[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ECC in OpenPGP -00.txt is posted as a draft
- To: "Andrey Jivsov" <openpgp@xxxxxxxxxxxx>
- Subject: Re: ECC in OpenPGP -00.txt is posted as a draft
- From: "David Crick" <dacrick@xxxxxxxxx>
- Date: Thu, 1 May 2008 22:44:53 +0100
- Cc: OpenPGP <ietf-openpgp@xxxxxxx>
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=l1yGG210vj7emrzTm9GEJjriv+dHsE9kQvAC43aqM7k=; b=F/06nEnjYJm9dxwIvRiA0WCaRjQGX3M8M2WgV49OHBTHfalAqeu7GabXUBxZMWGX1NOTm2+DOayoJbQXkMGBa/4cqih2PY/T9bEEeTVi6DvrsOvmW+uDF4cAX/5XLz6vLlTH6AZBRxAMp9loNGx+UHyV/0+cxAlSPB0pUSszHeg=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=vKENrmTAhqYEndez+vvgRMBpzdVpndSIDW9ESvSVEiR90Nbat5EjwdvTDU9E9t+suWwmlXYT9oYeOXUOo78jSyriA3i17w57tzA9iN6kTIqRPFQptiIyZV/xse7NpZTrUJmtR1d5nKF68ENd733jphzmMwXF0ddyd2X6qgRz+F4=
- In-reply-to: <481815F0.8090401@xxxxxxxxxxxx>
- List-archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
- List-id: <ietf-openpgp.imc.org>
- List-unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
- References: <481815F0.8090401@xxxxxxxxxxxx>
- Sender: owner-ietf-openpgp@xxxxxxxxxxxx
> The discussions we had on pre-submission version of the specification can
> continue with the draft.
The submitted version doesn't (yet) have mention of the
proposed (and generally, it seems, well-received notion of)
a StrictSuiteB flag / flags. Discussions tailed off on this, but we
(still) need(ed) to give the whole interoperability thing a long
hard look, as per your last message on this topic.
Some comments from me on the (latest) submitted draft:
| While TripleDES ensures interoperability between applications
| complaint with OpenPGP and ECC specifications, it doesn't help
| interoperability with Suite-B profile. Suppose TripleDES is the
| only shared algorithm within a set of recipients. If Suite-B
| compliant recipient is added to the mentioned recipient set, the
| sender SHALL NOT send out a message.
shouldn't this be MUST NOT?
(continuing to quote section so people can see the context)
| This is because TripleDES is
| excluded from Suite-B and sending out two copies of the same
| message, one encrypted with TripleDES and another with AES-128 or
| AES-256, would mean that the same information that must have been
| protected with Suite-B compliant algorithm was protected instead
| with non-compliant TripleDES. This restriction covers other cases
| in which none of recipients' shared algorithms are allowed by
| Suite-B. One of available methods to a recipient to help ensure
| interoperability with Suite-B is to include one of two Suite-B
| symmetric algorithms, AES-128 or AES-256, or both, in the set of
| preferred algorithms.
(end of that section).
But how *on earth* are you going to "enforce" people NOT sending
two copies of the same message under different ciphers??!
Meanwhile, this new bit:
| While some statements in this specification refer to TripleDES
| algorithm, this is only done to help interoperability with existing
| application and already generated keys; AES-256 is the recommended
| alternative to TripleDES in all circumstances when AES-256 is
| available.
I (really) like, but probably needs to have added onto the end of it:
Note, however, that AES-128 is the MUST algorithm for OpenPGP ECC,
and may be preferred in more constrained environments. However,
AES-128 is not allowable when the larger Suite-B profiles are required,
so AES-256 may still need to be implemented for this interoperability.
(But, as I stated at the start of this email, this whole topic still needs
further thought.)