**Session Date/Time:** 22 Jul 2024 16:30 # openpgp ## Summary This meeting covered several key topics including a crypto refresh update, reports on the OpenPGP email summit and PQC drafts, discussions on binding encryption to V6 keys, key migration strategies, persistent symmetric keys, and signature salt notations. Decisions were made regarding the order of presentations and further discussion on draft adoption. ## Key Discussion Points * **Crypto Refresh:** RFC 9580 is in the final stage before publication. * **Interoperability:** Implementers are encouraged to share implementation experiences, test vectors, and interoperability test suite ideas for adopted drafts and RFC 9580. * **OpenPGP Email Summit Report:** The summit focused on key migration, PQC integration, header protection, and key distribution methods, with a consensus that the "schism" between OpenPGP and LibrePGP is currently unresolvable. The importance of GnuPG has diminished for email clients. * **PQC Drafts (NIST & Brainpool curves):** Progress on specifying hybrid KEMs/signatures. Discussion on whether to wait for CFRG recommendations on KEM combiners. The working group would decide if the KDF/combiner should be NIST compliant. Implementers requested to have concrete milestone for PQ RFC to be stable end of the year. * **Binding Encryption to V6:** Discussion on whether PQC encryption keys should be exclusively bound to V6 keys, which has now been decided. * **Key Migration Strategy:** Automated transition between primary keys, utilizing self-signatures to discover replacement keys, with a directional relationship between fallback and preferred keys. Focus on minimizing wire format size and preventing logic bombs. * **Persistent Symmetric Keys:** Discussion on usage guidance, attestation of signature verification results, and partitioning of the algorithm ID space for symmetric algorithms. Falco raised the point to replace public keys with symmetric ones in case of high security level. * **Signature Salt Notation:** Exploration of adding a random salt to V4 signatures to protect against fault attacks, with consideration for length and binding to hash algorithms. ## Decisions and Action Items * **Presentation Order:** Open PGP draft, Open PQC draft, then Brainpool draft. * **Key Migration Strategy:** Andrew will schedule an interim meeting in September to address migration to V6 using link keys. * **PQC Draft Adoption:** Chairs to assess when a reasonable time is to issue a call for adoption, in a while. * **V6 Binding:** Authors will consider increasing V6 support and plan the binding to V6 in the next draft. The working group will decide if the KDF/combiner should be NIST compliant. ## Next Steps * Publish RFC 9580. * Andrew to schedule key migration interim meeting and make the schedule public. * Continue discussion on the mailing list regarding signature salt notation. * Chairs to evaluate when to issue a call for adoption of PQC draft. * WG to discuss call for adoption, the key and the potential values.