**Session Date/Time:** 20 Mar 2025 08:00 # openpgp ## Summary This OpenPGP working group session covered several chartered items including interoperability, post-quantum cryptography, persistent symmetric keys, and key replacement. Presentations detailed progress on RFC 9580 deployment, the status of the post-quantum draft, the use of persistent symmetric keys, and the development of a key replacement subpacket. Discussion included CNSA 2.0 compliance, HSM key export concerns, and key flag usage. The group discussed progressing the post-quantum draft to working group last call. ## Key Discussion Points * **RFC 9580 Interoperability:** Strong alignment between five implementations (PGPA, RNP, OpenPGPjs, OpenPGP.net and Sequoia) was reported. Issues with key servers (keys.org, mailvelope) and mail clients (ProtonMail, Delta Chat) accepting RFC 9580 certificates were discussed. * **Post-Quantum Crypto Draft:** Code points were assigned for signature and encryption algorithms. The CAM combiner was further aligned with LAMPS by eliminating ML Cam public key and ciphertext. CNSA 2.0 compliance was discussed and will be reviewed. * **Persistent Symmetric Keys:** Key flags for symmetric keys were discussed, particularly around "sign storage" and "sign communication". There was debate whether this distinction warranted changes to the TPK, or should simply be an API parameter. * **Key Replacement Subpacket:** The discussion focused on fallback strategies when a replacement key is recommended. Option zero, where fallback to the original key is always possible if supported, is the preferred path unless further objections are raised. * **HKP Update:** A versioned machine-readable API is being developed to address the shortcomings of the legacy HKP format. Authentication methods for keys-pgp.org are being investigated. * **OpenPGP Semantics:** New drafts regarding OpenPGP revocations, signatures, and attributes were presented, aiming to improve the specification and address ambiguities. ## Decisions and Action Items * **Post-Quantum Crypto Draft:** The working group tentatively agreed to proceed to working group last call after incorporating pending changes. Falco will review CNSA 2.0 requirements. * **Key Replacement Subpacket:** Andrew will relay the preference for option zero to the list and aim for a final decision soon. * **HKP:** Finalize authentication methods and potentially re-open call for adoption. ## Next Steps * Falco to prepare the post-quantum crypto draft for working group last call, taking into account CNSA 2.0 considerations. * Andrew to solicit final feedback on the key replacement subpacket fallback strategy on the mailing list. * Consider key selection strategy for the OpenPGP email summit. * Investigate scheduling an interim meeting before the next IETF meeting.