[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ECC in OpenPGP proposal

To: "Ian G" <iang@xxxxxxxxxxxxx>
Subject: Re: ECC in OpenPGP proposal
From: "David Crick" <dacrick@xxxxxxxxx>
Date: Wed, 5 Mar 2008 11:38:19 +0000
Cc: "Andrey Jivsov" <openpgp@xxxxxxxxxxxx>, ietf-openpgp@xxxxxxx
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=8W2ejrpDLC9RBpzLa1lecUZs51wFLYrTs4RHAHT4N4A=; b=iDwVOCyF1sn0uwVjn0teww/t72un0aP6pGfBPL3ZNQkl92eK2gVVGC109wAdhJJ8JxGjGr5EcYmERtnEcUFgmd4DiVqZbmd40f61xVdFSXoST4C75i4vriiN6YsBsatdpVqU0rQQMhDi7OL8JZQ5zT22Q+493nIxvhI9MmuWbF4=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=CgaoUmjg5eIcNAoIb0i63uq9jwymADo1stDQvHqbcsfmo9GFGQ0u/NKCr0UB3l0rW4NmeTEKU2qBLlITDCBKiSMgrkiJWNP5HXwOB2tvPCJzuXnC96xtA9g6DbTpASJNjLnm0rioZvntZDYVQDOFrJx+kEp8JIUtFCtQXtsDUhE=
In-reply-to: <47CE78BD.3000300@xxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-id: <ietf-openpgp.imc.org>
List-unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
References: <117bad160802281102q315f490di4344ec5af6c05620@xxxxxxxxxxxxxx> <47C8EB4B.9010909@xxxxxxxxxxxx> <20080301090315.GB8868@xxxxxxxxxxxxxxxx> <117bad160803010526l4f8779bfue2453cc250b38676@xxxxxxxxxxxxxx> <47CC7750.7080206@xxxxxxxxxxxx> <117bad160803031449p1efb03bao654561db48a5dbb2@xxxxxxxxxxxxxx> <47CD0451.9000503@xxxxxxxxxxxx> <117bad160803040655x3f393c7cuda72f361fbd119a4@xxxxxxxxxxxxxx> <47CE1648.6050402@xxxxxxxxxxxx> <47CE78BD.3000300@xxxxxxxxxxxxx>
Sender: owner-ietf-openpgp@xxxxxxxxxxxx

On 3/5/08, Ian G <iang@xxxxxxxxxxxxx> wrote:
> Andrey Jivsov wrote:
>  > My thoughts on MAY were that since this spec is MAY in relation to
>  > RFC4880, the explicit MAYs on defined or otherwise referenced algorithms
>  > are redundant. If we define a curve and don't list it as SHOULD or MUST,
>  > I assumed that it follows that it is MAY.
>
>
>
> To me as an implementor I want to see what the defined sets
>  are.  Commentary or definition on curves may be all very
>  interesting, but I would want to see the MAY set to
>  understand what the recommendation was.

from my querying of it, I hope it is clear that I would also like
to specifically see the (e.g.) ECC384 curve stated as a MAY.

And, just to justify this (and to show why 4880 is so readable):

9.1.  Public-Key Algorithms
Implementations MUST implement ... SHOULD implement ...
* Implementations MAY implement any other algorithm.*

9.2.  Symmetric-Key Algorithms
Implementations MUST ...  Implementations SHOULD ...
... need to ...  *Implementations MAY implement
any other algorithm.*

9.3.  Compression Algorithms
Implementations MUST ...  Implementations SHOULD ...
... *Implementations MAY implement any other algorithm.*

9.4.  Hash Algorithms
Implementations MUST implement SHA-1.  *Implementations
MAY implement other algorithms.*



>  I'd assume other
>  other implementors were also thinking around those MAYs.  If
>  the question came up, I'd want the team leader to say
>  "implement only MAYs."  She doesn't want them to go beyond
>  the clear compatibility consensus.
>
>  The code implementations take on a life of their own ... any
>  signals to reduce confusion and tie the implementations
>  within some distance of a common goal are good.  A strong
>  MAY set is clearly something we should do if we are looking
>  for a complete implementation.  In code world, nobody much
>  has time to do anything that doesn't lead to a clear
>  business imperative.
>
>  As a generalism, the people who implement the code know a
>  little crypto, but not a lot.  They can't see very far.
>  They are employed for their good software skills, their
>  ability to turn specs into live code.
>
>  What to the crypto / institutional world may be elegence is
>  simply code to these guys.  What might be a delicate path
>  through conflicting requirements is a nightmare to the
>  coders, they just don't know what was intended, and have
>  only each other to figure it out.
>
>  (Just another reason why agility is a nice idea in the
>  crypto tea room, but not robust in reality.)
>
>  iang

References:
- Re: ECC in OpenPGP proposal
  - From: David Crick
- Re: ECC in OpenPGP proposal
  - From: Andrey Jivsov
- Re: ECC in OpenPGP proposal
  - From: Daniel A. Nagy
- Re: ECC in OpenPGP proposal
  - From: David Crick
- Re: ECC in OpenPGP proposal
  - From: Andrey Jivsov
- Re: ECC in OpenPGP proposal
  - From: David Crick
- Re: ECC in OpenPGP proposal
  - From: Andrey Jivsov
- Re: ECC in OpenPGP proposal
  - From: David Crick
- Re: ECC in OpenPGP proposal
  - From: Andrey Jivsov
- Re: ECC in OpenPGP proposal
  - From: Ian G

Prev by Date: Re: ECC in OpenPGP proposal
Next by Date: Re: ECC in OpenPGP proposal
Previous by thread: Re: ECC in OpenPGP proposal
Next by thread: Re: ECC in OpenPGP proposal
Index(es):
- Date
- Thread