[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Changing HAVAL definition.

To: Jon Callas <jon@xxxxxxx>
Subject: Re: Changing HAVAL definition.
From: dontspam-tzeruch@xxxxxxxxxx
Date: Tue, 16 Jun 1998 15:04:40 -0400
Cc: Hal Finney <hal@xxxxxxxx>, ietf-open-pgp@xxxxxxx
In-reply-to: <>
Sender: owner-ietf-open-pgp@xxxxxxx

On Tue, 16 Jun 1998, Jon Callas wrote:

> At 05:10 PM 6/15/98 -0700, Hal Finney wrote:
>    In looking at the source to PGP 5.5, I see that it had defined hash
>    algorithm 4 as an experimental double-width version of SHA.  It never
>    created messages with that hash, but if it sees hash algorithm 4, it will
>    think that is double-SHA rather than HAVAL as the spec has it.  Can we
>    reserve hash algorithm 4 and redefine HAVAL to be 7?  That way 5.5 will
>    know that it is seeing an unrecognized hash if it ever sees hash 7,
>    and produce an error message.  Otherwise it is likely to report a bad
>    signature if it sees hash 4 because someone used HAVAL.
>    
> I have no objection to this. Anyone else?
> 
> To all: by the bye, we still don't have OIDs for HAVAL and Tiger. I am
> content to leave this situation as it is. But I would be delighted to add
> OIDs if someone were to scrounge them. I am even willing to drop them
> completely if there's consensus in that direction. I'm just bringing up the
> issue. No response means you agree it's okay to leave it as it is.

Please restate this since you don't want to "leave it as it is".

What I think is being proposed:

Hash#	Old	New
4	HAVAL	(reserved)
7	(undef)	HAVAL

However, the next revision of PGP after 5.5 should treat hash #4 as
reserved (and use 100+ for experimenting).  Since I expect one of the hot
items for the next version of this spec will be a wide hash (to go with a
wide DSA variant), I will expect such a hash to be dropped in as #4. 

Someone should also create a patch for the source of 5.5 that disables
hash #4.  So when is there going to be a PGP source code journal?

As far as the OIDs (or lack thereof), I made a suggestion to alternately
use an octet string, or IA5 string with the string from the Hash:
clearsign header in place of the OID.  This way the issue goes away.  I
plan on proposing this for the next revision.  There won't be an OID for
the wide hash whatever it is.

--- reply to tzeruch - at - ceddec - dot - com ---

References:
- Changing HAVAL definition.
  - From: Jon Callas

Prev by Date: Changing HAVAL definition.
Next by Date: Re: Changing HAVAL definition.
Previous by thread: Changing HAVAL definition.
Next by thread: Re: Changing HAVAL definition.
Index(es):
- Date
- Thread