openpgp A. Gallagher, Ed.
Internet-Draft PGPKeys.EU
Updates: 9580 (if approved) 3 February 2025
Intended status: Standards Track
Expires: 7 August 2025
GREASE Code Points in OpenPGP
draft-gallagher-openpgp-grease-00
Abstract
This document reserves code points in various OpenPGP registries for
use in interoperability testing, by analogy with GREASE in TLS.
About This Document
This note is to be removed before publishing as an RFC.
The latest revision of this draft can be found at
https://andrewgdotcom.gitlab.io/openpgp-grease. Status information
for this document may be found at https://datatracker.ietf.org/doc/
draft-gallagher-openpgp-grease/.
Discussion of this document takes place on the OpenPGP Working Group
mailing list (mailto:openpgp@ietf.org), which is archived at
https://mailarchive.ietf.org/arch/browse/openpgp/. Subscribe at
https://www.ietf.org/mailman/listinfo/openpgp/.
Source for this draft and an issue tracker can be found at
https://gitlab.com/andrewgdotcom/openpgp-grease.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on 7 August 2025.
Gallagher Expires 7 August 2025 [Page 1]
�
Internet-Draft pgp-grease February 2025
Copyright Notice
Copyright (c) 2025 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document. Code Components
extracted from this document must include Revised BSD License text as
described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Revised BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Conventions and Definitions . . . . . . . . . . . . . . . . . 2
3. Reservation of PGP-GREASE Code Points . . . . . . . . . . . . 3
4. Usage of PGP-GREASE Code Points . . . . . . . . . . . . . . . 5
4.1. Certificates . . . . . . . . . . . . . . . . . . . . . . 5
4.2. Messages . . . . . . . . . . . . . . . . . . . . . . . . 6
5. Security Considerations . . . . . . . . . . . . . . . . . . . 6
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7
7. References . . . . . . . . . . . . . . . . . . . . . . . . . 7
7.1. Normative References . . . . . . . . . . . . . . . . . . 7
7.2. Informative References . . . . . . . . . . . . . . . . . 7
Appendix A. Acknowledgments . . . . . . . . . . . . . . . . . . 7
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 8
1. Introduction
GREASE [RFC8701] is an existing specification to ensure forwards
compatibility of assigned code points in TLS. We wish to specify a
similar mechanism for OpenPGP. This will be particularly useful in
the OpenPGP Interoperability Test Suite [INTEROP], but is not
restricted to controlled environments. It is expected that
implementations will include PGP-GREASE code points in real-world
artifacts on an ongoing basis, to encourage forwards-compatible
coding across multiple implementations.
2. Conventions and Definitions
The term "OpenPGP Certificate" is used in this document
interchangeably with "OpenPGP Transferable Public Key", as defined in
Section 10.1 of [RFC9580].
Gallagher Expires 7 August 2025 [Page 2]
�
Internet-Draft pgp-grease February 2025
For avoidance of confusion with GREASE in TLS, we will use the term
"PGP-GREASE" for the equivalent mechanism in OpenPGP.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in
BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
3. Reservation of PGP-GREASE Code Points
We assign the following one-octet code points to PGP-GREASE:
+==========+======================+==========================+
| Sequence | Code Point (Decimal) | Code Point (Hexadecimal) |
+==========+======================+==========================+
| 1 | 123 | 0x7b |
+----------+----------------------+--------------------------+
| 2 | 44 | 0x2c |
+----------+----------------------+--------------------------+
| 3 | 55 | 0x37 |
+----------+----------------------+--------------------------+
| 4 | 66 | 0x42 |
+----------+----------------------+--------------------------+
| 5 | 77 | 0x4d |
+----------+----------------------+--------------------------+
| 6 | 88 | 0x58 |
+----------+----------------------+--------------------------+
| 7 | 99 | 0x63 |
+----------+----------------------+--------------------------+
| 8 | 111 | 0x6f |
+----------+----------------------+--------------------------+
Table 1: OpenPGP GREASE Code Points
These code points will be reserved for PGP-GREASE in the following
registries:
Gallagher Expires 7 August 2025 [Page 3]
�
Internet-Draft pgp-grease February 2025
+==================================================+=======+
| Registry Name | Notes |
+==================================================+=======+
| OpenPGP String-to-Key (S2K) Types | (1) |
+--------------------------------------------------+-------+
| OpenPGP User Attribute Subpacket Types | |
+--------------------------------------------------+-------+
| OpenPGP Image Attribute Encoding Format | |
+--------------------------------------------------+-------+
| OpenPGP Signature Subpacket Types | (2) |
+--------------------------------------------------+-------+
| OpenPGP Reason for Revocation (Revocation Octet) | (1) |
+--------------------------------------------------+-------+
| OpenPGP Public Key Algorithms | |
+--------------------------------------------------+-------+
| OpenPGP Symmetric Key Algorithms | |
+--------------------------------------------------+-------+
| OpenPGP Hash Algorithms | |
+--------------------------------------------------+-------+
| OpenPGP Compression Algorithms | |
+--------------------------------------------------+-------+
| OpenPGP Secret Key Encryption (S2K Usage Octet) | (3) |
+--------------------------------------------------+-------+
| OpenPGP Signature Types | |
+--------------------------------------------------+-------+
| OpenPGP Image Attribute Versions | |
+--------------------------------------------------+-------+
| OpenPGP AEAD Algorithms | |
+--------------------------------------------------+-------+
| OpenPGP Key and Signature Versions | |
+--------------------------------------------------+-------+
Table 2: OpenPGP GREASE Registries
1. The use of PGP-GREASE code points in the String-to-Key Types and
Reason for Revocation registries is not currently specified,
however the code points will be reserved for consistency.
2. When PGP-GREASE code points from the Signature Subpacket Types
registry are used, the critical bit MUST NOT be set.
3. All code points allocated in the Symmetric Key Algorithms
registry are automatically also allocated in the S2K Usage Octet
registry.
Due to the smaller number of allocatable code points (63) in the
OpenPGP Packet Types registry, most PGP-GREASE values cannot be used
as Packet Types. In addition, implementations pre-dating [RFC9580]
Gallagher Expires 7 August 2025 [Page 4]
�
Internet-Draft pgp-grease February 2025
are not required to ignore unknown packet types. A Marker packet
(Section 5.8 of [RFC9580]) SHOULD therefore be used instead. Packet
Types 44 and 55 MAY be used if it is known that the receiving
implementation supports [RFC9580].
Note that [INTEROP] currently uses signature version 23 as a de-facto
GREASE code point. This is intentionally not included here, as we
prefer code points that are available for reservation across multiple
registries.
4. Usage of PGP-GREASE Code Points
An implementation MAY insert dummy packets or subpackets into
otherwise valid packet sequences. It MAY also include dummy code
points in preference lists. The data section of dummy packets and
subpackets SHOULD contain only the ten octets "PGP-GREASE", in UTF-8
encoding. All other fields of dummy packets and subpackets SHOULD
correspond to those of a real packet or subpacket.
A generating implementation SHOULD choose code points
deterministically, while ensuring that all PGP-GREASE code points are
eventually used.
(TODO: how often should we add GREASE?)
A receiving implementation MUST gracefully ignore unknown code points
when required to by [RFC9580], including PGP-GREASE code points. It
MUST NOT treat PGP-GREASE code points any differently from other
unknown code points; this includes detecting or indicating the
presence of PGP-GREASE code points.
PGP-GREASE codepoints MAY be used in either certificates or messages.
Since existing legacy implementations have not consistently followed
the requirement to ignore unknown code points, a generating
implementation is RECOMMENDED to introduce PGP-GREASE code points
gradually, over several release cycles. This should ensure that
legacy receiving implementations are not overwhelmed by errors in a
short period of time.
4.1. Certificates
An implementation MAY use PGP-GREASE codepoints in the following
certificate contexts:
* Dummy algorithm IDs in algorithm-preference signature subpackets
(subpacket types 11, 21, 22, and 39).
Gallagher Expires 7 August 2025 [Page 5]
�
Internet-Draft pgp-grease February 2025
* Signature subpacket IDs of dummy signature subpackets, in either
the hashed or unhashed area.
* User attribute subpacket types, versions and encoding formats of
dummy user attribute subpackets.
* Packet versions and algorithm IDs in dummy subkey packets.
* Signature and hash algorithm IDs and signature version numbers in
dummy third-party certification signatures.
* Hash algorithm IDs in dummy self-signatures.
* Packet and signature types in dummy packets.
A generating implementation MAY also generate dummy primary keys with
PGP-GREASE version numbers or algorithm IDs.
4.2. Messages
An implementation MAY use PGP-GREASE codepoints in the following
message contexts:
* Signature subpacket IDs of dummy signature subpackets in the
hashed or unhashed signature subpacket area.
* Signature and hash algorithm IDs and signature version numbers in
dummy document signature packets and their corresponding OPS
packets.
* Packet and signature types in dummy packets.
Note that when an OPS packet is present, any PGP-GREASE code points
it contains MUST be duplicated in the corresponding signature packet.
5. Security Considerations
Legacy implementations that do not properly ignore unknown code
points will experience failures; this is intentional. None of these
failures should have security consequences in themselves, unless
other coding errors are present in the legacy implementation. While
this should result in increased security in the long term, exposing
such bugs may cause problems in the short term.
Gallagher Expires 7 August 2025 [Page 6]
�
Internet-Draft pgp-grease February 2025
Generating implementations are therefore RECOMMENDED to be cautious
in deploying PGP-GREASE initially. In particular, implementations
SHOULD NOT generate PGP-GREASE code points in production unless they
have been tested first in a controlled environment such as the
Interoperability Test Suite [INTEROP].
6. IANA Considerations
IANA is requested to allocate the code points listed in Table 1 in
each of the registries listed in Table 2, with the note "Reserved
(PGP-GREASE)" and a reference pointing to this document.
IANA is also requested to allocate code points 44 and 55 in the
"OpenPGP Packet Types" registry, with the note "Reserved (PGP-
GREASE)" and a reference pointing to this document.
7. References
7.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/rfc/rfc2119>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/rfc/rfc8174>.
[RFC9580] Wouters, P., Ed., Huigens, D., Winter, J., and Y. Niibe,
"OpenPGP", RFC 9580, DOI 10.17487/RFC9580, July 2024,
<https://www.rfc-editor.org/rfc/rfc9580>.
7.2. Informative References
[INTEROP] "OpenPGP Interoperability Test Suite", n.d.,
<https://tests.sequoia-pgp.org/>.
[RFC8701] Benjamin, D., "Applying Generate Random Extensions And
Sustain Extensibility (GREASE) to TLS Extensibility",
RFC 8701, DOI 10.17487/RFC8701, January 2020,
<https://www.rfc-editor.org/rfc/rfc8701>.
Appendix A. Acknowledgments
The author would like to thank Daniel Huigens for inspiring this
work.
Gallagher Expires 7 August 2025 [Page 7]
�
Internet-Draft pgp-grease February 2025
Author's Address
Andrew Gallagher (editor)
PGPKeys.EU
Email: andrewg@andrewg.com
Gallagher Expires 7 August 2025 [Page 8]