[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: PGP evolving, improving
Uri Blumenthal <uri@xxxxxxxxxxxxxx> writes:
> > > b. There have been no practical cases of signature spoofing with MD5--it
> > > hasn't been broken.
> > I agree, in the general case it has not. I'll discuss a better
> > user migration path below.
> Excuse me, gentlemen, were there any practical cases of signature
> spoofing with MD4?
> Also, since this is an IETF forum, let me remind you, that the
> official IETF security guideline is: "For all the new standards
> MD5 shall not be used - but SHA-1".
MD5 is in the draft as a MAY. You want to change that to a MUST NOT?
I don't think the situation with MD5 is serious enough currently to
warrant the loss of backwards compatibility as an implementation
> However, as an algorithm starts showing cracks, a cryptographer with
> brains replaces it before the "practical" cases start piling up.
Of course, that much is a given.
Where we came in to this discussion was that by having backwards
compatibility more people migrate to new algorithms more quickly.
> Well, the only compatibility concerns that *I* have as a user are
> related to the broken *interface*. I.e. I APPLAUD the move to DSS
> and EG (would like to see ECC too, BTW) - but I absolutely hate
> the fact that I can no longer use Mailcrypt-3.4 from XEmacs.
Well I use mailcrypt also, so I can share on that one. However I keep
getting emails from people with pgp5.x which are addressed to my RSA
key, and yet which pgp2.x simply can't read. I think this must either
be the bug Hal described, or people are signing the message with a DSS
key which I thought pgp5.x was supposed to warn against when the
recipient is using an RSA key.
> > Now the discussion of a better migration path. It seems to me that a
> > nice thing to do would be to generate two keys at key gen time: an RSA
> > key and an DSS/EG pair.
> What if I *don't* want to generate RSA keys. Why cramming those down my
> throat? Make it possible to geterate DSS *or* DSS+RSA, if you REALLY
Default operation. Same as you get a default operation with pgp5.x of
using cooked primes.
> > Largely transparent interoperability on all versions
> > would I suspect paradoxically have meant many more people made the
> > switch.
> Yes and no. Of course transparency will help. HOWEVER, many of PGP
> users have either no time, or no skills (or "no" both) to modify
> the software that interfaces between their favorite whatever
> and PGP. For me it is Mailcrypt/XEmacs. Until *that* part
> is taken care of - don't expect people to switch.
I think mailcrypt users are small in number. We should ask Pat
LoPresti if he wants to hack in pgp5.x support.