[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ECC in OpenPGP proposal




David Crick wrote:

How hard-coded do we want/need to make the[se] cipher-hash-curve
combinations?  For Suite B compatibility/marketability we need
them "fixed" (especially in light of pointing out the higher
relative MAY cipher size) and the hash fixed as SHA2 (as opposed
to, say, a hypothetical Whirlpool; SHA3 could be added later).


Me: hardcoded. Nobody ever showed that SHA wasn't good enough for the job * and NIST/NSA is happy with it, until 2012.

(I don't expect everyone to agree though :)

I noticed that there is this discussion to use Suite B for other purposes (variously, ECC is cool, speed, Euro-profiles, mobile, smart cards, HSMs, ... etc). That is bad, to my mind. This is a profile proposed for Suite B and that's what it should do: Suite B.

If the Europeans want to propose a EuroSuite, let them. Let's not jump on the bandwagon and make the profile all-things-for-all-humanity.


iang


* to a 99% confidence level. SHA0 was the 1%. The rest is crypto-academic stuff which shouldn't impact actual use.