[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: I have a technical idea/change for the ECC draft

To: "Jon Callas" <jon@xxxxxxxxxx>
Subject: Re: I have a technical idea/change for the ECC draft
From: "David Crick" <dacrick@xxxxxxxxx>
Date: Mon, 14 Apr 2008 23:33:35 +0100
Cc: OpenPGP <ietf-openpgp@xxxxxxx>, "Andrey Jivsov" <openpgp@xxxxxxxxxxxx>
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=rap9uaDykV8K0h4jJoklduIFBVBemkGLiYSMDcQxh48=; b=IXtPpRt1k/fosD834YXYcuuwvWNPIXneSD1wZTuNDlNm7OpK/8awKFSlbJNOfoBxTXuS1N+EvN3F0ByQ77Uk5bFwXr2ZbmdbqG/GWoyFz3B2vDdTLahz8PMNsXqapd6OECGSE8xt/p8bRWXreN4bKMZyANvyb9gXAeepkWbJJQs=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=rhdz9PTjrTp4p6r0+PJ9rCP2q4si0hOEkUoRbG8httJ0muR7uaGv/7SSoxxazMtU8LkaHDuE8322+Ps1EDgU2Urdkv5DkaDU1TNGKVMo1pIYXCJ+qQeqPhoREC7W+SWtXfFfM3GFa4lJn+GYNwN7/cwTuVT4ZuxQBo5gj35UOpw=
In-reply-to: <7230A39A-46DA-41AC-9967-10D0F461E998@xxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-id: <ietf-openpgp.imc.org>
List-unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
References: <117bad160804121421t49a6ed13uc1b106e37c054c95@xxxxxxxxxxxxxx> <7230A39A-46DA-41AC-9967-10D0F461E998@xxxxxxxxxx>
Sender: owner-ietf-openpgp@xxxxxxxxxxxx

>  * I like David Crick's suggestion of a preference that says, "I'm
>  going to be strict about Suite B." This is a legislative solution, and
>  it would work well, it's simple, and elegant. End of story.

are you referring to a "key" or "application" preference (or both?!)

>  * Test, for interop purposes, 3DES with Suite B.

sounds sound

>  If you don't like this, you could do what David Crick suggested,
>  but with reverse polarity. I mean that instead of having an "--enforce-
>  suiteB" option, you have a "--loose-suiteB" option that you have to do
>  to allow anything that's not strict.
>
>  Note that these are not exclusive. You can do both.

So are you saying we have:

o Strict Suite B key flag ("legislative"; allows recipient to specify strongly)

*plus* (potentially out of scope of the [legistlative] spec?)

o an --enforce-suiteB application flag (self-evident)
o a --loose-suiteB application flag (but can it override a key-flag? - or
are you using this instead of a keyflag)

>  Even better would be for implementations to just not offer an
>  alternative.

yes!

If all applications were to by default add AES (one or both) to
the head of any ECC generated keys, *and* prefer AES over
3DES as implicit, *but* still be able to "understand" messages
that are encrypted by non-AES ciphers.

Follow-Ups:
- Re: I have a technical idea/change for the ECC draft
  - From: Jon Callas

References:
- I have a technical idea/change for the ECC draft
  - From: David Crick
- Re: I have a technical idea/change for the ECC draft
  - From: Jon Callas

Prev by Date: Re: I-D ACTION:draft-ietf-openpgp-camellia-02.txt
Next by Date: Re: I have a technical idea/change for the ECC draft
Previous by thread: Re: I have a technical idea/change for the ECC draft
Next by thread: Re: I have a technical idea/change for the ECC draft
Index(es):
- Date
- Thread