[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Preparing a new draft...

To: Werner Koch <wk@xxxxxxxxx>
Subject: Re: Preparing a new draft...
From: Jon Callas <jon@xxxxxxxxxx>
Date: Mon, 20 Aug 2001 14:15:13 -0700
Cc: ietf-openpgp@xxxxxxx
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-id: <ietf-openpgp.imc.org>
List-unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
References: <> <>
Sender: owner-ietf-openpgp@xxxxxxxxxxxx

At 10:07 PM +0200 8/20/01, Werner Koch wrote:
>On Mon, 20 Aug 2001 12:09:04 -0700, Jon Callas said:
>
>> I think we agreed that we should add in SHA256, SHA384, and SHA512. Does
>> anyone disagree?
>
>Please mark them as optional.  We should also figure out the new DSA
>parameters to be used with those hashes.  Ist there anything available
>from NIST?  I didn't follow the development very closely.
>

Oh, yes, yes, yes. They are optional. The mandatory algorithms will not
change from 2440. They are, however, needed to balance with the newer
ciphers, or public keys bigger than 1024 bits.

>> Do people here want to see diffs of my source before I submit the draft? (I
>
>Pretty please.
>

Will do, then.

>Regarding MDC: PGP and GnuPG both implement MDC but without the use of
>the features flag.  A long time ago I agreed with Hal to use MDC with
>all algorithms having a blocksizes > 64 (i.e. Twofish and AES).  From
>our knowledge no other application did use one of those algorithms at
>that time.   IMHO, it would be good to stress it even more that the
>MDC packets should be used and that it can be expected that future
>revisions of OpenPGP will make the use of MDC mandatory.
>

Yeah, I know you did, and I still think it's a hack. A clever hack, but a
hack. But hey, that's the difference between a standard and an
implementation. You're perfectly free to do that.

I don't know, though, that will ever make the use of MDC mandatory. That
would break backwards compatibility with anything that's gone before you.
I'm still incredulous that there are people who steadfastly cling to 2.6!
At HAL2001, there were people who *still* adamantly insist that 2.6 is the
only trustworthy PGP version. I don't get it, but I respect it. And hey,
I'll admit that I'm still using PGP 6.5 when I'm on OS9, but GPG 1.0.6 on
OSX.

I agree with you that in a perfect world we'd make it mandatory, but people
would howl if we did. If we want to move to that as a goal, step one is to
deprecate 2.6.

	Jon

Follow-Ups:
- Re: Preparing a new draft...
  - From: Florian Weimer
- Re: Preparing a new draft...
  - From: Werner Koch

References:
- Preparing a new draft...
  - From: Jon Callas
- Re: Preparing a new draft...
  - From: Werner Koch

Prev by Date: Re: Preparing a new draft...
Next by Date: Re: Preparing a new draft...
Previous by thread: Re: Preparing a new draft...
Next by thread: Re: Preparing a new draft...
Index(es):
- Date
- Thread