[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [openpgp] details of 4880bis work
Some thoughts, none really need answering.
On 10/04/2015 12:38 pm, Stephen Farrell wrote:
a) update the fingerprint format (avoid inclusion of creation date, use
stronger digest algorithm; i'm dubious about embedding algorithm
agility in the fingerprint itself, but explicit version info in the
fingerprint might be reasonable so we don't have to keep guessing by
fpr structure for future versions)
In the past, where I've had a very occasional need to indicate
version/alg in fingerprint like material, and full tagging wasn't
justified, I've used the length to do that. E.g., 16 bytes was MD5, 18
was NAH, 20 was SHA1. Clunky, but it served. Just a thought.
d) clarify that cleartext signatures should all use charset/encoding
Are calculated over cleartext UTF-8 plaintext document as the default? OK.
(Not, the cleartext sigs are now to be delivered in UTF-8, or, the
cleartext sigs will be parsable unchanged and therefore compatible with
both US-ASCII and UTF-8.)
f) standardize the two new curves coming out of the CFRG: 25519 and
curve448 ("goldilocks") for both signatures and encryption (Werner
has already started this process for 25519 signatures)
Why two curves? Is this just the algorithm agility discussion or is
there an actual difference between them? Why not just use the stronger
one and be done with it?
(Not wishing to start the algorithm agility debate, I'm sure everyone's
familiar with the basics there, just wondering if there is any other
h) clean up the language: clearly distinguish between "public key" and
"certificate", and ensure that the use of the terms "trust" and
"validity", if still present, are used unambiguously.
It would be nice if we could eliminate the term "trust" altogether.
Humans trust, software agents cannot. Calling some bit a "trust bit" is
therefore almost guaranteed to become ambiguous, and the resultant
self-deception is one of the root causes of PKI failure in both x.509
and pgp circles.
In "theory" we might be better off replacing it with "policy" which is a
word that clearly indicates there should be some wider document that
describes what the bit is trying to record.
In the alternate, if we don't like the word "policy" perhaps "claim" or
"statement" or even "relationship graph link" or "edge" or...
i) declare a literal data packet type "m" that means "MIME content" so
that we can punt on the rest of the message
structure/format/encoding/type craziness to MIME.
j) deprecate 3DES, IDEA, and as many of the weaker ciphers as we can
get away with.
k) provide a modern streamable/chunkable AEAD replacement for
Symmetrically-Encrypted Integrity-Protected Data (SEIPD) packets
l) change MTI algorithms: SHA512, the two new ECs, and the new AEAD
mechanism should be the baseline.
No RSA? Is there consensus amongst devs that enough of us aren't going
to implement RSA anyway? We're ready to make a clean break, and
actually mitigate against it?
(I'm happy to join the witch-burning party, but it's had such long legs,
it saw off the DSA challenger even tho many tried to kill it.)
openpgp mailing list