RFC Reading season, now OpenPGP

Wednesday, July 27, 2016

I just completed the first pass of yet another IETF format crate.

This crate was necessary to complete the first usable version of Pijul. The goal of this crate is to provide a parser for the OpenPGP format, as well as tools to write OpenPGP. Another goal is to make OpenPGP accessible to non-GPL projects, and make it work anywhere, independently of what is installed on the user’s system.

There is a longer explanation here. My personal conclusions are that I should probably stop using OpenPGP. There are several reasons for this:

  • The format (as described in RFC4880) is heavily underspecified. There is only one publicly-available implementation, GnuPG, and not all their packets comply with my interpretation of RFC 4880. Although GnuPG is really great, this situation a relatively important security threat IMHO.

  • What’s worse is that there are references to attacks in RFC 4880, but the links are not available, and there’s not even a synopsis of the attack.

Anyway, OpenPGP is still used by many people, and my crate was originally intended to use OpenPGP in Pijul. I’m not sure of this anymore, I believe I’d prefer to use an existing format like CBOR to encode the exact same information, and use non-legacy crypto to sign and encrypt keys.

As Pijul needs libsodium crypto anyway in its SSH part (Thrussh), I guess we could still use the same web of trust, only with a different format. And this crate could provide a tool to reencode to the new format.