Minutes of the Open-PGP BOF Meeting
Reported by Rodney Thayer <rodney@sabletech.com> and Jeff Harrell <jeff@pgp.com>
There were approximately 100-150 people at the meeting. The roster was passed around and signed. Charles Breed, Dave Del Torto, and Jon Callas moderated the meeting.
There is a mailing list and a web site. To subscribe to the mailing list, send a message to ietf-open-pgp-request@imc.org with "subscribe" in the message body. The web site is at <http://www.imc.org/ietf-open-pgp>. There is one draft published now, draft-ietf-pgp-formats00.txt, located in the email archive at the web site.
Charles Breed did a presentation on the reasoning behind PGP, Inc. wanting to release control to the IETF standards process. It was made clear that the three representatives from PGP, Inc. were speaking as representatives and not simply as individuals.
There was a presentation and discussion of what this WG would do. The goals are to draft a description of the PKI details, message formats, and algorithm choices to be used with the PGP technology. It was stated that the intent is that this WG would learn from recent experiences of other IETF WG's with respect to goals and process, specifically the TLS and IPsec groups. It was estimated that the WG process would take 18-24 months, possibly sooner.
Possible Extensions/Additional Functionality:
· message format
· use of new algorithms
· cert structure
· enhanced PKI
· Trust model extensions
· the name of the final spec ("open pgp" is the working name)
· X.509 interoperability
· structure of PGP id strings
· MIME rfc 2015 integration
It was asked if we need an API and this was discussed some, it was concluded this is a point for discussion since there was not consensus either way as to it's relevance, and was to move to the list.
We then had a (lengthy) discussion of why the IETF should have a third PKI-related working group, the other two being PKIX and SPKI. The Area Director spoke up and explained that these all have different goals, the goal of Open-PGP relating to immediate deployment, etc.
The proposed charter was then discussed. There was some debate about the "strong cryptography" references in the charter. Rodney Thayer said the group should document what we mean by 'strong' and 'weak.' Charles said roughly that 40-bit crypto is weak, and 128-bit is strong, this will be moved to the list.
It was discussed that the PGP technology (certs, functions, PKI) can be used for many things other than just internet mail; such as real time client authentication for SSL; store and forward like EDI, and file encryption.
Question on what 'freely available and unencumbered' algorithms are; Charles answered no trademarks or copyrights; proven strong algorithms without royalties/contracts; DH (ElGamal variant), etc.
Question on what we mean by the term 'PGP,' what are we doing to make the PGP system itself unencumbered (since it uses RSA/IDEA, etc.); we've been concerned with that too. Now uses CAST/DSA/DH, which are unencumbered (it seemed that the audience was not aware of this and was pleased. We're already addressing that, and need to document that now so others can interoperate. We will continue to document extensions to PGP. Plan is that in 18-24 months, the group will be satisfied with Open-PGP as a system. Jon said we need to get questions and ideas in now because it will be harder once it's a standard, 'before the concrete sets.'
Concern was raised that Open-PGP 'mutating into an unmanageable beast.' Group discussion resulted in, "It's not, we're trying to extend the install base. Adding trust model extensions; refinements, is a natural progression, not a total rewrite."
Support voiced from various people; good move to Open-PGP; PGP is a used product; it has had success in the past. Would like to see timestamping, trusted 3rd parties signing with PGP formats (VeriSign, etc.)
Jeff Schiller asked, "how many people think we need to worry about a solution that will meet regulations in all countries?" Not many people raised their hands, and Jeff said we should move forward without worrying about government policies.
We should strive for flexibility; MUST INEROPERATE (says Jeff S.)
Charles talked about message recovery being better than key escrow, a suitable technical solution. Upon public key pair creation, it can be required to have the key bound to another half from the corporation or entity so that both outbound and inbound messages can be read by the corporation or government entity.
Goal is a deployable, usable spec which is implementable in a 'reasonable time,' overwhelming response.
The AD queried the audience and there was overwhelming agreement that there should be an Open PGP Working Group.