[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Using IDEA in v3-v4 algorithm conflict

To: ietf-openpgp@xxxxxxx
Subject: Re: Using IDEA in v3-v4 algorithm conflict
From: David Shaw <dshaw@xxxxxxxxxxxxxxx>
Date: Tue, 16 Sep 2003 19:20:12 -0400
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-id: <ietf-openpgp.imc.org>
List-unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
Mail-followup-to: ietf-openpgp@imc.org
References: <>
Sender: owner-ietf-openpgp@xxxxxxxxxxxx
User-agent: Mutt/1.5.4i

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, Sep 16, 2003 at 08:15:53AM -0700, vedaal@xxxxxxxx wrote:

> On Mon, 15 Sep 2003 21:18:05 -0700 David Shaw <dshaw@xxxxxxxxxxxxxxx>
> wrote:
> 
> >Trying to be
> >backwards compatible by using IDEA in an algorithm conflict between
> a
> >V3 key and an Elgamal subkey is pointless since PGP 2.x won't be able
> >to handle the message anyway due to the use of Elgamal.
> 
> >Some experimentation shows that using IDEA when having a V3<=>V4
> >algorithm conflict only works if the V4 (sub)key is:
> 
> >a) RSA
> and
> >b) <=2112 bits 
> 
> >The above is true for MIT PGP 2.6.2 and PGP 2.6.3ia.  I don't know
> >about Disastry's "2.6.3ia-multi05", or any other programs that might
> >implement RFC-1991.
> 
> it is not a problem at all in Disastry's multi builds, as they accept
> all symmetrical algorithms, (and all hashes),

The issue is unrelated to having sufficient symmetric algorithms, IDEA
or otherwise.  The issue is that 2.x-derived implementations of PGP
cannot cope with the encrypted session key from most v4 (sub)keys.

The draft suggests (though does not recommend) using IDEA in an
algorithm conflict between v3 and v4 keys in order to improve
backwards compatiblity.  My point was that this is not necessarily
useful advice since the 2.x implementation would likely fail anyway,
because of the Elgamal-encrypted session key.

There is no backwards compatiblity with a message encrypted to both a
v3 and v4 key, unless the v4 key happens to be an RSA key that is
<=2112 bits long.  Anything else makes the message unusable by PGP
2.x.

David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.3-cvs (GNU/Linux)
Comment: Key available at http://www.jabberwocky.com/david/keys.asc

iHEEARECADEFAj9nmqwqGGh0dHA6Ly93d3cuamFiYmVyd29ja3kuY29tL2Rhdmlk
L2tleXMuYXNjAAoJEOJmXIdJ4cvJW/cAniLOGF/CCO3dKWZdf/dtLyoTlwVxAKCM
Va3YD7ebUQIw61bLuZhrD7Znig==
=rXWx
-----END PGP SIGNATURE-----

References:
- Re: Using IDEA in v3-v4 algorithm conflict
  - From: vedaal

Prev by Date: Re: Using IDEA in v3-v4 algorithm conflict
Next by Date: 3rd-party Signatures in a One-Pass Signed Message
Previous by thread: Re: Using IDEA in v3-v4 algorithm conflict
Next by thread: 3rd-party Signatures in a One-Pass Signed Message
Index(es):
- Date
- Thread