WG Last Call is Closed

At 2:58 PM -0700 7/8/98, John  W. Noerenberg wrote:
>When Jon posts the -06 draft, we will consider it for one more week.  If
>there are no outstanding disputes, I'll declare it to be the consensus of
>the WG, and we'll invite the IESG to review it as a Proposed Standard.

One week has stretched into a month, but all issues appear to be resolved.
WG Last Call is closed.  A draft which incorporates the changes we've
discussed with be submitted to the IESG, as soon as possible.

I don't expect IESG action on it until after the August meeting, however.

john noerenberg
jwn2 <at> qualcomm.com
  ----------------------------------------------------------------------
  --if we are to be saved, it will not be by Romans but by saints.
  -- Thomas Cahill, "how the Irish Saved Civilization", 1995
  ----------------------------------------------------------------------

Re: WG Last Call is Closed

"John  W. Noerenberg" <jwn2 <at> qualcomm.com>:

>> When Jon posts the -06 draft, we will consider it for one more week.
[...]
> WG Last Call is closed.  A draft which incorporates the changes we've
> discussed with be submitted to the IESG, as soon as possible.

We just stumbled upon a bug in draft-ietf-openpgp-formats-06.txt.
The CRC-24 sample implementation given in the draft is as
follows:

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
6.1. An Implementation of the CRC-24 in "C"

       #define CRC24_INIT 0xb704ce
       #define CRC24_POLY 0x1864cfb

       typedef long crc24;
       crc24 crc_octets(unsigned char *octets, size_t len)
       {
           crc24 crc = CRC24_INIT;
           int i;

           while (len--) {
               crc ^= *octets++;
               for (i = 0; i < 8; i++) {
                   crc <<= 1;
                   if (crc & 0x1000000)
                       crc ^= CRC24_POLY;
               }

Last Call for openpgp toolkit, New Palm (OS 3) version

At www.cryptography.org I uploaded opgp99x.tgz which contains some minor
fixes.  It will be in the new directory, but eventually will be moved into
pgp/opgp.

I finally have a reasonable version that runs on the Palm III (or any with
OS 3.0).  It uses the clipboard to move data, and the address book to hold
the public keys (so you can beam them).  I don't have keysigning working
yet, but the structure is there and it is a priority to finish.  It also
handles all incoming algorithms (if the appropriate SSLeay libraries are
there), but sticks to 3DES/SHA1 for encryption.  This includes the
binaries for things not in the pilotSSLeay package, and source.

look for palmopgp10.tgz if you are interested in beta testing.

--- reply to tzeruch - at - ceddec - dot - com ---

Bug: Public-Key Encrypted Session Key Packets?

>5.1. Public-Key Encrypted Session Key Packets (Tag 1)
>...
>a two-octet checksum is appended which is equal to the
>sum of the preceding octets, including the algorithm
>identifier and session key, modulo 65536

The CRC doesn't seem to include the algorithm identifiers, at least in RSA
packets output by PGP 2.6.3i and 5.5i

Ian.

Re: Bug: Public-Key Encrypted Session Key Packets?

>>a two-octet checksum is appended which is equal to the
>>sum of the preceding octets, including the algorithm
>>identifier and session key, modulo 65536
>
>The CRC doesn't seem to include the algorithm identifiers, at least in RSA
>packets output by PGP 2.6.3i and 5.5i

That sentence should read something like "a two-octet checksum is appended
which is equal to the sum of the octets of the session key, modulo 65536".

Palm III (or PPw/OS3 upgrade) beta.

On Mon, 24 Aug 1998 dontspam-tzeruch <at> ceddec.com wrote:

> I finally have a reasonable version that runs on the Palm III (or any with
> OS 3.0).  It uses the clipboard to move data, and the address book to hold
> the public keys (so you can beam them).  I don't have keysigning working
> yet, but the structure is there and it is a priority to finish.  It also
> handles all incoming algorithms (if the appropriate SSLeay libraries are
> there), but sticks to 3DES/SHA1 for encryption.  This includes the
> binaries for things not in the pilotSSLeay package, and source.

palmopgp12.tgz - fixes include keysigning (you can now beam your business
card w/ PGP pubkey, I can sign it and beam the sig packet back as a memo -
PGP doesn't beam itself).  Memory fixes, so it can encrypt large messages,
the UI is better, but there are still debug messages.

If anyone (in the us or ca) has a Palm III, and is interested, give it a
try. 

42nd IETF OpenPGP agenda

I've managed to wait until the last possible second to publish this.  For
those who have been looking on the IETF agenda page in vain, I apologize.

I expect this to be a relatively short meeting.  Here is the outline:

Agenda Bashing 	5	 John Noerenberg
  In case anyone really wants to spend 2 hours on Friday morning at the end
of IETF week...

Formats		15	Jon Callas
  We're almost there.  Current status and next steps

ECC Addendum	15	Ted Rallis
  Consideration of Elliptic Curves

PGP/MIME	15	John Noerenberg
  Status and next steps

Wrap-up		5	John Noerenberg

For those of you in Chicago who see this before the meeting:

What are you doing up at this hour?  Don't you know we have a meeting in
the morning? <grin>

best,

john noerenberg
jwn2 <at> qualcomm.com
  ----------------------------------------------------------------------

(unknown)

A draft for Elliptic Curve extensions to OpenPGP:

Ted

______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com

A draft for Elliptic Curve extensions to OpenPGP:

Ted

______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com

(unknown)

A draft for Elliptic Curve extensions to OpenPGP:

______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com

OpenPGP Working Group                                        Ted Rallis
INTERNET-DRAFT                                     Certicom Corporation
Expires February 20, 1999                               August 20, 1998

                         ECC Update to OpenPGP
                 <draft-ietf-openpgp-ecc-formats-00.txt>

Status of this Memo

   This document is an Internet-Draft.  Internet-Drafts are working
   documents of the Internet Engineering Task Force (IETF), its areas,
   and its working groups.  Note that other groups may also distribute
   working documents as Internet-Drafts.

   Internet-Drafts are draft documents valid for a maximum of six
   months and may be updated, replaced, or obsoleted by other documents
   at any time.  It is inappropriate to use Internet-Drafts as
   reference material or to cite them other than as "work in progress."

   To view the entire list of current Internet-Drafts, please check the
   "1id-abstracts.txt" listing contained in the Internet-Drafts Shadow
   Directories on ftp.is.co.za (Africa), ftp.nordu.net (Northern
   Europe),  ftp.nis.garr.it (Southern Europe), munnari.oz.au (Pacific
   Rim), ftp.ietf.org (US East Coast), or ftp.isi.edu (US West Coast).

comments on the format 06 draft

Hi,

Here are comments on the format 06 draft.

(1) Sec 3.4

As I pointed out in the IETF meeting, this section would mislead
readers. Please clarify that UTF-8 is used for fields of PGP packets,
not for message itself. 

(2) Sec 6.2

It is nice if the following note is included:

	Note: PGP 2.x uses "BEGIN PGP MESSAGE" for detached 
	signatures.

This may be included in Sec 14.

This change must be clarified in the next draft of PGP/MIME since
PGP/MIME relies on detached signatures.

(3) Sec 6.2

Again, usage of UTF-8 should be clarified for "Charset".

(4) Sec 7

In the last item, "the ASCII armored signature" is a little bit
ambiguous. For readability, "BEGIN PGP SIGNATURE" should be explicitly