"Open-PGP" BOF Meeting Minutes for the 39th IETF 
                12 August 97 -- Munich

     Reported by Rodney Thayer <rodney@sabletech.com> 
     and Jeff Harrell <jeff@pgp.com>

           Open-PGP "Birds-of-a-Feather" Minutes

There were approximately 100-150 people at the meeting. The roster was 
passed around and signed. Charles Breed, Dave Del Torto, and Jon Callas 
moderated the meeting.

There is a mailing list and a web site.  To subscribe to the mailing list, 
send a message to ietf-open-pgp-request@imc.org with "subscribe" in the 
message body.  The web site is at <http://www.imc.org/ietf-open-pgp>.  
There is one draft published now, draft-ietf-pgp-formats00.txt, located 
in the email archive at the web site.

Charles Breed did a presentation on the reasoning behind PGP, Inc. wanting 
to release control to the IETF standards process. It was made clear that 
the three representatives from PGP, Inc. were speaking as representatives 
and not simply as individuals.

There was a presentation and discussion of what this WG would do.  The 
goals are to draft a description of the PKI details, message formats, and 
algorithm choices to be used with the PGP technology.  It was stated that 
the intent is that this WG would learn from recent experiences of other 
IETF WG's with respect to goals and process, specifically the TLS and 
IPsec groups.  It was estimated that the WG process would take 
18-24 months, possibly sooner.

Possible Extensions/Additional Functionality:
  message format
  use of new algorithms
  cert structure
  enhanced PKI
  Trust model extensions
  the name of the final spec ("open pgp" is the working name)
  X.509 interoperability
  structure of PGP id strings
  MIME rfc 2015 integration

It was asked if we need an API and this was discussed some, it was concluded 
this is a point for discussion since there was not consensus either way as 
to it's relevance, and was to move to the list.

We then had a (lengthy) discussion of why the IETF should have a third 
PKI-related working group, the other two being PKIX and SPKI.  The Area 
Director spoke up and explained that these all have different goals, the 
goal of Open-PGP relating to immediate deployment, etc.  

The proposed charter was then discussed.  There was some debate about the 
"strong cryptography" references in the charter. Rodney Thayer said group 
should document what we mean by 'strong' and 'weak'. Charles said roughly 
that 40 bit crypto is weak, 128 bit is strong, this will be moved to the 
list.

It was discussed that the PGP technology (certs, functions, PKI) can be 
used for many things other than just internet mail; such as real time 
client authentication for SSL; store and forward like EDI, 
and file encryption.

Question on what 'freely available & unencumbered' algorithms are; Charles 
answered no trademarks or copyrights; proven strong algorithms without 
royalties/contracts; DH (ElGamal variant), etc. 

Question on what we mean by the term 'PGP'; what are we doing to make the PGP 
system itself unencumbered (since it uses RSA/IDEA, etc.); we've been
concerned 
with that too. Now uses CAST/DSA/DH, which are unencumbered (it seemed that
the 
audience was not aware of this and was pleased. We're already addressing
that, 
and need to document that now so others can interoperate. We will continue to 
document extensions to PGP. Plan is that in 18-24 months, group will be 
satisfied with Open-PGP as a system. Jon said we need to get questions and 
ideas in now because it will be harder once it's a standard, 
'before the concrete sets'.

Concern was raised that Open-PGP 'mutating into an unmanageable beast'. 
Group discussion resulted in, "It's not, we're trying to extend the install 
base. Adding trust model extensions; refinements, is a natural progression, 
not a total rewrite.

Support voiced from various people; good move to Open-PGP; PGP is a used 
product; it has had success in the past. Would like to see timestamping, 
trusted 3rd parties signing with PGP formats (VeriSign, etc.)

Jeff Schiller asked, "how many people think we need to worry about a 
solution that will meet regulations in all countries?" Not many people 
raised their hands, and Jeff said we should move forward without 
worrying about govmt policies.

We should strive for flexibility; MUST INEROPERATE (says Jeff S.)

Charles talked about message recovery being better than key escrow, 
a suitable technical solution. Upon public key pair creation, it can 
be required to have the key bound to another half from the corporation 
or entity so that both outbound and inbound messages can be read by the 
corporation or government entity.

Goal is a deployable, usable spec which is implementable in a 
'reasonable time', overwhelming response.

The AD queried the audience and there was overwhelming agreement that 
there should be an Open PGP Working Group.