**Session Date/Time:** 28 Jul 2023 19:00 # openpgp ## Summary The OpenPGP working group meeting focused on the status of the crypto refresh draft and the potential rechartering of the working group. The group discussed various topics for inclusion in a recharter, including post-quantum cryptography, a stateless OpenPGP API (SOPP), automatic forwarding, persistent symmetric keys, cleanup of legacy issues, and web of trust. A deadline of the end of August was proposed for draft charter text, with a virtual interim meeting in mid-September to finalize the proposal. ## Key Discussion Points * **Crypto Refresh Status:** Draft 10 is the current version. Wire format and key derivation changes (specifically X25519 and X448) have been made since draft 08. Focus on updates to terminology and registry. The AD is reviewing the document and is on page 71 of a documented pub rec. Editorial merge requests are pending. * **Rechartering:** The group is considering rechartering to address new areas beyond the current charter. The group seems inclined to recharter. * **Post-Quantum Cryptography:** A presentation on integrating post-quantum cryptographic algorithms into OpenPGP was given. The group discussed whether to include work on both cam's and signatures in the recharter. The need for alignment on parameter sets with other IETF efforts (lamps, COSE, JOSE) was raised. * **Stateless OpenPGP API (SOPP):** The maintainer proposed including the SOPP in the charter to provide a minimalist high-level interface for OpenPGP implementations and interop testing. Minimalist interface encouraged. * **Automatic Forwarding:** Updates to the automatic forwarding draft were presented. Concerns were raised about the implications for the larger ecosystem, including the potential for surreptitious forwarding. * **Persistent Symmetric Keys:** A proposal to store symmetric key material in transferable private keys for use cases like backup and email archival was discussed. The proposal involved defining new public key algorithms (AAD and HMAC) and retconning existing packet semantics. * **Cleanup:** Discussion of potentially addressing legacy issues in OpenPGP, such as problems with the designated revoker subpacket, attestation signatures, incorrect user ID format specifications, and handling of hash algorithms in PGP/MIME messages. * **Web of Trust and Key Transparency:** Discussed the feasibility and challenges of integrating Web of Trust concepts with Key Transparency services and potential connections to supply chain security efforts (SKIT). Need for user interface isues to be in scope. * **WKD/HKP:** Discussion of WKD version 2 implementations and associated pipeline. ## Decisions and Action Items * **Rechartering:** The working group will proceed with developing a new charter. * **Charter Text:** Participants should submit proposed charter text to the GitLab repository by the end of August. * **Interim Meeting:** A virtual interim meeting will be scheduled for mid-September to finalize the charter proposal. * **SOPP:** The working group is inclined to include the SOPP in the charter. * **Action:** Chairs to follow up on the mailing list with goals for the charter text. * **Action:** Participants should consider potential charter text for all topics discussed and those they wish to be discussed during the rechartering process. * **Action:** Peter Kasselman to provide a pointer to pending BCP work related to QR codes. ## Next Steps * Chairs will send out a call on the mailing list for proposed charter text with a deadline. * Participants are encouraged to develop and share draft proposals for inclusion in the recharter. * The working group will hold a virtual interim meeting in mid-September to finalize the charter proposal.