - 10:30 am Software Security Chair: Charlie Kaufman Microsoft . Why Software Breaks Andrew Lee Eset . Federal Standards and Guidelines Developed by NIST Stuart Katzke NIST . Impact of NSTISSP-11 on the Current Certification Climate for Products and Technology Keith Beatty SAIC . How can we make products and deployments more secure? Eric Cole Lockheed Martin Break (10:30 - 10:45 am) 10:45 am - 12:30 pm Network Security Protocol Issues Chair: Hilarie Orman Purple Streak, Inc. . Introduction and Comparison of IPv4 Address Resolution Protocol, ICMP Router Discovery and ICMP Redirect; and IPv6 Neighbor Discovery Protocol Security Issues Michael Wasielewski Lockheed-Martin . The ability for the Warfighter to share critical information across and between networks without leakage Adele Friedel Tenix America . Availability and Security Tradeoffs Arun Sood Task Technologies Ltd. . Firewall Traversal: Security and Scalability David McGrew Cisco Systems . Updates on IETF Security Related Working Groups Sam Hartman MIT Russ Housley Vigil Security Lunch (12:30 - 1:45 pm) 1:45 - 3:00 pm Security for Wireless and Internet Mobility Chair: Bijan Jabbari Isocore . Optimizations to Support Secure AP Transitions in 802.11 WLANs Jesse Walker Intel . 3GPP2 Network Firewall Configuration and Control Michael Paddon Qualcomm . Proactive EAP-based handover key management for mobile wireless users Madjid Nakhjiri Motorola Break (3:00 - 3:15 pm) 3:15 - 4:30 pm Panel: Internet Infrastructure Security Chair: Hilarie Orman Purple Streak, Inc. . MPLS VPN Security Harmen van der Linde Cisco Systems . DHS and Internet Infrastructure Security Marcus Sachs SRI . Routing Security Sandra Murphy Sparta . Why Routing Protocol Security isn't Seeing Wide Adoption Russ White Cisco Systems 4:30 - 5:30 pm Web Browser Security Moderator: Darren Moffat Sun Microsystems . The Sad State of Evolution of Interface to User Security with a Focus on the Web Browser Eric Greenberg Netframeworks . XML: Salvation or Struggle Donald Eastlake III Motorola . Web Browser Security Frameworks Perry Metzger Piermont . Issues in Web Browser Security Sam Hartman MIT Wednesday, April 19 TECHNICAL SESSIONS AND PANELS 9:00 - 10:30 am DNS Security Chair: Donald Eastlake III Motorola . Why isn't DNS security deployed, and would we be safer if it was? Charlie Kaufman Microsoft . DNSSEC and FISMA Scott Rose NIST . DNS Security Stuart Schechter Lincoln Laboratory . The Registry Perspective on DNSSEC Matt Larson Verisgn Break (10:30 - 10:45 am) 10:45 am - 12:30 pm Panel: Trusted Platforms Chair: Radia Perlman Sun Microsystems . Trusted Computing: Towards Safe Computing Environments Tom Hardjono SignaCert . A use for TPM Technology in Routing Infrastructure Andy Ellis Akamai . Issues in TPM Technology Ned Smith Intel . An Outsider's Perspective on TPM Russ Housley Vigilsec ------=_NextPart_000_0038_01C65E1A.E3EDC910 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

 

This week is the last chance for attendees to = register online for the International Conference on Network Security.  For = those interested in registering before time runs out please go to:  www.networksecurity2006.com<= /a>

 

Conference Program =

 

Monday, April 17

TECHNICAL SESSIONS AND PANELS 

 

8:45 - 10:30 am

Opening Session

Chair: Guy Copeland

VP and Assistant to the President, = CSC

 

· Introduction

Guy Copeland

 

· Keynote Speech

Andy Purdy

Department of Homeland Security

 

· Issues in Wiretapping Technologies =

Matt Blaze

University of = Pennsylvania

 

Break (10:30 – 10:45 am)

 

10:45 am - 12:30 pm

Panel: User Authentication = Technologies

Chair: Radia Perlman

Sun Microsystems

 

· PKI: It's not that hard. Why don't we have = it?

Charlie Kaufman

Microsoft

 

· Web Services/Liberty Approach to Single = Sign-on

Gerald Beuchelt

Sun Microsystems

 

· Is the Identity-based Crypto the Best = Solution?

Terence Spies

Voltage Security

 

· PKI: Let’s Make it Happen! =

Bill Burr

NIST

 

· SAML Comparison to Kerberos to Support a = Centralized Authoritative Source for Authentication

Hank Simon

Lockheed Martin

 

Lunch (12:30 – 1:45 pm)

 

1:45 - 3:00 pm

Mesh Network Security

Chair: Russ Housley

Vigil Security, LLC

 

· Status of 802.11 Mesh and Security =

Donald Eastlake III

Motorola

 

· Security Issues in 802.11s =

William Arbaugh, UMD

Jesse Walker, Intel

 

· More on 802.11s

Robert Moskowitz

ICSA Labs, Cybertrust

 

Break (3:00 – 3:15 pm)

 

3:15 - 4:30 pm

Defending Against Denial of Service =

Chair: Jim Hughes

Sun Microsystems

 

· Surviving Denial of = Service

Andy Ellis

Akamai

 

· MITHRIL: Adaptable Security for = Survivability in Collaborative Computing Sites

Von Welch, NCSA

Jim Basney, NCSA

Himanshu Khurana, NCSA

 

· Investigating the Impact of Real-World = Factors on Internet Worm Propagation

Xiaoyan Hong

University of = Alabama

 

4:30 - 5:30 pm

Panel: Legislative Aspects of Security =

 

· Pat Schambach

Nortel

 

· Robert Dix Jr.

Citadel Security Software

 

· Michael Aisenberg

Verisign

 

· John Morris

Center for Democracy & = Technology

 

5:30 - 6:30 pm

Reception

 

6:45 - 7:45 pm

Tutorial: Network Incident Response =

Presenter: Richard Bejtlich

Tao Security

 

Tuesday, April 18

TECHNICAL SESSIONS AND PANELS

 

9:00 - 10:30 am

Software Security

Chair: Charlie Kaufman

Microsoft

 

· Why Software Breaks

Andrew Lee

Eset

 

· Federal Standards and = Guidelines

Developed by NIST

Stuart Katzke

NIST

 

· Impact of NSTISSP-11 on the = Current

Certification Climate for Products and =

Technology

Keith Beatty

SAIC

 

· How can we make products = and

deployments more secure?

Eric Cole

Lockheed Martin

 

Break (10:30 – 10:45 am)

 

10:45 am - 12:30 pm

Network Security Protocol Issues

Chair: Hilarie Orman

Purple Streak, Inc.

 

· Introduction and Comparison of IPv4 Address = Resolution Protocol, ICMP Router Discovery and ICMP Redirect; and IPv6 Neighbor = Discovery Protocol Security Issues

Michael Wasielewski

Lockheed-Martin

 

· The ability for the Warfighter to share = critical information across and between networks without leakage

Adele Friedel

Tenix America

 

· Availability and Security Tradeoffs =

Arun Sood

Task Technologies Ltd.

 

· Firewall Traversal: Security and = Scalability

David McGrew

Cisco Systems

 

· Updates on IETF Security Related Working = Groups

Sam Hartman

MIT

Russ Housley

Vigil Security

 

Lunch (12:30 – 1:45 pm)

 

1:45 - 3:00 pm

Security for Wireless and Internet = Mobility

Chair: Bijan Jabbari

Isocore

 

· Optimizations to Support Secure AP = Transitions in 802.11 WLANs

Jesse Walker

Intel

 

· 3GPP2 Network Firewall Configuration and = Control

Michael Paddon

Qualcomm

 

· Proactive EAP-based handover key management = for mobile wireless users

Madjid Nakhjiri

Motorola

 

Break (3:00 – 3:15 pm)

 

3:15 - 4:30 pm

Panel: Internet Infrastructure = Security

Chair: Hilarie Orman

Purple Streak, Inc.

 

· MPLS VPN Security

Harmen van der Linde

Cisco Systems

 

· DHS and Internet Infrastructure = Security

Marcus Sachs

SRI

 

· Routing Security

Sandra Murphy

Sparta

 

· Why Routing Protocol Security isn't Seeing = Wide Adoption

Russ White

Cisco Systems

 

4:30 - 5:30 pm

Web Browser Security

Moderator: Darren Moffat

Sun Microsystems

 

· The Sad State of Evolution of Interface to = User Security with a Focus on the Web Browser

Eric Greenberg

Netframeworks

 

· XML: Salvation or Struggle

Donald Eastlake III

Motorola

 

· Web Browser Security Frameworks =

Perry Metzger

Piermont

 

· Issues in Web Browser = Security

Sam Hartman

MIT

 

Wednesday, April 19

TECHNICAL SESSIONS AND PANELS

 

9:00 - 10:30 am

DNS Security

Chair: Donald Eastlake III

Motorola

 

· Why isn't DNS security deployed, and would = we be safer if it was?

Charlie Kaufman

Microsoft

 

· DNSSEC and FISMA

Scott Rose

NIST

 

· DNS Security

Stuart Schechter

Lincoln Laboratory =

 

· The Registry Perspective on = DNSSEC

Matt Larson

Verisgn

 

Break (10:30 – 10:45 am)

 

10:45 am - 12:30 pm

Panel: Trusted Platforms

Chair: Radia Perlman

Sun Microsystems

 

· Trusted Computing: Towards Safe Computing = Environments

Tom Hardjono

SignaCert

 

· A use for TPM Technology in Routing = Infrastructure

Andy Ellis

Akamai

 

· Issues in TPM Technology

Ned Smith

Intel

 

· An Outsider’s Perspective on = TPM

Russ Housley

Vigilsec

 

 

 

 

 

 

 

------=_NextPart_000_0038_01C65E1A.E3EDC910-- From owner-ietf-openpgp@mail.imc.org Tue Apr 18 15:26:49 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FVvqb-0007dy-0S for openpgp-archive@lists.ietf.org; Tue, 18 Apr 2006 15:26:49 -0400 Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FVvqY-0001pe-OP for openpgp-archive@lists.ietf.org; Tue, 18 Apr 2006 15:26:48 -0400 Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3IIxPVU018381; Tue, 18 Apr 2006 11:59:25 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3IIxPpA018380; Tue, 18 Apr 2006 11:59:25 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3IIxOkt018373 for ; Tue, 18 Apr 2006 11:59:24 -0700 (MST) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.7) for ; Tue, 18 Apr 2006 11:59:23 -0700 Received: from [192.168.2.164] ([63.251.255.85]) by keys.merrymeet.com (PGP Universal service); Tue, 18 Apr 2006 11:59:23 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Tue, 18 Apr 2006 11:59:23 -0700 Mime-Version: 1.0 (Apple Message framework v749.3) In-Reply-To: <87psqa6ds2.fsf@wheatstone.g10code.de> References: <20051011222500.0352B57EF9@finney.org> <20051012025034.GA5034@jabberwocky.com> <87psqa6ds2.fsf@wheatstone.g10code.de> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: Jon Callas Subject: Re: Signature calculation language Date: Tue, 18 Apr 2006 11:59:32 -0700 To: OpenPGP X-Mailer: Apple Mail (2.749.3) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: X-Spam-Score: 0.0 (/) X-Scan-Signature: 0bc60ec82efc80c84b8d02f4b0e4de22 On 12 Oct 2005, at 6:55 AM, Werner Koch wrote: > > On Tue, 11 Oct 2005 22:50:34 -0400, David Shaw said: > >> I support making 0x19 backsigs a MUST. > > I concur with David. I am actually a heavy user of signing subkeys > because they allow to keep the primary key offline. > Section 10.1 says: Each Subkey packet MUST be followed by one Signature packet, which should be a subkey binding signature issued by the top level key. For subkeys that can issue signatures, the subkey binding signature MUST contain an embedded signature subpacket with a primary key binding signature (0x19) issued by the subkey on the top level key. And I think this does make it a MUST. If there should be anything else (or this is wrong, unclear, etc.), just let me know. Jon From owner-ietf-openpgp@mail.imc.org Tue Apr 18 15:40:25 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FVw3l-0002nD-2B for openpgp-archive@lists.ietf.org; Tue, 18 Apr 2006 15:40:25 -0400 Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FVw3k-0002Oi-Lx for openpgp-archive@lists.ietf.org; Tue, 18 Apr 2006 15:40:25 -0400 Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3IJGO2X020296; Tue, 18 Apr 2006 12:16:24 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3IJGOSO020295; Tue, 18 Apr 2006 12:16:24 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3IJGNpY020288 for ; Tue, 18 Apr 2006 12:16:23 -0700 (MST) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.7); Tue, 18 Apr 2006 12:16:22 -0700 Received: from [192.168.2.164] ([63.251.255.85]) by keys.merrymeet.com (PGP Universal service); Tue, 18 Apr 2006 12:16:22 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Tue, 18 Apr 2006 12:16:22 -0700 In-Reply-To: <434CED6F.7070709@systemics.com> References: <20051012070713.38B2957EFB@finney.org> <434CED6F.7070709@systemics.com> Mime-Version: 1.0 (Apple Message framework v749.3) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <4705FF74-43E1-4893-994A-C317CD1FF465@callas.org> Cc: Hal Finney , ietf-openpgp@imc.org Content-Transfer-Encoding: 7bit From: Jon Callas Subject: Re: Multiple signatures in clearsigned messages (was Re: Cleartext Signatures) Date: Tue, 18 Apr 2006 12:16:29 -0700 To: Ian G X-Mailer: Apple Mail (2.749.3) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: X-Spam-Score: 0.0 (/) X-Scan-Signature: 9182cfff02fae4f1b6e9349e01d62f32 On 12 Oct 2005, at 4:03 AM, Ian G wrote: > I would prefer the disclaimer to vaguery to be > at the beginning because that's how lawyers like > it. So, Something like this: > > 5.2.1. Signature Types > > There are a number of possible meanings for a signature, which > may be indicated in a signature type octet in any given signature. > Please note that the vagueness of these meanings is > not a flaw, but a feature of the system. Because OpenPGP places > final authority for validity upon the receiver of a > signature, it may be that one signer's casual > act might be more rigorous than some other authority's > positive act. > > These meanings are: > That's in -16 now. Jon From owner-ietf-openpgp@mail.imc.org Tue Apr 18 15:44:57 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FVw89-0003sV-Gn for openpgp-archive@lists.ietf.org; Tue, 18 Apr 2006 15:44:57 -0400 Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FVw89-0002kJ-5m for openpgp-archive@lists.ietf.org; Tue, 18 Apr 2006 15:44:57 -0400 Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3IJIOBg020470; Tue, 18 Apr 2006 12:18:24 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3IJIOP4020469; Tue, 18 Apr 2006 12:18:24 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3IJINdZ020463 for ; Tue, 18 Apr 2006 12:18:23 -0700 (MST) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.7) for ; Tue, 18 Apr 2006 12:18:23 -0700 Received: from [192.168.2.164] ([63.251.255.85]) by keys.merrymeet.com (PGP Universal service); Tue, 18 Apr 2006 12:18:23 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Tue, 18 Apr 2006 12:18:23 -0700 Mime-Version: 1.0 (Apple Message framework v749.3) In-Reply-To: <20051012160434.GA3562@jabberwocky.com> References: <20051012160434.GA3562@jabberwocky.com> Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <34A08881-FDAB-4B55-B525-906FEC939354@callas.org> Content-Transfer-Encoding: 7bit From: Jon Callas Subject: Re: Human-readable notation language Date: Tue, 18 Apr 2006 12:18:30 -0700 To: OpenPGP X-Mailer: Apple Mail (2.749.3) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: X-Spam-Score: 0.0 (/) X-Scan-Signature: de4f315c9369b71d7dd5909b42224370 On 12 Oct 2005, at 9:04 AM, David Shaw wrote: > To my reading, this says more or less, "this is a note from one person > to another except when it isn't". Especially given such notations as > preferred-email-encoding@pgp.com which are always human-readable, I > suggest this: > > First octet: 0x80 = human-readable. This note value is text. > > It's just simpler. > Just to be clear, this change is in. Jon From owner-ietf-openpgp@mail.imc.org Tue Apr 18 15:53:43 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FVwGd-0006TO-Pq for openpgp-archive@lists.ietf.org; Tue, 18 Apr 2006 15:53:43 -0400 Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FVwGc-0002vB-DV for openpgp-archive@lists.ietf.org; Tue, 18 Apr 2006 15:53:43 -0400 Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3IJWYsh021643; Tue, 18 Apr 2006 12:32:34 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3IJWYWK021642; Tue, 18 Apr 2006 12:32:34 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3IJWXEH021636 for ; Tue, 18 Apr 2006 12:32:33 -0700 (MST) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.7); Tue, 18 Apr 2006 12:32:33 -0700 Received: from [192.168.2.164] ([63.251.255.85]) by keys.merrymeet.com (PGP Universal service); Tue, 18 Apr 2006 12:32:33 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Tue, 18 Apr 2006 12:32:33 -0700 In-Reply-To: <20051205195016.GA24566@jabberwocky.com> References: <20051205195016.GA24566@jabberwocky.com> Mime-Version: 1.0 (Apple Message framework v749.3) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <77D11CDB-E3D7-451F-BC00-9BC1C044D23A@callas.org> Cc: ietf-openpgp@imc.org Content-Transfer-Encoding: 7bit From: Jon Callas Subject: Re: Other -15 comments Date: Tue, 18 Apr 2006 12:32:42 -0700 To: David Shaw X-Mailer: Apple Mail (2.749.3) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: X-Spam-Score: 0.0 (/) X-Scan-Signature: 7aafa0432175920a4b3e118e16c5cb64 On 5 Dec 2005, at 11:50 AM, David Shaw wrote: > > 5.5.2. Public Key Packet Formats says "Third, there are minor > weaknesses in the MD5 hash algorithm that make developers prefer other > algorithms." Suggest dropping the word "minor". > Done. > ***** > > Section 5.5.2. Public Key Packet Formats says: > > V3 keys are deprecated; an implementation SHOULD NOT generate a V3 > key, but MAY accept it. > > but section 11.1. Key Structures says: > > V3 keys are deprecated. Implementations MUST NOT generate new V3 > keys, but MAY continue to use existing ones. > > These can't both be correct. I lean towards MUST NOT here, > personally. > It says MUST NOT in both places. I did some more tidying in the same place. (There's no point in saying you MUST create a V3 key with RSA, if you MUST NOT create one, for example.) > ***** > > The first two paragraphs in section 6.4. Decoding Radix-64 contradict > each other. The first says that all non-radix-64 characters must be > ignored. The second says that non-radix-64 characters probably > indicate a transmission error, "about which a warning message or even > a message rejection might be appropriate under some circumstances". > > Suggest going with the second. > Done. There's one paragraph now: In Radix-64 data, characters other than those in the table, line breaks, and other white space probably indicate a transmission error, about which a warning message or even a message rejection might be appropriate under some circumstances. Decoding software must ignore all white space. Jon From owner-ietf-openpgp@mail.imc.org Tue Apr 18 16:02:50 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FVwPS-0000Z8-30 for openpgp-archive@lists.ietf.org; Tue, 18 Apr 2006 16:02:50 -0400 Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FVwPR-0003HX-Lb for openpgp-archive@lists.ietf.org; Tue, 18 Apr 2006 16:02:50 -0400 Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3IJdt5c022012; Tue, 18 Apr 2006 12:39:55 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3IJdt9M022011; Tue, 18 Apr 2006 12:39:55 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3IJds2a021997 for ; Tue, 18 Apr 2006 12:39:54 -0700 (MST) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.7) for ; Tue, 18 Apr 2006 12:39:51 -0700 Received: from [192.168.2.164] ([63.251.255.85]) by keys.merrymeet.com (PGP Universal service); Tue, 18 Apr 2006 12:39:51 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Tue, 18 Apr 2006 12:39:51 -0700 Mime-Version: 1.0 (Apple Message framework v749.3) In-Reply-To: <20051214135609.GA22783@jabberwocky.com> References: <20051214135609.GA22783@jabberwocky.com> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <59A2A036-CFF5-4C28-9B84-9345BD5EBC0F@callas.org> Content-Transfer-Encoding: 7bit From: Jon Callas Subject: Re: Secret key transport Date: Tue, 18 Apr 2006 12:40:00 -0700 To: OpenPGP X-Mailer: Apple Mail (2.749.3) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: X-Spam-Score: 0.0 (/) X-Scan-Signature: a7d6aff76b15f3f56fcb94490e1052e4 On 14 Dec 2005, at 5:56 AM, David Shaw wrote: > > Well into comically late in the game here, but a question recently > came up about the secret key transport format. Namely, is there one? > 2440bis has a public key transport format (the whole of section 10.1), > and the format of secret key and secret subkey packets is defined, but > there doesn't seem to be an analogue to section 10.1 for secret keys. > > For example, I've seen secret keys in this format: > > - Secret key packet > - User ID packet > - Selfsig on user ID > - Secret subkey packet > - Selfsig on subkey > > I've also seen secret keys in this format: > > - Secret key packet > - User ID packet > - Secret subkey packet > > (i.e. missing the selfsigs). > > The first example strikes me as preferable as there is a mild benefit > to having the secret key format parallel the public key format in that > an implementation can extract the public key from the secret key > automatically. The second example requires a public key to be sent in > addition to the secret key to get the selfsigs (while the selfsig on > the user ID is optional, the one on the subkey isn't). > > Either way, though, 2440bis seems silent on this subject. Is this > something that needs a line or two of text? Since no one has said anything in months, I'm declaring that the answer is, "no, this is not something that needs a line or two of text." Jon From owner-ietf-openpgp@mail.imc.org Tue Apr 18 16:05:36 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FVwS8-0001Du-Pm for openpgp-archive@lists.ietf.org; Tue, 18 Apr 2006 16:05:36 -0400 Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FVwS8-0003Ux-Dx for openpgp-archive@lists.ietf.org; Tue, 18 Apr 2006 16:05:36 -0400 Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3IJiU1m022368; Tue, 18 Apr 2006 12:44:30 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3IJiUxf022367; Tue, 18 Apr 2006 12:44:30 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3IJiTT4022356 for ; Tue, 18 Apr 2006 12:44:29 -0700 (MST) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.7); Tue, 18 Apr 2006 12:44:29 -0700 Received: from [192.168.2.164] ([63.251.255.85]) by keys.merrymeet.com (PGP Universal service); Tue, 18 Apr 2006 12:44:29 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Tue, 18 Apr 2006 12:44:29 -0700 In-Reply-To: <20060110222044.GA3165@jabberwocky.com> References: <20060110222044.GA3165@jabberwocky.com> Mime-Version: 1.0 (Apple Message framework v749.3) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <0E9FEED1-3766-4161-B5AB-D8DC3182C001@callas.org> Cc: ietf-openpgp@imc.org Content-Transfer-Encoding: 7bit From: Jon Callas Subject: Re: Armor text change Date: Tue, 18 Apr 2006 12:44:37 -0700 To: David Shaw X-Mailer: Apple Mail (2.749.3) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: X-Spam-Score: 0.0 (/) X-Scan-Signature: 4d87d2aa806f79fed918a62e834505ca On 10 Jan 2006, at 2:20 PM, David Shaw wrote: > > Here's two suggested language changes that flow from the recent > discussion of armor: > > ******* > > Section 6.2. Forming ASCII Armor has a sentence that reads: > > The header lines, therefore, MUST start at the beginning of a > line, and > MUST NOT have text following them on the same line. > > Suggest to change it to: > > The header lines, therefore, MUST start at the beginning of a > line, and > MUST NOT have text other than whitespace following them on the > same line. > > (i.e. add "other than whitespace") > > Ben Laurie pointed out the rationale that since the point of ignoring > trailing whitespace in armored and clearsigned messages was to work > around transport systems like mail that may add whitespace, then it is > necessary to ignore whitespace on the header lines as well. > Done. > ******* > > This other change I do not feel particularly strongly about. It may > overspecify something that doesn't need it. In section 6.2. Forming > ASCII Armor, add something to the effect of: > > Note that some transport methods are sensitive to line length. > While there is a limit of 76 characters for the Radix-64 data > (section 6.3), there is no limit to the length of Armor Headers. > Care should be taken that the Armor Headers are short enough to > survive transport. One way to do this is to repeat an Armor Header > key multiple times with different values for each so that no one > line is overly long. > Done. Jon From owner-ietf-openpgp@mail.imc.org Tue Apr 18 16:15:19 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FVwbX-0003Ts-Rv for openpgp-archive@lists.ietf.org; Tue, 18 Apr 2006 16:15:19 -0400 Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FVwbW-0003xT-GY for openpgp-archive@lists.ietf.org; Tue, 18 Apr 2006 16:15:19 -0400 Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3IJu9NU022935; Tue, 18 Apr 2006 12:56:09 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3IJu9sN022934; Tue, 18 Apr 2006 12:56:09 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3IJu9mD022928 for ; Tue, 18 Apr 2006 12:56:09 -0700 (MST) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.7) for ; Tue, 18 Apr 2006 12:56:08 -0700 Received: from [192.168.2.164] ([63.251.255.85]) by keys.merrymeet.com (PGP Universal service); Tue, 18 Apr 2006 12:56:08 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Tue, 18 Apr 2006 12:56:08 -0700 Mime-Version: 1.0 (Apple Message framework v749.3) In-Reply-To: <43F89315.3000800@algroup.co.uk> References: <20060215201341.0D48557FAE@finney.org> <43F89315.3000800@algroup.co.uk> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <3D476548-0F6E-4A28-B667-45B36FC07DD0@callas.org> Content-Transfer-Encoding: 7bit From: Jon Callas Subject: Re: V3 secret keys Date: Tue, 18 Apr 2006 12:56:16 -0700 To: OpenPGP X-Mailer: Apple Mail (2.749.3) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: X-Spam-Score: 0.0 (/) X-Scan-Signature: 7aefe408d50e9c7c47615841cb314bed In talking to Ben, a number of places where it said "resync" now says "resynchronization" to make it easier to find the text. That seems to resolve this whole issue. Jon From owner-ietf-openpgp@mail.imc.org Tue Apr 18 17:26:49 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FVxij-0003PB-EZ for openpgp-archive@lists.ietf.org; Tue, 18 Apr 2006 17:26:49 -0400 Received: from stsc1260-eth-s1-s1p1-vip.va.neustar.com ([156.154.16.129] helo=chiedprmail1.ietf.org) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FVwXI-0003bD-JZ for openpgp-archive@lists.ietf.org; Tue, 18 Apr 2006 16:10:56 -0400 Received: from balder-227.proper.com ([192.245.12.227]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1FVwFo-0004ol-WA for openpgp-archive@lists.ietf.org; Tue, 18 Apr 2006 15:52:54 -0400 Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3IJ9aZQ018931; Tue, 18 Apr 2006 12:09:36 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3IJ9aE6018930; Tue, 18 Apr 2006 12:09:36 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3IJ9Zbm018924 for ; Tue, 18 Apr 2006 12:09:36 -0700 (MST) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.7) for ; Tue, 18 Apr 2006 12:09:35 -0700 Received: from [192.168.2.164] ([63.251.255.85]) by keys.merrymeet.com (PGP Universal service); Tue, 18 Apr 2006 12:09:35 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Tue, 18 Apr 2006 12:09:35 -0700 Mime-Version: 1.0 (Apple Message framework v749.3) In-Reply-To: <87psqa6ds2.fsf@wheatstone.g10code.de> References: <20051011222500.0352B57EF9@finney.org> <20051012025034.GA5034@jabberwocky.com> <87psqa6ds2.fsf@wheatstone.g10code.de> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: Jon Callas Subject: Re: Signature calculation language Date: Tue, 18 Apr 2006 12:09:42 -0700 To: OpenPGP X-Mailer: Apple Mail (2.749.3) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: X-Spam-Score: -2.6 (--) X-Scan-Signature: 93238566e09e6e262849b4f805833007 On 12 Oct 2005, at 6:55 AM, Werner Koch wrote: > > On Tue, 11 Oct 2005 22:50:34 -0400, David Shaw said: > >> I support making 0x19 backsigs a MUST. > > I concur with David. I am actually a heavy user of signing subkeys > because they allow to keep the primary key offline. > I also added an implementation nit: The 0x19 back signatures were not required for signing subkeys until relatively recently. Consquently, there may be keys in the wild that do not have these back signatures. Implementing software may handle these keys as it sees fit. Jon From owner-ietf-openpgp@mail.imc.org Tue Apr 18 18:00:15 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FVyF5-0002az-E5 for openpgp-archive@lists.ietf.org; Tue, 18 Apr 2006 18:00:15 -0400 Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FVyF3-0000Uc-TX for openpgp-archive@lists.ietf.org; Tue, 18 Apr 2006 18:00:15 -0400 Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3ILbWJm027056; Tue, 18 Apr 2006 14:37:32 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3ILbW4D027055; Tue, 18 Apr 2006 14:37:32 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3ILbV3V027049 for ; Tue, 18 Apr 2006 14:37:31 -0700 (MST) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.7) for ; Tue, 18 Apr 2006 14:37:31 -0700 Received: from [192.168.2.164] ([63.251.255.85]) by keys.merrymeet.com (PGP Universal service); Tue, 18 Apr 2006 14:37:31 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Tue, 18 Apr 2006 14:37:31 -0700 Mime-Version: 1.0 (Apple Message framework v749.3) In-Reply-To: <20060314155839.GA1029@jabberwocky.com> References: <20060314155839.GA1029@jabberwocky.com> Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: Jon Callas Subject: Re: NIST publishes new DSA draft Date: Tue, 18 Apr 2006 14:37:39 -0700 To: OpenPGP X-Mailer: Apple Mail (2.749.3) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: X-Spam-Score: 0.0 (/) X-Scan-Signature: 79899194edc4f33a41f49410777972f8 On 14 Mar 2006, at 7:58 AM, David Shaw wrote: > > In the OpenPGP context, probably the most interesting bit is that the > 160-bit hash limit has been removed. The sizes supported are: > > * 1024-bit key, 160-bit hash (the current DSA) > * 2048-bit key, 224-bit hash (presumably aimed at SHA-224) > * 2048-bit key, 256-bit hash (presumably aimed at SHA-256) > * 3072-bit key, 256-bit hash (presumably aimed at SHA-256) > I've added in SHA-224. Just don't ask me to sign with it. :-) Jon From owner-ietf-openpgp@mail.imc.org Tue Apr 18 18:00:17 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FVyF7-0002bE-UO for openpgp-archive@lists.ietf.org; Tue, 18 Apr 2006 18:00:17 -0400 Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FVyF6-0000Ui-Ir for openpgp-archive@lists.ietf.org; Tue, 18 Apr 2006 18:00:17 -0400 Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3ILg6Wn027273; Tue, 18 Apr 2006 14:42:06 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3ILg6Pr027272; Tue, 18 Apr 2006 14:42:06 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.epointsystem.org (120.156-228-195.hosting.adatpark.hu [195.228.156.120]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3ILg3hA027257 for ; Tue, 18 Apr 2006 14:42:06 -0700 (MST) (envelope-from nagydani@epointsystem.org) Received: by mail.epointsystem.org (Postfix, from userid 1001) id AC2D12CF3; Tue, 18 Apr 2006 23:41:55 +0200 (CEST) Date: Tue, 18 Apr 2006 23:41:55 +0200 To: Jon Callas Cc: OpenPGP Subject: Re: Secret key transport Message-ID: <20060418214155.GA5012@epointsystem.org> References: <20051214135609.GA22783@jabberwocky.com> <59A2A036-CFF5-4C28-9B84-9345BD5EBC0F@callas.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <59A2A036-CFF5-4C28-9B84-9345BD5EBC0F@callas.org> User-Agent: Mutt/1.5.9i From: nagydani@epointsystem.org (Daniel A. Nagy) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: X-Spam-Score: 0.1 (/) X-Scan-Signature: b19722fc8d3865b147c75ae2495625f2 On Tue, Apr 18, 2006 at 12:40:00PM -0700, Jon Callas wrote: > On 14 Dec 2005, at 5:56 AM, David Shaw wrote about secret keys > [snipped] > Since no one has said anything in months, I'm declaring that the > answer is, "no, this is not something that needs a line or two of text." I think, this problem merits a little bit of discussion, as there are some interoperability issues at stake. Firstly, I think that 5.5.1.3. should make it clear that secret key packets are standardized for the purposes of exporting and importing secret key material. As far as interoperability is concerned, fully OpenPGP-compliant implementations may store private keys any way they like. As for importing and exporting, a major player (namely WK's GnuPG) rejects private key blocks that do not contain binding self-signatures for UIDs and subkeys. Moreover, the required binding signatures bind the material in question to the corresponding PUBLIC key, not the private one. I am not sure why they chose to do it this way, but I am strongly opposed to mandating this behavior in the standard, as it would make some other existing implementations non-compliant. The semantics of a secret key packet is the following: "Here's a public key and its (possibly encrypted) private counterpart." That's it. I agree with Jon that there is no point in defining secret key blocks in the standard. Let implementations handle secret key packets as they see fit (including not handling them at all -- after all, being able to import and export private keys is an option, not a requirement). -- Daniel From owner-ietf-openpgp@mail.imc.org Tue Apr 18 19:05:14 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FVzFy-0000MP-0B for openpgp-archive@lists.ietf.org; Tue, 18 Apr 2006 19:05:14 -0400 Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FVzFx-0004LP-2U for openpgp-archive@lists.ietf.org; Tue, 18 Apr 2006 19:05:13 -0400 Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3IMWAeM029401; Tue, 18 Apr 2006 15:32:10 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3IMWA8v029400; Tue, 18 Apr 2006 15:32:10 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3IMW9qt029393 for ; Tue, 18 Apr 2006 15:32:09 -0700 (MST) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.7); Tue, 18 Apr 2006 15:32:07 -0700 Received: from [192.168.2.164] ([63.251.255.85]) by keys.merrymeet.com (PGP Universal service); Tue, 18 Apr 2006 15:32:07 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Tue, 18 Apr 2006 15:32:07 -0700 In-Reply-To: <20060329163756.GB1001@jabberwocky.com> References: <20060329163756.GB1001@jabberwocky.com> Mime-Version: 1.0 (Apple Message framework v749.3) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: Cc: ietf-openpgp@imc.org Content-Transfer-Encoding: 7bit From: Jon Callas Subject: Re: Suggested changes for DSA2, take 4 Date: Tue, 18 Apr 2006 15:32:16 -0700 To: David Shaw X-Mailer: Apple Mail (2.749.3) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: X-Spam-Score: 0.0 (/) X-Scan-Signature: 3971661e40967acfc35f708dd5f33760 On 29 Mar 2006, at 8:37 AM, David Shaw wrote: > > Here is round four. Only little fiddle changes at this point. > > ================================== > > Section 5.2.2 (Version 3 Signature Packet Format) says: > > DSA signatures MUST use hashes with a size of 160 bits, to > match q, > the size of the group generated by the DSA key's generator value. > The hash function result is treated as a 160 bit number and used > directly in the DSA signature algorithm. > > change to: > > DSA signatures MUST use hashes that are equal in size to the > number of bits of q, the group generated by the DSA key's > generator value. If the output size of the chosen hash is larger > than the number of bits of q, the hash result is truncated to fit > by taking the number of leftmost bits equal to the number of bits > of q. This (possibly truncated) hash function result is treated > as a number and used directly in the DSA signature algorithm. > Done. > No change. > > ================================== > > Section 12.5. (DSA) says: > > An implementation SHOULD NOT implement DSA keys of size less than > 1024 bits. Note that present DSA is limited to a maximum of > 1024 bit > keys, which are recommended for long-term use. Also, DSA keys MUST > be an even multiple of 64 bits long. > > change to: > > An implementation SHOULD NOT implement DSA keys of size less than > 1024 bits or with a q size of less than 160 bits. DSA keys MUST > also be a multiple of 64 bits, and the q size MUST be a multiple > of 8 bits. The Digital Signature Standard (DSS) [FIPS186] > specifies that DSA be used in one of the following ways: > > * 1024-bit key, 160-bit q, SHA-1, SHA-224, SHA-256, SHA-384 or > SHA-512 hash > * 2048-bit key, 224-bit q, SHA-224, SHA-256, SHA-384 or SHA-512 > hash > * 2048-bit key, 256-bit q, SHA-256, SHA-384 or SHA-512 hash > * 3072-bit key, 256-bit q, SHA-256, SHA-384 or SHA-512 hash > > The above key and q size pairs were chosen to best balance > the strength of the key with the strength of the hash. > Implementations SHOULD use one of the above key and q size pairs > when generating DSA keys. If DSS compliance is desired, one > of the specified SHA hashes must be used as well. [FIPS186] > is the ultimate authority on DSS, and should be consulted for all > questions of DSS compliance. > > Note that earlier versions of this standard only allowed a > 160-bit q with no truncation allowed, so earlier implementations > may not be able to handle signatures with a different q size or a > truncated hash. > > Added a MUST that the q size is a multiple of 8. I don't think any of > us want to deal with hashes that don't end on a byte boundary. > Done, but I said that you MUST not use a q less than 160 bits. > ================================== > > Section 13. (Security Considerations) says: > > * The DSA algorithm will work with any 160-bit hash, but it is > sensitive to the quality of the hash algorithm, if the hash > algorithm is broken, it can leak the secret key. The Digital > Signature Standard (DSS) specifies that DSA be used with SHA-1. > RIPEMD-160 is considered by many cryptographers to be as > strong. > An implementation should take care which hash algorithms are > used with DSA, as a weak hash can not only allow a signature to > be forged, but could leak the secret key. > > change to: > > * The DSA algorithm will work with any hash, but is sensitive to > the quality of the hash algorithm. Verifiers should be aware > that even if the signer used a strong hash, an attacker could > have modified the signature to use a weak one. Only signatures > using acceptably strong hash algorithms should be accepted as > valid. > > Also add: > > * As OpenPGP combines many different asymmetric, symmetric, and > hash algorithms, each with different measures of strength, care > should be taken that the weakest element of an OpenPGP message > is still sufficiently strong for the purpose at hand. While > consensus about the the strength of a given algorithm may > evolve, at publication time, NIST Special Publication 800-57 > [SP800-57] recommended the following list of equivalent > strengths: > > Asymmetric | Hash | Symmetric > key size | size | key size > ------------+--------+----------- > 1024 160 80 > 2048 224 112 > 3072 256 128 > 7680 384 192 > 15360 512 256 > > Added the key size reminder. > Done with various small edits. I had to fight with the formatting program. Here's what I did: * As OpenPGP combines many different asymmetric, symmetric, and hash algorithms, each with different measures of strength, care should be taken that the weakest element of an OpenPGP message is still sufficiently strong for the purpose at hand. While consensus about the the strength of a given algorithm may evolve, NIST Special Publication 800-57 [SP800-57] recommends the following list of equivalent strengths: Asymmetric | Hash | Symmetric key size | size | key size ------------+--------+----------- 1024 160 80 2048 224 112 3072 256 128 7680 384 192 15360 512 256 > ================================== > > David > Added in reference to SP800-57. Jon From owner-ietf-openpgp@mail.imc.org Tue Apr 18 19:24:17 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FVzYP-00063x-Cs for openpgp-archive@lists.ietf.org; Tue, 18 Apr 2006 19:24:17 -0400 Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FVzYP-0005dU-0K for openpgp-archive@lists.ietf.org; Tue, 18 Apr 2006 19:24:17 -0400 Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3IMump0030995; Tue, 18 Apr 2006 15:56:48 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3IMumNI030994; Tue, 18 Apr 2006 15:56:48 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from foobar.cs.jhu.edu (foobar.cs.jhu.edu [128.220.13.173]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3IMul2R030987 for ; Tue, 18 Apr 2006 15:56:48 -0700 (MST) (envelope-from dshaw@jabberwocky.com) Received: from walrus.hsd1.ma.comcast.net (walrus.hsd1.ma.comcast.net [24.60.132.70]) by foobar.cs.jhu.edu (8.11.6/8.11.6) with ESMTP id k3IMuhk08130 for ; Tue, 18 Apr 2006 18:56:44 -0400 Received: from grover.jabberwocky.com (grover.jabberwocky.com [172.24.84.28]) by walrus.hsd1.ma.comcast.net (8.13.6/8.13.5) with ESMTP id k3IMw8cD021872 for ; Tue, 18 Apr 2006 18:58:08 -0400 Received: from grover.jabberwocky.com (grover.jabberwocky.com [127.0.0.1]) by grover.jabberwocky.com (8.13.1/8.13.1) with ESMTP id k3IMubdS011907 for ; Tue, 18 Apr 2006 18:56:37 -0400 Received: (from dshaw@localhost) by grover.jabberwocky.com (8.13.1/8.13.1/Submit) id k3IMub4V011906 for ietf-openpgp@imc.org; Tue, 18 Apr 2006 18:56:37 -0400 Date: Tue, 18 Apr 2006 18:56:37 -0400 From: David Shaw To: OpenPGP Subject: Re: Secret key transport Message-ID: <20060418225637.GA11827@jabberwocky.com> Mail-Followup-To: OpenPGP References: <20051214135609.GA22783@jabberwocky.com> <59A2A036-CFF5-4C28-9B84-9345BD5EBC0F@callas.org> <20060418214155.GA5012@epointsystem.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20060418214155.GA5012@epointsystem.org> OpenPGP: id=99242560; url=http://www.jabberwocky.com/david/keys.asc User-Agent: Mutt/1.5.11 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: X-Spam-Score: 0.0 (/) X-Scan-Signature: 0a7aa2e6e558383d84476dc338324fab On Tue, Apr 18, 2006 at 11:41:55PM +0200, Daniel A. Nagy wrote: > > On Tue, Apr 18, 2006 at 12:40:00PM -0700, Jon Callas wrote: > > On 14 Dec 2005, at 5:56 AM, David Shaw wrote about secret keys > > [snipped] > > Since no one has said anything in months, I'm declaring that the > > answer is, "no, this is not something that needs a line or two of text." > > I think, this problem merits a little bit of discussion, as there are some > interoperability issues at stake. > > Firstly, I think that 5.5.1.3. should make it clear that secret key packets > are standardized for the purposes of exporting and importing secret key > material. As far as interoperability is concerned, fully OpenPGP-compliant > implementations may store private keys any way they like. I don't think anyone was arguing otherwise. My original mail was simply noting that there is not a single word in the standard of how to export a secret key. Export, not store. > As for importing and exporting, a major player (namely WK's GnuPG) rejects > private key blocks that do not contain binding self-signatures for UIDs and > subkeys. I think there is some misunderstanding here about what happens on secret key import in GnuPG. GnuPG, like PGP, tries to automatically convert a secret key to a public key on import if the public key doesn't already exist in the keyring. They can do this because secret key packets are essentially a public key packet with the secret data stuck on the end. This isn't mandated (or even mentioned) by the standard, of course, but is a convenience. The difference is that GnuPG prints a warning when it could not do this automatic conversion because of missing self-signatures. PGP is (probably more appropriately) quiet. I think you are interpreting that warning message as a rejection. > Moreover, the required binding signatures bind the material in > question to the corresponding PUBLIC key, not the private one. I am not sure > why they chose to do it this way, but I am strongly opposed to mandating > this behavior in the standard, as it would make some other existing > implementations non-compliant. All binding signatures bind to the public key. There is no such thing as a secret key binding signature. Here's a minimal-change proposal: Rename section 10.1 from "Transferable Public Keys" to "Transferable Keys", and add to the end of the section: Secret keys may be transferred in the same manner and format as public keys by replacing any public key packets with the corresponding secret key packets and and public subkey packets with the corresponding secret subkey packets. David From owner-ietf-openpgp@mail.imc.org Tue Apr 18 19:28:31 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FVzcV-0006vG-FZ for openpgp-archive@lists.ietf.org; Tue, 18 Apr 2006 19:28:31 -0400 Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FVzcU-0005yQ-4b for openpgp-archive@lists.ietf.org; Tue, 18 Apr 2006 19:28:31 -0400 Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3INCrr1032084; Tue, 18 Apr 2006 16:12:53 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3INCr1f032083; Tue, 18 Apr 2006 16:12:53 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3INCqrb032077 for ; Tue, 18 Apr 2006 16:12:53 -0700 (MST) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.7) for ; Tue, 18 Apr 2006 16:12:52 -0700 Received: from [192.168.2.164] ([63.251.255.85]) by keys.merrymeet.com (PGP Universal service); Tue, 18 Apr 2006 16:12:52 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Tue, 18 Apr 2006 16:12:52 -0700 Mime-Version: 1.0 (Apple Message framework v749.3) In-Reply-To: <20060418225637.GA11827@jabberwocky.com> References: <20051214135609.GA22783@jabberwocky.com> <59A2A036-CFF5-4C28-9B84-9345BD5EBC0F@callas.org> <20060418214155.GA5012@epointsystem.org> <20060418225637.GA11827@jabberwocky.com> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <4D2B647D-0DB2-4EA9-AACB-C243CC45A802@callas.org> Content-Transfer-Encoding: 7bit From: Jon Callas Subject: Re: Secret key transport Date: Tue, 18 Apr 2006 16:12:59 -0700 To: OpenPGP X-Mailer: Apple Mail (2.749.3) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: X-Spam-Score: 0.0 (/) X-Scan-Signature: 8ac499381112328dd60aea5b1ff596ea I found some suggested text that David gave me last year since sending that. I added it in. Jon From owner-ietf-openpgp@mail.imc.org Tue Apr 18 19:41:24 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FVzoy-0001zF-4e for openpgp-archive@lists.ietf.org; Tue, 18 Apr 2006 19:41:24 -0400 Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FVzow-0006XR-Pv for openpgp-archive@lists.ietf.org; Tue, 18 Apr 2006 19:41:24 -0400 Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3INKlsN032324; Tue, 18 Apr 2006 16:20:47 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3INKlU7032323; Tue, 18 Apr 2006 16:20:47 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3INKkY1032317 for ; Tue, 18 Apr 2006 16:20:46 -0700 (MST) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.7) for ; Tue, 18 Apr 2006 16:20:46 -0700 Received: from [192.168.2.164] ([63.251.255.85]) by keys.merrymeet.com (PGP Universal service); Tue, 18 Apr 2006 16:20:46 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Tue, 18 Apr 2006 16:20:46 -0700 Mime-Version: 1.0 (Apple Message framework v749.3) Content-Transfer-Encoding: 7bit Message-Id: Content-Type: text/plain; charset=US-ASCII; format=flowed To: OpenPGP From: Jon Callas Subject: bis16 out Date: Tue, 18 Apr 2006 16:20:55 -0700 X-Mailer: Apple Mail (2.749.3) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: X-Spam-Score: 0.0 (/) X-Scan-Signature: 6d62ab47271805379d7172ee693a45db I just sent off bis16. Jon From owner-ietf-openpgp@mail.imc.org Wed Apr 19 07:30:48 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FWAtU-0004z9-1k for openpgp-archive@lists.ietf.org; Wed, 19 Apr 2006 07:30:48 -0400 Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FWAtS-0005qz-N8 for openpgp-archive@lists.ietf.org; Wed, 19 Apr 2006 07:30:48 -0400 Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3JAZMgT064316; Wed, 19 Apr 2006 03:35:22 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3JAZMkc064315; Wed, 19 Apr 2006 03:35:22 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.epointsystem.org (120.156-228-195.hosting.adatpark.hu [195.228.156.120]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3JAZLfQ064308 for ; Wed, 19 Apr 2006 03:35:21 -0700 (MST) (envelope-from nagydani@epointsystem.org) Received: by mail.epointsystem.org (Postfix, from userid 1001) id A34642D10; Wed, 19 Apr 2006 12:35:20 +0200 (CEST) Date: Wed, 19 Apr 2006 12:35:20 +0200 To: OpenPGP Subject: Re: Secret key transport Message-ID: <20060419103520.GA22578@epointsystem.org> References: <20051214135609.GA22783@jabberwocky.com> <59A2A036-CFF5-4C28-9B84-9345BD5EBC0F@callas.org> <20060418214155.GA5012@epointsystem.org> <20060418225637.GA11827@jabberwocky.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20060418225637.GA11827@jabberwocky.com> User-Agent: Mutt/1.5.9i From: nagydani@epointsystem.org (Daniel A. Nagy) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: X-Spam-Score: 0.1 (/) X-Scan-Signature: ea4ac80f790299f943f0a53be7e1a21a On Tue, Apr 18, 2006 at 06:56:37PM -0400, David Shaw wrote: > The difference is that GnuPG prints a warning when it could not do > this automatic conversion because of missing self-signatures. PGP is > (probably more appropriately) quiet. I think you are interpreting > that warning message as a rejection. Maybe. I will double-check. > All binding signatures bind to the public key. There is no such thing > as a secret key binding signature. I know. > Here's a minimal-change proposal: > > Rename section 10.1 from "Transferable Public Keys" to "Transferable > Keys", and add to the end of the section: > > Secret keys may be transferred in the same manner and format as > public keys by replacing any public key packets with the > corresponding secret key packets and and public subkey packets with > the corresponding secret subkey packets. I support this proposal. -- Daniel From owner-ietf-openpgp@mail.imc.org Wed Apr 19 08:31:41 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FWBqP-0001Kj-3H for openpgp-archive@lists.ietf.org; Wed, 19 Apr 2006 08:31:41 -0400 Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FWBqN-0000MF-MY for openpgp-archive@lists.ietf.org; Wed, 19 Apr 2006 08:31:41 -0400 Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3JCCB70069212; Wed, 19 Apr 2006 05:12:11 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3JCCBYb069211; Wed, 19 Apr 2006 05:12:11 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mailgate.enhyper.net ([80.168.109.121]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3JCC9PT069205 for ; Wed, 19 Apr 2006 05:12:10 -0700 (MST) (envelope-from iang@systemics.com) Received: from [IPv6:::1] (localhost [127.0.0.1]) by mailgate.enhyper.net (Postfix) with ESMTP id 599715D78C; Wed, 19 Apr 2006 13:12:07 +0100 (BST) Message-ID: <44462894.50003@systemics.com> Date: Wed, 19 Apr 2006 14:09:56 +0200 From: Ian G Organization: http://financialcryptography.com/ User-Agent: Mozilla Thunderbird 1.0.6 (X11/20051013) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Jon Callas Cc: OpenPGP Subject: Re: bis16 out References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: X-Spam-Score: 0.0 (/) X-Scan-Signature: 68c8cc8a64a9d0402e43b8eee9fc4199 Jon Callas wrote: > > I just sent off bis16. Excellent! What is the status of "last call" ? Back in? Restarting? iang From owner-ietf-openpgp@mail.imc.org Wed Apr 19 14:56:04 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FWHqO-0004tR-GI for openpgp-archive@lists.ietf.org; Wed, 19 Apr 2006 14:56:04 -0400 Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FWHqK-00018c-W4 for openpgp-archive@lists.ietf.org; Wed, 19 Apr 2006 14:56:04 -0400 Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3JIaKfm087482; Wed, 19 Apr 2006 11:36:21 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3JIaKZe087481; Wed, 19 Apr 2006 11:36:20 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3JIaK1r087475 for ; Wed, 19 Apr 2006 11:36:20 -0700 (MST) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.7) for ; Wed, 19 Apr 2006 11:36:19 -0700 Received: from [63.73.97.189] ([63.73.97.189]) by keys.merrymeet.com (PGP Universal service); Wed, 19 Apr 2006 11:36:19 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Wed, 19 Apr 2006 11:36:19 -0700 Mime-Version: 1.0 (Apple Message framework v749.3) In-Reply-To: <20060419103520.GA22578@epointsystem.org> References: <20051214135609.GA22783@jabberwocky.com> <59A2A036-CFF5-4C28-9B84-9345BD5EBC0F@callas.org> <20060418214155.GA5012@epointsystem.org> <20060418225637.GA11827@jabberwocky.com> <20060419103520.GA22578@epointsystem.org> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <548A53BE-5147-42DA-8F2D-C3340481471A@callas.org> Content-Transfer-Encoding: 7bit From: Jon Callas Subject: Re: Secret key transport Date: Wed, 19 Apr 2006 11:36:30 -0700 To: OpenPGP X-Mailer: Apple Mail (2.749.3) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: X-Spam-Score: 0.0 (/) X-Scan-Signature: d6b246023072368de71562c0ab503126 On 19 Apr 2006, at 3:35 AM, Daniel A. Nagy wrote: >> Rename section 10.1 from "Transferable Public Keys" to "Transferable >> Keys", and add to the end of the section: >> >> Secret keys may be transferred in the same manner and format as >> public keys by replacing any public key packets with the >> corresponding secret key packets and and public subkey packets >> with >> the corresponding secret subkey packets. > > I support this proposal. > That's pretty much in bis16. Jon From owner-ietf-openpgp@mail.imc.org Wed Apr 19 14:58:57 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FWHtB-0006BT-Gb for openpgp-archive@lists.ietf.org; Wed, 19 Apr 2006 14:58:57 -0400 Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FWHtA-0001Fr-0U for openpgp-archive@lists.ietf.org; Wed, 19 Apr 2006 14:58:57 -0400 Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3JIhshB087766; Wed, 19 Apr 2006 11:43:54 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3JIhs2o087765; Wed, 19 Apr 2006 11:43:54 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3JIhsVH087759 for ; Wed, 19 Apr 2006 11:43:54 -0700 (MST) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.7); Wed, 19 Apr 2006 11:43:53 -0700 Received: from [63.73.97.189] ([63.73.97.189]) by keys.merrymeet.com (PGP Universal service); Wed, 19 Apr 2006 11:43:53 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Wed, 19 Apr 2006 11:43:53 -0700 In-Reply-To: <44462894.50003@systemics.com> References: <44462894.50003@systemics.com> Mime-Version: 1.0 (Apple Message framework v749.3) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: Cc: OpenPGP Content-Transfer-Encoding: 7bit From: Jon Callas Subject: Re: bis16 out Date: Wed, 19 Apr 2006 11:44:04 -0700 To: Ian G X-Mailer: Apple Mail (2.749.3) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: X-Spam-Score: 0.0 (/) X-Scan-Signature: 856eb5f76e7a34990d1d457d8e8e5b7f On 19 Apr 2006, at 5:09 AM, Ian G wrote: > Jon Callas wrote: >> I just sent off bis16. > > Excellent! > > What is the status of "last call" ? Back in? > Restarting? I'm not allowed to say that, Derek is. However, it is my expectation that yes, this is the real last call on 2440+. Jon From owner-ietf-openpgp@mail.imc.org Wed Apr 19 16:27:46 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FWJH8-0002Uu-4R for openpgp-archive@lists.ietf.org; Wed, 19 Apr 2006 16:27:46 -0400 Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FWJH7-0006b2-Ny for openpgp-archive@lists.ietf.org; Wed, 19 Apr 2006 16:27:46 -0400 Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3JJo97X090713; Wed, 19 Apr 2006 12:50:09 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3JJo9OK090712; Wed, 19 Apr 2006 12:50:09 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from pine.neustar.com (pine.neustar.com [209.173.57.70]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3JJo84q090688 for ; Wed, 19 Apr 2006 12:50:08 -0700 (MST) (envelope-from ietf@ietf.org) Received: from stiedprstage1.ietf.org (stiedprstage1.va.neustar.com [10.31.47.10]) by pine.neustar.com (8.12.8/8.12.8) with ESMTP id k3JJo2vP016312 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 19 Apr 2006 19:50:02 GMT Received: from ietf by stiedprstage1.ietf.org with local (Exim 4.43) id 1FWIgc-0006An-4G; Wed, 19 Apr 2006 15:50:02 -0400 Content-Type: Multipart/Mixed; Boundary="NextPart" Mime-Version: 1.0 To: i-d-announce@ietf.org Cc: ietf-openpgp@imc.org From: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-openpgp-rfc2440bis-16.txt Message-Id: Date: Wed, 19 Apr 2006 15:50:02 -0400 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: X-Spam-Score: 0.3 (/) X-Scan-Signature: 8de5f93cb2b4e3bee75302e9eacc33db --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the An Open Specification for Pretty Good Privacy Working Group of the IETF. Title : OpenPGP Message Format Author(s) : J. Callas, et al. Filename : draft-ietf-openpgp-rfc2440bis-16.txt Pages : 75 Date : 2006-4-19 This document is maintained in order to publish all necessary information needed to develop interoperable applications based on the OpenPGP format. It is not a step-by-step cookbook for writing an application. It describes only the format and methods needed to read, check, generate, and write conforming packets crossing any network. It does not deal with storage and implementation questions. It does, however, discuss implementation issues necessary to avoid security flaws. OpenPGP software uses a combination of strong public-key and symmetric cryptography to provide security services for electronic communications and data storage. These services include confidentiality, key management, authentication, and digital signatures. This document specifies the message formats used in OpenPGP. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-openpgp-rfc2440bis-16.txt To remove yourself from the I-D Announcement list, send a message to i-d-announce-request@ietf.org with the word unsubscribe in the body of the message. You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce to change your subscription settings. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-openpgp-rfc2440bis-16.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-openpgp-rfc2440bis-16.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <2006-4-19121300.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-openpgp-rfc2440bis-16.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-openpgp-rfc2440bis-16.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2006-4-19121300.I-D@ietf.org> --OtherAccess-- --NextPart-- From owner-ietf-openpgp@mail.imc.org Wed Apr 19 18:51:14 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FWLVy-0000tL-SO for openpgp-archive@lists.ietf.org; Wed, 19 Apr 2006 18:51:14 -0400 Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FWLVx-0004Ss-G8 for openpgp-archive@lists.ietf.org; Wed, 19 Apr 2006 18:51:14 -0400 Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3JMHc1x097264; Wed, 19 Apr 2006 15:17:38 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3JMHcLg097263; Wed, 19 Apr 2006 15:17:38 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.ihtfp.org (MAIL.IHTFP.ORG [204.107.200.6]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3JMHaMo097257 for ; Wed, 19 Apr 2006 15:17:37 -0700 (MST) (envelope-from warlord@MIT.EDU) Received: from cliodev.pgp.com (unknown [63.251.255.85]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "cliodev.ihtfp.com", Issuer "IHTFP Consulting Certification Authority" (verified OK)) by mail.ihtfp.org (Postfix) with ESMTP id BFD2FBD8390 for ; Wed, 19 Apr 2006 18:17:28 -0400 (EDT) Received: (from warlord@localhost) by cliodev.pgp.com (8.13.1/8.13.1/Submit) id k3JMH9LT024909; Wed, 19 Apr 2006 18:17:09 -0400 From: Derek Atkins To: ietf-openpgp@imc.org Subject: WGLC: draft-ietf-openpgp-rfc2440bis-16 ends Wed, May 3 Date: Wed, 19 Apr 2006 18:17:08 -0400 Message-ID: User-Agent: Gnus/5.110003 (No Gnus v0.3) Emacs/21.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: X-Spam-Score: 0.0 (/) X-Scan-Signature: 7655788c23eb79e336f5f8ba8bce7906 Hi, all As you've noticed, bis16 has been released. I believe that there are no open issues with this version, so I hereby initiate a Working Group Last Call on draft-ietf-openpgp-rfc2440bis-16 to end two weeks from today at Wednesday, May 3, 2006. Please get your comments in by 7pm US/EDT (2300Z). You can obtain the draft from: http://www.ietf.org/internet-drafts/draft-ietf-openpgp-rfc2440bis-16.txt Please send comments to me and either to the editor and/or to the list. Thanks! -derek -- Derek Atkins 617-623-3745 derek@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant From walter.maculan@epornlink.com Thu Apr 20 09:19:34 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FWZ4I-00063s-Af for openpgp-archive@ietf.org; Thu, 20 Apr 2006 09:19:34 -0400 Received: from [61.183.79.111] (helo=localhost) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1FWZ3U-0007MX-94 for openpgp-archive@ietf.org; Thu, 20 Apr 2006 09:19:34 -0400 Message-ID: <000001c664a7$639a2400$0100007f@localhost> From: "Jordan Green" To: Subject: What IS 0EM Software And Why D0 You Care? Date: Thu, 20 Apr 2006 21:18:40 +0800 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0001_01C664A7.639A2400" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-Spam-Score: 2.4 (++) X-Scan-Signature: cd26b070c2577ac175cd3a6d878c6248 This is a multi-part message in MIME format. ------=_NextPart_000_0001_01C664A7.639A2400 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Special Offer Adobe Video Collection Adobe Premiere 1.5 Professional Adobe After Effects 6.5 Professional Adobe Audition 1.5 Adobe Encore DVD 1.5 $149.95 More Info >> Microsoft 2 in 1 MS Windows XP Pro MS Office 2003 Pro $99.95 More Info >> Microsoft + Adobe 3 in 1 MS Windows XP Pro MS Office 2003 Pro Adobe Acrobat 7.0 Professional $149.95 More Info >> Bestsellers Microsoft Office Professional Edition 2003 Rating: 6 reviews Retail price: $550.00 You save: $480.05 (87%) Our price: $69.95 [Add to cart] Microsoft Windows XP Professional Rating: 8 reviews Retail price: $200.00 You save: $150.05 (75%) Our price: $49.95 [Add to cart] Adobe Photoshop CS2 V 9.0 Rating: 3 reviews Retail price: $599.00 You save: $529.05 (88%) Our price: $69.95 [Add to cart] ------=_NextPart_000_0001_01C664A7.639A2400 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable DS
Special Offer
Adobe Video Collection
  • Adobe Premiere 1.5 Professional
  • Adobe After Effects 6.5 Professional
  • Adobe Audition 1.5
  • Adobe Encore DVD 1.5
$149.95    
More Info >>
Microsoft 2 in 1
  • MS Windows XP Pro
  • MS Office 2003 Pro




$99.95    
More Info >>
Microsoft + Adobe 3 in 1
  • MS Windows XP Pro
  • MS Office 2003 Pro
  • Adobe Acrobat 7.0 Professional


$149.95    
More Info >>
Bestsellers
3D"" Microsoft Office Professional Edition 2003
Rating: 6 reviews
Retail price: $550.00
You save: $480.05 (87%)
Our price: $69.95		  

Add to cart

3D"" Microsoft Windows XP Professional
Rating: 8 reviews
Retail price: $200.00
You save: $150.05 (75%)
Our price: $49.95		  

Add to cart

3D"" Adobe Photoshop CS2 V 9.0
Rating: 3 reviews
Retail price: $599.00
You save: $529.05 (88%)
Our price: $69.95		  

Add to cart

------=_NextPart_000_0001_01C664A7.639A2400-- From owner-ietf-openpgp@mail.imc.org Tue Apr 25 22:54:00 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FYaAC-0004Wo-Ga for openpgp-archive@lists.ietf.org; Tue, 25 Apr 2006 22:54:00 -0400 Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FYaAB-00028w-3j for openpgp-archive@lists.ietf.org; Tue, 25 Apr 2006 22:54:00 -0400 Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3Q2SSU4044852; Tue, 25 Apr 2006 19:28:28 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3Q2SSGT044851; Tue, 25 Apr 2006 19:28:28 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from finney.org (226-132.adsl2.netlojix.net [207.71.226.132]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3Q2SPTC044844 for ; Tue, 25 Apr 2006 19:28:28 -0700 (MST) (envelope-from hal@finney.org) Received: by finney.org (Postfix, from userid 500) id 3C50357FD1; Tue, 25 Apr 2006 19:28:31 -0700 (PDT) To: ietf-openpgp@imc.org Subject: Mistake in section 5.3, also in RFC2440 Message-Id: <20060426022831.3C50357FD1@finney.org> Date: Tue, 25 Apr 2006 19:28:31 -0700 (PDT) From: hal@finney.org ("Hal Finney") Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: X-Spam-Score: 0.1 (/) X-Scan-Signature: e1e48a527f609d1be2bc8d8a70eb76cb I noticed that the language in section 5.3 on Symmetric-Key Encrypted Session Key packets is not right: 5.3. Symmetric-Key Encrypted Session Key Packets (Tag 3) The Symmetric-Key Encrypted Session Key packet holds the symmetric-key encryption of a session key used to encrypt a message. Zero or more Encrypted Session Key packets and/or Symmetric-Key Encrypted Session Key packets may precede a Symmetrically Encrypted Data Packet that holds an encrypted message. The second sentence should begin "Zero or more Public-Key Encrypted Session Key packets and/or Symmetric-Key Encrypted Session Key Packets..." It left off "Public-Key" and just refers to "Encrypted Session Key packets" which is not a packet type. In particular, referring to "Encrypted Session Key packets and/or Symmetric-Key Encrypted Session Key Packets" is incoherent. The langage in 5.1, for comparsion: 5.1. Public-Key Encrypted Session Key Packets (Tag 1) A Public-Key Encrypted Session Key packet holds the session key used to encrypt a message. Zero or more Encrypted Session Key packets (either Public-Key or Symmetric-Key) may precede a Symmetrically Encrypted Data Packet, which holds an encrypted message. This is not ideal in terms of the packet names; you have to mentally move the prefixes listed in the parenthesis up and put them in front of Encrypted Session Key. But given that slight lapse in clarity, it is basically correct, and is not as bad as 5.3. All this language is unchanged since RFC2440. I do think we should fix at least 5.3, because the present wording is meaningless and confusing. If we do that I'd suggest changing the 2nd sentence of 5.1 to match that of 5.3. Hal Finney From owner-ietf-openpgp@mail.imc.org Tue Apr 25 23:34:22 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FYanG-0002ae-Jo for openpgp-archive@lists.ietf.org; Tue, 25 Apr 2006 23:34:22 -0400 Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FYanG-0004qI-6x for openpgp-archive@lists.ietf.org; Tue, 25 Apr 2006 23:34:22 -0400 Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3Q3D10k047017; Tue, 25 Apr 2006 20:13:01 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3Q3D1mY047016; Tue, 25 Apr 2006 20:13:01 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from foobar.cs.jhu.edu (foobar.cs.jhu.edu [128.220.13.173]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3Q3D0pg047010 for ; Tue, 25 Apr 2006 20:13:01 -0700 (MST) (envelope-from dshaw@jabberwocky.com) Received: from walrus.hsd1.ma.comcast.net (walrus.hsd1.ma.comcast.net [24.60.132.70]) by foobar.cs.jhu.edu (8.11.6/8.11.6) with ESMTP id k3Q3Cuk26035 for ; Tue, 25 Apr 2006 23:12:56 -0400 Received: from grover.jabberwocky.com (grover.jabberwocky.com [172.24.84.28]) by walrus.hsd1.ma.comcast.net (8.13.6/8.13.5) with ESMTP id k3Q3EoFQ001418 for ; Tue, 25 Apr 2006 23:14:50 -0400 Received: from grover.jabberwocky.com (grover.jabberwocky.com [127.0.0.1]) by grover.jabberwocky.com (8.13.1/8.13.1) with ESMTP id k3Q3Cox8011477 for ; Tue, 25 Apr 2006 23:12:50 -0400 Received: (from dshaw@localhost) by grover.jabberwocky.com (8.13.1/8.13.1/Submit) id k3Q3Co8Z011476 for ietf-openpgp@imc.org; Tue, 25 Apr 2006 23:12:50 -0400 Date: Tue, 25 Apr 2006 23:12:50 -0400 From: David Shaw To: ietf-openpgp@imc.org Subject: bis-16 comments Message-ID: <20060426031250.GA11005@jabberwocky.com> Mail-Followup-To: ietf-openpgp@imc.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline OpenPGP: id=0x99242560; url=http://www.jabberwocky.com/david/keys.asc User-Agent: Mutt/1.5.11 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: X-Spam-Score: 0.0 (/) X-Scan-Signature: c3a18ef96977fc9bcc21a621cbf1174b Section 5.1.2, Signature Types, says: There are a number of possible meanings for a signature, which are specified in a signature type octet in any given signature. See section 5.2.4, "Computing Signatures," for detailed information on how to compute and verify signatures of each type. There are a number of possible meanings for a signature, which may be indicated in a signature type octet in any given signature. Please note that the vagueness of these meanings is not a flaw, but a feature of the system. Because OpenPGP places final authority for validity upon the receiver of a signature, it may be that one signer's casual act might be more rigorous than some other authority's positive act. The two opening sentences are redundant. Suggest: There are a number of possible meanings for a signature, which are indicated in a signature type octet in any given signature. Please note that the vagueness of these meanings is not a flaw, but a feature of the system. Because OpenPGP places final authority for validity upon the receiver of a signature, it may be that one signer's casual act might be more rigorous than some other authority's positive act. See section 5.2.4, "Computing Signatures," for detailed information on how to compute and verify signatures of each type. (Combining the two) ******************* Section 5.2.2, Version 3 Signature Packet Format has a sentence that reads "The details of the calculation are different for DSA signature than for RSA signatures." That should be "DSA signatures" (plural). ******************* In section 5.2.3.12. Revocable, the second sentence reads "Packet body contains a Boolean flag indicating whether the signature is revocable." Suggest adding a "The" to read "The packet body contains..." ******************* In section 9.3. Compression Algorithms, suggest adding: Algorithm 0, "uncompressed," may only be used to denote a preference for uncompressed data in the preferred compression algorithms subpacket (section 5.2.3.9). Implementations MUST NOT use uncompressed in Compressed Data Packets. (We had the same problem with using cipher algorithm 0 in encrypted data packets, and made that MUST NOT as well) ******************* In section 10.2. OpenPGP Messages, the paragraph beginning "In addition, decrypting a Symmetrically Encrypted Data Packet" has a blank line in the middle of the paragraph. ******************* Section 12.5, DSA, has a sentence that reads "It MUST NOT implement a DSA signature with a q size of less than 160 bits." That should be a "DSA key" rather than a "DSA signature". ******************* Section 13, Security Considerations says: * SHA384 requires the same work as SHA512. In general, there are few reasons to use it -- you need a situation where one needs more security than SHA256, but does not want to have the 512-bit data length. Suggest: * SHA224 and SHA384 require the same work as SHA256 and SHA512 respectively. In general, there are few reasons to use them outside of DSS compatibility. You need a situation where one needs more security than smaller hashes, but does not want to have the full 256-bit or 512-bit data length. David Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3Q3D10k047017; Tue, 25 Apr 2006 20:13:01 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3Q3D1mY047016; Tue, 25 Apr 2006 20:13:01 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from foobar.cs.jhu.edu (foobar.cs.jhu.edu [128.220.13.173]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3Q3D0pg047010 for ; Tue, 25 Apr 2006 20:13:01 -0700 (MST) (envelope-from dshaw@jabberwocky.com) Received: from walrus.hsd1.ma.comcast.net (walrus.hsd1.ma.comcast.net [24.60.132.70]) by foobar.cs.jhu.edu (8.11.6/8.11.6) with ESMTP id k3Q3Cuk26035 for ; Tue, 25 Apr 2006 23:12:56 -0400 Received: from grover.jabberwocky.com (grover.jabberwocky.com [172.24.84.28]) by walrus.hsd1.ma.comcast.net (8.13.6/8.13.5) with ESMTP id k3Q3EoFQ001418 for ; Tue, 25 Apr 2006 23:14:50 -0400 Received: from grover.jabberwocky.com (grover.jabberwocky.com [127.0.0.1]) by grover.jabberwocky.com (8.13.1/8.13.1) with ESMTP id k3Q3Cox8011477 for ; Tue, 25 Apr 2006 23:12:50 -0400 Received: (from dshaw@localhost) by grover.jabberwocky.com (8.13.1/8.13.1/Submit) id k3Q3Co8Z011476 for ietf-openpgp@imc.org; Tue, 25 Apr 2006 23:12:50 -0400 Date: Tue, 25 Apr 2006 23:12:50 -0400 From: David Shaw To: ietf-openpgp@imc.org Subject: bis-16 comments Message-ID: <20060426031250.GA11005@jabberwocky.com> Mail-Followup-To: ietf-openpgp@imc.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline OpenPGP: id=0x99242560; url=http://www.jabberwocky.com/david/keys.asc User-Agent: Mutt/1.5.11 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Section 5.1.2, Signature Types, says: There are a number of possible meanings for a signature, which are specified in a signature type octet in any given signature. See section 5.2.4, "Computing Signatures," for detailed information on how to compute and verify signatures of each type. There are a number of possible meanings for a signature, which may be indicated in a signature type octet in any given signature. Please note that the vagueness of these meanings is not a flaw, but a feature of the system. Because OpenPGP places final authority for validity upon the receiver of a signature, it may be that one signer's casual act might be more rigorous than some other authority's positive act. The two opening sentences are redundant. Suggest: There are a number of possible meanings for a signature, which are indicated in a signature type octet in any given signature. Please note that the vagueness of these meanings is not a flaw, but a feature of the system. Because OpenPGP places final authority for validity upon the receiver of a signature, it may be that one signer's casual act might be more rigorous than some other authority's positive act. See section 5.2.4, "Computing Signatures," for detailed information on how to compute and verify signatures of each type. (Combining the two) ******************* Section 5.2.2, Version 3 Signature Packet Format has a sentence that reads "The details of the calculation are different for DSA signature than for RSA signatures." That should be "DSA signatures" (plural). ******************* In section 5.2.3.12. Revocable, the second sentence reads "Packet body contains a Boolean flag indicating whether the signature is revocable." Suggest adding a "The" to read "The packet body contains..." ******************* In section 9.3. Compression Algorithms, suggest adding: Algorithm 0, "uncompressed," may only be used to denote a preference for uncompressed data in the preferred compression algorithms subpacket (section 5.2.3.9). Implementations MUST NOT use uncompressed in Compressed Data Packets. (We had the same problem with using cipher algorithm 0 in encrypted data packets, and made that MUST NOT as well) ******************* In section 10.2. OpenPGP Messages, the paragraph beginning "In addition, decrypting a Symmetrically Encrypted Data Packet" has a blank line in the middle of the paragraph. ******************* Section 12.5, DSA, has a sentence that reads "It MUST NOT implement a DSA signature with a q size of less than 160 bits." That should be a "DSA key" rather than a "DSA signature". ******************* Section 13, Security Considerations says: * SHA384 requires the same work as SHA512. In general, there are few reasons to use it -- you need a situation where one needs more security than SHA256, but does not want to have the 512-bit data length. Suggest: * SHA224 and SHA384 require the same work as SHA256 and SHA512 respectively. In general, there are few reasons to use them outside of DSS compatibility. You need a situation where one needs more security than smaller hashes, but does not want to have the full 256-bit or 512-bit data length. David Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3Q2SSU4044852; Tue, 25 Apr 2006 19:28:28 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3Q2SSGT044851; Tue, 25 Apr 2006 19:28:28 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from finney.org (226-132.adsl2.netlojix.net [207.71.226.132]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3Q2SPTC044844 for ; Tue, 25 Apr 2006 19:28:28 -0700 (MST) (envelope-from hal@finney.org) Received: by finney.org (Postfix, from userid 500) id 3C50357FD1; Tue, 25 Apr 2006 19:28:31 -0700 (PDT) To: ietf-openpgp@imc.org Subject: Mistake in section 5.3, also in RFC2440 Message-Id: <20060426022831.3C50357FD1@finney.org> Date: Tue, 25 Apr 2006 19:28:31 -0700 (PDT) From: hal@finney.org ("Hal Finney") Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: I noticed that the language in section 5.3 on Symmetric-Key Encrypted Session Key packets is not right: 5.3. Symmetric-Key Encrypted Session Key Packets (Tag 3) The Symmetric-Key Encrypted Session Key packet holds the symmetric-key encryption of a session key used to encrypt a message. Zero or more Encrypted Session Key packets and/or Symmetric-Key Encrypted Session Key packets may precede a Symmetrically Encrypted Data Packet that holds an encrypted message. The second sentence should begin "Zero or more Public-Key Encrypted Session Key packets and/or Symmetric-Key Encrypted Session Key Packets..." It left off "Public-Key" and just refers to "Encrypted Session Key packets" which is not a packet type. In particular, referring to "Encrypted Session Key packets and/or Symmetric-Key Encrypted Session Key Packets" is incoherent. The langage in 5.1, for comparsion: 5.1. Public-Key Encrypted Session Key Packets (Tag 1) A Public-Key Encrypted Session Key packet holds the session key used to encrypt a message. Zero or more Encrypted Session Key packets (either Public-Key or Symmetric-Key) may precede a Symmetrically Encrypted Data Packet, which holds an encrypted message. This is not ideal in terms of the packet names; you have to mentally move the prefixes listed in the parenthesis up and put them in front of Encrypted Session Key. But given that slight lapse in clarity, it is basically correct, and is not as bad as 5.3. All this language is unchanged since RFC2440. I do think we should fix at least 5.3, because the present wording is meaningless and confusing. If we do that I'd suggest changing the 2nd sentence of 5.1 to match that of 5.3. Hal Finney Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3JMHc1x097264; Wed, 19 Apr 2006 15:17:38 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3JMHcLg097263; Wed, 19 Apr 2006 15:17:38 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.ihtfp.org (MAIL.IHTFP.ORG [204.107.200.6]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3JMHaMo097257 for ; Wed, 19 Apr 2006 15:17:37 -0700 (MST) (envelope-from warlord@MIT.EDU) Received: from cliodev.pgp.com (unknown [63.251.255.85]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "cliodev.ihtfp.com", Issuer "IHTFP Consulting Certification Authority" (verified OK)) by mail.ihtfp.org (Postfix) with ESMTP id BFD2FBD8390 for ; Wed, 19 Apr 2006 18:17:28 -0400 (EDT) Received: (from warlord@localhost) by cliodev.pgp.com (8.13.1/8.13.1/Submit) id k3JMH9LT024909; Wed, 19 Apr 2006 18:17:09 -0400 From: Derek Atkins To: ietf-openpgp@imc.org Subject: WGLC: draft-ietf-openpgp-rfc2440bis-16 ends Wed, May 3 Date: Wed, 19 Apr 2006 18:17:08 -0400 Message-ID: User-Agent: Gnus/5.110003 (No Gnus v0.3) Emacs/21.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Hi, all As you've noticed, bis16 has been released. I believe that there are no open issues with this version, so I hereby initiate a Working Group Last Call on draft-ietf-openpgp-rfc2440bis-16 to end two weeks from today at Wednesday, May 3, 2006. Please get your comments in by 7pm US/EDT (2300Z). You can obtain the draft from: http://www.ietf.org/internet-drafts/draft-ietf-openpgp-rfc2440bis-16.txt Please send comments to me and either to the editor and/or to the list. Thanks! -derek -- Derek Atkins 617-623-3745 derek@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3JJo97X090713; Wed, 19 Apr 2006 12:50:09 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3JJo9OK090712; Wed, 19 Apr 2006 12:50:09 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from pine.neustar.com (pine.neustar.com [209.173.57.70]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3JJo84q090688 for ; Wed, 19 Apr 2006 12:50:08 -0700 (MST) (envelope-from ietf@ietf.org) Received: from stiedprstage1.ietf.org (stiedprstage1.va.neustar.com [10.31.47.10]) by pine.neustar.com (8.12.8/8.12.8) with ESMTP id k3JJo2vP016312 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 19 Apr 2006 19:50:02 GMT Received: from ietf by stiedprstage1.ietf.org with local (Exim 4.43) id 1FWIgc-0006An-4G; Wed, 19 Apr 2006 15:50:02 -0400 Content-Type: Multipart/Mixed; Boundary="NextPart" Mime-Version: 1.0 To: i-d-announce@ietf.org Cc: ietf-openpgp@imc.org From: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-openpgp-rfc2440bis-16.txt Message-Id: Date: Wed, 19 Apr 2006 15:50:02 -0400 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the An Open Specification for Pretty Good Privacy Working Group of the IETF. Title : OpenPGP Message Format Author(s) : J. Callas, et al. Filename : draft-ietf-openpgp-rfc2440bis-16.txt Pages : 75 Date : 2006-4-19 This document is maintained in order to publish all necessary information needed to develop interoperable applications based on the OpenPGP format. It is not a step-by-step cookbook for writing an application. It describes only the format and methods needed to read, check, generate, and write conforming packets crossing any network. It does not deal with storage and implementation questions. It does, however, discuss implementation issues necessary to avoid security flaws. OpenPGP software uses a combination of strong public-key and symmetric cryptography to provide security services for electronic communications and data storage. These services include confidentiality, key management, authentication, and digital signatures. This document specifies the message formats used in OpenPGP. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-openpgp-rfc2440bis-16.txt To remove yourself from the I-D Announcement list, send a message to i-d-announce-request@ietf.org with the word unsubscribe in the body of the message. You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce to change your subscription settings. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-openpgp-rfc2440bis-16.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-openpgp-rfc2440bis-16.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <2006-4-19121300.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-openpgp-rfc2440bis-16.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-openpgp-rfc2440bis-16.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2006-4-19121300.I-D@ietf.org> --OtherAccess-- --NextPart-- Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3JIhshB087766; Wed, 19 Apr 2006 11:43:54 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3JIhs2o087765; Wed, 19 Apr 2006 11:43:54 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3JIhsVH087759 for ; Wed, 19 Apr 2006 11:43:54 -0700 (MST) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.7); Wed, 19 Apr 2006 11:43:53 -0700 Received: from [63.73.97.189] ([63.73.97.189]) by keys.merrymeet.com (PGP Universal service); Wed, 19 Apr 2006 11:43:53 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Wed, 19 Apr 2006 11:43:53 -0700 In-Reply-To: <44462894.50003@systemics.com> References: <44462894.50003@systemics.com> Mime-Version: 1.0 (Apple Message framework v749.3) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: Cc: OpenPGP Content-Transfer-Encoding: 7bit From: Jon Callas Subject: Re: bis16 out Date: Wed, 19 Apr 2006 11:44:04 -0700 To: Ian G X-Mailer: Apple Mail (2.749.3) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On 19 Apr 2006, at 5:09 AM, Ian G wrote: > Jon Callas wrote: >> I just sent off bis16. > > Excellent! > > What is the status of "last call" ? Back in? > Restarting? I'm not allowed to say that, Derek is. However, it is my expectation that yes, this is the real last call on 2440+. Jon Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3JIaKfm087482; Wed, 19 Apr 2006 11:36:21 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3JIaKZe087481; Wed, 19 Apr 2006 11:36:20 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3JIaK1r087475 for ; Wed, 19 Apr 2006 11:36:20 -0700 (MST) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.7) for ; Wed, 19 Apr 2006 11:36:19 -0700 Received: from [63.73.97.189] ([63.73.97.189]) by keys.merrymeet.com (PGP Universal service); Wed, 19 Apr 2006 11:36:19 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Wed, 19 Apr 2006 11:36:19 -0700 Mime-Version: 1.0 (Apple Message framework v749.3) In-Reply-To: <20060419103520.GA22578@epointsystem.org> References: <20051214135609.GA22783@jabberwocky.com> <59A2A036-CFF5-4C28-9B84-9345BD5EBC0F@callas.org> <20060418214155.GA5012@epointsystem.org> <20060418225637.GA11827@jabberwocky.com> <20060419103520.GA22578@epointsystem.org> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <548A53BE-5147-42DA-8F2D-C3340481471A@callas.org> Content-Transfer-Encoding: 7bit From: Jon Callas Subject: Re: Secret key transport Date: Wed, 19 Apr 2006 11:36:30 -0700 To: OpenPGP X-Mailer: Apple Mail (2.749.3) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On 19 Apr 2006, at 3:35 AM, Daniel A. Nagy wrote: >> Rename section 10.1 from "Transferable Public Keys" to "Transferable >> Keys", and add to the end of the section: >> >> Secret keys may be transferred in the same manner and format as >> public keys by replacing any public key packets with the >> corresponding secret key packets and and public subkey packets >> with >> the corresponding secret subkey packets. > > I support this proposal. > That's pretty much in bis16. Jon Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3JCCB70069212; Wed, 19 Apr 2006 05:12:11 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3JCCBYb069211; Wed, 19 Apr 2006 05:12:11 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mailgate.enhyper.net ([80.168.109.121]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3JCC9PT069205 for ; Wed, 19 Apr 2006 05:12:10 -0700 (MST) (envelope-from iang@systemics.com) Received: from [IPv6:::1] (localhost [127.0.0.1]) by mailgate.enhyper.net (Postfix) with ESMTP id 599715D78C; Wed, 19 Apr 2006 13:12:07 +0100 (BST) Message-ID: <44462894.50003@systemics.com> Date: Wed, 19 Apr 2006 14:09:56 +0200 From: Ian G Organization: http://financialcryptography.com/ User-Agent: Mozilla Thunderbird 1.0.6 (X11/20051013) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Jon Callas Cc: OpenPGP Subject: Re: bis16 out References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Jon Callas wrote: > > I just sent off bis16. Excellent! What is the status of "last call" ? Back in? Restarting? iang Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3JAZMgT064316; Wed, 19 Apr 2006 03:35:22 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3JAZMkc064315; Wed, 19 Apr 2006 03:35:22 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.epointsystem.org (120.156-228-195.hosting.adatpark.hu [195.228.156.120]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3JAZLfQ064308 for ; Wed, 19 Apr 2006 03:35:21 -0700 (MST) (envelope-from nagydani@epointsystem.org) Received: by mail.epointsystem.org (Postfix, from userid 1001) id A34642D10; Wed, 19 Apr 2006 12:35:20 +0200 (CEST) Date: Wed, 19 Apr 2006 12:35:20 +0200 To: OpenPGP Subject: Re: Secret key transport Message-ID: <20060419103520.GA22578@epointsystem.org> References: <20051214135609.GA22783@jabberwocky.com> <59A2A036-CFF5-4C28-9B84-9345BD5EBC0F@callas.org> <20060418214155.GA5012@epointsystem.org> <20060418225637.GA11827@jabberwocky.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20060418225637.GA11827@jabberwocky.com> User-Agent: Mutt/1.5.9i From: nagydani@epointsystem.org (Daniel A. Nagy) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Tue, Apr 18, 2006 at 06:56:37PM -0400, David Shaw wrote: > The difference is that GnuPG prints a warning when it could not do > this automatic conversion because of missing self-signatures. PGP is > (probably more appropriately) quiet. I think you are interpreting > that warning message as a rejection. Maybe. I will double-check. > All binding signatures bind to the public key. There is no such thing > as a secret key binding signature. I know. > Here's a minimal-change proposal: > > Rename section 10.1 from "Transferable Public Keys" to "Transferable > Keys", and add to the end of the section: > > Secret keys may be transferred in the same manner and format as > public keys by replacing any public key packets with the > corresponding secret key packets and and public subkey packets with > the corresponding secret subkey packets. I support this proposal. -- Daniel Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3INKlsN032324; Tue, 18 Apr 2006 16:20:47 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3INKlU7032323; Tue, 18 Apr 2006 16:20:47 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3INKkY1032317 for ; Tue, 18 Apr 2006 16:20:46 -0700 (MST) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.7) for ; Tue, 18 Apr 2006 16:20:46 -0700 Received: from [192.168.2.164] ([63.251.255.85]) by keys.merrymeet.com (PGP Universal service); Tue, 18 Apr 2006 16:20:46 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Tue, 18 Apr 2006 16:20:46 -0700 Mime-Version: 1.0 (Apple Message framework v749.3) Content-Transfer-Encoding: 7bit Message-Id: Content-Type: text/plain; charset=US-ASCII; format=flowed To: OpenPGP From: Jon Callas Subject: bis16 out Date: Tue, 18 Apr 2006 16:20:55 -0700 X-Mailer: Apple Mail (2.749.3) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: I just sent off bis16. Jon Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3INCrr1032084; Tue, 18 Apr 2006 16:12:53 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3INCr1f032083; Tue, 18 Apr 2006 16:12:53 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3INCqrb032077 for ; Tue, 18 Apr 2006 16:12:53 -0700 (MST) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.7) for ; Tue, 18 Apr 2006 16:12:52 -0700 Received: from [192.168.2.164] ([63.251.255.85]) by keys.merrymeet.com (PGP Universal service); Tue, 18 Apr 2006 16:12:52 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Tue, 18 Apr 2006 16:12:52 -0700 Mime-Version: 1.0 (Apple Message framework v749.3) In-Reply-To: <20060418225637.GA11827@jabberwocky.com> References: <20051214135609.GA22783@jabberwocky.com> <59A2A036-CFF5-4C28-9B84-9345BD5EBC0F@callas.org> <20060418214155.GA5012@epointsystem.org> <20060418225637.GA11827@jabberwocky.com> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <4D2B647D-0DB2-4EA9-AACB-C243CC45A802@callas.org> Content-Transfer-Encoding: 7bit From: Jon Callas Subject: Re: Secret key transport Date: Tue, 18 Apr 2006 16:12:59 -0700 To: OpenPGP X-Mailer: Apple Mail (2.749.3) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: I found some suggested text that David gave me last year since sending that. I added it in. Jon Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3IMump0030995; Tue, 18 Apr 2006 15:56:48 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3IMumNI030994; Tue, 18 Apr 2006 15:56:48 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from foobar.cs.jhu.edu (foobar.cs.jhu.edu [128.220.13.173]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3IMul2R030987 for ; Tue, 18 Apr 2006 15:56:48 -0700 (MST) (envelope-from dshaw@jabberwocky.com) Received: from walrus.hsd1.ma.comcast.net (walrus.hsd1.ma.comcast.net [24.60.132.70]) by foobar.cs.jhu.edu (8.11.6/8.11.6) with ESMTP id k3IMuhk08130 for ; Tue, 18 Apr 2006 18:56:44 -0400 Received: from grover.jabberwocky.com (grover.jabberwocky.com [172.24.84.28]) by walrus.hsd1.ma.comcast.net (8.13.6/8.13.5) with ESMTP id k3IMw8cD021872 for ; Tue, 18 Apr 2006 18:58:08 -0400 Received: from grover.jabberwocky.com (grover.jabberwocky.com [127.0.0.1]) by grover.jabberwocky.com (8.13.1/8.13.1) with ESMTP id k3IMubdS011907 for ; Tue, 18 Apr 2006 18:56:37 -0400 Received: (from dshaw@localhost) by grover.jabberwocky.com (8.13.1/8.13.1/Submit) id k3IMub4V011906 for ietf-openpgp@imc.org; Tue, 18 Apr 2006 18:56:37 -0400 Date: Tue, 18 Apr 2006 18:56:37 -0400 From: David Shaw To: OpenPGP Subject: Re: Secret key transport Message-ID: <20060418225637.GA11827@jabberwocky.com> Mail-Followup-To: OpenPGP References: <20051214135609.GA22783@jabberwocky.com> <59A2A036-CFF5-4C28-9B84-9345BD5EBC0F@callas.org> <20060418214155.GA5012@epointsystem.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20060418214155.GA5012@epointsystem.org> OpenPGP: id=99242560; url=http://www.jabberwocky.com/david/keys.asc User-Agent: Mutt/1.5.11 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Tue, Apr 18, 2006 at 11:41:55PM +0200, Daniel A. Nagy wrote: > > On Tue, Apr 18, 2006 at 12:40:00PM -0700, Jon Callas wrote: > > On 14 Dec 2005, at 5:56 AM, David Shaw wrote about secret keys > > [snipped] > > Since no one has said anything in months, I'm declaring that the > > answer is, "no, this is not something that needs a line or two of text." > > I think, this problem merits a little bit of discussion, as there are some > interoperability issues at stake. > > Firstly, I think that 5.5.1.3. should make it clear that secret key packets > are standardized for the purposes of exporting and importing secret key > material. As far as interoperability is concerned, fully OpenPGP-compliant > implementations may store private keys any way they like. I don't think anyone was arguing otherwise. My original mail was simply noting that there is not a single word in the standard of how to export a secret key. Export, not store. > As for importing and exporting, a major player (namely WK's GnuPG) rejects > private key blocks that do not contain binding self-signatures for UIDs and > subkeys. I think there is some misunderstanding here about what happens on secret key import in GnuPG. GnuPG, like PGP, tries to automatically convert a secret key to a public key on import if the public key doesn't already exist in the keyring. They can do this because secret key packets are essentially a public key packet with the secret data stuck on the end. This isn't mandated (or even mentioned) by the standard, of course, but is a convenience. The difference is that GnuPG prints a warning when it could not do this automatic conversion because of missing self-signatures. PGP is (probably more appropriately) quiet. I think you are interpreting that warning message as a rejection. > Moreover, the required binding signatures bind the material in > question to the corresponding PUBLIC key, not the private one. I am not sure > why they chose to do it this way, but I am strongly opposed to mandating > this behavior in the standard, as it would make some other existing > implementations non-compliant. All binding signatures bind to the public key. There is no such thing as a secret key binding signature. Here's a minimal-change proposal: Rename section 10.1 from "Transferable Public Keys" to "Transferable Keys", and add to the end of the section: Secret keys may be transferred in the same manner and format as public keys by replacing any public key packets with the corresponding secret key packets and and public subkey packets with the corresponding secret subkey packets. David Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3IMWAeM029401; Tue, 18 Apr 2006 15:32:10 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3IMWA8v029400; Tue, 18 Apr 2006 15:32:10 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3IMW9qt029393 for ; Tue, 18 Apr 2006 15:32:09 -0700 (MST) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.7); Tue, 18 Apr 2006 15:32:07 -0700 Received: from [192.168.2.164] ([63.251.255.85]) by keys.merrymeet.com (PGP Universal service); Tue, 18 Apr 2006 15:32:07 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Tue, 18 Apr 2006 15:32:07 -0700 In-Reply-To: <20060329163756.GB1001@jabberwocky.com> References: <20060329163756.GB1001@jabberwocky.com> Mime-Version: 1.0 (Apple Message framework v749.3) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: Cc: ietf-openpgp@imc.org Content-Transfer-Encoding: 7bit From: Jon Callas Subject: Re: Suggested changes for DSA2, take 4 Date: Tue, 18 Apr 2006 15:32:16 -0700 To: David Shaw X-Mailer: Apple Mail (2.749.3) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On 29 Mar 2006, at 8:37 AM, David Shaw wrote: > > Here is round four. Only little fiddle changes at this point. > > ================================== > > Section 5.2.2 (Version 3 Signature Packet Format) says: > > DSA signatures MUST use hashes with a size of 160 bits, to > match q, > the size of the group generated by the DSA key's generator value. > The hash function result is treated as a 160 bit number and used > directly in the DSA signature algorithm. > > change to: > > DSA signatures MUST use hashes that are equal in size to the > number of bits of q, the group generated by the DSA key's > generator value. If the output size of the chosen hash is larger > than the number of bits of q, the hash result is truncated to fit > by taking the number of leftmost bits equal to the number of bits > of q. This (possibly truncated) hash function result is treated > as a number and used directly in the DSA signature algorithm. > Done. > No change. > > ================================== > > Section 12.5. (DSA) says: > > An implementation SHOULD NOT implement DSA keys of size less than > 1024 bits. Note that present DSA is limited to a maximum of > 1024 bit > keys, which are recommended for long-term use. Also, DSA keys MUST > be an even multiple of 64 bits long. > > change to: > > An implementation SHOULD NOT implement DSA keys of size less than > 1024 bits or with a q size of less than 160 bits. DSA keys MUST > also be a multiple of 64 bits, and the q size MUST be a multiple > of 8 bits. The Digital Signature Standard (DSS) [FIPS186] > specifies that DSA be used in one of the following ways: > > * 1024-bit key, 160-bit q, SHA-1, SHA-224, SHA-256, SHA-384 or > SHA-512 hash > * 2048-bit key, 224-bit q, SHA-224, SHA-256, SHA-384 or SHA-512 > hash > * 2048-bit key, 256-bit q, SHA-256, SHA-384 or SHA-512 hash > * 3072-bit key, 256-bit q, SHA-256, SHA-384 or SHA-512 hash > > The above key and q size pairs were chosen to best balance > the strength of the key with the strength of the hash. > Implementations SHOULD use one of the above key and q size pairs > when generating DSA keys. If DSS compliance is desired, one > of the specified SHA hashes must be used as well. [FIPS186] > is the ultimate authority on DSS, and should be consulted for all > questions of DSS compliance. > > Note that earlier versions of this standard only allowed a > 160-bit q with no truncation allowed, so earlier implementations > may not be able to handle signatures with a different q size or a > truncated hash. > > Added a MUST that the q size is a multiple of 8. I don't think any of > us want to deal with hashes that don't end on a byte boundary. > Done, but I said that you MUST not use a q less than 160 bits. > ================================== > > Section 13. (Security Considerations) says: > > * The DSA algorithm will work with any 160-bit hash, but it is > sensitive to the quality of the hash algorithm, if the hash > algorithm is broken, it can leak the secret key. The Digital > Signature Standard (DSS) specifies that DSA be used with SHA-1. > RIPEMD-160 is considered by many cryptographers to be as > strong. > An implementation should take care which hash algorithms are > used with DSA, as a weak hash can not only allow a signature to > be forged, but could leak the secret key. > > change to: > > * The DSA algorithm will work with any hash, but is sensitive to > the quality of the hash algorithm. Verifiers should be aware > that even if the signer used a strong hash, an attacker could > have modified the signature to use a weak one. Only signatures > using acceptably strong hash algorithms should be accepted as > valid. > > Also add: > > * As OpenPGP combines many different asymmetric, symmetric, and > hash algorithms, each with different measures of strength, care > should be taken that the weakest element of an OpenPGP message > is still sufficiently strong for the purpose at hand. While > consensus about the the strength of a given algorithm may > evolve, at publication time, NIST Special Publication 800-57 > [SP800-57] recommended the following list of equivalent > strengths: > > Asymmetric | Hash | Symmetric > key size | size | key size > ------------+--------+----------- > 1024 160 80 > 2048 224 112 > 3072 256 128 > 7680 384 192 > 15360 512 256 > > Added the key size reminder. > Done with various small edits. I had to fight with the formatting program. Here's what I did: * As OpenPGP combines many different asymmetric, symmetric, and hash algorithms, each with different measures of strength, care should be taken that the weakest element of an OpenPGP message is still sufficiently strong for the purpose at hand. While consensus about the the strength of a given algorithm may evolve, NIST Special Publication 800-57 [SP800-57] recommends the following list of equivalent strengths: Asymmetric | Hash | Symmetric key size | size | key size ------------+--------+----------- 1024 160 80 2048 224 112 3072 256 128 7680 384 192 15360 512 256 > ================================== > > David > Added in reference to SP800-57. Jon Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3ILg6Wn027273; Tue, 18 Apr 2006 14:42:06 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3ILg6Pr027272; Tue, 18 Apr 2006 14:42:06 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.epointsystem.org (120.156-228-195.hosting.adatpark.hu [195.228.156.120]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3ILg3hA027257 for ; Tue, 18 Apr 2006 14:42:06 -0700 (MST) (envelope-from nagydani@epointsystem.org) Received: by mail.epointsystem.org (Postfix, from userid 1001) id AC2D12CF3; Tue, 18 Apr 2006 23:41:55 +0200 (CEST) Date: Tue, 18 Apr 2006 23:41:55 +0200 To: Jon Callas Cc: OpenPGP Subject: Re: Secret key transport Message-ID: <20060418214155.GA5012@epointsystem.org> References: <20051214135609.GA22783@jabberwocky.com> <59A2A036-CFF5-4C28-9B84-9345BD5EBC0F@callas.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <59A2A036-CFF5-4C28-9B84-9345BD5EBC0F@callas.org> User-Agent: Mutt/1.5.9i From: nagydani@epointsystem.org (Daniel A. Nagy) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Tue, Apr 18, 2006 at 12:40:00PM -0700, Jon Callas wrote: > On 14 Dec 2005, at 5:56 AM, David Shaw wrote about secret keys > [snipped] > Since no one has said anything in months, I'm declaring that the > answer is, "no, this is not something that needs a line or two of text." I think, this problem merits a little bit of discussion, as there are some interoperability issues at stake. Firstly, I think that 5.5.1.3. should make it clear that secret key packets are standardized for the purposes of exporting and importing secret key material. As far as interoperability is concerned, fully OpenPGP-compliant implementations may store private keys any way they like. As for importing and exporting, a major player (namely WK's GnuPG) rejects private key blocks that do not contain binding self-signatures for UIDs and subkeys. Moreover, the required binding signatures bind the material in question to the corresponding PUBLIC key, not the private one. I am not sure why they chose to do it this way, but I am strongly opposed to mandating this behavior in the standard, as it would make some other existing implementations non-compliant. The semantics of a secret key packet is the following: "Here's a public key and its (possibly encrypted) private counterpart." That's it. I agree with Jon that there is no point in defining secret key blocks in the standard. Let implementations handle secret key packets as they see fit (including not handling them at all -- after all, being able to import and export private keys is an option, not a requirement). -- Daniel Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3ILbWJm027056; Tue, 18 Apr 2006 14:37:32 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3ILbW4D027055; Tue, 18 Apr 2006 14:37:32 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3ILbV3V027049 for ; Tue, 18 Apr 2006 14:37:31 -0700 (MST) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.7) for ; Tue, 18 Apr 2006 14:37:31 -0700 Received: from [192.168.2.164] ([63.251.255.85]) by keys.merrymeet.com (PGP Universal service); Tue, 18 Apr 2006 14:37:31 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Tue, 18 Apr 2006 14:37:31 -0700 Mime-Version: 1.0 (Apple Message framework v749.3) In-Reply-To: <20060314155839.GA1029@jabberwocky.com> References: <20060314155839.GA1029@jabberwocky.com> Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: Jon Callas Subject: Re: NIST publishes new DSA draft Date: Tue, 18 Apr 2006 14:37:39 -0700 To: OpenPGP X-Mailer: Apple Mail (2.749.3) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On 14 Mar 2006, at 7:58 AM, David Shaw wrote: > > In the OpenPGP context, probably the most interesting bit is that the > 160-bit hash limit has been removed. The sizes supported are: > > * 1024-bit key, 160-bit hash (the current DSA) > * 2048-bit key, 224-bit hash (presumably aimed at SHA-224) > * 2048-bit key, 256-bit hash (presumably aimed at SHA-256) > * 3072-bit key, 256-bit hash (presumably aimed at SHA-256) > I've added in SHA-224. Just don't ask me to sign with it. :-) Jon Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3IJu9NU022935; Tue, 18 Apr 2006 12:56:09 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3IJu9sN022934; Tue, 18 Apr 2006 12:56:09 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3IJu9mD022928 for ; Tue, 18 Apr 2006 12:56:09 -0700 (MST) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.7) for ; Tue, 18 Apr 2006 12:56:08 -0700 Received: from [192.168.2.164] ([63.251.255.85]) by keys.merrymeet.com (PGP Universal service); Tue, 18 Apr 2006 12:56:08 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Tue, 18 Apr 2006 12:56:08 -0700 Mime-Version: 1.0 (Apple Message framework v749.3) In-Reply-To: <43F89315.3000800@algroup.co.uk> References: <20060215201341.0D48557FAE@finney.org> <43F89315.3000800@algroup.co.uk> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <3D476548-0F6E-4A28-B667-45B36FC07DD0@callas.org> Content-Transfer-Encoding: 7bit From: Jon Callas Subject: Re: V3 secret keys Date: Tue, 18 Apr 2006 12:56:16 -0700 To: OpenPGP X-Mailer: Apple Mail (2.749.3) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: In talking to Ben, a number of places where it said "resync" now says "resynchronization" to make it easier to find the text. That seems to resolve this whole issue. Jon Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3IJiU1m022368; Tue, 18 Apr 2006 12:44:30 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3IJiUxf022367; Tue, 18 Apr 2006 12:44:30 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3IJiTT4022356 for ; Tue, 18 Apr 2006 12:44:29 -0700 (MST) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.7); Tue, 18 Apr 2006 12:44:29 -0700 Received: from [192.168.2.164] ([63.251.255.85]) by keys.merrymeet.com (PGP Universal service); Tue, 18 Apr 2006 12:44:29 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Tue, 18 Apr 2006 12:44:29 -0700 In-Reply-To: <20060110222044.GA3165@jabberwocky.com> References: <20060110222044.GA3165@jabberwocky.com> Mime-Version: 1.0 (Apple Message framework v749.3) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <0E9FEED1-3766-4161-B5AB-D8DC3182C001@callas.org> Cc: ietf-openpgp@imc.org Content-Transfer-Encoding: 7bit From: Jon Callas Subject: Re: Armor text change Date: Tue, 18 Apr 2006 12:44:37 -0700 To: David Shaw X-Mailer: Apple Mail (2.749.3) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On 10 Jan 2006, at 2:20 PM, David Shaw wrote: > > Here's two suggested language changes that flow from the recent > discussion of armor: > > ******* > > Section 6.2. Forming ASCII Armor has a sentence that reads: > > The header lines, therefore, MUST start at the beginning of a > line, and > MUST NOT have text following them on the same line. > > Suggest to change it to: > > The header lines, therefore, MUST start at the beginning of a > line, and > MUST NOT have text other than whitespace following them on the > same line. > > (i.e. add "other than whitespace") > > Ben Laurie pointed out the rationale that since the point of ignoring > trailing whitespace in armored and clearsigned messages was to work > around transport systems like mail that may add whitespace, then it is > necessary to ignore whitespace on the header lines as well. > Done. > ******* > > This other change I do not feel particularly strongly about. It may > overspecify something that doesn't need it. In section 6.2. Forming > ASCII Armor, add something to the effect of: > > Note that some transport methods are sensitive to line length. > While there is a limit of 76 characters for the Radix-64 data > (section 6.3), there is no limit to the length of Armor Headers. > Care should be taken that the Armor Headers are short enough to > survive transport. One way to do this is to repeat an Armor Header > key multiple times with different values for each so that no one > line is overly long. > Done. Jon Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3IJdt5c022012; Tue, 18 Apr 2006 12:39:55 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3IJdt9M022011; Tue, 18 Apr 2006 12:39:55 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3IJds2a021997 for ; Tue, 18 Apr 2006 12:39:54 -0700 (MST) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.7) for ; Tue, 18 Apr 2006 12:39:51 -0700 Received: from [192.168.2.164] ([63.251.255.85]) by keys.merrymeet.com (PGP Universal service); Tue, 18 Apr 2006 12:39:51 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Tue, 18 Apr 2006 12:39:51 -0700 Mime-Version: 1.0 (Apple Message framework v749.3) In-Reply-To: <20051214135609.GA22783@jabberwocky.com> References: <20051214135609.GA22783@jabberwocky.com> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <59A2A036-CFF5-4C28-9B84-9345BD5EBC0F@callas.org> Content-Transfer-Encoding: 7bit From: Jon Callas Subject: Re: Secret key transport Date: Tue, 18 Apr 2006 12:40:00 -0700 To: OpenPGP X-Mailer: Apple Mail (2.749.3) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On 14 Dec 2005, at 5:56 AM, David Shaw wrote: > > Well into comically late in the game here, but a question recently > came up about the secret key transport format. Namely, is there one? > 2440bis has a public key transport format (the whole of section 10.1), > and the format of secret key and secret subkey packets is defined, but > there doesn't seem to be an analogue to section 10.1 for secret keys. > > For example, I've seen secret keys in this format: > > - Secret key packet > - User ID packet > - Selfsig on user ID > - Secret subkey packet > - Selfsig on subkey > > I've also seen secret keys in this format: > > - Secret key packet > - User ID packet > - Secret subkey packet > > (i.e. missing the selfsigs). > > The first example strikes me as preferable as there is a mild benefit > to having the secret key format parallel the public key format in that > an implementation can extract the public key from the secret key > automatically. The second example requires a public key to be sent in > addition to the secret key to get the selfsigs (while the selfsig on > the user ID is optional, the one on the subkey isn't). > > Either way, though, 2440bis seems silent on this subject. Is this > something that needs a line or two of text? Since no one has said anything in months, I'm declaring that the answer is, "no, this is not something that needs a line or two of text." Jon Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3IJWYsh021643; Tue, 18 Apr 2006 12:32:34 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3IJWYWK021642; Tue, 18 Apr 2006 12:32:34 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3IJWXEH021636 for ; Tue, 18 Apr 2006 12:32:33 -0700 (MST) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.7); Tue, 18 Apr 2006 12:32:33 -0700 Received: from [192.168.2.164] ([63.251.255.85]) by keys.merrymeet.com (PGP Universal service); Tue, 18 Apr 2006 12:32:33 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Tue, 18 Apr 2006 12:32:33 -0700 In-Reply-To: <20051205195016.GA24566@jabberwocky.com> References: <20051205195016.GA24566@jabberwocky.com> Mime-Version: 1.0 (Apple Message framework v749.3) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <77D11CDB-E3D7-451F-BC00-9BC1C044D23A@callas.org> Cc: ietf-openpgp@imc.org Content-Transfer-Encoding: 7bit From: Jon Callas Subject: Re: Other -15 comments Date: Tue, 18 Apr 2006 12:32:42 -0700 To: David Shaw X-Mailer: Apple Mail (2.749.3) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On 5 Dec 2005, at 11:50 AM, David Shaw wrote: > > 5.5.2. Public Key Packet Formats says "Third, there are minor > weaknesses in the MD5 hash algorithm that make developers prefer other > algorithms." Suggest dropping the word "minor". > Done. > ***** > > Section 5.5.2. Public Key Packet Formats says: > > V3 keys are deprecated; an implementation SHOULD NOT generate a V3 > key, but MAY accept it. > > but section 11.1. Key Structures says: > > V3 keys are deprecated. Implementations MUST NOT generate new V3 > keys, but MAY continue to use existing ones. > > These can't both be correct. I lean towards MUST NOT here, > personally. > It says MUST NOT in both places. I did some more tidying in the same place. (There's no point in saying you MUST create a V3 key with RSA, if you MUST NOT create one, for example.) > ***** > > The first two paragraphs in section 6.4. Decoding Radix-64 contradict > each other. The first says that all non-radix-64 characters must be > ignored. The second says that non-radix-64 characters probably > indicate a transmission error, "about which a warning message or even > a message rejection might be appropriate under some circumstances". > > Suggest going with the second. > Done. There's one paragraph now: In Radix-64 data, characters other than those in the table, line breaks, and other white space probably indicate a transmission error, about which a warning message or even a message rejection might be appropriate under some circumstances. Decoding software must ignore all white space. Jon Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3IJIOBg020470; Tue, 18 Apr 2006 12:18:24 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3IJIOP4020469; Tue, 18 Apr 2006 12:18:24 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3IJINdZ020463 for ; Tue, 18 Apr 2006 12:18:23 -0700 (MST) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.7) for ; Tue, 18 Apr 2006 12:18:23 -0700 Received: from [192.168.2.164] ([63.251.255.85]) by keys.merrymeet.com (PGP Universal service); Tue, 18 Apr 2006 12:18:23 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Tue, 18 Apr 2006 12:18:23 -0700 Mime-Version: 1.0 (Apple Message framework v749.3) In-Reply-To: <20051012160434.GA3562@jabberwocky.com> References: <20051012160434.GA3562@jabberwocky.com> Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <34A08881-FDAB-4B55-B525-906FEC939354@callas.org> Content-Transfer-Encoding: 7bit From: Jon Callas Subject: Re: Human-readable notation language Date: Tue, 18 Apr 2006 12:18:30 -0700 To: OpenPGP X-Mailer: Apple Mail (2.749.3) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On 12 Oct 2005, at 9:04 AM, David Shaw wrote: > To my reading, this says more or less, "this is a note from one person > to another except when it isn't". Especially given such notations as > preferred-email-encoding@pgp.com which are always human-readable, I > suggest this: > > First octet: 0x80 = human-readable. This note value is text. > > It's just simpler. > Just to be clear, this change is in. Jon Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3IJGO2X020296; Tue, 18 Apr 2006 12:16:24 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3IJGOSO020295; Tue, 18 Apr 2006 12:16:24 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3IJGNpY020288 for ; Tue, 18 Apr 2006 12:16:23 -0700 (MST) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.7); Tue, 18 Apr 2006 12:16:22 -0700 Received: from [192.168.2.164] ([63.251.255.85]) by keys.merrymeet.com (PGP Universal service); Tue, 18 Apr 2006 12:16:22 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Tue, 18 Apr 2006 12:16:22 -0700 In-Reply-To: <434CED6F.7070709@systemics.com> References: <20051012070713.38B2957EFB@finney.org> <434CED6F.7070709@systemics.com> Mime-Version: 1.0 (Apple Message framework v749.3) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <4705FF74-43E1-4893-994A-C317CD1FF465@callas.org> Cc: Hal Finney , ietf-openpgp@imc.org Content-Transfer-Encoding: 7bit From: Jon Callas Subject: Re: Multiple signatures in clearsigned messages (was Re: Cleartext Signatures) Date: Tue, 18 Apr 2006 12:16:29 -0700 To: Ian G X-Mailer: Apple Mail (2.749.3) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On 12 Oct 2005, at 4:03 AM, Ian G wrote: > I would prefer the disclaimer to vaguery to be > at the beginning because that's how lawyers like > it. So, Something like this: > > 5.2.1. Signature Types > > There are a number of possible meanings for a signature, which > may be indicated in a signature type octet in any given signature. > Please note that the vagueness of these meanings is > not a flaw, but a feature of the system. Because OpenPGP places > final authority for validity upon the receiver of a > signature, it may be that one signer's casual > act might be more rigorous than some other authority's > positive act. > > These meanings are: > That's in -16 now. Jon Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3IJ9aZQ018931; Tue, 18 Apr 2006 12:09:36 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3IJ9aE6018930; Tue, 18 Apr 2006 12:09:36 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3IJ9Zbm018924 for ; Tue, 18 Apr 2006 12:09:36 -0700 (MST) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.7) for ; Tue, 18 Apr 2006 12:09:35 -0700 Received: from [192.168.2.164] ([63.251.255.85]) by keys.merrymeet.com (PGP Universal service); Tue, 18 Apr 2006 12:09:35 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Tue, 18 Apr 2006 12:09:35 -0700 Mime-Version: 1.0 (Apple Message framework v749.3) In-Reply-To: <87psqa6ds2.fsf@wheatstone.g10code.de> References: <20051011222500.0352B57EF9@finney.org> <20051012025034.GA5034@jabberwocky.com> <87psqa6ds2.fsf@wheatstone.g10code.de> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: Jon Callas Subject: Re: Signature calculation language Date: Tue, 18 Apr 2006 12:09:42 -0700 To: OpenPGP X-Mailer: Apple Mail (2.749.3) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On 12 Oct 2005, at 6:55 AM, Werner Koch wrote: > > On Tue, 11 Oct 2005 22:50:34 -0400, David Shaw said: > >> I support making 0x19 backsigs a MUST. > > I concur with David. I am actually a heavy user of signing subkeys > because they allow to keep the primary key offline. > I also added an implementation nit: The 0x19 back signatures were not required for signing subkeys until relatively recently. Consquently, there may be keys in the wild that do not have these back signatures. Implementing software may handle these keys as it sees fit. Jon Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3IIxPVU018381; Tue, 18 Apr 2006 11:59:25 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3IIxPpA018380; Tue, 18 Apr 2006 11:59:25 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3IIxOkt018373 for ; Tue, 18 Apr 2006 11:59:24 -0700 (MST) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.7) for ; Tue, 18 Apr 2006 11:59:23 -0700 Received: from [192.168.2.164] ([63.251.255.85]) by keys.merrymeet.com (PGP Universal service); Tue, 18 Apr 2006 11:59:23 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Tue, 18 Apr 2006 11:59:23 -0700 Mime-Version: 1.0 (Apple Message framework v749.3) In-Reply-To: <87psqa6ds2.fsf@wheatstone.g10code.de> References: <20051011222500.0352B57EF9@finney.org> <20051012025034.GA5034@jabberwocky.com> <87psqa6ds2.fsf@wheatstone.g10code.de> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: Jon Callas Subject: Re: Signature calculation language Date: Tue, 18 Apr 2006 11:59:32 -0700 To: OpenPGP X-Mailer: Apple Mail (2.749.3) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On 12 Oct 2005, at 6:55 AM, Werner Koch wrote: > > On Tue, 11 Oct 2005 22:50:34 -0400, David Shaw said: > >> I support making 0x19 backsigs a MUST. > > I concur with David. I am actually a heavy user of signing subkeys > because they allow to keep the primary key offline. > Section 10.1 says: Each Subkey packet MUST be followed by one Signature packet, which should be a subkey binding signature issued by the top level key. For subkeys that can issue signatures, the subkey binding signature MUST contain an embedded signature subpacket with a primary key binding signature (0x19) issued by the subkey on the top level key. And I think this does make it a MUST. If there should be anything else (or this is wrong, unclear, etc.), just let me know. Jon Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3CELnkc070361; Wed, 12 Apr 2006 07:21:49 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3CELnOc070360; Wed, 12 Apr 2006 07:21:49 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from ns1.cpanel.btnaccess.com (ns1.cpanel.btnaccess.com [205.177.121.2]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3CELltt070353 for ; Wed, 12 Apr 2006 07:21:48 -0700 (MST) (envelope-from robholliday@isocore.com) Message-Id: <200604121421.k3CELltt070353@balder-227.proper.com> Received: from [65.213.193.6] (helo=ISODELL001) by ns1.cpanel.btnaccess.com with esmtp (Exim 4.52) id 1FTgE4-00086P-SL for ietf-openpgp@imc.org; Wed, 12 Apr 2006 10:21:45 -0400 From: "Robert Holliday" To: Subject: On-line Registration Closing Sunday Date: Wed, 12 Apr 2006 10:21:41 -0400 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0038_01C65E1A.E3EDC910" X-Mailer: Microsoft Office Outlook, Build 11.0.5510 Thread-Index: AcZePGrSOO1hlu3gRXWTkZHRX2lUJQ== X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - ns1.cpanel.btnaccess.com X-AntiAbuse: Original Domain - imc.org X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [47 12] X-AntiAbuse: Sender Address Domain - isocore.com X-Source: X-Source-Args: X-Source-Dir: Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: This is a multi-part message in MIME format. ------=_NextPart_000_0038_01C65E1A.E3EDC910 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit This week is the last chance for attendees to register online for the International Conference on Network Security. For those interested in registering before time runs out please go to: www.networksecurity2006.com Conference Program Monday, April 17 TECHNICAL SESSIONS AND PANELS 8:45 - 10:30 am Opening Session Chair: Guy Copeland VP and Assistant to the President, CSC . Introduction Guy Copeland . Keynote Speech Andy Purdy Department of Homeland Security . Issues in Wiretapping Technologies Matt Blaze University of Pennsylvania Break (10:30 - 10:45 am) 10:45 am - 12:30 pm Panel: User Authentication Technologies Chair: Radia Perlman Sun Microsystems . PKI: It's not that hard. Why don't we have it? Charlie Kaufman Microsoft . Web Services/Liberty Approach to Single Sign-on Gerald Beuchelt Sun Microsystems . Is the Identity-based Crypto the Best Solution? Terence Spies Voltage Security . PKI: Let's Make it Happen! Bill Burr NIST . SAML Comparison to Kerberos to Support a Centralized Authoritative Source for Authentication Hank Simon Lockheed Martin Lunch (12:30 - 1:45 pm) 1:45 - 3:00 pm Mesh Network Security Chair: Russ Housley Vigil Security, LLC . Status of 802.11 Mesh and Security Donald Eastlake III Motorola . Security Issues in 802.11s William Arbaugh, UMD Jesse Walker, Intel . More on 802.11s Robert Moskowitz ICSA Labs, Cybertrust Break (3:00 - 3:15 pm) 3:15 - 4:30 pm Defending Against Denial of Service Chair: Jim Hughes Sun Microsystems . Surviving Denial of Service Andy Ellis Akamai . MITHRIL: Adaptable Security for Survivability in Collaborative Computing Sites Von Welch, NCSA Jim Basney, NCSA Himanshu Khurana, NCSA . Investigating the Impact of Real-World Factors on Internet Worm Propagation Xiaoyan Hong University of Alabama 4:30 - 5:30 pm Panel: Legislative Aspects of Security . Pat Schambach Nortel . Robert Dix Jr. Citadel Security Software . Michael Aisenberg Verisign . John Morris Center for Democracy & Technology 5:30 - 6:30 pm Reception 6:45 - 7:45 pm Tutorial: Network Incident Response Presenter: Richard Bejtlich Tao Security Tuesday, April 18 TECHNICAL SESSIONS AND PANELS 9:00 - 10:30 am Software Security Chair: Charlie Kaufman Microsoft . Why Software Breaks Andrew Lee Eset . Federal Standards and Guidelines Developed by NIST Stuart Katzke NIST . Impact of NSTISSP-11 on the Current Certification Climate for Products and Technology Keith Beatty SAIC . How can we make products and deployments more secure? Eric Cole Lockheed Martin Break (10:30 - 10:45 am) 10:45 am - 12:30 pm Network Security Protocol Issues Chair: Hilarie Orman Purple Streak, Inc. . Introduction and Comparison of IPv4 Address Resolution Protocol, ICMP Router Discovery and ICMP Redirect; and IPv6 Neighbor Discovery Protocol Security Issues Michael Wasielewski Lockheed-Martin . The ability for the Warfighter to share critical information across and between networks without leakage Adele Friedel Tenix America . Availability and Security Tradeoffs Arun Sood Task Technologies Ltd. . Firewall Traversal: Security and Scalability David McGrew Cisco Systems . Updates on IETF Security Related Working Groups Sam Hartman MIT Russ Housley Vigil Security Lunch (12:30 - 1:45 pm) 1:45 - 3:00 pm Security for Wireless and Internet Mobility Chair: Bijan Jabbari Isocore . Optimizations to Support Secure AP Transitions in 802.11 WLANs Jesse Walker Intel . 3GPP2 Network Firewall Configuration and Control Michael Paddon Qualcomm . Proactive EAP-based handover key management for mobile wireless users Madjid Nakhjiri Motorola Break (3:00 - 3:15 pm) 3:15 - 4:30 pm Panel: Internet Infrastructure Security Chair: Hilarie Orman Purple Streak, Inc. . MPLS VPN Security Harmen van der Linde Cisco Systems . DHS and Internet Infrastructure Security Marcus Sachs SRI . Routing Security Sandra Murphy Sparta . Why Routing Protocol Security isn't Seeing Wide Adoption Russ White Cisco Systems 4:30 - 5:30 pm Web Browser Security Moderator: Darren Moffat Sun Microsystems . The Sad State of Evolution of Interface to User Security with a Focus on the Web Browser Eric Greenberg Netframeworks . XML: Salvation or Struggle Donald Eastlake III Motorola . Web Browser Security Frameworks Perry Metzger Piermont . Issues in Web Browser Security Sam Hartman MIT Wednesday, April 19 TECHNICAL SESSIONS AND PANELS 9:00 - 10:30 am DNS Security Chair: Donald Eastlake III Motorola . Why isn't DNS security deployed, and would we be safer if it was? Charlie Kaufman Microsoft . DNSSEC and FISMA Scott Rose NIST . DNS Security Stuart Schechter Lincoln Laboratory . The Registry Perspective on DNSSEC Matt Larson Verisgn Break (10:30 - 10:45 am) 10:45 am - 12:30 pm Panel: Trusted Platforms Chair: Radia Perlman Sun Microsystems . Trusted Computing: Towards Safe Computing Environments Tom Hardjono SignaCert . A use for TPM Technology in Routing Infrastructure Andy Ellis Akamai . Issues in TPM Technology Ned Smith Intel . An Outsider's Perspective on TPM Russ Housley Vigilsec ------=_NextPart_000_0038_01C65E1A.E3EDC910 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

 

This week is the last chance for attendees to = register online for the International Conference on Network Security.  For = those interested in registering before time runs out please go to:  www.networksecurity2006.com<= /a>

 

Conference Program =

 

Monday, April 17

TECHNICAL SESSIONS AND PANELS 

 

8:45 - 10:30 am

Opening Session

Chair: Guy Copeland

VP and Assistant to the President, = CSC

 

· Introduction

Guy Copeland

 

· Keynote Speech

Andy Purdy

Department of Homeland Security

 

· Issues in Wiretapping Technologies =

Matt Blaze

University of = Pennsylvania

 

Break (10:30 – 10:45 am)

 

10:45 am - 12:30 pm

Panel: User Authentication = Technologies

Chair: Radia Perlman

Sun Microsystems

 

· PKI: It's not that hard. Why don't we have = it?

Charlie Kaufman

Microsoft

 

· Web Services/Liberty Approach to Single = Sign-on

Gerald Beuchelt

Sun Microsystems

 

· Is the Identity-based Crypto the Best = Solution?

Terence Spies

Voltage Security

 

· PKI: Let’s Make it Happen! =

Bill Burr

NIST

 

· SAML Comparison to Kerberos to Support a = Centralized Authoritative Source for Authentication

Hank Simon

Lockheed Martin

 

Lunch (12:30 – 1:45 pm)

 

1:45 - 3:00 pm

Mesh Network Security

Chair: Russ Housley

Vigil Security, LLC

 

· Status of 802.11 Mesh and Security =

Donald Eastlake III

Motorola

 

· Security Issues in 802.11s =

William Arbaugh, UMD

Jesse Walker, Intel

 

· More on 802.11s

Robert Moskowitz

ICSA Labs, Cybertrust

 

Break (3:00 – 3:15 pm)

 

3:15 - 4:30 pm

Defending Against Denial of Service =

Chair: Jim Hughes

Sun Microsystems

 

· Surviving Denial of = Service

Andy Ellis

Akamai

 

· MITHRIL: Adaptable Security for = Survivability in Collaborative Computing Sites

Von Welch, NCSA

Jim Basney, NCSA

Himanshu Khurana, NCSA

 

· Investigating the Impact of Real-World = Factors on Internet Worm Propagation

Xiaoyan Hong

University of = Alabama

 

4:30 - 5:30 pm

Panel: Legislative Aspects of Security =

 

· Pat Schambach

Nortel

 

· Robert Dix Jr.

Citadel Security Software

 

· Michael Aisenberg

Verisign

 

· John Morris

Center for Democracy & = Technology

 

5:30 - 6:30 pm

Reception

 

6:45 - 7:45 pm

Tutorial: Network Incident Response =

Presenter: Richard Bejtlich

Tao Security

 

Tuesday, April 18

TECHNICAL SESSIONS AND PANELS

 

9:00 - 10:30 am

Software Security

Chair: Charlie Kaufman

Microsoft

 

· Why Software Breaks

Andrew Lee

Eset

 

· Federal Standards and = Guidelines

Developed by NIST

Stuart Katzke

NIST

 

· Impact of NSTISSP-11 on the = Current

Certification Climate for Products and =

Technology

Keith Beatty

SAIC

 

· How can we make products = and

deployments more secure?

Eric Cole

Lockheed Martin

 

Break (10:30 – 10:45 am)

 

10:45 am - 12:30 pm

Network Security Protocol Issues

Chair: Hilarie Orman

Purple Streak, Inc.

 

· Introduction and Comparison of IPv4 Address = Resolution Protocol, ICMP Router Discovery and ICMP Redirect; and IPv6 Neighbor = Discovery Protocol Security Issues

Michael Wasielewski

Lockheed-Martin

 

· The ability for the Warfighter to share = critical information across and between networks without leakage

Adele Friedel

Tenix America

 

· Availability and Security Tradeoffs =

Arun Sood

Task Technologies Ltd.

 

· Firewall Traversal: Security and = Scalability

David McGrew

Cisco Systems

 

· Updates on IETF Security Related Working = Groups

Sam Hartman

MIT

Russ Housley

Vigil Security

 

Lunch (12:30 – 1:45 pm)

 

1:45 - 3:00 pm

Security for Wireless and Internet = Mobility

Chair: Bijan Jabbari

Isocore

 

· Optimizations to Support Secure AP = Transitions in 802.11 WLANs

Jesse Walker

Intel

 

· 3GPP2 Network Firewall Configuration and = Control

Michael Paddon

Qualcomm

 

· Proactive EAP-based handover key management = for mobile wireless users

Madjid Nakhjiri

Motorola

 

Break (3:00 – 3:15 pm)

 

3:15 - 4:30 pm

Panel: Internet Infrastructure = Security

Chair: Hilarie Orman

Purple Streak, Inc.

 

· MPLS VPN Security

Harmen van der Linde

Cisco Systems

 

· DHS and Internet Infrastructure = Security

Marcus Sachs

SRI

 

· Routing Security

Sandra Murphy

Sparta

 

· Why Routing Protocol Security isn't Seeing = Wide Adoption

Russ White

Cisco Systems

 

4:30 - 5:30 pm

Web Browser Security

Moderator: Darren Moffat

Sun Microsystems

 

· The Sad State of Evolution of Interface to = User Security with a Focus on the Web Browser

Eric Greenberg

Netframeworks

 

· XML: Salvation or Struggle

Donald Eastlake III

Motorola

 

· Web Browser Security Frameworks =

Perry Metzger

Piermont

 

· Issues in Web Browser = Security

Sam Hartman

MIT

 

Wednesday, April 19

TECHNICAL SESSIONS AND PANELS

 

9:00 - 10:30 am

DNS Security

Chair: Donald Eastlake III

Motorola

 

· Why isn't DNS security deployed, and would = we be safer if it was?

Charlie Kaufman

Microsoft

 

· DNSSEC and FISMA

Scott Rose

NIST

 

· DNS Security

Stuart Schechter

Lincoln Laboratory =

 

· The Registry Perspective on = DNSSEC

Matt Larson

Verisgn

 

Break (10:30 – 10:45 am)

 

10:45 am - 12:30 pm

Panel: Trusted Platforms

Chair: Radia Perlman

Sun Microsystems

 

· Trusted Computing: Towards Safe Computing = Environments

Tom Hardjono

SignaCert

 

· A use for TPM Technology in Routing = Infrastructure

Andy Ellis

Akamai

 

· Issues in TPM Technology

Ned Smith

Intel

 

· An Outsider’s Perspective on = TPM

Russ Housley

Vigilsec

 

 

 

 

 

 

 

------=_NextPart_000_0038_01C65E1A.E3EDC910--