[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sam Hartman] Openpgp comments
I agree with Ian. Remember those t-shirts they used to sell with the
nine-layer ISO model? Layer 8 is the Financial Layer and Layer 9 is
the Political Layer. There's an arrow pointing to Layer 9 with the
message, "You are here."
I think it's worthwhile to have a phone call or perhaps even better a
Jabber meeting. I'm in other working groups that do semi-regular
Jabber conferences. A major reason for a Jabber conference is that it
is my perception that it is the consensus of this working group that
we disagree with the ADs. I think they need to talk to the working
group as a whole. Jabber would be great for that.
On the other hand, we're at the political layer, and I'm happy to put
in a SHA-256 MDC, if that will get us done. Furthermore, it may turn
out that in five years we'll be happy we did. Heck, it could always
turn out that SHA-1 isn't one-way enough. OpenPGP has always been
forward-thinking, and we are known for being more on top of these
issues than anyone else. Consequently, if we put in a new MDC and say
that you MAY do it, the implementers don't have to do it until they
are in the mood. Even if we say SHOULD accept and MAY generate, it's
a small burden.
I think that coming up with a true replacement for the MDC is work we
ought to do. It's on my list of things to do post-2440bis. I think
this gets in the way of that, but if that's what it takes us to
finish, it's what it takes us to finish.