[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ECC in OpenPGP proposal, second revision

To: "Andrey Jivsov" <openpgp@xxxxxxxxxxxx>
Subject: Re: ECC in OpenPGP proposal, second revision
From: "David Crick" <dacrick@xxxxxxxxx>
Date: Tue, 11 Mar 2008 12:43:48 +0000
Cc: ietf-openpgp@xxxxxxx
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=IjHDbHAYnXkBqoJaHRBzBj7nIUzU8Ow6dLqS++ubGhM=; b=twMhhN8itL89rDYL7leCYBx2yLgmcTZCUJn/rZO/HcXEr9P+YfUSKyNJGBwGo1LOkBFuJguyP/q2lnPaq9aFMHwMXZnvYcX40FXo9w8iOl5wUzHV1uDaqIcLknN/5CCT/JffxyF+qojK1DbCKBk/1gK3Tkyili9SGLMBXqBKR3Q=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=mPXbCXRcc4EPmjqYxJGMbNQFNfiElmwzkUZH8CxyLqhA5Rw5bmo+NfCJKnKTVhYzL6mNe7JOEFuiLrM8W1hy11wzhpUG8m/ssi4xZeVTXgGEiQB9KlUhiHFBisN46WiYJ+MbzgYZr0ArkS/ZLNyViJi4K1OlOC4bwl+yE07Btfs=
In-reply-to: <47D5A517.1010409@xxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-id: <ietf-openpgp.imc.org>
List-unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
References: <117bad160802281102q315f490di4344ec5af6c05620@xxxxxxxxxxxxxx> <20080301090315.GB8868@xxxxxxxxxxxxxxxx> <117bad160803010526l4f8779bfue2453cc250b38676@xxxxxxxxxxxxxx> <47CC7750.7080206@xxxxxxxxxxxx> <117bad160803031449p1efb03bao654561db48a5dbb2@xxxxxxxxxxxxxx> <47CD0451.9000503@xxxxxxxxxxxx> <117bad160803040655x3f393c7cuda72f361fbd119a4@xxxxxxxxxxxxxx> <47CE1648.6050402@xxxxxxxxxxxx> <117bad160803050356h54c755a4m2ada0ec7b53e8b0e@xxxxxxxxxxxxxx> <47D5A517.1010409@xxxxxxxxxxxx>
Sender: owner-ietf-openpgp@xxxxxxxxxxxx

11.1 I would like to see "MAY implement curve ID 2" explicitly stated
(this *is* mentioned in section 12, but would like to see it here too)

11.3 says "The best remedy to this .. is to add .. AES-256"

not sure about "best" - perhaps "simplest"?  The reason being is
that as AES128 is an ECC must, then this guarantees us *a* Suite
B acceptable cipher, although - as you're trying to get at - having
AES256 means that we'd cover *both* Suite B profiles.

I'm not sure if I agree with the sentiment of "adding .. to .. each
recipient's key" - doesn't quite sound right?  (Maybe because it
sounds like sender coercion, rather than a higher-level admin
led policy?)

12 "It is generally advisable to list at the head of the preference list
   a symmetric algorithm of strength corresponding to the public key."

Again, I see what you're trying to say, but as is noted elsewhere in
the ECC doc, it's merely the intersection - it's up to the implementation
to make its own decision thereafter (and so take advantage of any
ordering information).

I think section 12 also needs to explicitly deprecate AES-192, saying
that it's not necessarily going to be fielded widely (bring in the fact
that it is only a MAY here might help), isn't one of the Suite B ciphers,
and that it's probably only suitable if for some reason you *really*
need a 192-bit cipher: otherwise go for AES256 for security or -128
for performance.

overall, though, I think we're getting there.

On 3/10/08, Andrey Jivsov <openpgp@xxxxxxxxxxxx> wrote:
>
>  Here is the updated revision of the proposal that incorporates most
>  requested corrections that was possible to make without breaking or
>  severely affecting interoperability.
>
>    http://brainhub.googlepages.com/2008-draft-ietf-openpgp-ecc-pre-7.txt
>
>  The same document in other formats:
>    http://brainhub.googlepages.com/pgp .
>
>  Here is the partial list of changes:
>
>  1. Make curve ID 1 MUST, ID 3 SHOULD.
>  2. MUST SHA2-256 and SHOULD implement SHA2-512
>  3. Note on Suite-B / OpenPGP incompatibility
>  4. MUST support ECDSA and and ECDH
>  5. MDC MUST, MUST use Iterated and Salted S2K
>  6. Note on matching relative strength specified in section 12.
>  7. Removed open reference to hashes (removed "or its successor").
>  8. SHOULD use stronger algorithm, while maintaining RFC4880 rules
>
>  Thank you again for your comments.
>
>

Follow-Ups:
- Re: ECC in OpenPGP proposal, second revision
  - From: Andrey Jivsov

References:
- Re: ECC in OpenPGP proposal
  - From: David Crick
- Re: ECC in OpenPGP proposal
  - From: Daniel A. Nagy
- Re: ECC in OpenPGP proposal
  - From: David Crick
- Re: ECC in OpenPGP proposal
  - From: Andrey Jivsov
- Re: ECC in OpenPGP proposal
  - From: David Crick
- Re: ECC in OpenPGP proposal
  - From: Andrey Jivsov
- Re: ECC in OpenPGP proposal
  - From: David Crick
- Re: ECC in OpenPGP proposal
  - From: Andrey Jivsov
- Re: ECC in OpenPGP proposal
  - From: David Crick
- Re: ECC in OpenPGP proposal, second revision
  - From: Andrey Jivsov

Prev by Date: Re: More on the closing of the OpenPGP WG
Next by Date: Re: More on the closing of the OpenPGP WG
Previous by thread: Re: ECC in OpenPGP proposal, second revision
Next by thread: Re: ECC in OpenPGP proposal, second revision
Index(es):
- Date
- Thread